1 / 30

Security Issues of Internet-Based Systems

Security Issues of Internet-Based Systems. herzlichen Dank an Mag. Clemens Bruckmann für die Mithilfe bei der Gestaltung der Folien!. Why Care About Security?. security involves a tradeoff wrt functionality „turn off every feature you don‘t need“ [Conallen 99]

hall-robles
Télécharger la présentation

Security Issues of Internet-Based Systems

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Security Issuesof Internet-Based Systems herzlichen Dank an Mag. Clemens Bruckmann für die Mithilfe bei der Gestaltung der Folien!

  2. Why Care About Security? • security involves a tradeoff wrt functionality„turn off every feature you don‘t need“ [Conallen 99] • is a (non-functional) requirement enabling software to work properly • the company needs security in order to prevent • loss of crucial information • loss of company goodwill • loss of confidence • extensive costs of interruption of service • the customer wants security • confidentiality of private data

  3. Scope of Security • software • intrinsic threats: bugs, poor configuration • user threats: lack of robustness, poor authoentication • third party threats: unauthorized “listening” (hackers), data corruption (crackers), denial of service (DoS) attacks, virus infection • hardware • theft, destruction, “act of God” (flood, fire) • the human factor

  4. Scope of Security – Consequence • obscurity is not security • holistic view of software engineering:project planning should encompass • sound programming and configuration • physical security measures • security awareness within: • The development process • The organization and the team

  5. Areas of Risk in a Web Application downloaded software can damage system or expose private and personal information network traffic can be monitored, leading to the potential exposure of sensitive data Client Network Server • unauthorized access can lead to possible system damage or theft of data• malicious attacks can render a system inoperable

  6. Server-Side Security • Server is more likely attacked when placed on the Internet • Specific risk for Web-Servers: improper configuration, e.g. • enabling of optional features not required such as directory browsing; • Use of SSI (server-side includes); some SSI’s allow the axecution of general operating system commands or scripts • Advice: look out for OS new patches, read newsgroups

  7. Server-Side Security: Authentication • establishing someone’s identity based on • possession • chip card, hardware token, infrared badge, radio badge • biometrics • knowledge • password • ability to decrypt a “challenge” that has been encrypted with one’s public key good password practice is vital!

  8. Server Side Security: Fields of Risk • DoS (denial of service) attacks • unchecked buffer exploits • privilege elevation attacks • directory traversal attacks • From outside, or even more dangerous, from inside, e.g. by annoyed employee “task-based authorization”

  9. Network Security: Types of Attacks • Simple “sniffing” • intruder listens, but does not modify communication ! Client Server Attacker

  10. Network Security: Types of Attacks • man-in-the-middle attack, “session hijacking” • intruder might modify communication ! Attacker Client Server

  11. Network Security: Firewalls • filtering certain traffic Local Network Firewall Internet

  12. Network Security: Cryptography • encryption of communication to ensure • data integrity • data has not been altered or corrupted • data confidentiality • data is intelligible to intended receiver only • data authenticity • data comes from an authenticated person

  13. Symmetric Encryption Algorithms • same key for encryption and decryption • key must be kept secret • need to exchange the key “out of band” authenticity, integrity, confidentiality Key Key Sender Network Receiver

  14. Asymmetric Encryption Algorithms • key pair: public key + private key • public key to be made widely known,private key to be kept secret • still need to verify authenticity of public key • “out of band” or • by a certificate from a trusted third party (TTP) private key of sender public key of sender authenticity, integrity confidentiality public key of receiver private key of receiver Sender Network Receiver

  15. Network Security: Virtual Private Networks Internet VPN

  16. Network Security: Virtual Private Networks • Public network (Internet) is used as a private network • All members of the private network use encryption to communicate with other members of the private network • Allows for inexpensive access to individuals being remotely located • Encryption of network traffic is provided by infrastructure rather than individual applications.

  17. Network Security: SSL, HTTPS • SSL provides transport layer security Client Proxy Origin Server • HTTPS combines HTTP and SSL • encrypts network traffic • may involve authentication via certificates HTTP HTTPS HTTP is an application layer protocol

  18. Network Security: Secure Shell (SSH) • protocol for authentified • telnet replacement (slogin) • ftp replacement (sftp) • tunneling of any protocol certain protocols send clear text passwords over the network, including TELNET, FTP, POP3 POP3client SSHclient SSHdaemon POP3daemon Client Network Server

  19. Network Security: Proxies • proxies may serve several purposes • caching content • filtering requests • converting between different protocols • hiding the identity of the client from the server • problem with SSL, HTTPS: no client authentication possibleremedy: SSL Proxying – proxy establishes tunnel to server HTTP SSL tunneled through proxy Client Network Proxy Network Server

  20. Client Side Security: Fields of Risk • Pure HTML without client-side scripting is rather secure. Risks are introduced through: • buggy OS and browser • VBScript, JScript, JavaScript, Java, ActiveX controls, plug-ins, MIME-type viewers • attacks to privacy: cookies, “web bugs” • Client scripts can collect info on navigation • viruses, Trojan horses, long-distance dialers

  21. Client Side Security: Signed Code proof of authenticity (not of harmlessness!) of code Signed Code Code Codedigest receives serves signs Signature Certificate serves certificate Client CompanyServer verifiesvalidity ofcertificate issuescertificate verifiesauthenticity ofsignature Certificate Authority (CA)

  22. Client Side Security: Sandbox • untrusted internet content resides in a “sandbox” and is not allowed to perform potentially dangerous operations • reading from and writing to the client’s file system • starting programs on the client (e.g. format c:) • making calls to native system functions(DLL function calls)

  23. Client Side Security: JDK 1.0 Source: http://java.sun.com/docs/books/tutorial/security1.2/overview/index.html

  24. Client Side Security: JDK 1.1 Source: http://java.sun.com/docs/books/tutorial/security1.2/overview/index.html

  25. Client Side Security: JDK 1.2 Source: http://java.sun.com/docs/books/tutorial/security1.2/overview/index.html

  26. Client Side Security: ActiveX, Plug-Ins Web Page Element renders renders Browser ActiveX control,Browser Plug-In Operating System

  27. Client Side Security: ActiveX, Plug-Ins • An ActiveX control is a compiled module embedded in an HTML page • Hence: free access to all client resources • Principlal security mechanisms: • Code signing for downloaded ActiveX controls • Implementation of security measures at the point the component is being requested to load on the client • Internet Explorer: Security zones (network domain subset containing trusted hosts)

  28. Planning for Security: Security View • security view within the architecture model to enforce the taking into account of security considerations at an early stage • may contain users/actors (customers, account managers, certificate authorities), policies, certificates, authentication (technology)

  29. Security Awareness • awareness of risks and threats • security policies • feasible • written • enforced • model security policies:http://www.sans.org/newlook/resources/policies/policies.htm

  30. Further Acknowledgments • Jim Conallen, Building Web Applications with UML, Addison-Wesley 2000,ISBN 0-201-61577-0. • Erik Wilde, World Wide Web, Technische Grundlagen, Springer 1999,ISBN 3-540-64700-7.

More Related