• Administration
  • Syllabus
  • Objectives
• Lessons
• Lesson 1
  • Notes
  • Exercises
• Lesson 2
  • Notes
  • Exercises
• Lesson 3
  • Notes
  • Exercises
• Lesson 4
  • Notes
  • Exercises
• Lesson 5
  • Notes
  • Exercises
• Lesson 6
  • Notes
  • Exercises
• Lesson 7
  • Notes
  • Exercises

CSC 112 - Lesson 3 Notes

Security and Site Management

This week we installed a simple CGI-perl script that allows you to update a web page through a form. After we loaded the program, we needed to change the permissions so the file was readable, writeable and executable by using the chmod 777 *.* command. This method of securing a file or directory is known as "Discretionary Access Control"

Discretionary Access Controls (DAC) are procedures and mechanisms the control access at the discretion of the user (programmer). The "super user" or "owner" grants access rights for each user or group of users. The common risk using this method is that the owner my forget or inadvertently implement inadequate protection for the files. Since DAC parameters are easily changed, this type of protection is susceptible to Trojan horse attacks (see below) as well as holes left open by the programmer.

Security Concepts

Identification - The user is identified by a user identifier or userid. This type of access is know as "Authorization", which is the process used to verify the identify of the user. Typically access is granted when a user types in his or her "password". This process is know as one-way authorization.

Authorization - assigns rights to the individual user. This is the type of access we spoke about earlier when we talked about read, write and execute permissions.

Access Control - This refers to who can access the file or program. Typically access control is granted by the system administrator.

Confidentiality - is about protecting information from unauthorized assess. Typically when such data is stored it is protected by encryption or by access control. When ever confidential data is transmitted over the Internet, it should be encrypted.

Data Integrity - detects unauthorized modification of data. Usually this is done to see whether data has been modified during transmission.

Nonrepudiation - provides proof of the origin of the data or proof of its delivery. Typically data is verified that it comes from a "trusted" source. Firewalls often perform this function.

Denial of Service - is an attack on a system typically by a virus, worm or Trojan horse where the program consumes so much resources that no one else can use the system. Often a virus consumes all of the memory of the system so other users are "denied service."

Unauthorized Logons - result from the misuse of stolen or guessed password and logon information. When a hacker steals a password, he or she can impersonate the legitimate owner of the password.

Motives of Security Attacks

Generally there are four motives for attacks on the security of a system or web site:

1. Industrial Espionage - The hacker searches for the company's secrets and delivers them to a competitor.
2. Financial Gains - Attempting to steal money or resources in order to make money. Credit card fraud and telephone fraud fall into this category.
3. Revenge - Disgruntled former or present employees can seek "revenge" by planting software bombs that activate on certain days or by certain actions, plant viruses or cause other damage. The goal is usually to destroy the resources of the company.
4. Publicity - There have been individuals and groups that attacked systems in order to gain publicity or to display their skills.
   

Other Risks involve human error. I recently saw an advertisement on TV for IBM or some other big company that said something to the effect of "You can protect your data from hackers but what about Mary in Bookkeeping?

The best way to protect your data from accidental deleting or modification is to back up you system often. I even keep a copy of all the email messages for several of my customers because several of them have literally lost all of their emails for a given time period. One customer lost 122 orders over one weekend after upgrading their Microsoft Server. Luckily, I kept a copy of all the order for them. The amazing thing was they didn't even say thanks. Customers expect you to be prepared for this type of thing and are upset when you are not. Expect the unexpected. Back up all of your work.

Viruses and other pesky things

Everyone knows about computer viruses but there are other similar malicious programs that you should be aware of. These types of programs generally fall into two categories: programs that require a host program or programs and those that do not.

The malicious programs that require a host program are really fragments of software that acts on the host software. They cannot exist independently and depend on an application,utility or system program to do their dirty work. Viruses for example, need a program to host them to they can replicate themselves. Programs that don't require a host are self contained and can be programmed or scheduled to run independently. Bacteria and worms are examples of this second type.

Common Malicious Programs

Viruses - There are basically three types of viruses that run on PCs. The first type attaches itself to certain files, in particular *.exe, *.com or *,sys files. Whenever the infected file is executed, so is the virus. The next type attaches itself to a particular program like Microsoft Outlook. The programmer who writes the virus must have extensive knowledge of a particular file within the program to be successful. The last type is know as a "boot sector" virus because when the computer boots up, the virus loads before the other program thus it goes undetected until major damage has already occurred.

Bacteria - These self duplicating programs grow exponentially until eventually all of the processor capacity, system memory or disk space is consumed. They do not need a host program to run and do not attack any particular software. They simply replicate themselves over and over until the system is brought to its knees.

Worms - A worm is replicates itself and often spreads to different sites through the Internet or through a network. They are independent programs thus don't need another program to spread itself through the system. Worms consume network resources and can bring a system to a halt or slow it down so slow that nothing can get through.

Trapdoors - Trapdoors are undocumented entry points into software that bypass normal system protection. Often trapdoors are used by programmers to monitor, test or debug programs during software development. Sometimes they are left open by oversight or design, The trapdoor may be some special combination of keystrokes or special commands. If a hacker or another programmer accidentally or purposely finds the trapdoor, then he or she instantly gains special privileges to access, change or modify the program.

