Security of web applications

Download Report

Transcript Security of web applications

Security of Web Applications
Ladislav Hudec
Faculty of Electrical Engineering and Information Technology
Slovak University of Technology, Bratislava
prepared for SOFSEM 2001, November 26, 2001, Piešťany
http://www.dcs.elf.stuba.sk/~lhudec/
Doc. Ing. Ladislav
Hudec, CSc., CISA
Agenda
1. Security services and technologies
2. Web security considerations
3. Network security
4. IPSec - IP Secure protocol
5. SSL - Secure Socket Layer Protocol
6. Firewalls
7. References
Doc. Ing. Ladislav
Hudec, CSc., CISA
An organization faces numerous challenges in
implementing appropriate security controls to secure its
systems and information. The basic challenges are as :
• security is not built into IT
• security is always an afterbought
• lack of management commitment
• immaturity of software processes.
Doc. Ing. Ladislav
Hudec, CSc., CISA
Security services and technologies
New IT systems have incorporated a defined set of
controls to ensure their security.
Web applications (e.g. e-commerce) are no different in that
regard and require the same set of security controls.
The primary security controls are:
• Confidentiality
• Access control (autentication and authorization)
• Integrity
• Availability
• Nonrepudiation.
Doc. Ing. Ladislav
Hudec, CSc., CISA
Confidentiality refers to the protection of information from
unauthorized disclosure to a person or computing entity.
Cryptography enables confidentiality and protects data.
Access control (autentication and authorization)
autenticates the identity of the entity trying to access a
computing resource, and controls the use of computing
resource per predetermined levels of entitlement.
Authentication by static password, token, one time
password, biometrics autentication, public and private key
autentication.
Integrity controls protect the data/or computing resource
from any intentional or unintentional tampering. It is
ensured by cryptography, hash function and proper access
control. (antivirus software, signing the mobile code).
Doc. Ing. Ladislav
Hudec, CSc., CISA
Availability refers to the continuity of IT processing and
the availability of information. Adequate configuration of
the system and controlled processes and procedures guards
against denial of services attack.
Nonrepudiation controls ensure that users cannot deny
actions they undertook. Other organizations require their
users to read and agree to business agreements that hold
users aaccountable to their authentication tokens.
Transactions entered through those passwords are thus a
user‘s sole responsibility.
Doc. Ing. Ladislav
Hudec, CSc., CISA
Web security considerations
Web presents new challenges (not generally appreciated) in
the context of computer and network security:
• the Internet is two way
• the web is increasingly serving as a highly visible outlet
• although web browsers are very easy to use, web servers are
relatively easy to configure and manage, the web content is
increasingly easy to develop, the underlying software is
extraordinarily complex
• a web server can be exploited as a launching pad for attack
on corporation’s internal network
• causual and untrained (in security matters) users are
common clients for web based services.
Doc. Ing. Ladislav
Hudec, CSc., CISA
Web security threats
Integrity:
Threats
Consequences
 Modification of user  Loss of
data
information
 Trojan horse browser  Compromise of
machine
 Modification of
memory
 Vulnerability to
all other
 Modification of
threats
message traffic in
transit
Doc. Ing. Ladislav
Hudec, CSc., CISA
Countermeasures
Cryptographic
checksums
Web security threats
Confidentiality:
Threats
Consequences
 Eavesdropping on
 Loss of
the net
information
 Theft of information  Loss of privacy
from server
 Theft of data from
client
 Information about
network configuration
 Information about
which clients talks to
server
Doc. Ing. Ladislav
Hudec, CSc., CISA
Countermeasures
Encryption, web
proxies
Web security threats
Denial of services:
Threats
Consequences
 Killing of user
 Disruptive
threads
 Annoying
 Flooding machine
 Prevent user
with bogus threads
from getting
 Filling up disk or
work done
memory
 Isolating machine by
DNS attack
Doc. Ing. Ladislav
Hudec, CSc., CISA
Countermeasures
Difficult to prevent
Web security threats
Authentication:
Threats
 Impersonation of
legitimate users
 Data forgery
Doc. Ing. Ladislav
Hudec, CSc., CISA
Consequences
Countermeasures
 Misrepresentation Cryptographic
techniques
of user
 Belief that false
information is valid
Network security
Another way to classify web security threats is in terms of
the location of the threat:
• web server
• web browser
• network traffic between browser and server.
