Defense in Depth

Resolver employs a “Defense in Depth” approach to security. The concept is not new; it is an age-old military strategy adapted to gain information assurance in today’s open access networked environments in shared Cloud platforms.  

The “Defense in Depth” approach means the use of all available security mechanisms in the different layers of the application deployment infrastructure to minimize potential attack vectors by creating multiple layers of protection in case one mechanism fails. 

It relies on the intelligent application of techniques and technologies that exist today. The strategy recommends a balance between protection capabilities, efficiency and cost, performance and operational considerations. 

As Resolver uses Amazon Web Services (AWS) hosting and deploys production environments using the AWS Virtual Private Cloud (VPC) service, we heavily leverage AWS security features. 

Network Level Security Controls (Layer 3 & 4 of OSI model):

  • AWS Shield defends against the most common, frequently occurring network and transport layer DDoS attacks that target your website or applications.
  • Utilization of AWS VPC concept 
  • Concept of Private and Public facing networks 
  • VPC Security Groups 
  • Network Access Control Lists (ACLs) (AWS Firewall) 

Application (HTTP/HTTPS) Level Security Controls (Layer 7 of OSI Model): 

  • AWS ALB (Application Load Balancer) where applicable 
  • AWS WAF (Web Application Firewall) where applicable 
  • AWS ELB (Elastic Load Balancing) where applicable 
  • Nginx Secure reverse proxy 
  • Resolver Application Level Authentication control 
  • Resolver Application Level RBAC based Authorization control 

OS Infrastructure Level Security Controls (Layer 4/5/6/7 of OSI Model) 

  • Antivirus 
  • Antimalware 
  • Intrusion detection system 
  • OS Firewall / IPsec Policy / IP tables mechanisms