How can architects design a secure architecture?

Source: Internet
Author: User
Tags key string least privilege

It is impossible for architects to be knowledgeable and omnipotent, but they are still responsible for successfully delivering available solutions. Meeting security needs is often an indispensable part, and this is often not explicitly stated. Next we will discuss the overall architecture security, such as how to write secure code, security in deployment, physical isolation at the architecture layer, encryption, and certificate usage. Recommendation LearningSystem Architecture tutorial.

650) This. width = 650; "src =" http: // 183.61.143.148/group1/m00/02/3 F/tz2plfq03irwl9ffaaa5zpm2sbe71_jpg "style =" border: 0px; "/>

How to ensure security when users or SQL attacks are injected?

Many British companies are doing very poorly in terms of security, because the team does not know what security actually means. I may ask some people on the internet what to do.

To analyze requirements as an architect, we do not mean to do large-scale front-end design, but to do something simple, to acquire and capture user requirements, and to do advanced architecture design, it is important to consider scalability and security. If you do not consider this, you may lose valuable elements when creating an architecture. Some seminars and exchange documents can be held. These workshops and small seminars are very good, and users are familiar with the system.

The customer asked him if the system was very secure. He asked him how safe he was. He could communicate face to face in the workshop. Who was using our system, what aspects affect their use of the System? Why? In this way, there will be very specific user requirements for the system. In addition to capturing information, you have to doubt them. Our team must constantly question and challenge the specific requirements we made at the beginning. What is the priority during development. I don't think the requirements are necessary. I don't think it is enough to use another method. To challenge different requirements, not only functional, but also non-functional, such as security, we also need to talk to the customer. Every time security is introduced into the system, we need to make trade-offs, compromises, and concessions.

Generally, the typical concession and trade-off are availability, usability, and complexity. That is to say, security is more complicated. For example, I have to go to the bank. The ID is very long and I can't remember it. Enter the password to log on to the second page. To enter the security code, there is a keypad similar to a password card, and the input is generated immediately. When I pass so many security checks into this website, the conversation has timed out. I have entered so many passwords and cannot find my account information, this is a very long and complex process, with electronic security instructions. It is indeed safe, but it affects the degree of convenience. In this case, it is easy to use or complex security.

How can we interpret security issues in the architecture?

Security can be integrated into all fields. Now we can see three levels of display: Web servers, application servers, and databases. Prevent Attacks on the Web server. The application server can access authorized talents. The database ensures that the data is stored securely here. The middle part is to ensure the security of the infrastructure, including the firewall. Later, we will talk about how to effectively obtain authorization.

This is a very common and very traditional way to build security. A small amount of code may be put on the server, and a lot of data may be put in the database. The intermediate application server can obtain the relevant information. Because you must pay attention to security and whether information storage is secure.

Looking at these architectures later, we can see that the Web server uses the relevant security services. This is very common, but these so-called web services are very insecure, such as the input ID development tool, your web service has created some local components. You find that authorization is not required and anyone can come in. Therefore, I think security can play an important role in this field.

In our architecture, if we split the server physically, it is not necessarily safe. If it is physically separated, intermediate information transmission may be affected. Each level has security, and security between different levels is very important. If it is physically separated, the link in the middle will become the object of the attack.

Do not place the encoding everywhere on the central core layer.

In this way, you can only attack your surface, and the core protection is very good. There is a very interesting question here: Why is the application server physically separated? People think that real-time integration always involves architecture to separate application servers, but we can also find some other methods, this is what many Internet Startups do now. I want you to think about what you are doing, and you have to do something for a reason. This is actually a trade-off. Security is guaranteed, and complexity is affected. In our security considerations, we should talk about the principle of least privilege. Only what is necessary can happen. You cannot deploy everything on the server.

To allow a process to operate, make sure that the process must be operated. This must be kept in mind by all software architects in the system.

How to introduce security into the system in different ways

Currently, verification, authorization, and review are three common methods. First, verify. Who am I a user? What is power? What is used? This is very important. It helps you understand your needs and how different types of users play different roles in the system? How can such a system perform local verification and authorization. In fact, many methods are acceptable.

Let's take a look at a simple two-level approach, where the Web server and database are directly swapped. Speaking of the simplest methods of security, authentication, and authorization, the system recognizes your users and has a list of users in the system with the power they use. Through ing, what can a customer map do? Is it the highest performance? It is not necessarily.

