Skip to content

Page227

Securing Third-Party Connectivity

Many organizations maintain extranet connections to/from third parties via VPN, leased lines, etc. Extranets are commonly used for remote offices, to provide connectivity to organizations that partner together, and vendor support. These third-party connections represent a significant risk: the third party could become compromised, and the attacker or malware could pivot via the extranet connection and attack the organization itself. These types of connections require an organization to trust third party security to a certain degree.

Extranet connections should always occur via leased lines or encrypted VPN. Access Control Lists (ACLs) should strictly control which systems may be reached via an extranet connection. From a detective standpoint: enhanced monitoring should be used, including detecting attempted connections to systems that are blocked by ACL. Strong host-based controls should be deployed on systems reachable via extranet connections: patching, hardening, the use of dual-factor authentication, etc.

Wireless Application Protocol

The Wireless Application Protocol (WAP) was designed to provide secure Web services to handheld wireless devices such as smartphones. WAP is based on HTML and includes HDML (Handheld Device Markup Language). Authentication is provided by Wireless Transport Layer Security (WTLS), which is based on TLS.

A WAP browser is a microbrowser, simpler than a full Web browser, and requiring fewer resources. It connects to a WAP gateway, which is a proxy server designed to translate web pages. The microbrowser accesses sites written (or converted to) WML (Wireless Markup Language), which is based on XML.

Note
WAP is an overloaded acronym, mapping to multiple technologies and protocols. It is especially confusing regarding wireless: WAP may stand for Wireless Access Point or Wireless Application Protocol. And WPA (Wi-Fi Protected Access) has the same letters in different order.

Do not confuse these wireless protocols and technologies: the exam will be clear on which a question may refer to; do not rush through a question and miss the context. Also, do not confuse 802.11 wireless security standards (including WEP and 802.11i/WPA2) with handheld device WAP security (WTLS).

Content Distribution Networks

Content Distribution Networks (CDN, also called Content Delivery Networks) use a series of distributed caching servers to improve performance and lower the latency of downloaded online content. They automatically determine the servers closest to end users, so users download content from the fastest and closest servers on the Internet. Examples include Akamai, Amazon CloudFront, Cloudflare, and Microsoft Azure.

CDNs also increase availability and can reduce the effects of denial-of-service attacks: “While content delivery networks also solve ancillary problems such as improving global availability and reducing bandwidth, the main problem they address is latency: the amount of time it takes for the host server to receive, process, and deliver on a request for a page resource (images, CSS files, etc.). Latency depends largely on how far away the user is from the server, and it’s compounded by the number of resources a web page contains.

For example, if all your resources are hosted in San Francisco, and a user is visiting your page in London, then each request has to make a long round trip from London to SF and back to London. If your web page contains 100 objects (which is at the low end of normal), then your user's browser has to make 100 individual requests to your server in order to retrieve those objects".