Multi-Tier Application Flashcards
Multi-Tier Applications Layers
Presentation Layer
Application Layer
Data Layer
Servers and services require:
Health monitoring and reporting ● Traffic monitoring ● Log export, centralization and review ● Backup ● Connection pooling ● Load balancing
What is included in Presentation Tier:
a) Networking Traffic, IDS, IPS, Firewall, Network Hardware
b) Caching Server / Reverse Proxy Logs and Activity
c) Web Application Firewall (WAF) Logs
d) Web Server logs
e) All of the above
e)All of the above
Learn your HTTP status codes!
1XX=?
Information
Learn your HTTP status codes!
2XX=?
Success
Learn your HTTP status codes!
3XX=?
Redirection
Learn your HTTP status codes!
4XX=?
Client Error
Learn your HTTP status codes!
5XX=?
Error
Can JS(front-end)send details to log?
Yes
why do Application Tier logging:
a) Audit the business policy surrounding the app logic;
b) Ensure database integrity;
c) debug problems;
d) Monitor activities;
e) provide a more complete picture for an investigation;
a,c,e
- Look for security events at the application level
- Audit the business policy surrounding the app logic
- Determine and monitor baselines
- Debug problems
- Provide a more complete picture for an investigation
- Detect attacks and mitigate app exploitation
- Monitor performance & compliance
How many login standards are there?
4 • CLFS: Common Log File System • CEF: Common Event Format • CEE: Common Event Expression • ELFF: Extended Log File Format
What info to log:
When
TImestamp
Sequence number
What info to log:
Who
Source IP
User identity
What info to log:
Where
- Application identifier
- Application server IP
- Service/protocol involved
- Geolocation
- Application entry point (url, http method, etc)
- Code location if possible
What info to log:
What
Type of event • Severity (numeric?) • Description • Result/actions taken? • Reason? • Request headers and http status codes
