Software architecture is a critical concept that is frequently overlooked in discussions about network security. In the context of perimeter defense, the term software architecture refers to the manner in which the components of an application should be deployed to make it as secure as possible while preserving its usability and maintainability. Many people are unaware that functionality and security issues are often related to where application components are deployed on a network. If these issues are not addressed, the application is at increased risk of encountering serious functionality or security-related problems, which could also impact other infrastructure components important to the organization. In this chapter, we review various software architecture issues, focusing on the effects that software architecture and network defense components, such as firewalls and routers, have on each other.
After examining the fundamentals of software architecture, we review several issues involving configuring software to be more secure. One of the features of this chapter is an extensive discussion of what characteristics to look for when purchasing or designing software. We also talk about the importance of testing software in a secure environment before deployment and about designing your security perimeter in a way that will make future application deployments easier. Finally, we look at case studies of two application deployments to see how they can be made more secure by following the principles of robust software architecture.