I said in the morning that we have different choices. To solve these problems, we have many choices. There is another method, such as designing our own architecture and not putting your data in the database, A large enterprise will have an active directory and some algorithms that include the user and his/her qualification instructions so that they can be used. You will not store users in your database, but you can store users elsewhere. In this way, the management burden will be reduced. A new user can register a new user in the intermediate registrar.

But maybe its role is in the database, because different roles have different authorizations. Therefore, the user and his qualifications are put out, but the role is put in the database, which is also a good way to break down. Or even put the authorization in the Active Directory to form different groups. This is an option. But will it be better than the previous method? Likewise, this is not a question I can answer. Some enterprises and some organizations are willing to do this. They think this is enough to store user information in user directories. However, some other enterprises and organizations do not like to place their groups on their own servers. Sometimes you can, sometimes you don't want.

There are other ways to use the security token service. Someone works as an identity Foundation to centralize security, whether it is identity authentication or authorization, A project I made two years ago has a separate token system. The complexity brought to us is unimaginable. Originally, there was only one person working on this project, which was under great pressure, very complex. This is also an option. An enterprise may be the best choice.

Which solution is the best? In fact, there is no such thing as the best solution. It will always be the best for you and the best for this environment. So which one is the best? Let's go back to what we said this morning. From a high-level perspective, we can understand our needs and the constraints and limitations of our environment. If you work in a large enterprise, you may have an Active Directory Server. You can go to the relevant department and find your server for verification. Can you put the decision and authorization in the directory and select the best solution.

There is a large British supermarket that uses plain text to remember the password, and the password is sent to the mailbox in plain text form, returning to the previous architecture. If the database is safe enough, the plain text is no problem. After this article, we recommend that you use Plaintext encryption and hash encryption. I am not a security expert, but I know there are at least different ways to classify and hash passwords, for example, using random numbers for encryption and hashing, this is a good way to hash passwords. Of course, we also choose a method that best suits us.

Review and audit are also the same. We need to have an audit clue. For example, if we are in an offshore environment in Jersey and make a lot of transactions, we must know which users have done what? Why? Some people have made some claims for this website, and we have to file a lawsuit for the loss of information to check how the information was lost and whether the information has been modified.

How can I write secure code?

There is a lot of information on the Internet, mainly including two mainstream: first, to avoid modifying numbers. Second, restrict access.

Of course, the immunity is good. If it is immune, it cannot be modified. This is a good property. If this data has a certain object, and the object data cannot be modified, it cannot be modified if it is immune, so it is fundamentally safe. If there is a functional language, use this value to change because immunity cannot change. You can imagine a certain person joining the list. How can we let him list all people? Maybe give a getpeople command below.

Some simple suggestions, such as the use of some access revision words, especially when calling external APIs, should have various assumptions, such as Access modifiers and modifiers. If everything is open to the public, it's strange that there is no security problem!

Scott/tiger, some people are smiling. Many people haven't changed their passwords. The default and original data passwords of users and passwords are not changed. This must be changed, change to a more favorable password.

When talking about data, we really hope to restrict consumers' access to data and use of data, which can help us collect their access scope. No matter where our website is, how do we use the SQL database? We use some special code to access the database through SQL. Sometimes we do not like this method, the process is complicated. Although complicated, there is a simple, simple, and secure API. Many people use SQL to ensure security.

In 2000, I worked as a website in a small e-commerce company. They started to work on a business website for the first time. They have an e-commerce website and a box. They just need to put a CD onto the system as an e-commerce website. They want to store their credit card numbers. When the customer returns to e-commerce, they do not need to enter the credit card again. This is provided by the box. There is always a place to store the credit card information! They looked at whether there were any columns in the database and found that no one was using the intermediate name. They put the intermediate name on a credit card and only used the input (in English) without being encrypted, A foreign key string for a credit card. We also know that strings with such foreign keys can be cracked. This security only means to arrange the strings without any security encryption, but the payment string operation is safe twice.

We have talked about the data code. We should also talk about the configuration and deployment, so there is a database. To communicate with a database, the network server must have a user name and password. Where is the database username and password? It is usually in plain text on Web Services. If someone attacks the web server, the file system must be extracted. After extraction, you can see the plaintext files, which happen a lot.

Security is very important, but security is also very complicated. As a software developer and programmer, it is a very popular term for agile, continuous delivery, and attention models. However, security is not a hot term. Pay attention to the importance of security. For example, for online banking and web interfaces, security cannot be ignored. To learn more about the multi-system architecture, goE liangshi Yiyou Network.

How can architects design a secure architecture?

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.