VIEWABILL. Cloud Security and Operational Architecture. featuring RUBY ON RAILS

Transcription

1 VIEWABILL Cloud Security and Operational Architecture featuring RUBY ON RAILS VAB_CloudSecurity V1 : May 2014

2 Overview The Viewabill.com cloud is a highly-secure, scalable and redundant solution that enables Viewabill to provide World-class services to its Customers. The primary components of the Viewabill Cloud include: Viewabill.com - The application with which Viewabill Customers interact Amazon Web Services The infrastructure-as-a-service component providing the computing, security and networking hardware and services Heroku Ruby on Rails The platform-as-a-service component providing security, ease of management, deployment and scalability Both Amazon Web Services and Heroku Ruby on Rails have leading security credentials, such as: SOC 1/SSAE 16/ISAE 3402 SOC 2 FISMA DIACAP FedRAMP PCI DSS Level 1 ISO Amazon Web Services Infrastructure-as-a-Service Heroku Ruby on Rails Platform-as-a-Service Viewabill.com Application

3 Architecture and Workflow The Viewabill.com Cloud consists of multi-layered security and operational components. Each component consists of multiple subsystems and capabilities with the responsibility for each falling under the control of the entity providing the service. Amazon Web Services has direct responsibility for ensuring that the datacenter is physically secure and that the physical and virtual computing system therein are protected against all manner of Internet-based attacks. Heroku Ruby on Rails is also responsible for protection against Internet-based attacks, as well as ensuring that the virtual computing systems therein remain isolated and operational. INTERNET DATA FLOW Viewabill has direct responsibility over the security and integrity of the Viewabill application itself and the customer data. RUBY ON RAILS APPLICATION

4 INTERNET 1 DATA FLOW Industry-leading Physical Security Firewall and IDS Systems XEN HyperVisor 2 HTTP Reverse Proxy Routing Mesh DynoGrid 3 Viewabill Dyno Viewabill Web Server Viewabill Postgres Database Viewabill Postgres Database Backup Viewabill Heroku Add-Ons

5 1 Mandatory inbound firewall is configured in a default deny-all mode and Amazon EC2 customers must explicitly open the ports needed to allow inbound traffic. The traffic may be restricted by protocol, by service port, as well as by source IP address (individual IP or Classless Inter-Domain Routing (CIDR) block). AWS utilizes a wide variety of automated monitoring systems to provide a high level of service performance and availability. AWS monitoring tools are designed to detect unusual or unauthorized activities and conditions at ingress and egress communication points. These tools monitor server and network usage, port scanning activities, application usage, and unauthorized intrusion attempts. Additional, detailed information can be found at 2 DDoS mitigation techniques including TCP Syn cookies and connection rate limiting in addition to maintaining multiple backbone connections and internal bandwidth capacity that exceeds the Internet carrier supplied bandwidth. Reverse Proxy Prohibits Direct IP Access Linux Containers Isolated via LXC Managed firewalls prevent IP, MAC, and ARP spoofing on the network and between virtual hosts to ensure spoofing is not possible. Packet sniffing is prevented by infrastructure including the hypervisor which will not deliver traffic to an interface which it is not addressed to. Heroku utilizes application isolation, operating system restrictions, and encrypted connections to further ensure risk is mitigated at all levels Host-based firewalls restrict customer applications from establishing localhost connections over the loopback network interface and to further limit inbound and outbound connections Additional, detailed information can be found at 3 The Viewabill Application consistently undergoes both Static and Dynamic Analysis to identify and mitigate vulnerabilities Dynos are isolated for only Viewabill Customer usage The web server resides behind multiple layers of security and only exposes ports 80 and 443 to Internet Traffic User access to data in the database is done so in the context of a single user account. The separation is handled by the way in which the database is queried; everything is filtered through the lens of the user account and data not specifically granted to that user is inaccessible Database Backups never leave AWS/Heroku Provide monitoring, SMTP and similar services Additional information about Viewabill Security can be found in the document titled, Viewabill Security, Architecture and Processes