URL and SSL Strategy & Architecture Model

Challenges 

In URL and SSL strategy architecture model, it is very challenging to have standardized URL strategy for multiple products of any platform. URL and SSL strategy implementation is technical feasible for deployment but how to ensure session management and how to host multiple environments is bit concerned. It becomes utmost important to consider all factors during deciding architecture for implementation. At the same time, architecture team also have to deal with other issues inherently introduced. Below are the challenges:

  • Information we send on the Internet is passed from computer to computer to get to the destination server. Any computer in between client and server can see credit card numbers, usernames and passwords, and other sensitive information if it is not encrypted.
  • Prone to Sniffing
  • Man in middle attack

Objectives

  • Concept is to have one centralized page as “XXXportal.com” 
  • Portal page will contain links/image links to multiple products to take user to individual product log-in page.
  • Product page will prompt user to enter authentication details such as username and password.
  • Positive authentication will allow user to go inside the product as access will be provided as per RBAC.
  • It’s being explored to have all internal communication over HTTP and offloading SSL at abcportal.com itself.

Solutions to the problems

Secure Socket Layer (SSL) strategy and URL strategy is the solution for this kind of issues. SSL is the backbone of secure Internet and it protects any sensitive information as it travels across the world's computer networks. SSL is essential for protecting website, even if it doesn't handle sensitive information like credit cards. It provides privacy, critical security and data integrity for both websites and users' personal information. SSL encrypts sensitive information travelling on internet. Few benefits are also provided by SSL:

SSL Encrypts traffic

The primary reason why SSL is used is to keep sensitive information sent across the Internet encrypted so that only the intended recipient can understand it. When an SSL certificate is used to encrypt the data, the information becomes unreadable to everyone except for the server to which users are sending the information to. This protects from hackers and identity thieves.

SSL Provides Authentication

In addition to encryption, a proper SSL certificate also provides authentication. This means, can be sure that users are sending information to the right server and not to an imposter trying to steal information. Why is this important? The nature of the Internet means that customers will often be sending information through several computers. Any of these computers could pretend to be the website and trick users into sending them personal information.  It is only possible to avoid this by using a proper Public Key Infrastructure (PKI), and getting an SSL Certificate from a trusted SSL provider.

SSL Provides Trust

Web browsers give visual cues, such as a lock icon or a green bar, to make sure visitors know when their connection is secured. This means that they will trust the website more when they see these cues and will be more likely to buy. SSL providers will also give a trust seal that instills more trust in customers.

SSL is required for PCI Compliance

SSL ensures securely movement of data on internet. It protects Confidentiality and Integrity of data in transit, so it helps in PCI compliance as well.

SSL has below Cons as well:

  • Cost is an obvious disadvantage. SSL providers need to set up a trusted infrastructure and validate identity so there is a relatively higher cost involved. 
     
  • Performance is another disadvantage to SSL. Because the information that send has to be encrypted by the server, it takes more server resources than if the information weren’t encrypted. The performance difference is only noticeable for web sites with very large numbers of visitors and can be minimized with special hardware in such cases.
     
  • Overall, the disadvantages of using SSL are few and the advantages far outweigh them. It is critical that properly use SSL on all websites. Proper use of SSL certificates will help protect  customers, help protect users and help to gain customers trust and sell more.

URL Strategy

Below URL strategy can be implemented deploying SSL strategy on top of it:

  • Prod Portal – XXXportal.com
  • BCP - *** Portal – XXXportal2.com
  • Test -*** Portal – XXXportal3.com
  • Product URL : <productname>.XXXportal.com  
    – Example: abc.XXXportal.com
  • Customer Specific:
    – <productname>.XXXportal.com/cust1
    – <productname>.XXXportal.com/cust2 
  • Test URL : <testproductname>.XXXportal.com
    – Example: testabc.XXXportal.com

Only first level sub domains should be used. e.g. abc.XXXportal.com, testabc.XXXportal.com etc. because wildcard SSL is used for single level sub domains.

This approach can be implemented with emphasis on following points:

  • Current business needs
  • Cost Effectiveness
  • Simplicity
  • Standardization across products
  • Minimal infrastructure requirement

Feasible URL and SSL Architecture Strategy

Solution Brief

  • We may have two centralized portals named as:
    – XXXportal.com   - Prod
    – XXXportal2.com  - BCP + other environment
  • All products will be hooked up to these centralized server. 
  • All internal communication will be via HTTP

Benefits

  • Only two Wildcard SSL certificates will be required, Centralized, Simplicity etc.
  • Multiple products may be added similarly using same approach.
  • Two domain names would be required.
  • Only first level sub domains should be used. e.g. abc.XXXportal.com, testabc.XXXportal.com etc. because wildcard SSL is used for single level sub domains.

Risks

Risk – What if wildcard SSL itself is compromised.

Below security controls are recommended to be used

  • Segregation of Portals 
  • Management and Monitoring Services 
  • Access and Policy Services
  • Secure Interconnect Services 
  • Internal Server farms 
  • Zoning solutions 
  • Security Event Detection 

Conclusion

Although there are numerous advantages in using a URL and SSL architecture strategy, there are still many practical issues which have to be solved particularly related to privacy and security, session management and request response. As described above, currently security has lot of issues which scares away several potential clients. Until a proper security module is not in place, potential clients will not be able to leverage the true benefits of this technology. This SSL architecture strategy should cater to all the issues arising from all directions of the URL and SSL architecture strategy,  where there are heterogeneous systems having a variation in their asset value, a single security system shall be too costly for certain applications and if there is less security then the vulnerability factor will shoot up. On the other side, if the solution provider has a common security methodology in place, it shall be a high value asset target for hackers because of the fact that hacking the security system will make the entire solution model vulnerable to attack. Below benefits will be achieved:

  • Concept is to have one centralized page as “XXXportal.com” 
  • Portal page will contain links/image links to different product to take user to individual product log-in page.
  • Product page will prompt user to enter authentication details such as username and password.
  • Positive authentication will allow user to go inside the product as access will be provided as per their defined role.
  • It’s being explored to have all internal communication over HTTP and offloading SSL at addportal.com itself.
  • Only two Wildcard SSL certificates will be required
  • Multiple products may be added similarly using same approach.
  • Two domain names would be required.
  • Only first level sub domains should be used. e.g. abc.XXXportal.com, testabc.XXXportal.com etc. because wildcard SSL is used for single level sub domains.

Authored By - Anil Kumar Dubey
TCS Cyber Security Community

Rate this article: 
Average: 1 (3 votes)
Article category: