Implementing a secure high visited web site by using of Open Source softwares. S.Dawood Sajjadi Maryam Tanha. University Putra Malaysia (UPM)

Transcription

1 Implementing of an open source high visited web site 1 Implementing a secure high visited web site by using of Open Source softwares S.Dawood Sajjadi Maryam Tanha University Putra Malaysia (UPM) March 2011 Author Note S.Dawood Sajjadi, Computer and Communication System Engineering Department, UPM. Correspondence concerning this paper should be addressed to S.Dawood Sajjadi, Department of Computer and Communication System Eng., University Putra Malaysia (UPM), UPM Serdang, Selangor, Malaysia. s.d.sajjadi@gmail.com

2 Implementing of an open source high visited web site 2 Abstract In this paper, a scenario that has been done for design and implementation of one of the most visited web sites in an Iranian governmental organization will be shown. We experienced more than 70,000 concurrent web users on open source web application servers. Implemented system could handle all user requests reliably and smoothly. All applied softwares and security solutions in this project were based on open source ( The open source, n.d.) tools that results in saving a tangible cost by prevention of purchasing commercial available options. We will describe project big map and all main components of it in the following sections.

3 Implementing of an open source high visited web site 3 Implementing a secure high visited web site by using of Open Source softwares Today, most organizations and vendors are trying to present their services, with the best quality and reliability in the web by using multifarious softwares and platforms to gain their visitors satisfaction. Also, companies should consider all security requirements of their web sites and provide proper security solutions for them to prevent penetrations and data manipulation in their web sites. Using of commercial softwares and purchasing required licenses for them, are not cost-effective for many companies. Furthermore, commercial security solutions have extra costs for their devices and updates. These costs set up serious barricades against companies to develop a reliable platform for their web customers and visitors. Open source world can provide great and efficient solutions for these companies and anyone who wishes to make a reliable high visited web site with no software and license cost! Yes, it is possible. As we mentioned in the abstract, this project has been defined by a governmental organization and its final goal was gathering of economical information of Iranian families. So the design and implementation of a reliable infrastructure for this web site to handle the information of more than 17,000,000 families ( Latest national statistics, 2007) was a significant issue. Furthermore, preparation of all required security and service monitoring considerations for different components of project was another part of the project. We had various commercial total solution options to perform the project completely by them, but due to heavy license costs, security aspects and existence of some prohibitions to provide these choices, we decided to use open source softwares for the design and implementation of different parts of it. Two tiers application architecture (Multitier architecture, 2011) was used in the project and the application code was developed for web/application and database tiers. Because of huge volume of web requests to visit the web site, web/application tier was the critical part of design. Users requests must be balanced among different servers of this layer and in this case, user's session state should be kept until termination time for each user. The same load balancing considerations should be implemented in database tier, too. Because of project sensitivity in service availability aspect, also we considered redundancy in all project sections. In the next section, we will talk about project big map and its main elements. Security Provisioning for different project parts To have a better review about security architecture of the project, we divided this section into two separated parts: Network Security and Host Security. Figure.1 shows main components of the project and their interconnections.to provide network security at the edge layer, we need to use a network Firewall/IDP (Astaro, 2011) in this section. First, it should be a stateful firewall ( Stateful firewall, 2011) and second, it must act as an intrusion detection/prevention system with rule update capability in this layer. We applied two Linux machines with iptables ( The netfilter.org, 1999) and snort software ( About Snort, 2010) to prepare these requirements. Two machines were used to provide more reliability in this layer and they worked together in Active/Standby method. By failing the main firewall, the second one would be operational in the network. Also, we defined three network zones that you can see them in three different colors in the figure 1. Traffic zones have been differentiated by means of defined VLANs in network switches. We used two network switches to provide more availability in this layer. So, each server at least had two separate network adapters that had connected server to both switches. As you see in the figure 1, also we had same structure between firewalls and switches to make more network reliability. Any time each server from one zone tried to connect to another server of the other zone, requested and returned traffics had been passed and processed through firewall. So any prohibited and malicious traffic would be denied by iptables and snort software that had been installed on edge firewalls. In fact, in the proposed architecture, Linux firewalls had provided required network security in edge & access layers and also routing among various zones had been done by means of them. As I will mention in the next section, we used CentOS Linux (CentOS, 2011) operating system for all project servers. To make proper security in host layer (Operation system), we used another familiar open source software as Host based Intrusion Detection System (HIDS). OSSEC ( About OSSEC, 2008) was used on all operating systems to perform file integrity check and abnormal system activities report. In any suspicious case, OSSEC agent would send report with proper details to security administrator. Finally, due to importance of project security aspects, application code was verified with some expert developers to ensure about its security level in front of different web attacks types such as XSS, SQL injection and Buffer overflow ( OWASP, 2007). Also, operating system hardening process was done by system administrators to disable unneeded system services and users and any relevant process in each server. As you see, we achieved to all security requirements in different levels of project with proper configuration of mentioned open source tools. We acquired spectacular results in technical and economical views in this filed that we will discuss about them.