Logic Bombs - "Logic Bombs" or "Time Bombs" are fragments of programs that are designed to cause damage when a certain condition or set of conditions occur. Logic Bombs need a host program in order to activate the "bomb". Actions that might trigger a bomb might be a particular time of the day, week, or year as well as the presence or absence of another program, a particular user accesses the system or any myriad of other things. They do need some type of trigger to execute.

You have all probably experienced what is known as a legitimate use of logic bombs when trial software deactivates after a certain amount of time. The software vendor usually provides the customer an option to diffuse the bomb through entering a serial number or activation code.

Trojan Horses - A Trojan Horse is a program or piece of code that hides itself inside a program that performs a disguised function. The program thinks the Trojan horse is a legitimate file and the Trojan Horse usually performs similarly but with a difference. It is corrupting the program or doing some other undesirable function to consume system resources or some other mischief. It needs to be placed inside another program in order to disguise itself as the legitimate file.

Secure Servers

X.509 Certificates are issued to users by a Certification Authority. They have been called a person's "electronic drivers license" or "electronic identification card" on the Internet Either the user or the Certification Authority stores the X.509 certificate in the X.500 directory, which provides a central storage area for user certificates.

This system uses a "public key" encryption system and digital signature to identify the user. X.509 certificates have become pervasive as electronic commerce increases on the Internet, They are used by SSL (Secure Sockets Layer), S-HTTPS (Secure Hypertext Transfer Protocol), PEM (Privacy-Enhanced Mail), and PGP {Pretty Good Privacy).

Since we are concerned with web applications, the two secure methods we will discuss are Secure Sockets Layer and Secure Hypertext Transfer Protocol.

Secure Sockets Layer

Secure Socket Layer was designed by Netscape to provide security over the Internet For an underlying transport protocol, SSL uses TCP to supply reliable data transmission and reception. It is independent of the higher level application because it resides at the socket level so it can provide security to higher level protocols such as HTTP, TELNET, SSI, and FTP making it perfect for the web. It authenticates the server and optionally the client.

SSL uses two protocols: SSL Handshake Protocol to negotiate security parameters for an SSL connection and SSL Record Protocol to specify the encapsulation of all data transmitted and received. The handshake actually consist of six phases:

1. Client Hello - Server Hello (key identification)
2. Client Master Key - Client Algorithm Key (key information exchanged)
3. Client Session Key (keys exchanged and session established)
4. Server Verify (server sends confirmation - client decrypts)
5. Request Certificate - Client Certificate (client authorization)
6. Client Finished - Server Finished ( a trusted connection has now been established)

SSL Record Protocol

The data portion of the SSL Record Protocol consists of three components; the message authentication code, application payload (information to be transmitted), and the data required to pad the message when block cypher us used. Encryption Algorithms are used to keep the data secure. Currently SSL recommends the use of at least 128 bits for the key length for domestic use in the United States. For export purposes typically only 40 bits of the key is kept secret and the remaining 88 bits are sent with no encoding. Since September 11th, security has been upgraded in most systems to the recommended 128 bits.

Secure Hypertext Transfer

S-HTTP (Secure Hypertext Transfer) was developed by Enterprise Integration Technologies (EIT) to provide flexible security services for HTTP transactions. With S-HTTP, any message can be signed, authenticated, encrypted or any combination including no protection at all. S-HTTP uses algorithms, key management mechanisms and data includes various security options that conform to certain rules. This system uses negotiation headers to include these security options for each header line for a number if items.

SSl and S-HTTP

SSl and S-HTTP use different approaches in order to provide security over the Internet SSL executes a negotiation protocol which establishes a secure socket level connection. SSL security is transparent to the user

S-HTTP protocols are integrated into HTTP and negotiates its security through algorithms in the headers and other attributes attached to the page. S-HTTP can only be used on HTTP connections and the application must be aware of the S-HTTP services.

Firewalls

Firewalls are software that controls access between a private network and the Internet. The Firewall intercepts each message and depending on the configuration determines whether data or a connection request should be permitted to pass through the firewall or be discarded.

A firewall is similar to locking the doors on your home and hiring a doorman. The doorman decides which people can enter the house. No one that is not authorized can enter your home and make off with your belongings.

The firewall works to protect you in three main areas:

1. Information: You don't want anyone to steal or destroy your information.
2. Resources: You don't want unauthorized people to misuse or damage your equipment (computers) or to use your electricity, etc.
3. Reputation: You don't want anyone to ruin your reputation by demonstrating the weaknesses and vulnerabilities of your network security

Firewalls protect you in three ways:

1. Any packet that is not explicitly permitted should be denied.
2. Keeps outside users outside of your private network
3. Enforces logging, auditing and alarm procedures.

There are different grades of firewalls depending on how secure you want you information to be but there are also risks that are not address by firewalls:

1. Insider Intrusion - You are not protected from internal users
2. Direct Traffic from the Internet - Firewalls cannot intercept and examine data if the user is on a private network and dials up an Internet connection. Any traffic that bypasses the firewall will not be protected.
3. Virus Protection - Firewalls typically do not protect networks from viruses. Some firewalls implement logic to detect viruses but many do not.

This has in no means been intended to be a complete treatise on Internet Security. Rather, it was meant to be an overview of some of the key concepts, terms and conventions involved in secure commerce over the Internet For more information, surf the net for specific areas in which you are interested in.