Security System 1 - 14
-
Upload
akungbgl4475 -
Category
Documents
-
view
216 -
download
0
Transcript of Security System 1 - 14
-
8/14/2019 Security System 1 - 14
1/40
#14. Securing Internet Connections
-
8/14/2019 Security System 1 - 14
2/40
AGENDA
Understanding Infrastructure Security
-
8/14/2019 Security System 1 - 14
3/40
Introduction
The Internet is perhaps the area of largest
growth for networks. The Internet is a worldwide
network that offers the capability of
instantaneous connections between networks,no matter where theyre located.
-
8/14/2019 Security System 1 - 14
4/40
Introduction
The technology started as a research project
funded by the Department of Defense and has
grown at an enormous rate. Within a few years,
virtually every computer in the world isexpected to be connected to the Internet. This
situation creates a security nightmare and is one
of the primary reasons the demand for
professionals trained in information andcomputer security is expected to grow
exponentially.
-
8/14/2019 Security System 1 - 14
5/40
Working with Ports and
Sockets As weve already discussed, the primary method
of connection between systems using the
Internet is the TCP/IP protocol. This protocol
establishes connections and circuits using acombination of the IP address and a port. Aport
is an interface that is used to connect to a
device. Sockets are a combination of the IP
address and the port. For example, if youattempt to connect to a remote system with the
IP address 192.168.0.100, which is running
-
8/14/2019 Security System 1 - 14
6/40
Working with Ports and
Sockets Securing Internet Connections a website, youll
use port 80 by default. The combination of these
two elements gives you a socket. The full
address and socket description would then be192.168.0.100:80.
-
8/14/2019 Security System 1 - 14
7/40
Working with Ports and
Sockets IP is used to route the information from one host
to another through a network. The four layers of
TCP/IP encapsulate the information into a valid
IP packet that is then transmitted across thenetwork. Figure 3.15 illustrates the key
components of a TCP packet requesting the
home page of a website. The data will be
returned from the website to port 1024 on theoriginating host.
-
8/14/2019 Security System 1 - 14
8/40
-
8/14/2019 Security System 1 - 14
9/40
Working with Ports and
Sockets The source port is the port that is addressed on
the destination. The destination port is the port
to which the data is sent. In the case of a web
application, the data for port addresses wouldboth contain 80. A number of the fields in this
packet are used by TCP for verification and
integrity, and you need not be concerned with
them at this time.
-
8/14/2019 Security System 1 - 14
10/40
Working with Ports and
Sockets However, the data field contains the value Get/.
This value requests the home or starting page
from the web server. In essence, this command
or process requested the home page of the site192.168.0.100 port 80. The data is formed into
another data packet that is passed down to IP
and sent back to the originating system on port
1024.
-
8/14/2019 Security System 1 - 14
11/40
Working with Ports and
Sockets The connections to most services using TCP/IP
are based on this port model. Many of the ports
are well documented, and the protocols to
communicate with them are well known. If avendor has a technological weakness or
implements security poorly, the vulnerability
will become known and exploited in a short time.
-
8/14/2019 Security System 1 - 14
12/40
Working with E-Mail
E-mail is one of the most popular applications in
use on the Internet. Several good e-mail servers
and clients are available. Figure 3.16
demonstrates the process of transferring an e-mail message.
-
8/14/2019 Security System 1 - 14
13/40
-
8/14/2019 Security System 1 - 14
14/40
Working with E-Mail
Simple Mail Transport Protocol
Simple Mail Transport Protocol (SMTP) is a mail
delivery protocol that is used to send e-mail
between an e-mail client and an e-mail serveras well as between e-mail servers. Messages
are moved from client to server to client via the
Internet.
-
8/14/2019 Security System 1 - 14
15/40
Working with E-Mail
Each e-mail message can take a different path
from the client to the server. In the case of
Figure 3.16, the clients are on two different e-
mail servers; they could both be on the sameserver, and the process would appear
transparent to the user. SMTP uses port 25 and
TCP for connections.
