security issues of internet-based systems
DESCRIPTION
Security Issues of Internet-Based Systems. herzlichen Dank an Mag. Clemens Bruckmann für die Mithilfe bei der Gestaltung der Folien!. Why Care About Security?. security involves a tradeoff wrt functionality „turn off every feature you don‘t need“ [Conallen 99] - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: Security Issues of Internet-Based Systems](https://reader036.vdocument.in/reader036/viewer/2022062517/568130ed550346895d970f5d/html5/thumbnails/1.jpg)
1
Security Issuesof Internet-Based Systems
herzlichen Dank an Mag. Clemens Bruckmann für die Mithilfe bei der Gestaltung der Folien!
![Page 2: Security Issues of Internet-Based Systems](https://reader036.vdocument.in/reader036/viewer/2022062517/568130ed550346895d970f5d/html5/thumbnails/2.jpg)
2
Why Care About Security?
• security involves a tradeoff wrt functionality„turn off every feature you don‘t need“ [Conallen 99]
• is a (non-functional) requirement enabling software to work properly
• the company needs security in order to prevent– loss of crucial information– loss of company goodwill– loss of confidence– extensive costs of interruption of service
• the customer wants security– confidentiality of private data
![Page 3: Security Issues of Internet-Based Systems](https://reader036.vdocument.in/reader036/viewer/2022062517/568130ed550346895d970f5d/html5/thumbnails/3.jpg)
3
Scope of Security
• software– intrinsic threats: bugs, poor configuration– user threats: lack of robustness, poor authoentication– third party threats: unauthorized “listening” (hackers),
data corruption (crackers), denial of service (DoS) attacks, virus infection
• hardware– theft, destruction, “act of God” (flood, fire)
• the human factor
![Page 4: Security Issues of Internet-Based Systems](https://reader036.vdocument.in/reader036/viewer/2022062517/568130ed550346895d970f5d/html5/thumbnails/4.jpg)
4
Scope of Security – Consequence
• obscurity is not security
• holistic view of software engineering:project planning should encompass– sound programming and configuration– physical security measures– security awareness within:
• The development process
• The organization and the team
![Page 5: Security Issues of Internet-Based Systems](https://reader036.vdocument.in/reader036/viewer/2022062517/568130ed550346895d970f5d/html5/thumbnails/5.jpg)
5
Areas of Risk in a Web Application
Client Network Server
downloaded software can damage system or expose private and
personal information
network traffic can be monitored, leading to the potential exposure
of sensitive data
• unauthorized access can lead to possible system damage or theft of data• malicious attacks can render a system inoperable
![Page 6: Security Issues of Internet-Based Systems](https://reader036.vdocument.in/reader036/viewer/2022062517/568130ed550346895d970f5d/html5/thumbnails/6.jpg)
6
Server-Side Security
• Server is more likely attacked when placed on the Internet
• Specific risk for Web-Servers: improper configuration, e.g.– enabling of optional features not required such as
directory browsing;– Use of SSI (server-side includes); some SSI’s allow the
axecution of general operating system commands or scripts
• Advice: look out for OS new patches, read newsgroups
![Page 7: Security Issues of Internet-Based Systems](https://reader036.vdocument.in/reader036/viewer/2022062517/568130ed550346895d970f5d/html5/thumbnails/7.jpg)
7
Server-Side Security: Authentication
• establishing someone’s identity based on– possession
• chip card, hardware token, infrared badge, radio badge
• biometrics
– knowledge• password
• ability to decrypt a “challenge” that has been encrypted with one’s public key
good password practice is vital!
![Page 8: Security Issues of Internet-Based Systems](https://reader036.vdocument.in/reader036/viewer/2022062517/568130ed550346895d970f5d/html5/thumbnails/8.jpg)
8
Server Side Security: Fields of Risk
• DoS (denial of service) attacks
• unchecked buffer exploits
• privilege elevation attacks
• directory traversal attacks
• From outside, or even more dangerous, from inside, e.g. by annoyed employee “task-based authorization”
![Page 9: Security Issues of Internet-Based Systems](https://reader036.vdocument.in/reader036/viewer/2022062517/568130ed550346895d970f5d/html5/thumbnails/9.jpg)
9
• Simple “sniffing”
– intruder listens, but does not modify communication
Network Security: Types of Attacks
!Client
Attacker
Server
![Page 10: Security Issues of Internet-Based Systems](https://reader036.vdocument.in/reader036/viewer/2022062517/568130ed550346895d970f5d/html5/thumbnails/10.jpg)
10
Network Security: Types of Attacks
• man-in-the-middle attack, “session hijacking”
– intruder might modify communication
!
