Return to book
Review this book
About the author
Introduction
1. Access Control
2. Authentication
3. Biometrics
4. Crypto Engineering
- 4.1. Software Crypto
- 4.2. Hardware Crypto
5. Malware
- 5.1. Virus
- 5.2. Worm
- 5.3. Trojan Horse
- 5.4. Writing Virus
- 5.5. Rootkits
- 5.6. Anti-virus software
- 5.7. Inside popular software
6. Protecting Clients
7. Security and Usability
- 7.1. User Interface (UI)
- 7.2. Passwords
- 7.3. Cognitive Experiment
- 7.4. Insider Attacks
8. Secure Programming
- 8.1. Buffer overflow
  - 8.1.1. Buffer Overflow Protections
  - 8.1.2. Exploit Buffer Overflow
- 8.2. Secure C practice
- 8.3. secure-sensitive program
9. Physical Security
10. (Web Service) Architecture
- 10.1. Contents and Scripts
11. Confinements
- 11.1. chroot
- 11.2. JVM
- 11.3. Network Identity
- 11.4. Virtual Machine
- 11.5. Sandbox
12. Program Structure
- 12.1. Case study: 4.3BSD FTP Daemon
- 12.2. Case study: mailer
- 12.3. Case study: Web Browser
13. Security Analysis
- 13.1. Construction vs. Destruction
- 13.2. Analyze individual programs
- 13.3. Analyze overall system
- 13.4. Software Engineering Code of Ethics
- 13.5. Tools part 1: OS system calls
- 13.6. Tools part 2: fuzzing and more
- 13.7. Reconnaissance
14. The Internet of Things
- 14.1. Embedded Systems (Smart Devices)
- 14.2. Internet of Things Architecture
- 14.3. Case study: Thermostat
15. Logging
- 15.1. Loggin in practice
- 15.2. Log Incidents
- 15.3. Case study: PHP4 web server attack
16. After An Attack
- 16.1. Analyze a hacked system
- 16.2. Deleted Files
- 16.3. Monitor Intrusion
- 16.4. Conclusion
17. System Structure
- 17.1. Case study: build an e-commerce
- 17.2. Network Operation Center
- 17.3. Router Link Weakness
- 17.4. Remote Access
- 17.5. Question: store credit card number in database?
- 17.6. General Principle
18. Exams
- 18.1. Fall 2014 Midterm
- 18.2. Fall 2013 Midterm
- 18.3. Fall 2010 Midterm
- 18.4. Fall 2008 Midterm

Security Architecture and Engineering

Case study: build an e-commerce

Componenents

Web server
Replicated web server, for load-sharing and reliability
System admins
Development mahinces
Developer access
Console servers
Environmental control systems - air conditioning, power, backup generators..
Backup servers
DNS servers
... (Many more!)

How to connect pieces?

Which pieces should be separated?
E.g A billing system: 4 different database..

Why so complex?

Availability - primarily against ordinary fialtures.
Everything is replicated: routers, links, Ethernets, servers..

Inverse proxy

Inverse proxies are effectively firewalls: only ports 80 (http) and 443 (https).
Database servers are not accessible from outside; when a request comes in, you must go through web server first.

What are the security goals:

C.I.A
Different sources have different goals.
- Database: availability
- Web server: confidentiality..

Protect web servers

Within web servers, isolate different parts.
Separate UIDs on the Web Server
- Least Priviledge: login CGI script runs as different user than browsing CGIs.

Protect database machines

If the database is tampered with, VERY BAD THINGS can happen.
How can database machines attacked?
- Hacking attack: web server falls $\rightarrow$ database machine (issue arbitrary SQL statements to database).
- SQL injection attack: bypass web server and directly affects database machine.
Protection: mandate the customer log in to the database.
- All customer-type operation must be accompanied by customer-type authentication.

Protect inventory database

Use a separate database and database machine for orders.
Protecting information: credit card numbers not readable by web server.

Danger points

How are these devices managed?