-
8/14/2019 Security System 1 - 14
16/40
Working with E-Mail
Post Office Protocol
Post Office Protocol (POP) is a newer protocol
that relies on SMTP for message transfer to
receive e-mail. POP provides a message storethat can be used to store and forward
messages. If a server isnt operating, the
originating server can store a message and try
to resend it later. POP3 uses port 110. The POPprotocol uses TCP for connections.
-
8/14/2019 Security System 1 - 14
17/40
Working with E-Mail
Internet Message Access Protocol
Internet Message Access Protocol (IMAP) is the
newest player in the e-mail field, and its rapidly
becoming the most popular. Like POP, IMAPhas a store-and-forward capability. However, it
has much more functionality
-
8/14/2019 Security System 1 - 14
18/40
Working with E-Mail
IMAP allows messages to be stored on an e-
mail server instead of being downloaded to the
client. It also allows messages to be
downloaded based on search criteria. ManyIMAP implementations also allow connections
using web browsers. The current version of
IMAP (IMAP 4) uses port 143 and TCP for
connections.
-
8/14/2019 Security System 1 - 14
19/40
Working with the Web
When two hosts communicate across the Web,
data is returned from the host using Hypertext
Markup Language (HTML). HTML is nothing
more than a coding scheme to allow text andpictures to be presented in a specific way in a
web browser. HTML can be created any number
of ways, including via manual coding and in
graphical design programs.
-
8/14/2019 Security System 1 - 14
20/40
Working with the Web
HTML files are read, interpreted by your
browser, and displayed on your system. If you
want to see what HTML looks like, you can set
your browser to view source codeyoull seethings similar to word-processor coding for
virtually every characteristic of the web page
youre viewing.
-
8/14/2019 Security System 1 - 14
21/40
Working with the Web
Websites are collections of these pages, which
are called into your browser when you click a
link or scroll through the pages. Most
developers want more than the ability to displaypages and pages of colored text on your
computer. To make creative and sophisticated
websites possible, web browsers have become
more complicated, as have web servers.Current browsers include audio, visuals,
animations, live chats, and almost any other
feature you can imagine.
-
8/14/2019 Security System 1 - 14
22/40
-
8/14/2019 Security System 1 - 14
23/40
Working with the Web
This ability to deliver content over the Web is
accomplished in one of several ways. The most
common approach involves installing
applications that talk through the server to yourbrowser. The applications require additional
ports to be opened through your firewall and
routers. Unfortunately, doing so inherently
creates security vulnerabilities.
-
8/14/2019 Security System 1 - 14
24/40
Working with the Web
Secure Sockets Layer and Transport Layer
Security
Secure Sockets Layer (SSL) and Transport
Layer Security (TLS) are two common protocolsused to convey information between a web
client and a server. The SSL protocol uses an
encryption scheme between the two systems.
The client initiates the session, the serverresponds, indicating that encryption is needed,
and then they negotiate an appropriate
encryption scheme.
-
8/14/2019 Security System 1 - 14
25/40
Working with the Web
TLS is a newer protocol that merges SSL with
other protocols to provide encryption. TLS
supports SSL connections for compatibility, but it
also allows other encryption protocols, such asTriple DES, to be used. SSL/TLS uses port 443
and TCP for connections.
-
8/14/2019 Security System 1 - 14
26/40
Working with the Web
HTTP/S
HTTP Secure (HTTP/S) is a protocol that is
used for secure connections between two
systems that use the Web. It protects theconnection, and all traffic between the two
systems is encrypted. HTTP/S uses SSL or TLS
for connection security, and it uses port 443 and
TCP for connections.
-
8/14/2019 Security System 1 - 14
27/40
Working with the Web
Vulnerabilities of Web Add-ins
The growth of the Web and demands from
users for more features has spurred the creation
of a new set of vulnerabilities that must beevaluated and managed. Increasingly, web
browsers and other web-enabled technologies
allow servers to send instructions to the client to
provide multimedia and other capabilities. Thisis creating a problem for security professionals
because these protocols offer potential
weaknesses.
