Designing Security Architecture Solutions

advertisement
Designing Security Architecture Solutions
By Jay Ramachandran
2002
Wiley Computer Publishing
John Wiley & Sons, Inc.
Summary
The post-9/11/02 world has brought concerns about security to all levels, not the least of
which are systems managers. As in protecting a physical building, system security
happens at many levels: external, internal, support, maintenance and new construction.
The scope and level of efforts are most often bounded by finances and imagination.
In this volume, Jay Ramachandran has developed a very "practical handbook on security
architecture,"1 targeted at project managers, software engineers and system architects.
By guiding the reader through the steps of system engineering, he builds an effective
framework for the reader. In the Preface, he carefully outlines the targeted audience for
various chapters, to prepare the reader to use his valuable time most effectively, without
talking down to him.
The book is arranged into 5 parts: Architecture and Security, Low-Level Architecture,
Mid-Level Architecture, High-Level Architecture, and Business Cases and Security.
The glossary is a very complete listing of the alphabet soup most technical people accept
but which need explanation for management. The bibliography is extensive and quite
current, while still providing the foundation references where appropriate.
Overall, this work provides an excellent single volume reference for the system architect,
project manager or software engineer who needs to understand where security fits in the
deliverables being produced. It is not a sufficient reference to prepare for the CISSP
certification examination, but can compliment the study documents. It will not replace
feature-specific publications, such as Internet Firewalls2 which focuses on one topic or
Hackers Beware 3 which deals with specific security events and how to find and act on
them. I found it well-written, well-organized and a good edition to my technical library.
Elements of the Book
1
Ramachandran, Jay. Designing Security Architecture Solutions. Wiley Computer
Publishing
John Wiley & Sons, Inc. 2002, xvii.
2
Siyan, K., and Hare, C., Internet Firewalls and Network Security, Indianapolis, IA: New Riders
Publishing, 1994.
3
Cole, Eric, Hackers Beware, Indianapolis, IA: New Riders Publishing, 2002.
In the first section, the author prepares a tutorial to refresh the reader on various software
methodologies, including Krutchen's 4+1 View Model, Reference Model for Open
Distributed Processing and Rational's Unified Processing. He then moves onto the
contents of a security assessment, including preparation, assessment and reporting. After
comparing the assessment and action plan to the "Knapsack Problem," he reconsiders the
analogy and explains why they are unlike. Through this discussion, he introduces the
reader to the business realities of planning for security, both cost and time, and how to
evaluate the tradeoffs. Under "Security Architecture Basics," Ramachandran gives a
focused tutorial on the concepts and basic tools available. This chapter is a good
introduction to common concepts to be read before meeting with the security solution
providers. In Chapter 4, the author introduces patterns for security. To the software
engineer, the pattern terminology4 may be very familiar, although perhaps not in this
context.
In Part Two, Ramachandran focuses on what he calls the "low-level architecture" that
provides for security. By building the security goals into the component level, the overall
quality of the deliverables should be enhanced. He cites security expert Steve Bellovin's
observation that "buggy software [is the cause] for most of our security problems." 5 The
author continues to reinforce that principle through multiple examples of opportunities to
exploit these vulnerabilities. This approach provides practical, concrete reasons for the
application of sound system development principles, without sounding preachy. His
analysis of code reviews would be useful for any team leader who wishes to improve his
group's deliverables. The message of the architect building on a sound foundation is
reinforced throughout this chapter and in the rest of the section. He continues to use the
approach of theory, example, methods, challenges and evaluation in the following
chapters on Cryptography, Trusted Code, Secure Communications.
Part Three examines Mid-Level Architecture, including Middleware, Web Security,
Application and OS Security and Database Security. The key message in this section is
the complexity of issues that must be handled here. In the mid-level, the assignment is to
support the application above, while working with various versions of foundation. He
comments that databases are the most complicated single entity in the enterprise
architecture.6 Once again, the author has provided neat descriptions of the functions and
problems of the elements at this level. The rule could probably be restated as the cliché
"trust but verify." The author keeps the pace and language consistent throughout - neither
talking up to or down to the reader. If someone needed more details in a particular area,
he could refer to the lengthy bibliography which includes many of the industry standards.
4
Design patterns have been applied to the architecture of buildings (Alexander, C., et al, The Timeless Way
of Building, New York: Oxford University Press, 1979), software development (Gamma, E., et al, Design
Patterns: Elements of Reusable Object-Oriented Software, Reading, Mass.: Addison-Welsey, 1995) and
other aspects of development (Shalloway, A., and Trott, J., Design Patterns Explained: A New Perspective
on Object-Oriented Design, Boston, Mass.: Addison-Welsey, 2002). It is interesting that the author has
chosen to introduce them in this publication.
5
Ramachandran, p. 107.
6
Ibid., p. 291.
Part Four reviews the High-Level Architecture, similar to looking at a building from the
outside. He examines specific security tools wrapping the system, including: sign-ons,
public key infrastructure, firewalls, LDAP and X.500 Directories and the distributed
computing environment. He then takes another step back and compares the "building" to
the original security and architectural goals. This is a tops-down view of the risk
assessment done in the early chapters. In Chapter 15, he pulls the evaluations together by
encouraging the architect to look at security as a process, not just a single event. He
shows how techniques like XML and Repositories can be built into the support processes
- enhanced routine maintenance, if you will. Taking it a step further, he compares
enterprise security architecture to a data management problem, which although a manual
process, provides good payback. The book could have ended here. Instead, the author
realized that payback has another dimension.
In Part Five, the author provides very graphic examples of real situations in which the
absence of adequate security resulted in catastrophic outcomes. The insurance algorithms
provided in Chapter 16 provide a neat way to evaluate the potential impact of a threat and
present it coherently and simply to senior management. In Chapter 17, he provides
random bits of practical advice, brief but pointed techniques to put into action.
Conclusion
In Designing Security Architecture Solutions, Mr. Ramachandran has compiled a great
deal of useful information. In a single volume, he has provided an overview of the many
elements to be considered in the development and operations of systems to ensure they
are secure - and why he selected those elements. The author does not claim this is the
ultimate book for any problem labeled "Security." Instead, he has provided a good
handbook with an excellent bibliography so the reader can begin to ask the important
questions of the developers, contractors, consultants and managers and to architect secure
systems.
Download