[Security_sig] Draft: security characteristics for the 4 pforiles, so far...

Ed Reed ereed at novell.com
Fri Apr 29 01:19:10 PDT 2005

I don't know if these add value or not, but this is a first attempt to summarize, as you might in some sort of a matrix, ways the various profiles differ from one another...For now, I've added them as concluding paragraphs of each profile description (previously sent to the list). 
What do you think? 
Database Server: 
Security-relevant characteristics:  relatively few authorized users, need for separation of system and database administration roles and permissions, need for accountability of system and database administrator actions, need for open-file (hot) backups, need for transactionally consistent backups. 
Mid-Tier Application Server: 
Security-relevant characteristics:  relatively many authorized users, but may use application-specific user account management, rather than having a separate system user account for each user, need for accounting and resource chargeback systems, need to isolate application failures to avoid disruption of other applications, and to limit the damage broken applications can cause to other applications or the system. 
Edge / Public Facing Server: 
Security-relevant characteristics:  few or no authorized users beyond network administrators to the local services, but many authorized users transiting through the server to back-end systems, open to hostile network attacks, need to detect and shut down attacks from public network interfaces without letting attacks penetrate further into the organization through internal network interfaces, need to control the direction of information flows (perhaps allowing data to come into the organization, without allowing information or documents to flow to the outside), need to be able to classify connections outside the organization as "public", "private", or "specific-partner", may have extraordinary cryptography performance requirements, due to potentially large number of simultaneous user connections. 
Internal Infrastructure Server: 
Security-relevant characteristics:  access to system may be limited to authorized network administrators, though there may be several different network service administrators (one for directory, another for authentication, another for audit record collection, another for DNS, etc.), may have relatively many different network services  running on a single platform needing to assure "fair" resource scheduling and allocation (CPU, memory) to avoid starving load-balancing performance, many services performed for anonymous or unauthenticated end-users, need to provide audit record capture for the multiple network services being hosted. 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.linux-foundation.org/pipermail/security_sig/attachments/20050429/13154ecd/attachment-0001.htm

More information about the security_sig mailing list