Issues of server and browser security fall into the category
of computer system security.
Issues of network traffic between server and browser fall
into the category network security.
Doc. Ing. Ladislav
Hudec, CSc., CISA
TCP/IP model of network architecture
Application layer - offers services to users, provides network
management (TELNET, HTTP, SMTP, .. protocols)
Transport layer - provides data flow between two end nodes of
network. TCP protocol (reliable, with connection) a UDP
(connectionless, unreliable)
Network layer - provides packet transmission over network. IP
protocol (connectionless, unreliable), ICMP protocol.
Network interface layer - provides the same services as link
and physical layer in RM OSI.
Doc. Ing. Ladislav
Hudec, CSc., CISA
IPSec - IP Secure protocol
HTTP
FTP
SMTP
TCP
IP/IPSec
•Ensures authentication, confidentiality and integrity of IP
packets between two nodes (extensions of IP protocol)
• AH and EPS headers
• key and algorithm management according IKE (Internet Key
Exchange) - combination of ISAKMP and Oakley
• creates a tunnel at the network layer
Doc. Ing. Ladislav
Hudec, CSc., CISA
IPSec - IP secure protocol
IPSec services
AH
ESP (Encryption
ESP (Encryption
only)
and Authentication)
Acces control
YES
Connectionless
integrity
YES
YES
Data origin
authentication
Rejection of
replayed packets
YES
YES
YES
YES
YES
Confidentionality
YES
YES
Limited traffic
flow
confidentionality
YES
YES
Doc. Ing. Ladislav
Hudec, CSc., CISA
YES
YES
SSL - Secure Socket Layer Protocol
SSL Handshake SSL Change Cip.
Protocol
Spec Protocol
SSL Alert
Protocol
HTTP
SSL Record Protocol
TCP
IP
SSL connection - is a transport (RM OSI) that provides suitable
type of services. Every connection is associated with one
session.
SSL session - is an association between a client and a server.
Sessions are created by the Handshake protocol (defines set of
cryptographic security parameters, that can be shared among
multiple connections).
Doc. Ing. Ladislav
Hudec, CSc., CISA
SSL - Secure Socket Layer Protocol
SSL Record Protocol - provides two services for SSL
connections
•confidentiality - handshake protocol defines shared secret key
for encryption of SSL payloads
•integrity - handshake protocol defines shared secret key to
form message authentication code MAC
Operations of SSL Record Protocol
•fragment
•compress
•add MAC
•encryption
Doc. Ing. Ladislav
Hudec, CSc., CISA
SSL - Secure Socket Layer Protocol
Change Cipher Spec Protocol
• uses the SSL Record protocol
• is the simplest of SSL protocols
• only single byte message with value 1 and causes the
pending state to be copied into the current state (updates
cipher suite to be used in this connection).
Doc. Ing. Ladislav
Hudec, CSc., CISA
SSL - Secure Socket Layer Protocol
Alert Protocol
• used to convey SSL-related alerts to the peer entity
• two types of alerts: warning and fatal
• in the case of fatal alert SSL immediately terminates the
connection (the other connections of the session can
continue but no new one is established)
Doc. Ing. Ladislav
Hudec, CSc., CISA
SSL - Secure Socket Layer Protocol
Handshake Protocol
• the most complex part of SSL
• allows server and client to authenticate each other
• negotiates an encryption and MAC algorithm and
cryptographic keys to be used to protect data sent in an SSL
• is used before any application data are transmitted
• consists of four phases
Doc. Ing. Ladislav
Hudec, CSc., CISA
SSL - Secure Socket Layer Protocol
Handshake Protocol, Phase 1- Establish Security
Capabilities
Client
Server
client_hello
server_hello
Time
Doc. Ing. Ladislav
Hudec, CSc., CISA
Establishes security capabilities,
including protocol version,
session ID, cipher suite,
compression method, and initial
random numbers
SSL - Secure Socket Layer Protocol
Handshake Protocol, Phase 2-Server Authentication and
Key Exchange
Client
Server
certificate
server_key_exchange
Server may send certificate, key
exchange and request certificate.
