Software Architecture and Network Defense | Inside Network Perimeter Security (2nd Edition)

When we speak of software architecture, we are talking about where each component of an application should be deployed on a network. Application components include user interfaces, databases, and middleware, which can be thought of as the back end of the application, providing functionality behind the user interface and connecting the user interface and the database. Application users can be considered another "component" of the application. In this chapter, we focus on applications whose users connect to them over the Internet hosts. Such applications are often at high risk of being attacked because, by definition, they must be accessible from the Internet. These applications often contain sensitive data, such as credit card numbers, that attackers want to access.

The Importance of Software Architecture

To clarify what software architecture does and doesn't involve, let's consider a simple example. You work for a company that wants to deploy a web-based application so that customers can buy widgets online. The users of this application access it from various hosts on the Internet. The application has a web interface for the users, which interacts with a database server through a middleware component. When you are planning the deployment of this application, you must consider where to place the web interface, middleware, and database on your network so that business needs for functionality and security are met. This is the core of software architecture.

Deciding where to deploy software components is a much more complicated issue than you might realize. Some applications may not work properly when you pass their traffic through firewalls; for example, a common problem is that an application is incompatible with Network Address Translation (NAT). Applications may also fail to provide adequate encryption for sensitive network traffic. Some applications require extensive network defense changes to be made in order to run properly and securely, depending on how you deploy them and how insecure their design is. When applications need to interact with hosts on the Internet, software architecture and network defense components are often at odds with each other. Two viewpoints must be considered:

Many applications are not designed to follow best security practices and, in fact, might not work properly if you try to secure them. For example, an application might require root privileges to run properly on a host. You will be required to weaken your network and host defenses in order to use the application; therefore, applications that cannot be secured adequately should not be used.
The whole purpose of having the network is to meet business needs, and network defenses should not "get in the way" of providing needed services and functionality to users. Security measures should be flexible and robust enough to provide adequate protection without hampering application functionality.

So which point of view is correct? Both are. The purpose of security is to support business needs by allowing access to applications and data while protecting them against unauthorized activity. If your network defenses are so rigid that they cannot accommodate a new, critical application, you should reconsider your perimeter design. It does no good to have a secure network if it can't meet your organization's needs. On the other hand, if an application is so insecure that it is prohibitively difficult or expensive to secure properly, it's likely in the best interest of your organization not to implement it. Your decisions should be based on a combination of your organization's needs and your security policy.

The Need to Evaluate Application Security

If you considered security-related issues in the beginning of the software-selection process, you could mitigate many conflicts between software characteristics and network defense. However, it's far more typical for security to be largely ignored until well after the software has been purchased. Often business users in the organization who know nothing about networks, security, or computing in general are the ones who choose the software. These users know what business needs must be met, and they choose the software solution they feel best meets those requirements. Unfortunately, the business users are unaware that the solution they are choosing might be completely insecure, violate your security policies, and, in some cases, be impossible to run with your present network defenses and configuration.

The Value of Assisting with Software Evaluations

I worked at a large company where well-meaning people from various business units were selecting applications without considering security and then were upset when the IT department raised objections to deploying these applications. We found an easy solution for this problem: A few of us who were knowledgeable in security and application deployment approached the business units and offered to attend meetings with the business unit employees and software vendors. We watched the product demonstrations and had the opportunity to ask various security questions. We then evaluated the products and documented our security concerns with each product. The business unit employees used our reports as one factor when deciding which solution was the best.

Of course, we would be happiest if they chose the product we felt had the best security. But even if the product with the most serious security shortcomings was the one chosen, we would have adequate time to plan how to compensate for these shortcomings and already know what the potential issues would be. We strongly felt that our participation in product selection was a win-win situationthe business unit employees and IT staff would have far fewer headaches and surprises to deal with.