|
When we speak of software architecture, we are talking about where each component of an application should be deployed on a network. Application components include user interfaces, databases, and middleware, which can be thought of as the back end of the application, providing functionality behind the user interface and connecting the user interface and the database. Application users can be considered another "component" of the application. In this chapter, we focus on applications whose users connect to them over the Internet hosts. Such applications are often at high risk of being attacked because, by definition, they must be accessible from the Internet. These applications often contain sensitive data, such as credit card numbers, that attackers want to access. The Importance of Software ArchitectureTo clarify what software architecture does and doesn't involve, let's consider a simple example. You work for a company that wants to deploy a web-based application so that customers can buy widgets online. The users of this application access it from various hosts on the Internet. The application has a web interface for the users, which interacts with a database server through a middleware component. When you are planning the deployment of this application, you must consider where to place the web interface, middleware, and database on your network so that business needs for functionality and security are met. This is the core of software architecture. Deciding where to deploy software components is a much more complicated issue than you might realize. Some applications may not work properly when you pass their traffic through firewalls; for example, a common problem is that an application is incompatible with Network Address Translation (NAT). Applications may also fail to provide adequate encryption for sensitive network traffic. Some applications require extensive network defense changes to be made in order to run properly and securely, depending on how you deploy them and how insecure their design is. When applications need to interact with hosts on the Internet, software architecture and network defense components are often at odds with each other. Two viewpoints must be considered:
So which point of view is correct? Both are. The purpose of security is to support business needs by allowing access to applications and data while protecting them against unauthorized activity. If your network defenses are so rigid that they cannot accommodate a new, critical application, you should reconsider your perimeter design. It does no good to have a secure network if it can't meet your organization's needs. On the other hand, if an application is so insecure that it is prohibitively difficult or expensive to secure properly, it's likely in the best interest of your organization not to implement it. Your decisions should be based on a combination of your organization's needs and your security policy. The Need to Evaluate Application SecurityIf you considered security-related issues in the beginning of the software-selection process, you could mitigate many conflicts between software characteristics and network defense. However, it's far more typical for security to be largely ignored until well after the software has been purchased. Often business users in the organization who know nothing about networks, security, or computing in general are the ones who choose the software. These users know what business needs must be met, and they choose the software solution they feel best meets those requirements. Unfortunately, the business users are unaware that the solution they are choosing might be completely insecure, violate your security policies, and, in some cases, be impossible to run with your present network defenses and configuration.
|
|