4 Implementing of an open source high visited web site 4 Figure 1. Main Components of The System Implementation of Web Applications and Database Tiers After resolving of various security considerations, it is time to review the main part of project that was processing of web users requests. Due to the large numbers of web requests, the using of more than one server in web/application tier was an inevitable fact. Then, after calculation of maximum expected requests in the worst condition, by using of available resources, we determined four HP DL380G5 ( HP ProLiant DL380, 2011) servers for this layer. To achieve the maximum throughput by using of this hardware, we used 64-bit version of CentOS Linux on all web/application servers. So, for all required softwares, we installed 64-bit version of them. Next important point in this part was sharing of web requests load among mentioned servers. Usually this task was being performed by means of network or service load balancer ( Network Load Balancing, 2011). To balance logical load among different web servers, we used HAproxy (Willy Tarreau, 2008) beside of apache web server ( Apache HTTP, 2011). It can share web requests based on various indicators among web/application servers. To install and implement of a load balancer we needed a new Linux server as a gateway for other web/application servers. Since we were using a Linux machine as a network Firewall/IDP and it acted as a network gateway for other servers, we preferred to use this machine as a load balancer too. So, two Linux machines in the edge layer have being used as Firewall/IDP/LB (Load Balancer) as you can see in the figure 1. Selected web server for the project was the most well known web server in the world, Apache. We utilized the latest 64-bit version of apache software and securely configured it to process substantial number of clients requests. Figure 3 shows the applied configuration for it that worked like a charm! Project web site had been developed in J2EE (Java, n.d.) environment and there were many relevant web application servers such as Web Logic ( Oracle 11g WebLogic, n.d.) and Web Sphere to ( WebSphere software, n.d.) choose for it as web application server, but based on the open source policy of the project and great compatibility of Tomcat ( Apache Tomcat, 1999) with Apache software, we decided to use Apache/Tomcat as the web application server for all four servers of first tier. Java memory usage restrictions in 32-bit version had been eliminated by using of 64-bit version. Also to increase processing power of web requests in each server, we used ajp_proxy ( Apache Module, 2011) apache module as a proxy for tomcat server. Six different tomcat processes on different ports configured to listen for incoming web requests and apache process in each server balanced these requests among mentioned tomcat listening ports By using this method, each server can handle independently more than thousands of web requests. Figure 2 shows the configuration of ajp_proxy module of apache service. Also, to provide more security for user connections, we redirected all the web traffic to the port 443 (https) to create secure sessions between the users and the servers. We configured apache web server to perform this job by means of SSL module. The only non open source tier of project was database tier that implemented by Oracle 10g database ( Oracle Database 10g, n.d.). We used RAC mechanism (Real Application Clustering) and oracle data guard to process more than 17,000,000 records on database. Two servers considered for this tier that was working as nodes of oracle cluster and were accessible via a single IP address and just from web/application servers. Oracle handled all incoming requests from web/applications servers greatly and responded to them in a short amount of time. One of our main motivations to use Oracle as selected database in this project, was its great performance to work with Linux operating system and its perfect reliability in cluster environments. So we chose it and as you will see, we achieved outstanding results.