Server signals end of hello
message phase.
certificate_request
server_hello_done
Time
Doc. Ing. Ladislav
Hudec, CSc., CISA
Dotted transfers are optional or
situation-dependent messages
that are not always sent
SSL - Secure Socket Layer Protocol
Handshake Protocol, Phase 3-Client Authentication and
Key Exchange
Client
Server
certificate
client_key_exchange
Client sends certificate, if
requested. Client sends key
exchange. Client may send
certificate verification.
certificate_verify
Time
Doc. Ing. Ladislav
Hudec, CSc., CISA
Dotted transfers are optional or
situation-dependent messages
that are not always sent
SSL - Secure Socket Layer Protocol
Handshake Protocol, Phase 4-Finish
Client
Server
change_cipher_spec
finished
change_cipher_spec
finished
Time
Doc. Ing. Ladislav
Hudec, CSc., CISA
Changes cipher suite and finishes
handshake protocol.
SSL - Secure Socket Layer Protocol
Supported key exchange methods:
• RSA - secret key is encrypted with the receiver’s RSA
public key (receiver’s certificate available)
• fixed Diffie-Hellman - server’s certificate contains the D-H
public parameters
• ephemeral Diffie-Hellman - the D-H public keys are
exchanged, signed using the sender’s private RSA or DSS
key
• anonymous Diffie-Hellman - base D-H algorithm is used
with no authentication
• Fortezza
Doc. Ing. Ladislav
Hudec, CSc., CISA
SSL - Secure Socket Layer Protocol
Supported cipher algorithms:
• RC4, RC2, DES, 3DES, DES40, IDEA, Fortezza
Supported MAC algorithms:
• MD5, SHA-1
Transport Layer Security (TLS) is an IETF
standardisation initiative for producing an Internet
standard version of SSL. (Current version of TLS is very
similar to SSLv3.)
Doc. Ing. Ladislav
Hudec, CSc., CISA
Firewalls
Outer
untrusted
network
(Internet,
other LAN)
Inner
protected
network
(LAN)
Firewall
Doc. Ing. Ladislav
Hudec, CSc., CISA
Definition of firewall
Firewall is a collection of components placed between two
networks that collectively have the following properties:
• all traffic from inside to outside, and vice versa, must
pass through the firewall
• only authorised traffic, as defined by the local security
policy, will be allowed to pass
• the firewall itself is immune to penetration.
Doc. Ing. Ladislav
Hudec, CSc., CISA
Level of firewall operation
Application
specific proxy
Application
Transport
Packet filter
Network
Network
interface
Doc. Ing. Ladislav
Hudec, CSc., CISA
In circuit proxy
Packet filter
• is a multiported internetworking device applying a set
of rules to each incoming IP packet for deciding whether
it will be forwarded or dropped
• filtering is based on information found in packet
headers (protocol numbers, source and destination IP
addresses, source and destination port numbers, TCP
connection flags, other options)
• routers supporting packet filtering - screening routers
• static packet filtering - stateless inspection (FTP session)
• dynamic packet filtering - stateful inspection
• implementation of high level security policy to filtering
rules?
Doc. Ing. Ladislav
Hudec, CSc., CISA
Circuit level gateways
• the idea of circuit level gateway is fundamentally
different from packet filtering
• it takes a TCP connection request from the client,
authenticates and authorises the client, and establishes a
second TCP connection to the origin server on the
client’s behalf
• after having successfully established this second TCP
connection, gateway simply relays data forth and back
between the two connections
• implementation by SOCKS
• SOCKS follows a customised client approach (it requires
customisation and modification to client software, no
change is usually required to user procedures)
Doc. Ing. Ladislav
Hudec, CSc., CISA
Circuit level gateway (in circuit proxy) firewall
Outer
untrusted
network
(Internet,
other LAN)
In circuit proxy
http server
http client
Telnet
server
Other application
Doc. Ing. Ladislav
Hudec, CSc., CISA
Telnet
client
SOCKS
Inner
protected
network
(LAN)
Other application
Application level gateways
• is conceptually similar to a circuit level gateway (application
level gateway understands the application protocol being
relayed, whereas the second is generic and not application
specific)
• when a client contacts gateway using some application
protocol (Telnet, FTP, HTTP,..), the gateway asks for some
valid user authentication and authorisation information
• for valid users gateway either connects itself to a
preconfigured remote system (SMTP server) or asks the user
to enter the name of a remote system to be accessed on the
user’s behalf
• after having established the second TCP connection, gateway
fully controls data stream that is relayed between the two
connections
Doc. Ing. Ladislav
Hudec, CSc., CISA
Application level gateways (Application specific
proxy) firewall
Outer
untrusted
network
(Internet,
other LAN)
Application
specific proxy
http server
http client
Telnet
client
Other
clients
Doc. Ing. Ladislav
Hudec, CSc., CISA
Http proxy
Telnet proxy
Other proxy
Telnet
server
Other
servers
Inner
protected
network
(LAN)
Firewalls configurations
• firewall system consists of packet filters and application
gateways (circuit or application level)
There are many possibilities to combine these components in
firewall configurations. The most commonly used
configurations in practise today
• dual homed firewalls
• screened subnet firewalls.
