Date post: | 01-Jan-2016 |
Category: |
Documents |
Upload: | hall-robles |
View: | 22 times |
Download: | 3 times |
1
Security Issuesof Internet-Based Systems
herzlichen Dank an Mag. Clemens Bruckmann für die Mithilfe bei der Gestaltung der Folien!
2
Why Care About Security?
• security involves a tradeoff wrt functionality„turn off every feature you don‘t need“ [Conallen 99]
• is a (non-functional) requirement enabling software to work properly
• the company needs security in order to prevent– loss of crucial information– loss of company goodwill– loss of confidence– extensive costs of interruption of service
• the customer wants security– confidentiality of private data
3
Scope of Security
• software– intrinsic threats: bugs, poor configuration– user threats: lack of robustness, poor authoentication– third party threats: unauthorized “listening” (hackers),
data corruption (crackers), denial of service (DoS) attacks, virus infection
• hardware– theft, destruction, “act of God” (flood, fire)
• the human factor
4
Scope of Security – Consequence
• obscurity is not security
• holistic view of software engineering:project planning should encompass– sound programming and configuration– physical security measures– security awareness within:
• The development process
• The organization and the team
5
Areas of Risk in a Web Application
Client Network Server
downloaded software can damage system or expose private and
personal information
network traffic can be monitored, leading to the potential exposure
of sensitive data
• unauthorized access can lead to possible system damage or theft of data• malicious attacks can render a system inoperable
6
Server-Side Security
• Server is more likely attacked when placed on the Internet
• Specific risk for Web-Servers: improper configuration, e.g.– enabling of optional features not required such as
directory browsing;– Use of SSI (server-side includes); some SSI’s allow the
axecution of general operating system commands or scripts
• Advice: look out for OS new patches, read newsgroups
7
Server-Side Security: Authentication
• establishing someone’s identity based on– possession
• chip card, hardware token, infrared badge, radio badge
• biometrics
– knowledge• password
• ability to decrypt a “challenge” that has been encrypted with one’s public key
good password practice is vital!
8
Server Side Security: Fields of Risk
• DoS (denial of service) attacks
• unchecked buffer exploits
• privilege elevation attacks
• directory traversal attacks
• From outside, or even more dangerous, from inside, e.g. by annoyed employee “task-based authorization”
9
• Simple “sniffing”
– intruder listens, but does not modify communication
Network Security: Types of Attacks
!Client
Attacker
Server
10
Network Security: Types of Attacks
• man-in-the-middle attack, “session hijacking”
– intruder might modify communication
!
ClientAttacker
Server
11
Network Security: Firewalls
• filtering certain traffic
Local Network InternetFirewall
12
Network Security: Cryptography
• encryption of communication to ensure– data integrity
• data has not been altered or corrupted
– data confidentiality• data is intelligible to intended receiver only
– data authenticity• data comes from an authenticated person
13
Symmetric Encryption Algorithms
• same key for encryption and decryption– key must be kept secret– need to exchange the key “out of band”
Key Key
NetworkSender Receiver
authenticity, integrity,
confidentiality
14
Asymmetric Encryption Algorithms
• key pair: public key + private key– public key to be made widely known,
private key to be kept secret– still need to verify authenticity of public key
• “out of band” or
• by a certificate from a trusted third party (TTP)
public key of receiver private key of receiverNetwork
private key of sender public key of sender
Sender Receiver
authenticity, integrity
confidentiality
15
Network Security: Virtual Private Networks
VPN
Internet
16
Network Security: Virtual Private Networks
• Public network (Internet) is used as a private network
• All members of the private network use encryption to communicate with other members of the private network
• Allows for inexpensive access to individuals being remotely located
• Encryption of network traffic is provided by infrastructure rather than individual applications.
17
Network Security: SSL, HTTPS
• SSL provides transport layer security
Client Proxy Origin Server
• HTTPS combines HTTP and SSL• encrypts network traffic• may involve authentication via certificates
HTTP is an application layer
protocol
HTTP HTTPS
18
Network Security: Secure Shell (SSH)
• protocol for authentified– telnet replacement (slogin)– ftp replacement (sftp)– tunneling of any protocol
certain protocols send clear text
passwords over the network, including
TELNET, FTP, POP3
Client Server
POP3client
SSHclient
SSHdaemon
POP3daemon
Network
19
Network Security: Proxies
• proxies may serve several purposes– caching content– filtering requests– converting between different protocols– hiding the identity of the client from the server
• problem with SSL, HTTPS: no client authentication possibleremedy: SSL Proxying – proxy establishes tunnel to server
Client ServerNetwork NetworkProxy
HTTP
SSL tunneled through proxy
20
Client Side Security: Fields of Risk
• Pure HTML without client-side scripting is rather secure. Risks are introduced through:
• buggy OS and browser– VBScript, JScript, JavaScript, Java, ActiveX
controls, plug-ins, MIME-type viewers
• attacks to privacy: cookies, “web bugs”• Client scripts can collect info on navigation• viruses, Trojan horses, long-distance dialers
21
Client Side Security: Signed Code
proof of authenticity (not of harmlessness!) of code
Client CompanyServer
Certificate Authority (CA)
issuescertificate
Code Codedigest
Signed Code
Signaturesigns
servesreceives
Certificate
verifiesvalidity ofcertificate
serves certificate
verifiesauthenticity of
signature
22
Client Side Security: Sandbox
• untrusted internet content resides in a “sandbox” and is not allowed to perform potentially dangerous operations– reading from and writing to the client’s file
system– starting programs on the client (e.g. format c:)– making calls to native system functions
(DLL function calls)
23
Client Side Security: JDK 1.0
Source: http://java.sun.com/docs/books/tutorial/security1.2/overview/index.html
24
Client Side Security: JDK 1.1
Source: http://java.sun.com/docs/books/tutorial/security1.2/overview/index.html
25
Client Side Security: JDK 1.2
Source: http://java.sun.com/docs/books/tutorial/security1.2/overview/index.html
26
Client Side Security: ActiveX, Plug-Ins
Operating System
BrowserActiveX control,Browser Plug-In
Web Page
Element
renders renders
27
Client Side Security: ActiveX, Plug-Ins
• An ActiveX control is a compiled module embedded in an HTML page
• Hence: free access to all client resources• Principlal security mechanisms:
– Code signing for downloaded ActiveX controls
– Implementation of security measures at the point the component is being requested to load on the client
– Internet Explorer: Security zones (network domain subset containing trusted hosts)
28
Planning for Security: Security View
• security view within the architecture model to enforce the taking into account of security considerations at an early stage– may contain users/actors (customers, account
managers, certificate authorities), policies, certificates, authentication (technology)
29
Security Awareness
• awareness of risks and threats
• security policies– feasible– written– enforced
• model security policies:http://www.sans.org/newlook/resources/policies/policies.htm
30
Further Acknowledgments
• Jim Conallen, Building Web Applications with UML, Addison-Wesley 2000,ISBN 0-201-61577-0.
• Erik Wilde, World Wide Web, Technische Grundlagen, Springer 1999,ISBN 3-540-64700-7.