Types of Security Risk
To understand the areas of risk in our application, we need to understand where our systems are vulnerable. The basic Web system architecture, being a variant of a client/server architecture, has three principal architectural elements: the client, the server, and the network. Each is vulnerable to attack (see Figure 5-1).
- Our clients are at risk from software that damages the client's system or compromises private client-side resources, such as personal information and files.
- Our servers are at risk from unauthorized access to the server, which may result in the capture of confidential information, the execution of damaging programs in the server, or even the temporary disabling of server functions.
- Our networks can be monitored and data communications between the client and the server can be intercepted.
Figure 5-1. Areas of risk in a Web application
It is the job of the chief architect and designers to understand and to manage these risks. Managing security risks in a software application happens at two levels: technical and procedural. Technical risk, the focus of this chapter, deals with risk presented by the technical components of the systemhardware and softwareand is the domain of the architect. This type of risk is managed by a good understanding of the system and its deployment and by adding to the design certain technical measures that make it more secure.
Procedural risks, on the other hand, represent areas that are a result of poor operating practices. As any security expert will tell you, many of the security holes in your system are a result of human error and confusion. A classic story told in security circles is about a top-notch security expert called in to examine the latest security precautions at a banking institution. The institution was proud of its security precautions, which were a comprehensive set of the latest and most advanced technologies. The expert managed to gain access to the system by simply making a call to a new employee at the bank. The expert, claiming to be a member of the bank's IT department, asked the new employee for his name, office location, phone extension, and computer password, claiming to be updating the employee's status on the system. The new employee gave the expert the required information, and within minutes, the expert had gained access to the system.
This story emphasizes the point that security is more than a technical issue. In order to maximize the security of our systems, we need to be aware of both the technical and the human aspects of our system's vulnerabilities. Establishing proper security policies and training users of a system is as important to its security as any technical component.