Beruflich Dokumente
Kultur Dokumente
https://www.port80software.com/products/servermask/casestudy
Application &
System
Security Camouflaged
http header
data
Host-based
Firewall (WAF Management
ServerMask
& Stateful) User Interface
Software
Appliance
ServerMask
IP100
The underlying driver for this security control is the need to disguise and mislead would-be attackers. As the
case study explains, the very first thing an attacker will do is attempt to fingerprint a target and identify potential known
or 0-day vulnerabilities. Therefore, a preventative control was implemented to mask indicators of system type from
unauthorized parties. Specifically, the application and system security services which are relevant to the case study are
as follows:
a. Entity authorization
Ultimately, the information being safeguarded is the data within the applications themselves. The approach they
are taking is to assume that all external parties are not trusted, and therefore not authorized to see data which might
Authorization comes into play as well in the administration of the ServerMask control (application & appliance).
All users and systems from which they perform administration tasks must be permitted, and presumably are in secure
internal zones. Being such a specialized system, it’s unlikely there is a significant number of users, and therefore there
are likely few roles. With that said, there should be segregation of duties built into these roles so that changes must be
dual-authorized.
b. Stored data confidentiality
As noted in the discussion about authorization, the ultimate goal of this control is to prevent a breach in
confidentiality of the data stored and accessed via the application. Access to this data is tightly controlled and this
proactive mechanism makes is more difficult for an attacker who would oppose this to find a technical vulnerability.
As the target systems in this logical architecture are externally facing web servers, they are inherently vulnerable
to different types of internal and external attacks. The configuration of these servers, and the ServerMask system must
be protected against unapproved configuration changes. The case study mentions the use of a firewall, which is likely
used to filter external and internal traffic. In addition to that, the organization should be using a web application firewall
to protect the applications directly, and have File Integrity Monitoring agents installed on sensitive directories of the
web servers and ServerMask systems. Lastly, all systems should have a properly configured and updated antivirus
1. Sherwood, J., Clark, A., & Lynas, D. (2005). Enterprise Security Architecture: A Business-Driven Approach. San