Designing Secure Safe Internet Value Added Services

Internet Service Security Considerations

NetworkAnonymously configurable public Internet services need some special security considerations. A working example will be explained, for this purpose we will examine the 'Mobile Website Test' suite of applications that use mobile device emulation to show visitors what their chosen website(s) look like on a mobile device or smartphone.

Why special security considerations? Running a service that allows anonymous connections to give instructions to 'load', 'run' and 'display' information from any source on the Internet is just about the dumbest thing you can do without taking any precautions.

  • a user can ask to connect to an infected Internet source and download viruses and other malware onto your server using this service, and in this way gain access to and control of your system(s).
  • A user can use the service to target attacks agains other websites or services. Once detected, it will be your server IP that undertook these actions and they will coming knocking on your door for answers.

Security, modeling and engineering considerations

  • Public managed services must never have any association in any way with managed services like primary websites.
  • High risk services need to be isolated and self-sustaining with minimal to no system privileges and communicate only with their controller.
  • These services never communicate directly with external clients, they are either proxied or managed by an invisible controller.
  • Any service accepting and processing ananymous and unanymous command instructions may never be present within the confines of any private or corporate network.

Public Internet Service Security Solution

This environment makes use of a combination of processes discussed on this site, like TCP remoting and server header adjustments.

Isolated Protected Services Model

Isolated vulnarable protected public service process.

Process steps

  • (A) public website (port 80) receives a request to emulate a URL address.
  • (B) website calls the remote services on a different port, passing the URL string and waits for the reply.
  • (C) remote services activates local protected mobile browser process and does a HTTP request using the provided URL.
  • (D) successful aqusition and rendering results in a bitmap or an error being returned to the owner (local website) of the request.
  • (E) the received bitmap is returned to the anonymous website user who initiated the service call.

Benefits of Service Security

As each service process is completely isolated from both external (besides only http on port 80) and internal systems and processes (besides predefined TCP port definition and a fixed set of command instructions), it cannot interact or affect anything.

A process monitor, watchdog or housekeeper constantly monitors the processes to ensure these are healthy and running and resets them if required after a hack or malware attempt.

A great way of detecting and registering abuse (honey pot). Hackers cannot resist trying to test new malware and attacking services like this. Making it a great security early warning system. By registering the IP number of the requestor and the URL of the malware, you get a two for one advantage.

Safe way to offer interactive unmanaged public services as well as the ability to extend your Internet security processes.

Operational examples

Below is set of operational examples deployed using the model above and operatinig in a web farm environment. These are smartphone emulator services.