5 Implementing of an open source high visited web site 5 Figure 2. The Configuration of ajp_proxy Figure 3. Apache Configuration Service and Security Monitoring of Project elements As we mentioned before, because of the project sensitivity and its data importance, we needed to use monitoring and backup solutions in the project running period. We had to monitor all network equipments, system health and service conditions in a comprehensive way to log and report all happening events. Nagios ( Nagios overview, 2009) and Cacti (Cacti, 2004) were two perfect open source options that were chosen to perform these jobs. Also to implement a daily backup procedure for all server information (Specially database servers) we used the leader of open source backup solutions, Zamanda ( Main page, Amanda, 2011). We used a graphical web interface to monitor OSSEC agents that also had been installed on different servers. All mentioned tools were web based softwares and they could notice system administrators by means of alerts. Great functionalities of these softwares were considerably comparable with the other commercial softwares. Results We experienced unexpected awesome results after launching the project. Below graph shows input traffic bandwidth of Linux firewall machine as network gateway in project running time. In rush hours, we had 30 Mbps incoming web requests and web/application and database servers could handle all of them without any problem. Figure 4. Monitored Traffic by Cacti Software Figure 4 had taken at the end of project from Cacti monitoring software. We should consider that this incoming traffic in Iran is a high incoming traffic and also web site pages had been designed as light as possible to decrease network and server traffic load. The two following graphs (Figure 5 and Figure 6) had taken at the end of second week (middle) of project and they shows total database inserted records and total number of created sessions at this time. As you see, in the half of project running time, more than 24,000,000 http sessions had been created on all web/application servers and by means of these sessions, more than 10,800,000 records had been inserted in the database.

6 Implementing of an open source high visited web site 6 Figure 5. Database Inserts Figure 6. Created Sessions These numbers and graphs can present a valuable picture of the perfect functionalities of the applied open source softwares in the project. Calculated design and implementation of right configuration on all components were another tangible prosperity factor in the project. Conclusion We described all main elements of the project that were effective for its success. As you see, almost all of them were well known open source softwares that can be applied instead of too many proprietary and commercial tools. No software cost, free available updates, source code availability, comprehensive documents and so many other features can be totally persuasive for entering open source world and using of its great softwares. We hope that presentation of this paper could prepare a good view for anyone who still is doubtful about migration to open source world. It will be more interesting than you expect. Just believe it! References About OSSEC. (2008). Retrieved 02/18, 2011, from About Snort. (2010). Retrieved 03/23, 2011, from Astaro Internet Security, Intrusion Prevention. (2011). Retrieved 02/18, 2011, from Apache HTTP Server Project. (2011). Retrieved 03/23, 2011, from Apache Module mod_proxy_ajp. (2011). Retrieved 03/23, 2011, from Apache Tomcat. (1999). Retrieved 02/18, 2011, from Cacti, the complete rrdtool-based graphing solution. (2004). Retrieved 02/18, 2011, from CentOS, Community Enterprise Operating System. ( ). Retrieved 03/23, 2011, from HP ProLiant DL380 G5 Server series - Overview and Features. (2011). Retrieved 03/23, 2011, from Java EE at a Glance. (n.d.). Retrieved 02/18, 2011, from Latest national statistics of Iran population. ( ). Retrieved 02/18, 2011, from Main page, Amanda. ( ). Retrieved 03/23, 2011, from Multitier architecture. ( ). Retrieved 03/23, 2011, from Nagios overview. (2009). Retrieved 02/18, 2011, from Network Load Balancing Services. ( ). Retrieved 03/23, 2011, from Oracle 11g WebLogic Server. (n.d.). Retrieved 02/18, 2011, from Oracle Database 10g Express Edition, Free to develop, deploy and distribute. (n.d.). Retrieved 02/18, 2011, from OWASP Top 10 Most Critical Web Application Security Vulnerabilities. (2007). Retrieved 03/23, 2011, from Stateful firewall. ( ). Retrieved 03/23, 2011, from The netfilter.org project. (1999). Retrieved 02/18, 2011, from The Open Source Definition (Annotated) Version 1.9. (n.d.). Retrieved 02/18, 2011, from WebSphere software. (n.d.). Retrieved 02/18, 2011, from Willy Tarreau, ( ). HAProxy Architecture Guide, version Retrieved 03/23, 2011, from