Initially, the systems engineers and administrators design a secure platform for the software. Realizing the need for strong security, they apply all available service packs, patches, and hotfixes as part of the system design specification and configure their servers and software to secure the platform at an application server level.

In tandem with the systems engineers, the network engineers design a secure network architecture that will meet the needs of the business. This architecture also incorporates patches and hotfixes for the network hardware, and includes configuration changes to control the flow of traffic between the inside and outside networks. The network is now secure for traffic to flow to and from the servers.

Finally, the developers design a secure application. They perform proper input validation, manage sessions in a viable, secure manner, and use encrypted transport mechanisms. Moreover, they place no trust on the client, a practice in application design that leads to many pitfalls.

If any of these three aspects were designed poorly: a hotfix missed, a router not configured properly, or an error in application development allowed the use of clear-text protocols, then the entire design's security will fail.

Arjuna Shunn is a consultant of secure system and network design for the Foundstone security consulting team. Focusing primarily on Linux and Solaris, he brings over a decade of experience in UNIX system security, maintenance, and administration to Foundstone's attack and penetration team. He can be reached at arjuna.shunn@foundstone.com.

Introduction

Managed Security Solutions

Build It Right the First Time

Back to the Series...

• Back to the Series...
• Design Secure Visual Studio.NET Web Services
• Web Server Scanners: Find Your Vulnerabilities Before Hackers Do
• Free Web Server Protection: Build a Managed Security Solution with Open Source Tools
• Enterprise Zone
• Security Zone
• Web Development Zone
• .NET Web Services Discussion Group