Information Technology Reference
In-Depth Information
Encryption and Certificate Management
Encryption is particularly important to centralize at one layer because certificate manage-
ment is quite complex. It is easy for the non-expert to make mistakes that weaken the se-
curityofthesystematbestandmaketheservicestopworkingatworst.Bycentralizing the
encryption function, you can assure that the people managing it are experts in their field.
Typically each application server is run by a different team. Expecting each team to be
highly qualified at crypto certificate management as well as their application is unreason-
able.
Even if they all had a high degree of security expertise, there is still another issue: trust.
Eachpersonwhomanagesthecryptocertificateshastobetrustednottoexposeorstealthe
keys.Givingthattrusttoonespecializedteamismoresecurethangivingthattrusttomem-
bers of many individual teams. In some cases all services use the same key, which means
an accidental leak of the key by any one team would weaken security for all applications.
As Cheswick, Bellovin, and Rubin (
2003
) suggest, often the best security policy is to put
all your eggs in one basket and then make sure it is a really strong basket.
Security Benefits
The frontends are the one part of the system that is directly exposed to the Internet. This
reduces the number of places that have to be secured against attacks. In the security field
this approach is called reducing the
attack surface area
. By decoupling these functions
from the applications, bugs and security holes can be fixed more rapidly.
HTTPisacomplex protocol andbecomes morecomplex witheveryrevision. Themore
complex something is, the more likely it is to contain bugs or security holes. Being able to
upgrade the frontends rapidly and independently of any application server upgrade sched-
ule is important. Application teams have their own priorities and may not be willing or
able to do a software upgrade at the drop of a hat. There are often dozens or hundreds of
individual applications and application teams, and tracking all of their upgrades would be
impossible.
4.3.2 Application Servers
The frontends send queries to the application servers. Because all HTTP processing is
handled by the frontends, this permits the frontend-to-application protocol to be something
other than HTTP. HTTP is a general protocol, so it is slow and not as good at serving API
requests as a purpose-built protocol can be.
Splitting application servers from the frontends also means that different applications
can run on different servers. Having dedicated servers for frontends and for each applica-
tion means that each component can be scaled independently. Also, it brings even greater
Search WWH ::
Custom Search