-
8/14/2019 Security System 1 - 14
28/40
Working with the Web
ActiveXActiveXis a technology that was
implemented by Microsoft to customize controls,
icons, and other features, which increases the
usability of web-enabled systems. ActiveX runson the client. It uses a method called
Authenticode for security. Authenticode is a type
of certificate technology that allows ActiveX
components to be validated by a server.
-
8/14/2019 Security System 1 - 14
29/40
Working with the Web
ActiveX components are downloaded to the
client hard disk, potentially allowing additional
security breaches. Web browsers can be
configured so that they require confirmation toaccept an ActiveX control. However, many users
dont understand these confirmation messages
when they appear, and they automatically
accept the components.
-
8/14/2019 Security System 1 - 14
30/40
Working with the Web
Automatically accepting an ActiveX component
or control creates the opportunity for security
breaches on a client system when the control is
used because an ActiveX control containsprogramming instructions that can contain
malicious code or create vulnerabilities in a
system.
-
8/14/2019 Security System 1 - 14
31/40
Working with the Web
Buffer Overflows
Buffer overflows occur when an application
receives more data than its programmed to
accept. This situation can cause an applicationto terminate or to write data beyond the end of
the allocated space. Termination may leave the
system sending the data with temporary access
to privileged levels in the attacked system, whileoverwriting can cause important data to be lost.
This exploitation is usually a result of a
programming error in the development of the
software.
-
8/14/2019 Security System 1 - 14
32/40
Working with the Web
Common Gateway Interface
Common Gateway Interface (CGI) is an older
form of scripting that was used extensively in
early web systems. CGI scripts were used tocapture data from a user using simple forms.
-
8/14/2019 Security System 1 - 14
33/40
Working with the Web
CookiesCookies are text files that a browser
maintains on the users hard disk in order to
provide a persistent, customized web
experience for each visit. A cookie typicallycontains information about the user.
-
8/14/2019 Security System 1 - 14
34/40
Working with the Web
For example, a cookie can contain a clients
history to improve customer service. If a
bookstore wants to know your buying habits and
what types of books you last viewed at its site, itcan load this information into a cookie on your
system. The next time you return to that store,
the server can read your cookie and customize
what it presents to you.
-
8/14/2019 Security System 1 - 14
35/40
Working with the Web
Cookies can also be used to time-stamp a user
to limit access. A financial institution may send
your browser a cookie once youve
authenticated. The server can read the cookie todetermine when a session is expired.
-
8/14/2019 Security System 1 - 14
36/40
Working with the Web
Obviously, cookies are considered a risk
because they have the potential to contain your
personal information, which could get into the
wrong hands. If security is your utmost concern,the best protection is to not allow cookies to be
accepted. Almost every browser offers the
option of enabling or disabling cookies. If you
enable them, you can usually choose whether toaccept/reject all or only those from an
originating server.
-
8/14/2019 Security System 1 - 14
37/40
Working with the Web
Cross-site scripting (XSS)
Using a client-side scripting language, it is
possible for a neer-do-well to trick a user into
visiting their site and having code then executelocally. When this is done, it is known as cross-
site scripting. As an example, UserA may get a
message telling him that he needs to make
changes to his XYZ account, but the link in themessage is not really to the XYZ site (a phishing
ploy).
-
8/14/2019 Security System 1 - 14
38/40
Working with the Web
When he clicks on the link, a JavaScript routine
begins to run on his machine. Since the script is
running on UserAs system, it has his
permissions and can begin doing such things asrunning malevolent routines to send/delete/alter
data. The best protection against cross-site
scripting is to disable the running of scripts.
-
8/14/2019 Security System 1 - 14
39/40
Working with the Web
Input Validation
Anytime a user must supply values in a session,
validation of the data entered should be done.
Many vendors, however, have fallen prey toinput validation vulnerabilities within their code.
In some instances, empty values have been
accepted, while others have allowed privilege
escalation if certain backdoor passwords wereused.
-
8/14/2019 Security System 1 - 14
40/40
Working with the Web
The best protection against input validation
vulnerabilities is for developers to follow best
practices and always validate all values entered.
As an administrator, when you learn of an inputvalidation vulnerability with any application on
your system, you should immediately stop using
it until a patch has been released and installed.