Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Zero-configuration networking wikipedia , lookup
Remote Desktop Services wikipedia , lookup
Airborne Networking wikipedia , lookup
Recursive InterNetwork Architecture (RINA) wikipedia , lookup
Network tap wikipedia , lookup
Piggybacking (Internet access) wikipedia , lookup
Cross-site scripting wikipedia , lookup
Cracking of wireless networks wikipedia , lookup
Distributed firewall wikipedia , lookup
Security Issues of Internet-Based Systems herzlichen Dank an Mag. Clemens Bruckmann für die Mithilfe bei der Gestaltung der Folien! 1 Why Care About Security? • security involves a tradeoff wrt functionality „turn off every feature you don‘t need“ [Conallen 99] • is a (non-functional) requirement enabling software to work properly • the company needs security in order to prevent – – – – loss of crucial information loss of company goodwill loss of confidence extensive costs of interruption of service • the customer wants security – confidentiality of private data 2 Scope of Security • software – intrinsic threats: bugs, poor configuration – user threats: lack of robustness, poor authoentication – third party threats: unauthorized “listening” (hackers), data corruption (crackers), denial of service (DoS) attacks, virus infection • hardware – theft, destruction, “act of God” (flood, fire) • the human factor 3 Scope of Security – Consequence • obscurity is not security • holistic view of software engineering: project planning should encompass – sound programming and configuration – physical security measures – security awareness within: • The development process • The organization and the team 4 Areas of Risk in a Web Application downloaded software can damage system or expose private and personal information Client network traffic can be monitored, leading to the potential exposure of sensitive data Network Server • unauthorized access can lead to possible system damage or theft of data • malicious attacks can render a system inoperable 5 Server-Side Security • Server is more likely attacked when placed on the Internet • Specific risk for Web-Servers: improper configuration, e.g. – enabling of optional features not required such as directory browsing; – Use of SSI (server-side includes); some SSI’s allow the axecution of general operating system commands or scripts • Advice: look out for OS new patches, read newsgroups 6 Server-Side Security: Authentication • establishing someone’s identity based on – possession • chip card, hardware token, infrared badge, radio badge • biometrics – knowledge good password practice is vital! • password • ability to decrypt a “challenge” that has been encrypted with one’s public key 7 Server Side Security: Fields of Risk • • • • • DoS (denial of service) attacks unchecked buffer exploits privilege elevation attacks directory traversal attacks From outside, or even more dangerous, from inside, e.g. by annoyed employee “task-based authorization” 8 Network Security: Types of Attacks • Simple “sniffing” ! Client Server Attacker – intruder listens, but does not modify communication 9 Network Security: Types of Attacks • man-in-the-middle attack, “session hijacking” ! Attacker Client Server – intruder might modify communication 10 Network Security: Firewalls • filtering certain traffic Local Network Firewall Internet 11 Network Security: Cryptography • encryption of communication to ensure – data integrity • data has not been altered or corrupted – data confidentiality • data is intelligible to intended receiver only – data authenticity • data comes from an authenticated person 12 Symmetric Encryption Algorithms • same key for encryption and decryption – key must be kept secret – need to exchange the key “out of band” Key Sender Key Network Receiver authenticity, integrity, confidentiality 13 Asymmetric Encryption Algorithms • key pair: public key + private key – public key to be made widely known, private key to be kept secret – still need to verify authenticity of public key • “out of band” or • by a certificate from a trusted third party (TTP) private key of sender public key of sender authenticity, integrity confidentiality public key of receiver Sender Network private key of receiver Receiver 14 Network Security: Virtual Private Networks Internet VPN 15 Network Security: Virtual Private Networks • Public network (Internet) is used as a private network • All members of the private network use encryption to communicate with other members of the private network • Allows for inexpensive access to individuals being remotely located • Encryption of network traffic is provided by infrastructure rather than individual applications. 16 Network Security: SSL, HTTPS • SSL provides transport layer security HTTP Client HTTPS Proxy Origin Server • HTTPS combines HTTP and SSL HTTP is an application layer protocol • encrypts network traffic • may involve authentication via certificates 17 Network Security: Secure Shell (SSH) • protocol for authentified – telnet replacement (slogin) – ftp replacement (sftp) – tunneling of any protocol POP3 client SSH client Client certain protocols send clear text passwords over the network, including TELNET, FTP, POP3 SSH daemon Network POP3 daemon Server 18 Network Security: Proxies • proxies may serve several purposes – – – – caching content filtering requests converting between different protocols hiding the identity of the client from the server • problem with SSL, HTTPS: no client authentication possible remedy: SSL Proxying – proxy establishes tunnel to server HTTP SSL tunneled through proxy Client Network Proxy Network Server 19 Client Side Security: Fields of Risk • Pure HTML without client-side scripting is rather secure. Risks are introduced through: • buggy OS and browser – VBScript, JScript, JavaScript, Java, ActiveX controls, plug-ins, MIME-type viewers • attacks to privacy: cookies, “web bugs” • Client scripts can collect info on navigation • viruses, Trojan horses, long-distance dialers 20 Client Side Security: Signed Code proof of authenticity (not of harmlessness!) of code receives Signed Code Code Code digest Signature signs Certificate serves certificate Client verifies authenticity of signature serves verifies validity of certificate issues certificate Company Server 21 Certificate Authority (CA) Client Side Security: Sandbox • untrusted internet content resides in a “sandbox” and is not allowed to perform potentially dangerous operations – reading from and writing to the client’s file system – starting programs on the client (e.g. format c:) – making calls to native system functions (DLL function calls) 22 Client Side Security: JDK 1.0 Source: http://java.sun.com/docs/books/tutorial/security1.2/overview/index.html 23 Client Side Security: JDK 1.1 Source: http://java.sun.com/docs/books/tutorial/security1.2/overview/index.html 24 Client Side Security: JDK 1.2 Source: http://java.sun.com/docs/books/tutorial/security1.2/overview/index.html 25 Client Side Security: ActiveX, Plug-Ins Web Page Element renders renders ActiveX control, Browser Plug-In Browser Operating System 26 Client Side Security: ActiveX, Plug-Ins • An ActiveX control is a compiled module embedded in an HTML page • Hence: free access to all client resources • Principlal security mechanisms: – Code signing for downloaded ActiveX controls – Implementation of security measures at the point the component is being requested to load on the client – Internet Explorer: Security zones (network domain subset containing trusted hosts) 27 Planning for Security: Security View • security view within the architecture model to enforce the taking into account of security considerations at an early stage – may contain users/actors (customers, account managers, certificate authorities), policies, certificates, authentication (technology) 28 Security Awareness • awareness of risks and threats • security policies – feasible – written – enforced • model security policies: http://www.sans.org/newlook/resources/policies/policies.htm 29 Further Acknowledgments • Jim Conallen, Building Web Applications with UML, Addison-Wesley 2000, ISBN 0-201-61577-0. • Erik Wilde, World Wide Web, Technische Grundlagen, Springer 1999, ISBN 3-540-64700-7. 30