Below is the logical security architecture depicted for this the diagram found at:

https://www.port80software.com/products/servermask/casestudy

Application &
System
Security Camouflaged
http header
data

Host-based
Firewall (WAF Management
ServerMask
& Stateful) User Interface
Software

Appliance
ServerMask
IP100

The underlying driver for this security control is the need to disguise and mislead would-be attackers. As the

case study explains, the very first thing an attacker will do is attempt to fingerprint a target and identify potential known

or 0-day vulnerabilities. Therefore, a preventative control was implemented to mask indicators of system type from

unauthorized parties. Specifically, the application and system security services which are relevant to the case study are

as follows:

a. Entity authorization

Ultimately, the information being safeguarded is the data within the applications themselves. The approach they

are taking is to assume that all external parties are not trusted, and therefore not authorized to see data which might

indirectly enable them to attempt exploits against their infrastructure.

Authorization comes into play as well in the administration of the ServerMask control (application & appliance).

All users and systems from which they perform administration tasks must be permitted, and presumably are in secure

internal zones. Being such a specialized system, it’s unlikely there is a significant number of users, and therefore there

are likely few roles. With that said, there should be segregation of duties built into these roles so that changes must be

dual-authorized.
 b. Stored data confidentiality

As noted in the discussion about authorization, the ultimate goal of this control is to prevent a breach in

confidentiality of the data stored and accessed via the application. Access to this data is tightly controlled and this

proactive mechanism makes is more difficult for an attacker who would oppose this to find a technical vulnerability.

c. System configuration protection

As the target systems in this logical architecture are externally facing web servers, they are inherently vulnerable

to different types of internal and external attacks. The configuration of these servers, and the ServerMask system must

be protected against unapproved configuration changes. The case study mentions the use of a firewall, which is likely

used to filter external and internal traffic. In addition to that, the organization should be using a web application firewall

to protect the applications directly, and have File Integrity Monitoring agents installed on sensitive directories of the

web servers and ServerMask systems. Lastly, all systems should have a properly configured and updated antivirus

installed and reporting to a centrally managed control server.

d. User interface for security

The final security service which is relevant

to this case study is the User Interface for

Security. The essence of this service is that the

security control must be realistically usable. This

is applicable for the ServerMask system which

does have a GUI based management interface.

 References

1. Sherwood, J., Clark, A., & Lynas, D. (2005). Enterprise Security Architecture: A Business-Driven Approach. San

Francisco: Cmp Books.