The solution options are as follows:
- Leverage authorization and authentication to prevent spoofing of identity and identify trust boundaries
- Design various controls to prevent access to sensitive data or system
- Establish monitoring and instrumentation to analyze user interaction for critical operations
- Protect against damage by ensuring that you validate all inputs for type, range, and length, and sanitize principles
- Partition users into anonymous, identified, and authenticated, and leverage monitoring and instrumentation for audit instrumentation, logging and root cause analysis
- Leverage encryption, sign-sensitive data, and use secure transport channels
- Reduce session timeouts and implement solutions to detect and mitigate attacks
- The security will be provided through DMZ using an inner and outer firewall; application and database servers will be behind the inner firewall, and the web server will be behind an outer firewall in the DMZ
- The architecture uses form-based authentication for the web tier, and the security logic is implemented in a reusable business component in the application tier.
- SSL will provide the desired security for sending sensitive information to critical systems, like merchant bank and market place
- Leverage esmsage-level encryption, digital signatures and transport-layer security - SSL
- The application will use LDAP for authentication on the web tier and will use role-based security on the web and business tier for authorization
- Authorization is controlled access to information in the application once a user is identified and authenticated
- Authentication: Identification of an end-user in the system and validation that the user is telling the truth
- Auditing: Instrumentation and monitoring of security
- Integrity: Protection against improper modification of information in transit or storage
- Confidentiality: Protection against inappropriate disclosure of data during transit and storage.
- User or security role should be given the lowest privilege for a resource or function. Privileges will not be elevated automatically by direct or indirect means, and therefore one should maintain a default deny policy
- Enforce appropriate security policies at all tiers, components, systems, and services using appropriate security policies, techniques, and operations; a security policy at each layer is different from one layer to another, making it difficult for the hacker to break the system; identify and fix the most vulnerable point in the end-to-end chain of components.
- The security framework should support a standards-based plug-in model wherein it is possible to architect pluggable extensions to improve the security position
- All software and hardware resources and functions should be categorized into various security classifications, and access should be restricted to users with appropriate roles and privileges
- Pluggable extensions would be required to re-use the security framework in different environments and to comply with local regulations and laws
- The system should provide a holistic view of administration features to manage essential security functionality
- The application should allow users only a single authentication point. Back-door entry functionality and shortcut URLs should be avoided
- Data entered by the user must be thoroughly validated and cleansed at different levels; data must also be properly encrypted when stored and transferred to various layers
- Minimize entry points for end users and retain a minimum amount of data, service, and functionality exposed to unauthorized end users
- Design contingency plans for all possible failure scenarios: It is feasible to minimize the impact of security incidents by using robust error handling routines, data backups, a disaster recovery (DR) environment, and in-depth defense
Best practice:
- SQL Injection: Prepared or dynamic SQL statements
- Cross Site Scripting: JSF validation, avoid JavaScripts, and avoid frame/iframes
- Denial of Service: Service Request Queue Technique, limiting the number of concurrent requests, and queuing all excess requests
- Man-in-the-Middle: Using SSL, avoid frames/iframes, avoid URL rewriting