Группа авторов

Cyber Security and Network Security


Скачать книгу

Apart from that, the manager can also sort the table according to his or her own preference. Managers have the permission to view, create and delete the files of all the employees. Employees can only access the files or documents only for those they have been eligible for.

      To save the files of the Storage Bucket, we have chosen Amazon S3 for our model. It is highly scalable and any amount of objects can be stored in it.

Snapshot of the storage bucket from manager’s point of view.

      Here, it shows the Manage Employees page of the manager in the organization. The managers can add new employees, update employees, and delete employees in the organization. Apart from that, he or she can also add and manage enterprises. Manager can search employee details just by entering the employee id of the employee in the search field. Manager has full authority over the employee, i.e., if he or she wishes to suspend any employee from accessing the application, then he or she can do so. Employees cannot access the Manage Employees page from their end as, at every step, manager’s credentials will be checked before giving allowance inside the system.

      Here, it shows the Announcement page of the manager in the organization. Here, the manager can view, edit, add, and delete announcements. The manager can send announcements to the entire department by entering the department id of them.

      In our proposed model, we have selected NoSQL databases for storing the announcements. As it has no predefined schema, storing important announcements or deleting them later can be done with great ease. We have chosen multi-level encryption. We will use DES and AES encryption to encrypt the database before pushing it to QLDB. DES is a symmetric encryption algorithm converting data into block ciphers. It uses key sizes of 64 bits.

      AES encryption is the most robust security protocol against hacking. It uses higher key sizes such as 128, 192, and 256 bits of encryption. It is one of the safest open source security solutions widely used commercially for encrypted data storage.

      First, we will encrypt the data using DES and generate a key and further encrypt it using AES providing a second level of encryption.

      In our architecture, a highly strict policy for least access privilege model is followed to ensure that no user gets access to resources more than he is supposed to. The Group Access Control Modifier thus provides that opportunity for the immediate senior managers assigned to the users to access their control privileges. This ensures that no information flows in and out of the system that is not asked to be retrieved by an authenticated user with necessary access. The Group Access Control Modifier is the GUI of a backend architecture with a JSON file containing the detailed Access Policy for specific users. Whenever the Access Policies are changed over in the GUI, the contemporary JSON file updates itself accordingly.

      1.5.1 Load Balancer

      Load balancers are used to provide low latency to users especially at high usage periods and distribute the loads across multiple compute instances. Combining it with the autoscaling groups also enables our architecture to scale up and scale down as per requirements. In the absence of load balancers, higher traffic on instances would lead to higher packet loss and higher latency due to overloaded traffic, on a fixed number of compute instances. It would also lead to unbalanced load on web servers resulting in crashing of the servers. Due to the load-balanced architecture, a user may face a latency slightly above 1–5 ms, due to the load balancer operating at layer 7 and also since the instances are provisioned on demand automatically so it saves costs to a great extent.

      1.5.2