[Security_sig] Draft: DCL Internal Infrastructure Server

[Ed Reed]

Here's my first take on the description of what I mean by a Internal Infrastructure Server.  There are aspects, in this description, of environmental assumptions, security objectives, risk analysis, etc.  It's in English, though, or at least tries to be.  It's almost a short use case. 
  
Comments and suggestions are welcome.  Even after I see them. 
=================== 
Internal Infrastructure Server 
Internal Infrastructure Servers provide essential network services such as time, naming, authentication, message forwarding, accounting, audit, software distribution, inventory management and service location.  Along with the network routing and connectivity infrastructure,  they create the network environment supporting applications and services throughout the organization.  Typically, they, or at least critical replicas of such services, will be housed and managed in the data center, both to facilitate centralized supervision and management of their configurations, and also to facilitate their backup and recovery in the event of data corruption. 
 
Services on these servers are typically redundant, synchronizing periodically or upon changes as they occur, with their peer services on other servers.  Such synchronization traffic may be substantial, depending on configuration and protocol designs.  The synchronization traffic itself presents a security challenge, as security-sensitive information (passwords, personal information attributes) may be replicated.  Further, the risk of an attacker delaying or modifying data in transit must be addressed, as is the risk that old, stale information (previously deleted or obsoleted) may be reintroduced into the operational environment intentionally or accidentally (as may happen due to the restoration of an old backup). 
 
While these systems are generally only used and visible within the organization, and so are usually protected by firewalls preventing their access by hostile outside attackers, their central role in the effective operation and management of the network makes them attractive targets for internal hackers, or for worm/virus-delivered attack programs from the outside.  Defense against session hijacking, man-in-the-middle attacks, and attempts to reconfigure cached or configuration data should be provided in the selection of protocols used and their protections.  Many organizations consider the networks used by internal employees for user productivity applications (email, collaboration, file and print sharing) to be untrustworthy, because of the incidence of worm and virus mounted attacks delivered via email attachments and downloaded documents. 
 
Resource accounting may be a requirement for some of these services, but frequently, they're operated as utilities by a centralized operational staff chartered with keeping them running and responsive to the loads placed on them by user workstations. 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.linux-foundation.org/pipermail/security_sig/attachments/20050428/a23ca83c/attachment-0001.htm