Security and Application Access Control
When an application delivery session starts, the next step is to secure the delivery of applications and content end to end, from the applications to the end-user device.
The following functions support this critical step:
- Policy
- Encryption
- Attack detection and active protection
- Auditing
- Access control
These functions are described below.
Policy
The objectives of the business and control aspects that are expected of application delivery infrastructure technologies are represented and implemented through policy. For example, policy can verify that an end-user device meets pre-defined objectives for device type, managed/unmanaged status, and access method. User access is controlled through a rich, business-centric policy that is highly context-sensitive. For example, a user accessing resources from a corporate-managed device over a corporate-managed network might be given direct access to the applications. On the other hand, a user accessing resources from a non-corporate-managed device over an unmanaged external network may be required to present strong authentication credentials, and may be automatically provided with a subset of applications through an isolated virtual session. In this way, the administrator sets the policy, the user accesses the applications as usual, only keystrokes, mouse clicks, and screen refreshes traverse the network through an encrypted tunnel, there is administrative control over what can be copied locally, and full access, authentication, and audit information is provided to administrator for all applications. The security interests of the organization, as well as the capabilities of the end-users, are specified through pre-defined policies.
Encryption
To ensure that data transmitted between two systems can be read by the sender and receiver only, the data is encrypted using an algorithm that can only be decrypted by a user with the matching algorithm. These algorithms are shared using keys. In a typical public-key encryption scenario, the sender and receiver each have a public and a private key. The public key is freely available, but the private key is known only by the sender. Data encrypted with a user's public key can be decrypted only with the same user's private key. The sender encrypts the data with the receiver's public key so that the receiver can decrypt it using their private key.
Attack Detection and Active Protection
Detects and protects against a variety of attacks, such as targeted application attacks, distributed denial of service (DDoS) attacks, HTTP worms, TCP/IP SYN floods, SQL injection, cookie poisoning, cross-site scripting, and custom-crafted session exploits. This complements the network-level IDS/IPS, which merely uses a database of known attack signatures to identify and protect against a specific threat. Instead, this function follows a positive security approach where an application firewall builds on top of the network base. The application firewall detects and blocks potentially malicious code, by measuring the current environment against a model of application standards and best practices. Application firewalls can also protect against accidental leakage of sensitive data, such as credit card numbers and other user data. This capability is essential, because it enables organizations to comply with regulations, such as Payment Card Industry Data Security Standard (PCI DSS) and Health Insurance Portability and Accountability Act (HIPAA).
Auditing
Applications are often used to perform business transactions, especially those of a financial nature; therefore, they can be subject to business regulations and, thereby, require the ability to review how a transaction was carried out within the application. Most applications impacted by these requirements include the ability to record the details of transactions in log files for subsequent review and analysis.
Specific to application delivery, the auditing function can also record application usage from a visual perspective, such as what text was entered, where it was entered, and when. One method of achieving this result is by recording the presentation-layer activity to disk for later review. As most application sessions do not require audit, this function can be used in conjunction with the access control function, to enable a policy-based decision to turn on auditing for a particular application delivery request.
Access Control
Access control is at the core of any security system. It allows the administrator to specify what resources can be accessed by what users, and what rights (for example: read, write, modify) are given to the user during their access attempt. For a long time, operating systems have used rule-based access control methods to intercept every resource access request, and compare resource-specific access conditions with the privileges of the user, to make an access control decision. An access control list (ACL), commonly used in Windows and UNIX operating systems, is an example of a rule-based access control system.
In an ADI scenario, access control to resources extends beyond what resources can be used, to how these resources can be accessed. Further, the assessment of an end-user extends beyond user credentials to include the particular access scenario, such as the state of the end-user device and the network location. The resulting access control decision made by the system can then specify which application delivery control, security, optimization, and management functions will be used for the user's access session. For example:
1. A user requests access to a Microsoft Word document from the office.
2. The access control function interrogates the user's credentials, as well as the device from which the user is making the request.
3. The system determines that the user has sufficient privileges, and the device is fully compliant with corporate policies (for example, it has the required operating system version and patch level, and an acceptable level of antivirus control).
4. The user is allowed to access the document from their local application or through server-side app virtualization. They can also print or send the file, and save the file locally.
5. The user accesses the document later that day from his home computer.
6. The access control function determines that, while the user credentials are valid, the end-user device is outside of the corporate network and, therefore, is not fully compliant.
7. Access is provided to the document, but only through server-side app virtualization. The user is only allowed to modify and save the document to the central file share, and cannot e-mail or print it.
Determining user access in a flexible computing infrastructure must be more complex than a simple binary process of allow or deny. The application delivery method or platform building block can now be selected, based on a range of dynamic criteria. Allowing users the freedom to choose their own computing devices means the criteria will differ as each user connects to the ADI. Users are not tied to one device; for example, a user may connect from a corporate-managed desktop in the office, their personal device at home, and a mobile device while in transit. These different user scenarios have their own security and optimization requirements.
Technologies, such as Network Access Control (NAC) and Microsoft Network Access Protection (NAP), provide the ability to interrogate the user and device, and apply a resulting security regime on their application delivery session when they connect to a network. But flexible computing takes access control beyond connect-time security, by providing optimal performance for the delivery of applications and desktops to users in any scenario. For example, when a user requests e-mail access, depending on the user's location and device, Microsoft Outlook may be delivered using server-side or client-side app virtualization, or as a Web application.
This degree of control can be consistently applied and in line with organizational requirements, by creating a connection between the access control technologies and the Directory Services of an organization. Extensible directory schemas allow granular application of IT policies and criteria that match an organization's business policies.
