Chris Seary's blog :: More work for the developers and architects

This Month

Month Archive

October 2008
September 2008
July 2007

Previous:	What are you developing? I don't know, we do agile.......
Next:	Why use WS-Security

More work for the developers and architects

by chris on Tue 31 Jul 2007 03:25 AM PDT | Permanent Link | Cosmos

Hmmmmm......

Most of the time, when your application is accessing web services or databases, it's done within the same datacentre, right? This means that it's not a problem using network layer security (IPSec) to protect any data in transit across the network/subnet.

But what if you're accessing data across a MAN or a WAN? With the enormous bandwidth available now, this is happening more frequently. Also, what good's designing functionality as a service if it's only available to servers on the same subnet?

Well, the problem with applying network layer security is that accessing data across a MAN means that a huge amount of encryption power is required. Many hardware IPSec solutions become problematic and expensive as they reach 1GB.

Also, we've got MPLS to support over a fully meshed network, with the problems that may entail.

The result is that you, as a systems architect, may not be able to rely on the infrastructure people simply creating an IPSec security association for you.

That's right - security has made another step to the application layer. SSL should be fine, but don't rule out tools such as WS-Security.

No longer can architects rely on just annotating the link between the web app and the database with the words 'IPSec' and think that's enough.

And don't just think it's all covered by the magic words 'data security'!

Posted to:

Comments

No comments found.

Trackbacks

TrackBack URL:
http://blog.searyblog.com/blog/_trackback/3130301

No trackbacks found.

Post comment:

	Receive comment notifications for this article
Subject:
Comment:

Comment verification:

Please enter the text you see inside the graphic to post your comment:

You are not currently logged in. If you would like your user information to be displayed with your comment, please enter your login information below.

Username:
Password:

If you would like to post contact information on your comment, please enter your information into the optional fields below:

Contact information:

Name:
URL:		example: http://yourdomain.com
Email:

Please note: email will not be displayed on the site, only for the blog owner. If logged in, URL will only be used.

Useful Links

Microsoft Security Developer Centre

Developer Dave

Charteris White Papers

Next Generation User Group