Sony Website Architecture: System Design
High Level Expectation:
■As a user, I should be able to view products list and see product description.
■As a user, I should be able to buy a products and review the products items.
■As a user, I should be able to see my transactions and download previous data
■As a user, I should be able to navigate company related static pages
■As an admin, I should be able to see analytics.
■As an operation team members, I should be able to see user orders and contact information.
■As a vendor, I should be able to deliver the parcel by getting routes.
Website: Architecture
Security
■For Security purpose we can use below mentioned technologies.
■JWT token for information exchange.
■AWS WAF to stop hackers
■HTTPS, 4028 Bits Secured SSL protocol.
■We can use SHA-256 bits encryption, AWS-KMS
PGP key to store customer sensitive data.
Secuirty: Architecture(AWS: WAF)
AWS Managed Rules (A): This set of AWS managed core rules provides protection against exploitation of a wide range of common application vulnerabilities or other unwanted traffic.
Manual IP lists (B and C):. This component creates two specific AWS WAF rules that allow you to manually insert IP addresses that you want to block or allow
SQL Injection (D) and XSS (E): The solution configures two native AWS WAF rules that are designed to protect against common SQL injection or cross-site scripting (XSS) patterns in the URI, query string, or body of a request.
HTTP flood (F): This component helps protect against attacks that consist of a large number of requests from a particular IP address, such as a web-layer DDoS attacks or a brute-force login attempt. This feature supports thresholds of less than 100 requests within a 5 minute period.
Scanners and Probes (G): This component parses application access logs searching for suspicious behavior, such as an abnormal amount of errors generated by an origin. It then blocks those suspicious source IP addresses for a customer-defined period of time.
IP Reputation Lists (H): This component is the IP Lists Parser AWS Lambda function which checks third-party IP reputation lists hourly for new ranges to block.
Bad Bots (I): This component automatically sets up a honeypot, which is a security mechanism intended to lure and deflect an attempted attack.