• 210 likes • 279 Vues
Learn about the process of user authentication and access control in web applications. This guide covers essential security protocols like SSL/TLS, IPsec, and SSH, as well as common web vulnerabilities and server-side programming languages. Discover how to measure security, address server attacks, and safeguard against common security holes. Stay informed about the importance of good development practices, regular audits, and system updates for maintaining a secure web environment.
E N D
Introduction • Security is a process of authenticating users and controlling what a user can see or do
Server Web DB Server 3-tier architecture Web Browser
Some Internet Security Protocols • Application Layer Security • Electronic mail security • PGP (Pretty Good Privacy) • S/MIME (Secure Multi-Purpose Internet Mail Extensions) • Transport Layer Security • SSL/TLS (Secure Sockets Layer/Transport Layer Security ) • SSH (Secure Shell ) • Network Layer Security • IP Security (IPsec) • Infrastructure protection • DNSSEC (DNS Security Extensions) • SNMPv3 security (Simple Network Management Protocol Version 3)
How do you measure security? • Does 128-bit encryption make you feel safer?
The client • Common web browser • Communicates to server with HTTP (PUT, POST, GET) • HTML markup language for layout of pages • Scripting languages built into client to control client side content and communications with server dynamically • Cookies to store state
The server • Analyses HTTP requests from client and responds accordingly. • Either send plain HTML page • Process query data and send back dynamically produced page to client.
The web server • Common examples: Apache, IIS. • These servers and the host’s have their own security problems • Server side programming • Perl, ASP (Jscript/VBScript), PHP, C
The DBMS • SQL • DBMS • Microsoft SQL server • Oracle • MySQL • DB2 • These DBMS also have their own security problems
Attacks • On the server • Using “out of the box” security holes to gain escalated privileges, or execute commands on the server. • Make the server do something it is not supposed to do. • Examples • ColdFusion, Showcode.asp, FrontPage, etc. etc. etc.
Attacks • Through holes found using a common security scanner • Scanners simply request a fixed file name to see if the file exists or not • Assumes that exploitable files/server have not been patched, can bring false positives • Old techniques, but effective. • EASY to protect against.
Attacks • On out of the box applications • Attacker can setup and audit the application in their own environment • If one goes down, they all do • Targets of common scanners
Attacks • On custom applications • More difficult to audit • “Black box” auditing techniques • Looks for common stupid mistakes
Case one • IIS Security hole used to view ASP • Database settings extracted • SQL server live to internet • Information from server-side scripts used to connect to server
Case two • ASP not filtering input • Able to directly manipulate SQL query • Manipulating the SQL query extracts a valid cookie and creates the password
The problems? • Unfiltered user input • User data not checked and can be crafted to manipulate processing on the server to reveal file contents or bypass and gain access • Backdoor straight to the Crown Jewels
The enablers • Reliance on cryptography for security • Security through obscurity • Poor development • Poor experience • Limited resources • Awareness • Monitoring and plan
The solution(s) • Good initial setup • Programming practices • Internal Audits • Awareness • Updates, patches and hotfixes
The solution(s) • Intrusion detection • Network design • System architecture
Keep (Last Building in Castle to Fall) Moat / Main Gate Outer Perimeter Controlling Castle Access Inner Perimeter Stronghold, Higher Walls produce containment area Between Inner / Outer Perimeters Security Analogy
Keep Outer Perimeter Inner Perimeter Stronghold Internet Security Crown Jewels Internal Firewall Internet Internal Network DMZ Mission Critical Systems