crowmoor.se

I had a really interesting conversation with a customer a few days ago regarding databases on a web server. Their security department said that no databases was allowed to reside on any web server are and had to be protected behind firewalls. Therefore they had consolidated all databases into a database farm and only allowed access to the web servers that needed databases to function.

Even if I at the first glance approve of such a setup it is always important to look at security from a CIA perspective. In this case availability is severely affected and threatens the whole website.

Introducing sanitation:
It is time to introduce sanitation within security architecture. Even if the wording has been used several times during the last years it is very seldom it has been used in conjunction with security architecture.

SA handles several parts of the architecture. One is handling the security demands that are put on any kind of process or application. This is more or less ordinary architecture work. But due to the large amount of vulnerabilities that exists just due to the fact that you have a server connected to a network it is important to include sanitation within your architecture as well. Another way of phrasing it is security baseline and hardening but that are the engineering terms not commonly used within architecture.

I will collect different frameworks and guides regarding this and try to connect the different engineering frameworks with security architecture all with applying Confidentiality, Integrity and Availability.