Security from Head to Toe

Security At The Application Level

Damon Hart-Davis

Principal Consultant

Code Red

Security from Head to Toe

the application level

• Your application’s ability to resist accident and malice• From use of passwords to survival of building fire• Maintenance and upgrade needs thought too

Q: Can your contractors edit your warehouse book and which of your competitors will they work for next?

What is ``Application Level’’?

Security from Head to Toe

the application level

No, we need to interlock with several other components:• Physical• Operating System• Border and interdepartmental• Legal• Operational

Q: How much do you pay the person who handles all your backup tapes?

Is ``Application Level’’ Enough?

Security from Head to Toe

the application level

• Position database is globally read-write• Back office uses comment field for complex trades• Quants and traders keep vital data in their desks• The CEO says: ``We want our high-net-worth

individuals to update their portfolio over the Net.’’

Q: Do your insurers and auditors sleep well at night?

A Typical Investment Banking System?

Security from Head to Toe

the application level

Systems often end up this way, so what do we need to address at the application level?

• Operational risk, eg files being deleted• Malice, internal or external• Physical disaster: loss of access to vital data

Q: Can you truthfully declare your system safe and robust on your annual returns?

The Risks and Costs?

Security from Head to Toe

the application level

Wisdom from The Hitchhiker's Guide To The Galaxy.• Not all of your code/data needs to be equally secure• Analyse what needs to be secure and how much• Partition systems for ``need-to-know’’

Q: Could a programming slip in your JSP lose a trade?

Don’t Panic!

Security from Head to Toe

the application level

• Some data can be safely accessed anonymously• Some access must be secure, eg over HTTPS• Some solutions are off-the-shelf and some will be

roll-your-own

Q: How do you originate outgoing HTTPS in code?

Secure Interactions

Security from Head to Toe

the application level

Secure interactions imply key management.• You have to expect systems to get broken into• What if you are served with a RIP Section 49 notice?• What are the pros and cons of hardware keys?

Q: What validity period should your keys have and where do you store keys and their backups?

Key Management

Security from Head to Toe

the application level

• CORBA/RMI/etc tunnels expose your entire system• Don’t be lazy; design, write and test narrow interfaces• Remote/home access has much the same effect

Q: Are you thinking ``Need-to-know’’?

Tunnelling and Remote Access

Security from Head to Toe

the application level

Any significant exposed app should be regularly tested:• For performance• For correct/safe response to all inputs

Tests should be performed:• At the unit level• At integration and release• 24x7 with paging to ops in case of any failure

Q: Do you monitor your system for success and failure?

Testing and Monitoring

Security from Head to Toe

the application level

Discipline is vital when maintaining and upgrading.• Make sure that a design audit is done before release• Make sure security and other testing is done regularly• Don’t get lazy and ``open this up a bit’’ to save time

Q: Do you do each release as carefully as the first?

Maintenance: Barnacles that Sink the Ship?

Security from Head to Toe

the application level

• Application security is vital but not whole story• Don’t panic; focus technical and business time• Design your system to allow for failures, break-ins• Security at the application level is 24x7

Q: Are you thinking ``Head to Toe?’’

Summary