ClientAttacker
Server
![Page 11: Security Issues of Internet-Based Systems](https://reader036.vdocument.in/reader036/viewer/2022062517/568130ed550346895d970f5d/html5/thumbnails/11.jpg)
11
Network Security: Firewalls
• filtering certain traffic
Local Network InternetFirewall
![Page 12: Security Issues of Internet-Based Systems](https://reader036.vdocument.in/reader036/viewer/2022062517/568130ed550346895d970f5d/html5/thumbnails/12.jpg)
12
Network Security: Cryptography
• encryption of communication to ensure– data integrity
• data has not been altered or corrupted
– data confidentiality• data is intelligible to intended receiver only
– data authenticity• data comes from an authenticated person
![Page 13: Security Issues of Internet-Based Systems](https://reader036.vdocument.in/reader036/viewer/2022062517/568130ed550346895d970f5d/html5/thumbnails/13.jpg)
13
Symmetric Encryption Algorithms
• same key for encryption and decryption– key must be kept secret– need to exchange the key “out of band”
Key Key
NetworkSender Receiver
authenticity, integrity,
confidentiality
![Page 14: Security Issues of Internet-Based Systems](https://reader036.vdocument.in/reader036/viewer/2022062517/568130ed550346895d970f5d/html5/thumbnails/14.jpg)
14
Asymmetric Encryption Algorithms
• key pair: public key + private key– public key to be made widely known,
private key to be kept secret– still need to verify authenticity of public key
• “out of band” or
• by a certificate from a trusted third party (TTP)
public key of receiver private key of receiverNetwork
private key of sender public key of sender
Sender Receiver
authenticity, integrity
confidentiality
![Page 15: Security Issues of Internet-Based Systems](https://reader036.vdocument.in/reader036/viewer/2022062517/568130ed550346895d970f5d/html5/thumbnails/15.jpg)
15
Network Security: Virtual Private Networks
VPN
Internet
![Page 16: Security Issues of Internet-Based Systems](https://reader036.vdocument.in/reader036/viewer/2022062517/568130ed550346895d970f5d/html5/thumbnails/16.jpg)
16
Network Security: Virtual Private Networks
• Public network (Internet) is used as a private network
• All members of the private network use encryption to communicate with other members of the private network
• Allows for inexpensive access to individuals being remotely located
• Encryption of network traffic is provided by infrastructure rather than individual applications.
![Page 17: Security Issues of Internet-Based Systems](https://reader036.vdocument.in/reader036/viewer/2022062517/568130ed550346895d970f5d/html5/thumbnails/17.jpg)
17
Network Security: SSL, HTTPS
• SSL provides transport layer security
Client Proxy Origin Server
• HTTPS combines HTTP and SSL• encrypts network traffic• may involve authentication via certificates
HTTP is an application layer
protocol
HTTP HTTPS
![Page 18: Security Issues of Internet-Based Systems](https://reader036.vdocument.in/reader036/viewer/2022062517/568130ed550346895d970f5d/html5/thumbnails/18.jpg)
18
Network Security: Secure Shell (SSH)
• protocol for authentified– telnet replacement (slogin)– ftp replacement (sftp)– tunneling of any protocol
certain protocols send clear text
passwords over the network, including
TELNET, FTP, POP3
Client Server
POP3client
SSHclient
SSHdaemon
POP3daemon
Network
![Page 19: Security Issues of Internet-Based Systems](https://reader036.vdocument.in/reader036/viewer/2022062517/568130ed550346895d970f5d/html5/thumbnails/19.jpg)
19
Network Security: Proxies
• proxies may serve several purposes– caching content– filtering requests– converting between different protocols– hiding the identity of the client from the server
• problem with SSL, HTTPS: no client authentication possibleremedy: SSL Proxying – proxy establishes tunnel to server
Client ServerNetwork NetworkProxy
HTTP
SSL tunneled through proxy
![Page 20: Security Issues of Internet-Based Systems](https://reader036.vdocument.in/reader036/viewer/2022062517/568130ed550346895d970f5d/html5/thumbnails/20.jpg)
20
Client Side Security: Fields of Risk
• Pure HTML without client-side scripting is rather secure. Risks are introduced through:
