Cyber Security and Network Security. Группа авторов
Чтение книги онлайн.
Читать онлайн книгу Cyber Security and Network Security - Группа авторов страница 13
1.4.7 NoSQL Database
An encrypted JSON document will be stored in the hosted NoSQL database. The database would be encrypted at rest. While fetching data from the database, the files will be decrypted after checking the authorization details. After verifying the user to authorize or not, files can be updated from the database. In this way, data breaching can be avoided to a great extent.
1.4.8 Linux Instance and Server Side Installations
The server side application is developed using Python Django. Python version 3.x is recommended for development. Our application is developed using Python 3.8. The suggested required libraries and their versions are also provided in Table 1.1.
Table 1.1 Libraries and their versions
Cryptography | Encryption (like AES) |
Django-dynamodb-sessions | For NoSQL |
Dynamodb-json | DynamoDB Json |
Boto3 | AWS SDK for Python (Boto3) to create, configure, and manage AWS services |
The EC2 that was set up during testing was a T2 instance of the Micro specifications with 1.0 GiB RAM and 1vCPU. The application was set up in the Linux environment, and a startup script was put in place so that it would spin up the application whenever the instance starts. The application took in responses in a form of Rest API calls, and thus, the server provisioned is set up under a security group with network ingress egress allowed on Port 80.
For secure shell connectivity to the server for maintenance and optimizing and security purposes, the SSH port is kept open in the security group. This enables the administrator to connect to the server instances over the public internet securely. RSA keys are also advised to be used for encrypted secure login.
In a public cloud service, the servers and the security groups can be set up inside a virtual private cloud within public subnets facilitating public facing servers within a secure sandboxed environment so that the whole operation runs securely. Whole setup can also be done using integrated platforms (platform as a service) such as infrastructure as a code such as cloud formation services. Figure 1.2 shows home or my profile page from manager’s point of view.
Figure 1.2 Home or my profile page from manager’s point of view.
In our proposed model, the managerial role in the organization is the administrator of the system suggested. The name of the roles in our proposed model may vary and can be changed according to the enterprise specifications, but the logic behind the operations is suggested to be kept the same. The manager has the highest access privilege than the other users in the system. Here, he/she can control document transactions and user managements monitoring and tracking the access granted to the respected users. From the Profile page of the manager, he/she can create or delete (CRUD) any announcements, and small synopsis of unread or latest communications are also viewed in the home page.
The data of the announcement, or the communications that are being sent, are sent in the JSON format by the client machines which are encrypted using DES encryption first and then AES over it. After going through the public internet and reaching the server endpoint, the encrypted data packet is decrypted. Further, the data is analyzed for infections or malware. If the data is found to be free of such things, then the JSON data is analyzed. If the content key in it contains the value “announcement”, then the data within is saved in the Announcement Table in the NoSQL database. Here, in our proposed model, we use DynamoDB because of its high scalability, serverless structure, and single-digit millisecond latency. Similarly, the “communications” would be saved over in the Communications table in the same database.
The proposed Json file structure would be like the following:
{
content: “announcement”,
data: [‘this is an array of string and objects’],
data-type: ‘text/html’
}
After clicking on the Logout button, the users are disconnected from the server and sent back to the Login page. No further actions can be carried out by that particular user’s identity unless he or she logs back in. Figure 1.3 shows home or my dashboard page from employee point of view.
Figure 1.3 Home or my dashboard page from employee point of view.
Here, it shows the profile of the employee in the organization from where he/she can view the profile, get necessary updates (i.e., from Announcements, Inbox), and perform the job. From the Home or My Dashboard page, employees see the announcements, small synopsis of unread or latest mail. On clicking over the object storage, it will be redirected to storage or bucket page. From the navigation dashboard, employees can go to any page (only eligible pages) according to their choice. Apart from all these, users can also logout from the page by clicking on the Logout button at bottom right of the page. For the users to store object-based files, the users are authenticated and the client side of the software verifies the file and compresses it after encrypting. Here, we use double layer security, i.e., for the first layer we have used the DES encryption, over that a second layer of encryption, i.e., AES is applied over it. Further, encrypted compressed objects are sent over the public internet and are in a S3 bucket through the REST API that is put in place. After a new object is created over in the primary S3 Bucket, a serverless lambda function gets invoked and the encrypted compressed file is decompressed and decrypted accordingly. Further, after a series of actions verifying the authenticity of the file sent, the file is compressed and stored in another S3 Bucket from where it would be retrieved when required. A life cycle policy is put in place where the older objects which are not required frequently are transferred to an economical tier, and the other much older objects are transferred over to glacier object storages for archival purposes. Figure 1.4 shows inbox page from manager’s point of view.
Figure 1.4 Inbox page from manager’s point of view.
Here,