Questions tagged [architecture]
104 questions
0
votes
2 answers
What kind of attacks can happen on port 80
I am a novice to network security domain.
For one of our clients, we are trying propose a network model where an Apache proxy/web-server which will be the only one that is exposed into the DMZ(Demilitarized Zone) and application servers/DB will be…
manu bhat
- 1
- 1
- 1
0
votes
1 answer
Application security architecture framework
I'm writing a security architecture for the application I'm working with. I'm struggling in finding a framework to follow for this task. I can find a lot of frameworks like TOGAF and SABSA that works with enterprise security, but my task is more…
Stefan Rasmusson
- 426
- 2
- 11
0
votes
0 answers
Brute force prevention and alike with stateless API architecture
What are the patterns (best practices, whatever) to prevent brute force (and features alike) in stateless API architectures that keep the system stateless? Couldn't find anything regarding this topic.
I want to keep the system stateless to keep…
GalacticRanger
- 1
- 1
0
votes
0 answers
Security Risks with Event Streaming
At a high level based on the technology of event store and streaming (i.e. Apache Kafka, Amazon Kinesis, etc.) to decouple systems and make them event driven systems. I was wondering what new architectural risks this would pose such as whether there…
Rivesticles
- 644
- 3
- 13
0
votes
1 answer
Is there a difference between a bootkit and a ring-0 rootkit?
I understand the difference between a Ring-0 rootkit and a Ring-3 rootkit, in terms of their hierarchical depth in computational models. That is kernel mode and usermode, respectively.
I am confused as to whether there is a difference between a…
questioner
- 171
- 2
- 11
0
votes
0 answers
Network Segmentation - Single Firewall VM vs Multiple
I am currently implementing a new network with different segments. The separation of those segments is achieved using VLANs. To enable some segments to communicate with each other and to be reached from the internet, a firewall is planned.
I am…
valkyrie
- 1
0
votes
0 answers
Using a spa login page for authentication in a openId connect servic
I am looking to create a brand new authentication service that follows the OpenId connect protocol. I would like to use a username/password combination for the authentication and the authorization grant, I'm curious what the downsides are of adding…
wcNomad
- 1
0
votes
0 answers
Are there any security architecture patterns in the same way there are software design patterns (GOF)?
So I've been googling around and couldn't find an answer to my question (I don't discount the option that I could be asking the wrong question after all).
I see there is a question that deals with something similar (Established Security Design…
4d4143
- 133
- 1
- 8
0
votes
1 answer
Using an HSM to protect encrypted data even when a server is compromised
Imagine a system architecture where an API server is able to send a request to an HSM, and the HSM is able to decrypt some data for a particular user/customer, in order to serve some hypothetical purpose. In this case, if the API server is…
bnsmith
- 67
- 8
0
votes
1 answer
Vulnerability in which part of the Android architecture would allow an attacker to take control of the hardware
This question is intended for better understanding of security features of Android architecture.
In particular, I want to know what part of the architecture needs to be secure to prevent an attacker from gaining control of the hardware (say speaker,…
Ritesh Singh
- 103
- 3
0
votes
1 answer
Implications of querying OrientDB directly from front-end
Give that OrientDB exposes a REST HTTP API, and that it seems to have quite a few security features, what are the (especially security) implications of querying OrientDB directly from a front end web application, without writing and using an…
DJakarta
- 1
- 1
0
votes
1 answer
Exploiting a service on 32bit OS on a 64bit processor with ShellCode
Let's theoretically assume I have an overflow vulnerability on a certain service I want to exploit.
The service reside in 32bit Operating System on a 64bit Processor.
I'm attempting to wrap my head around the coding challenges in regards to the…
sahar q
- 3
- 3
0
votes
1 answer
Are SSH certificates more secure for service accounts?
I'm considering how to deploy a service that needs SSH access to many important boxes in my infrastructure. Rather than store a long-lived SSH private key in a key store that the service could request, I'm considering using short-lived SSH…
TopherIsSwell
- 371
- 1
- 14
0
votes
1 answer
API Key via Basic Auth: Send it as a username or as a password?
In APIs that authenticates with a single API key (eg a long random string) via Basic Auth, I have seen that most (eg Stripe, Unbounce) sends the API key as the username, leaving the password field blank. The only service I have seen that sends the…
Victor
- 373
- 1
- 10
0
votes
1 answer
Debating between architecture options for offline updating of Linux machines in a vertically segregated network
My coworker and I are discussing the pros/cons between two potential architecture options, and I would like to gather feedback on which option is better and why.
First, a description of the environment: We have a vertically segmented network into…
Peter Adamson
- 3
- 1