Defense in Depth

Resolver employs a  “Defense in Depth”  approach to security. The  concept is not new; it  is an age-old  military strategy  adapted  to gain information  assurance in today’s open access networked environments in  shared Cloud platforms.    

The  “Defense in Depth” approach  means the use of all available security mechanisms in the different layers of the application deployment infrastructure to minimize potential attack vectors by creating multiple layers of protection in case one mechanism fails.  

It  relies on the intelligent application of techniques and technologies that exist today.  The strategy recommends a balance between protection capabilities, efficiency and cost, performance and operational considerations.  

As  Resolver uses Amazon Web Services  (AWS) hosting and deploys production environments using the AWS  Virtual Private Cloud (VPC)  service,  we heavily leverage  AWS security features.  

Network Level Security Controls (Layer 3 & 4 of OSI model):

  • AWS Shield defends against the most common, frequently occurring network and transport layer DDoS attacks that target your website or applications.
  • Utilization of AWS VPC concept  
  • Concept of Private  and  Public  facing networks  
  • VPC Security Groups  
  • Network Access Control Lists (ACLs) (AWS Firewall)  

Application (HTTP/HTTPS) Level  Security Controls  (Layer 7 of OSI Model):  

  • AWS  ALB (Application Load Balancer)  where applicable  
  • AWS WAF  (Web Application Firewall) where applicable  
  • AWS ELB (Elastic Load Balancing) where applicable  
  • Nginx Secure reverse proxy  
  • Resolver Application Level Authentication control  
  • Resolver Application Level RBAC based Authorization control  

OS Infrastructure Level  Security Controls  (Layer 4/5/6/7 of OSI Model)  

  • Antivirus  
  • Antimalware  
  • Intrusion detection system  
  • OS Firewall / IPsec Policy / IP tables mechanisms