Development of the security monitoring system for cluster of information systems based on the Ruby on Rails framework

Currently, the information environment of many large organizations is  represented by a cluster of web-oriented information systems. Often these information systems are based on the Ruby on Rails framework. One of the most important tasks of complex information security in such organizations is moni...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:Bezopasnostʹ informat͡s︡ionnykh tekhnologiĭ 2018-09, Vol.25 (3), p.88-100
Hauptverfasser: Khotelov, David A., Radygin, Victor Y., Merkusheva, Anastasia S., Egorov, Ivan K., Parushkina, Alyona Y.
Format: Artikel
Sprache:eng
Schlagworte:
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:Currently, the information environment of many large organizations is  represented by a cluster of web-oriented information systems. Often these information systems are based on the Ruby on Rails framework. One of the most important tasks of complex information security in such organizations is monitoring of all cluster components in real-time. The review of modern monitoring tools carried out in this work has shown two important points. There are many effective programs for monitoring the separate components of the web environment. But there is no one complex tool that supports interaction with DBMS, an application server, a web server, a web application firewall and system or hardware resources. Thus, this paper is devoted to the development of a complex monitoring system for a cluster of web applications. The created system is based on free software and can be used by administrators to operational detection of failures or potentially dangerous situations. Analysis of existed development technologies is carried out. Application architecture is based on a combination of the following tools: Nginx, ModSecurity, puma, Ruby on Rails, PostgreSQL, Redis, Sidekiq. The Nginx web server and WAF ModSecurity provide primary processing of requests. Puma, PostgreSQL and Ruby on Rails are used to create the application core. Sidekiq and Redis implement the mechanism of delayed jobs. The web interface of the developed centralized system provides various integrated infographic tools that allow the administrators to control current status of the system and investigate the states of all components in past.  The created software was successfully tested on the NRNU MEPhI ERP-system. It has proved to be an effective tool for the complex monitoring of a cluster of web applications. Its implementation does not involve significant financial costs.
ISSN:2074-7128
2074-7136
DOI:10.26583/bit.2018.3.09