Ones, the theories are well studied and accepted, they are used without a doubt everyday as a tool. It is extremely difficult psychologically to find flaws in them through critical questioning as Daniel Kahneman points in his book "thinking fast and slow". Security theories have the same characteristics.
There is a common security rule: "Assess only from trusted in less trusted zone. Never on inverse!". The motivation are taken from the abstraction on figure down. There is a citadel representing a trusted zone and untrusted zone (insecure) outside.
You have a Internet customer, who use a portal to update his secure data, like health information. How can you transfer the information form untrusted (Internet) in trusted zone (data centre) according this secure rule?
Security processional try to solve this dilemma with TCP polling proxy, thus changing the direction of the TCP session establishment: only from trusted to untrusted zone. The principle is the following: the Internet user deposits its request on the web server. The internal application server polls from trusted zone on regular intervals (several seconds) and takes the request form web server's depot. The response is deposit back to the web server.
Dose this polling solves the security problem? Not realy:
- The data is transported from Internet to the internal sever, no matter of the TCP session establishment.
- If the data contains application malware, like SQL injection, then it is transported with several several seconds delay to the application server.
I can not find any reasonable argument, why changing the TCP direction establishment may improve the security in normal case (hypothetically, we may always make use of every theology even small). Even more, the rule "Access only from trusted zone in untrusted zone" is theory-induced blindness. The application data travels always in both directions form trusted to untrused and vice versa. Even sendig a HTTP requests "GET" may contains a potential attack in the header parameter. For the network attacks there is firewall.
My advise: if you are concerned on your application security, hardening, code review, ethical hacking, WAF etc may be the solution you are looking for.
No comments:
Post a Comment