home-metier    Home Sample-Unix     Hypo Notpd-Webtg     Hypo Dnote     Dnote - Notpd    Dnote - Mailbx     Dnote - Webtg     BI & business
Why xchn    xchn v1    xchn v2    xchn v3    top  bottom

receive & send business data to others

Security opertating Design
Management of two hypothetische applications on Linux.
  1. Suppose our hypothetical application is named "DigiNotepad". It needs to store code and data on the host (Unix).

The sample is covering the basic principles of implementing applications (business) on Linux. Linux is just a Unix variant, these samples will apply to all Unix variants.

The full DTAP environmets separation are taken into account. This make a reliable developing an testing of processes possible.
With exchanging of busienss data no business logic is involved. LCM and SCM are out of scope of this exchange question.


exchange of businessdata

Hypothetical doubled Business Applications

There are many nice tools to implement to do workflow, filetransfers mails and all kind of processes. They also have implementation challenges.

Suppose we do a segregations in several teams. One team, team01, is doing the input preparation. An other team, team11, is evaluating the work and when appropiate will let publish the work or will disapprove it back to preparation.

The problem of sharing data in a controlled way

Having the several teams with different responsabilities...

Question
How do we solve this by storing the files at host-level (using notepad) and implementing the security at host-level.



Why xchn    xchn v1    xchn v2    xchn v3    top  bottom

Sharing data

unsafe

xchn v1 Sharing data directly

Proposal:

The first thought to a solution is making everyone member of each other groups.
unsafe

Shortcomings of xchn v1


With commercial tools this is a common practice to do as all security has to move to the tool just running the interfaces of that tool.
Still the disadvantage ot this approach should be clear. As soon some access at host-level is open. Nothing of a protection to the business data is left.

This approach will not solve the question.




Why xchn    xchn v1    xchn v2    xchn v3    top  bottom

Sharing data

legal

xchn v2 Sharing data by dedicated map

Proposal:
A standard approach within Linux(Unix) exists as used on maps like "/tmp" and "cron" "mail"
See fileattributes explanantion and links
This approach is listed in Uni auditor checklists. When the directory is public (RWX) the sticky bit on the directory must be set.
Make a location that is almost public to drop files in. This is possible by


xchn post drp1 xchn post drp2 When work is ready is should be dropped in a location to be send from.

From the location a dedicated autorised procedure to collect all items to get transported.

xchn post drv1 xchn post drv2 When data is transported( or copied) to the new location a delivery is done.

The most simple approach is dropping off at a hopefull expected location without some checks.



Dedicated structure xchn v2

Directories with security details for appl01.
map
file
D
F
key:
group
key:
group
D
D
F
F
appl01_bd:
appl01_bd
? */1:
appl01_bd
appl01_bt:
appl01_bt
*/1:
appl01_bt
appl01_ba:
appl01_ba
? */1:
appl01_ba
appl01_bp:
appl01_bp
? */1:
appl01_bp
Environment - D T A P
/data/…/xchn_d/appl01_d D RST
RWX */3
---
/data/…/xchn_d/appl01_d/* F */2 R== */4
--- */5
---
/data/…/xchn_t/appl01_t D --- RST
RWX */3
/data/…/xchn_t/appl01_t/* F */2 --- R== */4
--- */5
/data/…/xchn_a/appl01_a D RST
RWX */3
/data/…/xchn_a/appl01_a/* F */2 R== */4
---*/5
/data/…/xchn_p/appl01_p D RST
RWX */3
/data/…/xchn_p/appl01_p/* F */2 R== */4
--- */5



Directories with security details for appl11.
map
file
D
F
key:
group
key:
group
D
D
F
F
appl11_bd:
appl11_bd
? */1:
appl11_bd
appl11_bt:
appl11_bt
*/1:
appl11_bt
appl11_ba:
appl11_ba
? */1:
appl11_ba
appl11_bp:
appl11_bp
? */1:
appl11_bp
Environment - D T A P
/data/…/xchn_d/appl11_d D RST
RWX */3
---
/data/…/xchn_d/appl11_d/* F */2 R== */4
--- */5
---
/data/…/xchn_t/appl11_t D --- RST
RWX*/3
/data/…/xchn_t/appl11_t/* F */2 --- R== */4
--- */5
/data/…/xchn_a/appl11_a D RST
RWX*/3
/data/…/xchn_a/appl11_a/* F */2 R== */4
--- */5
/data/…/xchn_p/appl11_p D RST
RWX */3
/data/…/xchn_p/appl11_p/* F */2 R== */4
--- */4


unsafe

Shortcomings of xchn v2




Why xchn    xchn v1    xchn v2    xchn v3    top  bottom

Sharing data

secure 3

xchn v3 isolated folder structure

Define a location that is controlled only accessible to keys that are used/allowed to do the posting of files.
The folder strcuture of xchn v2 is to be kept as a well defined good starting point.

Proposal:

xchn post get1 The requirements in using the posting with files are:
map
file
D
F
key:
group
key:
group
D
D
xchn_d:
xchn_d
xchn_t:
xchn_t
xchn_a:
xchn_a
xchn_p:
xchn_p
Environment - D T A P
/data/resp01/xchn_d D RWX ---
/data/resp01/xchn_t D --- RWX
/data/resp01/xchn_a D RWX
/data/resp01/xchn_p D RWX

Notice 1: The names of the keys (xchn_?) and groups (xchn_?) are kept the same.
The difference of keys and groups should be clear in the using.
Notice 2: The names of the maps/directories are kept the same.
The difference of keys and groups should be clear with using.


xchn post get2a xchn post get2b Small packages (files) are easily handled.

The bigger the data becomes more attention is needed.
unsafe

Shortcomings of xchn v3



Why xchn    xchn v1    xchn v2    xchn v3    top  bottom
home-metier    Home Sample-Unix     Hypo Notpd-Webtg     Hypo Dnote     Dnote - Notpd    Dnote - Mailbx     Dnote - Webtg     BI & business

© 2012 J.A.Karman (02 may 2012 - PK )