1 / 30

Chapter 10 Security and Encryption

Chapter 10 Security and Encryption. Objectives. Explain the nature of a threat model Be able to construct a threat model Be aware of common threats to web applications and how to prevent attacks Explain the principles for developing a secure web application.

signa
Download Presentation

Chapter 10 Security and Encryption

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Chapter 10Security and Encryption

  2. Objectives • Explain the nature of a threat model • Be able to construct a threat model • Be aware of common threats to web applications and how to prevent attacks • Explain the principles for developing a secure web application

  3. Security Characteristicsfor Computer Systems • Confidentiality: data and communication are private • Integrity: data are free of tampering and damage • Availability: an application can be used when it is needed • Authentication: each party to a transaction can be reliably identified • Authorization: each user is given only appropriate privileges • Accountability: each user is bound to his/her actions (cannot repudiate them)

  4. Threat Modeling – Definitions • Threat: a potential misuse of an application (event) that will cause harm if it does occur • Attack: an actual attempt to misuse an application • Vulnerability: a flaw within an application that enables an attack to succeed

  5. Building a Threat Model • A complete threat model includes a list of threats, including for each: • Threat description • Attacker profile (skill, resources, motivation) • Means of attack • Likely damage if the attack succeeds

  6. Threat Model ComponentOnline Ticketing System • Threat: Attacker gains root control of system • Possible methods: Buffer overflow attack • Objectives: Gain root authority, enabling attacker to run arbitrary commands • Attacker (goal, experience, resources): Attacker is a professional criminal, seeking to gain financially from theft of tickets or to cause financial harm to company. Attacker may have access to a botnet, and information about recently discovered vulnerabilities. • Likely harm: Attacker steals tickets, causing financial loss to the system, or attacker compromises the system, causing down-time and ultimate loss of business.

  7. Common Attacks on Web Applications • Buffer Overflow • Cross-Site Scripting • Denial of Service • Insider Misuse • Password Guessing • Sniffing • Spoofing • SQL Injection

  8. Buffer Overflow • Buffer: a memory allocation intended to hold input or output • Buffer overflow: input is too large; excess input overflows into subsequent memory • If the overflow areacontains instructions,the attacker can effectively take controlof the application byrewriting critical parts

  9. Protection against Buffer Overflow • Use safe languages (Java, C#, etc.) that do not allow buffer overflow • (C++ is the WORST choice) • If the language allows overflows, check each buffer operation against size limits.

  10. Cross-Site Scripting (XSS) • The attacker embeds malicious HTML code in a public website • The victim (another user) clicks on a link in that code, causing the victim's cookie to be sent to the attacker's website • The attacker then uses the victims cookie to misuse the victim's open session • improper transaction, theft of information,etc.

  11. Cross-Site Scripting 1. embed malicious HTML attacker Attacker's server Application Website (e-commerce, bank, etc.) 3. misuse victim's session victim 2a. click on malicious link 2b. send victim's cookie (as a result of clicking the link)

  12. Protection Against XSS • Any text posted by users (comments, reviews, etc.), must be filtered • Only legal characters should be allowed; delimiters in particular should not be allowed • All illigeal characters should be deleted or replaced by escape characters • for example, replace < and > by &lt; and &gt;

  13. Denial of Service • The attacker bombards the victim's server with spurious internet traffic, so that it is unable to carry out normal operations legitimate user bot IP Traffic Attacker's botnet Server bot bot

  14. Protection Against DOS Attack • Use multiple internet portals, from different vendors • Use a firewall to filter suspicious IP traffic

  15. Insider Misuse • Corporate insiders are the source of many attacks, including • theft • espionage • sabotage (revenge) • Security mechanisms are often directed at external attackers only, leaving the door open to inside attacks

  16. Protection Against Insider Misuse • A so-called "demilitarized zone" protects the application with firewalls from both outside and inside attack • Insiders are restricted to authorized and monitored access only

  17. Password Guessing • People often create passwords from familiar words, dates, names, etc. • Password guessing uses combinations of these in repeated attempts to login • Account-ids may be guessed also, or may be derived from scanning other sources (e.g., email addresses)

  18. Protection Against Password Guessing • Insist on strong passwords • include digits, special symbols • Delay response for a few seconds after a failed login, to slow down guessing • Lock the user's account for a short period after repeated failed attempts • e.g., 1-hour lock after five consecutive failed attempts

  19. Sniffing • Internet traffic also passes through local networks, where it can be monitored • Sensitive information that is transmitted in plain text (unencrypted) can be read by other parties on a local network or at an intermediate internet hub Internet Internet Gateway Workstation local area network

  20. Protection against Sniffing • Use HTTPS for any transactions containing sensitive information • login credentials • financial information • personal information • etc.

  21. Spoofing • The attacker creates a phony website that spoofs a real website (bank, etc.) • Victims are tricked into logging in to the phony site • The attacker uses stolen credentials to access victims' accounts • With real-timespoofing, theattacker's websitecommunicateswith thespoofed website

  22. Protection Against Spoofing • Educate users never to click on emailed hyperlinks, and to use their own bookmarks or a typed URL instead • Use a challenge-response test to verify user identify • (doesn't help with real-time spoofing)

  23. SQL Injection • Attacker inserts SQL into an input field • The application embeds the inserted syntax into its own SQL commands • The attackers SQL is executed String sqlCommand = "SELECT user FROM users" + "WHERE userid = ' " + userid_in + " AND password = ' " + password_in; xyz Userid: Password: 1' OR 'x'='x Resulting SQL Command: SELECT user FROM users WHERE userid = 'xyz' AND password = '1' OR 'x' = 'x' Always TRUE!

  24. Protection Against SQL Injection • Filter input when received • Allow only legal characters • For example, boolean validPassword = Pattern.matches("[a-zA-Z0-9~!@#$%^&*]+); if (! validPassword) { … reject login attempt … } Java regular expression defining legal password characters

  25. Secure HTTP (HTTPS) • HTTPS uses Transport Layer Security (TLS) to encrypt the contents of an HTTP transaction • TLS goes between HTTP and IP • TLS is similar to Secure Sockets Layer (SSL) HTTP TLS TCP IP

  26. Transport Layer Security (TLS) • TLS includes authentication through certificate exchange, and encryption using a negotiated secret key

  27. HTTP Authentication • The web server sets up security realms, and authenticates users when a realm is first accessed (within a session) • Authentication is via a standard form:

  28. HTTP Authentication • HTTP Authentication uses no encryption, so it is not a substitute for HTTPS/TLS • HTTP Authentication is OK for low-security needs, such as keeping random browsers or web crawlers out of a private area • It is not acceptable for applications that require real privacy, however!

  29. Principles for Secure Design • Develop a realistic threat model – know the potential attackers • Follow a reliable design pattern, such as MVC • Limit user capabilities to only what is needed (least privilege) • Require and enforce authorization (don't allow users to sneak past login pages!) • Require and enforce HTTPS access for secure resources

  30. Review • Threat Model • Common Threats • Principles for Secure Design

More Related