Doc. Ing. Ladislav
Hudec, CSc., CISA
Dual homed firewalls
• bastion host with two network interfaces
• IP forwarding and routing capabilities are disabled, IP packets
can no longer be routed between the two networks segments
• screening router is typically placed between bastion host and
Internet (ensuring that any IP packets arriving from Internet is
correctly addressed to the bastion host)
• outer network segment can host specialised systems
(information and network access servers)
• this configuration can be replicated for performance reason parallel dual homed firewall
• simple and secure configuration
Doc. Ing. Ladislav
Hudec, CSc., CISA
The architecture of dual homed firewall
configuration
Bastion host
(Application gateway)
Outer
untrusted
network
(Internet,
other LAN)
Inner
protected
network
(LAN)
Screening
router
Outer network
segment
Doc. Ing. Ladislav
Hudec, CSc., CISA
Router
Inner network
segment
Screened subnet firewalls
• bastion host with one network interfaces on outer network
segment
• two screening routers used to create outer network segment
called screened subnet or demilitarised zone
• outer network segment can host application gateways running
on one or more bastion hosts, as well as some additional
servers that require carefully controlled Internet access
• two screening routers provide redundancy (attacker should
subvert two routers in order to reach internal machines)
Doc. Ing. Ladislav
Hudec, CSc., CISA
Screened subnet firewalls
• servers on the outer network segment could be the only
systems seen from the Internet (no other system name would
be known to DNS database)
• some services could passed around the bastion host and the
corresponding application gateways
Doc. Ing. Ladislav
Hudec, CSc., CISA
The architecture of a screened subnet firewall
configuration
Bastion host
(Application
gateway)
Screening
router
Outer
untrusted
network
(Internet,
other LAN)
Doc. Ing. Ladislav
Hudec, CSc., CISA
Demilitarised zone
Screening
router
Outer network
segment
Inner
protected
network
(LAN)
References
OPPLIGER, R.: Security Technologies for the World Wide Web. Artech House,
2000, ISBN 1 58053 045 1
OPPLIGER, R.: Internet and Intranet Security. Artech House, 1998
STEIN, L.D.: Web Security: A Step by Step Reference. Addison-Wesley, Reading,
MA, 1998
TANENBAUM, A.S.: Computer Networks. 3rd Edition, Prentice Hall, 1996
CHESWICK, W.R., BELLOWIN, S.M.: Firewalls and Internet Security: Repelling
the Wili Hacker, Addison-Wesley, Reading, MA, 1994, 2000
SCHUBA, C.L.: On The Modeling, Design, and Implementation of Firewall
Technology. PhD Thesis, Purdue University, December 1997
Doc. Ing. Ladislav
Hudec, CSc., CISA
References
Request For Comments – RFC
RFC2316, Report of the IAB Security Architecture Workshop, April 1998
RFC2068, Hypertext Transfer Protocol – HTTP/1.1, January 1997
RFC2069, Extension to HTTP: Digest Access Authentication, January 1997
RFC1929, Username/Password Authentication for SOCKS V5, June 1996
RFC2138, Remote Authentication Dial In User Service (RADIUS), April 1997
RFC2401, Security Architecture for the Internet Protocol, November 1998
RFC2402, IP Authentication Header, November 1998
RFC2406, IP Encapsulating Security Payload (ESP), November 1998
RFC2408, Internet Security Association and Key Management Protocol (ISAKMP),
November 1998
RFC2409, The Internet Key Exchange (IKE), November 1998
RFC2246, The TLS Protocol Version 1.0, January 1999
Doc. Ing. Ladislav
Hudec, CSc., CISA
THANK YOU FOR YOUR
ATTENTION
Doc. Ing. Ladislav
Hudec, CSc., CISA