IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [architecture]

104 questions
63
votes
8 answers

How do you explain to experts that a database server should not reside in the DMZ?

Our security experts, database administrators, network team and infrastructure team are all saying it's OK to have the database server located in the DMZ along with the HTTP server and middle-ware server. Their reason: If the database server is…
bruce bana
  • 633
  • 1
  • 5
  • 7
15
votes
2 answers

Are there any architectures currently out there that use hardware-enforced process isolation? What would it take to add that to x86?

First-time asker/commenter, long-time reader. As someone who's currently doing a lot of thinking & writing about measures that might foundationally improve computer security (ie., involving not just the kind of evolutionary, fairly modest steps that…
halfinformed
  • 153
  • 4
15
votes
1 answer

Security considerations of x86 vs x64

What if any, are the security considerations of deciding to use an x64 vs x86 architecture?
WireInTheGhost
  • 275
  • 2
  • 5
11
votes
4 answers

Alternatives to the "open PC" security model

Today, PCs (laptops, desktops, etc.) generally work under what I'll call the "open PC" security model. Users have full, system administrator/developer-level access to their own machine. Users can install arbitrary software of their choice onto…
D.W.
  • 98,420
  • 30
  • 267
  • 572
11
votes
2 answers

AMD64 overflows and null bytes

In the past, I have managed to overflow my own vulnerable programs, and those of others, but only ever in a 32bit environment. Every time I try even a simple stack smash on a 64bit machine, I run into issues. An address I am trying to write always…
lynks
  • 10,636
  • 5
  • 29
  • 54
10
votes
3 answers

Secure communication between two applications on the same system

I'm writing a software which is divided into two separate stand-alone pieces. One is a service like application that handles all the logics, the other one is a GUI application that just works as a front-end and is aimed to be used by the end user.…
sepisoad
  • 213
  • 2
  • 7
10
votes
2 answers

CSRF in microservice architecture

What should be proper way to implement CSRF protection in microservice architecture? Where services are stateless. To put CSRF verification on system entry? e.g. Gateway With this option I can't guarantee that customer gateway will do this. Or on…
d-sauer
  • 203
  • 1
  • 2
  • 6
10
votes
2 answers

Does insert only db access offer any additional security

There are concerns that if our public facing web nodes are compromised, an attacker will gain access to all our data. It just so happens that data entered from outside users only needs to be ever accessed by internal users. Does it offer any…
user3282193
  • 103
  • 5
10
votes
2 answers

Is SWIFT (banking) Software Architecture Secure?

With all the news about hacking banks and stealing money from banks over SWIFT, while the vulnerabilities weren't directly related to SWIFT, some questions arise: Are software components of the SWIFT network certified by any external…
Silverfox
  • 3,369
  • 2
  • 19
  • 39
8
votes
4 answers

Is there a book about secure system design?

I'm interested in learning about secure system design - the whole stack. Currently, I'm an expert .net/C# developer and I know about the differences between different hash functions, public/private key encryption and similar techniques, but my…
Michael Stum
  • 411
  • 1
  • 3
  • 8
8
votes
2 answers

Is it good to store passwords in a separate table/database and manage them in a separate process?

I'm quite a newbie at systems architecture and security so I just want to check that this plan makes sense. I'm building a web app and I need to store a password for each user. I've already read plenty about hashing algorithms, salt, and so on. I'm…
Alex Hall
  • 213
  • 2
  • 4
7
votes
2 answers

Do the new instruction sets found on Intel's Haswell Architecture make any difference in cryptographic operations?

Intel's Haswell architecture has support for several new Bit Manipulation Instructions. In Intel's own words, Bit manipulation instructions are useful for compressed database, hashing , large number arithmetic, and a variety of general purpose…
user10211
5
votes
2 answers

How should I document my Public Key Infrastructure?

I'm preparing to document a 3 tier PKI (with multiple second level policy CAs) and want to create a document that is useful, technical, and not too overwhelming to the non-PKI expert. I suppose the audience could be broken up into the following…
makerofthings7
  • 50,090
  • 54
  • 250
  • 536
5
votes
1 answer

WCF - Is this a good security Architecture?

I am building an information recording system (WCF based) for a business that is accessible by staff over the internet. This software will not be distributed and there will only be a handful of users with the client application installed. Due to…
Sam
  • 210
  • 2
  • 6
5
votes
2 answers

Encryption key storage

I recently inherited an in-house built key storage system. The company stores credit card data in two database servers which are AES encrypted. The keys reside in a separate system that is located in its own DMZ. When a web server needs to encrypt…
Pete Robbins
  • 51
  • 2
1
2 3 4 5 6 7