Chapter 7. Guards and Walls


Chapter 7. Guards and Walls

At first glance, guards and walls seem to have paradoxical functions. Walls are designed to block access to the fortress. Guards are designed to allow access to the fortress. These two functions, however, are actually complementary. The efficacy of the walls is what makes the guard's job necessary. After all, if outsiders could send requests into the fortress any which way they wanted, there wouldn't be much incentive to use approved and guarded drawbridges .

Although charged with allowing access to the fortress, the guard is very selective. The fortress architect is responsible for deciding just how selective the guard will be and which technologies can be used to implement this selectivity.

In this chapter I discuss some of the issues involved with designing and implementing walls and guards. I will focus on three main fortress types: presentation fortresses, Web service fortresses, and business application fortresses . These three fortress types represent a good cross section of available guard and wall design and implementation strategies.

For the purposes of this discussion, I will assume a simple configuration of two fortresses wanting to communicate over a drawbridge and a bad guy who is up to no good. Shown in Figure 7.1, this setup consists of the following characters :

  • Ed, the envoy in the donor fortress

  • Gwen, the guard in the receiving fortress

  • Bart, the bad guy

Figure 7.1. Two-Fortress Configuration

There are eight security issues we generally worry about when planning our fortress walls and guards:

  1. Fortification

  2. Validation

  3. Auditing

  4. Authentication

  5. Privacy

  6. Integrity

  7. Nonrepudiation

  8. Authorization

I'll go through these one by one, discussing each problem more fully and offering some likely solutions.



Software Fortresses. Modeling Enterprise Architectures
Software Fortresses: Modeling Enterprise Architectures
ISBN: 0321166086
EAN: 2147483647
Year: 2003
Pages: 114

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net