• buggy OS and browser– VBScript, JScript, JavaScript, Java, ActiveX
controls, plug-ins, MIME-type viewers
• attacks to privacy: cookies, “web bugs”• Client scripts can collect info on navigation• viruses, Trojan horses, long-distance dialers
![Page 21: Security Issues of Internet-Based Systems](https://reader036.vdocument.in/reader036/viewer/2022062517/568130ed550346895d970f5d/html5/thumbnails/21.jpg)
21
Client Side Security: Signed Code
proof of authenticity (not of harmlessness!) of code
Client CompanyServer
Certificate Authority (CA)
issuescertificate
Code Codedigest
Signed Code
Signaturesigns
servesreceives
Certificate
verifiesvalidity ofcertificate
serves certificate
verifiesauthenticity of
signature
![Page 22: Security Issues of Internet-Based Systems](https://reader036.vdocument.in/reader036/viewer/2022062517/568130ed550346895d970f5d/html5/thumbnails/22.jpg)
22
Client Side Security: Sandbox
• untrusted internet content resides in a “sandbox” and is not allowed to perform potentially dangerous operations– reading from and writing to the client’s file
system– starting programs on the client (e.g. format c:)– making calls to native system functions
(DLL function calls)
![Page 23: Security Issues of Internet-Based Systems](https://reader036.vdocument.in/reader036/viewer/2022062517/568130ed550346895d970f5d/html5/thumbnails/23.jpg)
23
Client Side Security: JDK 1.0
Source: http://java.sun.com/docs/books/tutorial/security1.2/overview/index.html
![Page 24: Security Issues of Internet-Based Systems](https://reader036.vdocument.in/reader036/viewer/2022062517/568130ed550346895d970f5d/html5/thumbnails/24.jpg)
24
Client Side Security: JDK 1.1
Source: http://java.sun.com/docs/books/tutorial/security1.2/overview/index.html
![Page 25: Security Issues of Internet-Based Systems](https://reader036.vdocument.in/reader036/viewer/2022062517/568130ed550346895d970f5d/html5/thumbnails/25.jpg)
25
Client Side Security: JDK 1.2
Source: http://java.sun.com/docs/books/tutorial/security1.2/overview/index.html
![Page 26: Security Issues of Internet-Based Systems](https://reader036.vdocument.in/reader036/viewer/2022062517/568130ed550346895d970f5d/html5/thumbnails/26.jpg)
26
Client Side Security: ActiveX, Plug-Ins
Operating System
BrowserActiveX control,Browser Plug-In
Web Page
Element
renders renders
![Page 27: Security Issues of Internet-Based Systems](https://reader036.vdocument.in/reader036/viewer/2022062517/568130ed550346895d970f5d/html5/thumbnails/27.jpg)
27
Client Side Security: ActiveX, Plug-Ins
• An ActiveX control is a compiled module embedded in an HTML page
• Hence: free access to all client resources• Principlal security mechanisms:
– Code signing for downloaded ActiveX controls
– Implementation of security measures at the point the component is being requested to load on the client
– Internet Explorer: Security zones (network domain subset containing trusted hosts)
![Page 28: Security Issues of Internet-Based Systems](https://reader036.vdocument.in/reader036/viewer/2022062517/568130ed550346895d970f5d/html5/thumbnails/28.jpg)
28
Planning for Security: Security View
• security view within the architecture model to enforce the taking into account of security considerations at an early stage– may contain users/actors (customers, account
managers, certificate authorities), policies, certificates, authentication (technology)
![Page 29: Security Issues of Internet-Based Systems](https://reader036.vdocument.in/reader036/viewer/2022062517/568130ed550346895d970f5d/html5/thumbnails/29.jpg)
29
Security Awareness
• awareness of risks and threats
• security policies– feasible– written– enforced
• model security policies:http://www.sans.org/newlook/resources/policies/policies.htm
![Page 30: Security Issues of Internet-Based Systems](https://reader036.vdocument.in/reader036/viewer/2022062517/568130ed550346895d970f5d/html5/thumbnails/30.jpg)
30
Further Acknowledgments
• Jim Conallen, Building Web Applications with UML, Addison-Wesley 2000,ISBN 0-201-61577-0.
• Erik Wilde, World Wide Web, Technische Grundlagen, Springer 1999,ISBN 3-540-64700-7.