Questions tagged [architecture]
104 questions
2
votes
1 answer
Security of mainframes?
I am very intrigued as to how mainframes seem to be much more secure than the servers. Malware targeted are mainframes are very rare.
It is due to security through obscurity? Since few people have access to mainframes and in-depth knowledge on…
limbenjamin
- 3,944
- 50
- 72
- 1,281
2
votes
1 answer
HIPAA compliant blob storage architecture
There is a task to design a system to store sensitive data securely (should be HIPAA compliant in the future). It's just a draft - this will not be used in production in a foreseeable future. I have a prototype inspired by TrueVault and want to know…
Antiarchitect
- 123
- 5
2
votes
2 answers
Dual Firewall DMZ
We've just learnt about firewalls and DMZ and I'm struggling to understand how are these actually implemented ? The architecture we've learned was something like this:
Let's say that we have a shopping website that allows users to register an…
Robert777
- 205
- 1
- 3
- 6
2
votes
1 answer
What is the most "safest" architecture to run in QEMU?
Currently OpenBSD supports these architectures ( http://www.openbsd.org/plat.html ):
alpha Digital Alpha-based systems
amd64 AMD64-based systems
armish ARM-based appliances (by Thecus, IO-DATA, and others)
hp300 Hewlett-Packard HP 9000…
gasko peter
- 843
- 1
- 12
- 20
2
votes
3 answers
programming language and security threats
I am working mostly on C/C++ based enterprise applications. Now few modules are migrating to Java. Also in parallel, there has been stress on ensuring that the application has highest benchmark with respect to security.
Now, My question is -…
kumar_m_kiran
- 123
- 4
2
votes
0 answers
What are the "Design Patterns" for working with HSMs?
I've been attempting to learn about the different features and uses of HSMs, and I keep thinking that someone must have put together a set of design patterns for different ways that HSMs can be used to secure different things.
For example, if we…
bnsmith
- 67
- 8
2
votes
1 answer
Implications re security practices of full account access granted to third parties
I'm working with a company (say, Acme) that does some ongoing data collection and processing for me. The data in question is private but not all that sensitive. Part of Acme's service has password-protected access via the web, so Acme obviously…
Barney
- 121
- 3
2
votes
3 answers
2 vs 3 tier network architecture
I am interested in how a 3-tier network topology (web/app/data) provides improved security than a 2-tier topology (web-app/data). I understand the concept of a DMZ as the initial contact point with the world, and a place where server compromise may…
Steve M
- 53
- 3
2
votes
1 answer
Multi Factor and order of authentication
I'm questionning the design and architecture around 2FA/MFA controls while authenticating to services and servers.
On major platforms(*), the end-user is:
first prompted for credentials (username/password) - something you know
then prompted for the…
Florian Bidabé
- 703
- 4
- 10
2
votes
1 answer
How can an old hardware lead to a security failure?
I am working on critical cyber physical systems, and my work and research lead me to some questions. In the following, I assume that the attacker is not able to change the hardware of your system and can only attack it remotely.
Many researchers /…
Ecterion
- 103
- 7
2
votes
1 answer
Securing an HSM on the network
I've never had to place an HSM on a network before so I want to ask this question to get a consensus on best practice for this.
The HSM will reside on an internal network which will look like this;
internet <-> boundary firewall <-> DMZ <-> inside…
gkw1975
- 23
- 2
2
votes
2 answers
DMZ layer for web server/presentation layer
I need help explaining to non security people why I want to require the webserver/presentation layer in a dmz. I've given options for a tier two (presentation/logic -> logic/data in zones) architecture and an three tier architecture (presentation…
Jim Beamer
- 21
- 2
2
votes
1 answer
Which tier to apply security
In my organization we have database as backend, application servers then web servers and then proxy servers.
I know it is usually best to have security implemented closest as possible to the data and if it is possible to do it in the database it is…
j. doe
- 55
- 5
2
votes
1 answer
Is storing session data in the DMZ ok in an n-tier enterprise web application?
Say I have a standard multi-tier web application with web servers in the DMZ and multiple services only accessible from an authenticated web app. Also let's suppose the web app uses server-side sessions.
I'm interested in the community opinion - do…
Gabor Lengyel
- 1,163
- 7
- 11
2
votes
1 answer
How could I validate a security architecture?
Assume that I have identified certain vulnerabilities in a system and I have developed a security architecture to defend it.
How could I properly validate my architecture (to prove that it does indeed work)? Someone mentioned to me that a method…
Irene Ant
- 659
- 7
- 19