Company X Security Architecture: Implementing DMTF Redfish Protocol

Verified

Added on 2022/08/15

AI Summary

This report focuses on the implementation of a security architecture for Company X, specifically utilizing the DMTF Redfish protocol. The primary goal is to ensure data confidentiality, integrity, and availability. The report details how Redfish, with its RESTful interface, is employed to prevent CSRF attacks and manage product tokens. It highlights the ease of design, implementation, and extension of security aspects using this model. The report also discusses the protocol's ability to define standard actions and resolve challenges associated with remote interface security. Furthermore, it provides recommendations for improving Company X's security, including proper software updates and optional element discovery. The report references several sources to support its findings, emphasizing the importance of a robust security framework.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Running head: IMPLEMENTING SECURITY ARCHITECTURE
Implementing Security Architecture: Incorporating DMTF Redfish protocol in Company X
Name of the Student:
Name of the University:

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

1IMPLEMENTING SECURITY ARCHITECTURE
Review
Security Architecture can be defined as a design architecture which demonstrates the way
through which security inside any company can be maintained to earn measurable long term
commercial profit. The company for which the security architecture is designed here is Company
X. The security protocol that is developed for Company X is DMTF RedFish. The purpose of
using this architecture is to maintain the system’s integrity, availability and confidentiality.
There are different security development mechanisms are available but all the
mechanisms are not applicable for the companies. However, based on the company’s current
status among many security mechanisms the suitable approach has to be chosen to provide high
level data security, availability and integrity. Therefore, based on company’s operational and
functional activities the most suitable security activity and mechanism has to be selected and
applied a well. It gives a completely unique resource path component. It enables the web
applications for consuming the service during the prevention of CSRF attacks. The product’s
tokens and their respective versions can be easily traced with the protocol.
According to Solutions and Meade, (2018), the Redfish management standard uses data
model representation with RESTful interface. This process is much easier to design and
implement as well. Extension of security aspects using this model is also easy and cost effective
than others. Implementation of this model helps to create relationship between programming
environment and all associate components. Humans can also interpret this model easily. For
managing scalable platforms this protocol stands useful. The security protocol is implemented in
Company X to give data confidentiality, security and integrity as well.

2IMPLEMENTING SECURITY ARCHITECTURE
In order to reduce the design complexity and security challenges the model is used. This
tool successfully supports the OpenAPI services that give rich ecosystem. It gives message
sending capabilities even also outside the normal requests. The HTTP status codes can also be
reviewed by the clients. By performing a GET on specific URI clients can open SSE connection
within the service. The Redfish operation cannot easily map the semantic RESTful interface.
Apart from that this kind of operation again cannot directly impact the Redfish resource related
properties. It has ability to define standard actions. Due to this reason it holds normative
language but the others approaches does not. The challenged associated to remote interface
security gets easily resolved with this security protocol.
Recommendations
In order to improve the security of Company X some recommendations are also
elaborated in the below section:
Proper updates: Most of the software takes frequent updates. In order to make these
update easy and simple proper supporting license has to be implemented by the associates.
Optional element discovery: In order to keep all information secured from unauthorized
users each optional element has to be properly discovered. Apart from that, another data
encryption mechanism is also needed to be implemented to make sure that only authorized users
can access data using the symmetric and asymmetric common decryption keys.

3IMPLEMENTING SECURITY ARCHITECTURE
References
Barker, E., & Mouha, N. (2017). Recommendation for the triple data encryption algorithm
(TDEA) block cipher (No. NIST Special Publication (SP) 800-67 Rev. 2 (Draft)).
National Institute of Standards and Technology.
Campana, S. E., Valentin, A. E., MacLellan, S. E., & Groot, J. B. (2016). Image-enhanced burnt
otoliths, bomb radiocarbon and the growth dynamics of redfish (Sebastes mentella and S.
fasciatus) off the eastern coast of Canada. Marine and Freshwater Research, 67(7), 925-
936.
Kumari, P., Saleem, F., Sill, A., & Chen, Y. (2017, December). Validation of redfish: the
scalable platform management standard. In Companion Proceedings of the10th
International Conference on Utility and Cloud Computing (pp. 113-117).
Solutions, C., & Meade, F. (2018). Transitioning to the Security Content Automation Protocol
(SCAP) Version 2.