Escolar Documentos
Profissional Documentos
Cultura Documentos
Table Of Contents
Introduction
Security Issues
Basic Terms
Typical Security Attacks
Web Specific Attacks
Web Server Security
Cryptography
Basic Encryption
Symmetric Key Encryption
Asymmetric Key Encryption
Authentication
Secure Web Servers
Firewalls
Privacy
to prevent forgery.
With the advent of modern mass communication systems, it is increasingly difficult to
prevent unauthorised access to sensitive data. Identity fraud, a crime which often
manifests itself in the form of credit card scams, is becoming more widespread.
Powerful computers make it possible to break strong encryption and probe a remote
computer system for security flaws. Crackers regularly violate the security of remote
systems for a variety of reasons - cash incentives, political agendas or ego gratification.
In order to prevent these types of attacks it is important to understand what kinds of
attacks are possible, then look at ways in which the risks of attack can be minimised
while still providing acceptable service to authorised parties.
2. Security Issues
2.1 Basic Terms
Protection - the measures taken to prevent security breaches
Security - the resistance of a system to unauthorised access
Authentication - proving the identity of a party
Authorisation - the level of access to data or actions permitted to a given party
Firewall - a service which screens access to a network
Encryption - technology allowing secure communications
Checkpoint Questions
1. Why is data security needed?
2. What factors have increased the importance of data security in recent times?
3. Generally speaking, what is the weakest point in a security-conscious computing
environment?
4. What is "feature bloat"? Give examples of how can it open security holes.
5. Why is a senders IP address on a packet not enough information to establish
trust?
COSC1300
Introduction
Table Of Contents
Introduction
Security Issues
Basic Terms
Typical Security Attacks
Web Specific Attacks
Web Server Security
Cryptography
Basic Encryption
Symmetric Key Encryption
Asymmetric Key Encryption
Authentication
Secure Web Servers
Firewalls
Privacy
address mapping in the domain registrars records. For more information, look at
Webjacking explained. This technique is alleged to have been used by a Brisbane
pornographer to generate traffic to his websites, so that advertising revenue could
be gained. Millions of unsuspecting websurfers were served pornography. You
may find that The Sun Keeps Setting on the Microsoft Empire and Linux Security
make interesting reading.
Remote site browsing: Badly configured web servers may allow browsing of
private parts of the document tree, such as directory listings which show
world-readable files not intended for the general public. A symbolic link to the
password file in your document tree is one potential risk.
Application server attack: Some application servers contain security holes. For
example, any application server that comes with a default administration password
is vulnerable. Diagnostic features left active can also allow crackers to gain clues
about a sites possible security weaknesses.
Even Australias new, electronic tax return system has security holes. According to a
report from the Wiretapped team (online at http://www.wiretapped.net our Tax Reform
scheme needs some reform itself:
"www.etax.com.au is a Webcentral-hosted company that provides a website that
allows you to file your tax return online. They have a 3 part procedure for filing a tax
return online. The website is hosted on Microsoft Windows NT 4 running Internet
Information Server 4 and the back end of the site is programmed in VBScript with
ASP (Active Server Pages).
The primary security hole with this site exists as a result of sloppy system
administration on either the part of www.etax.com.au or Webcentral, depending on the
exact nature of the relationship between the two companies. Nonetheless, its a serious
one, as well see."
The problem description goes on to point out the security holes in detail, concluding
with the statement:
"The end result of all this is that knowing such information about filesystem structure,
database location and database composition makes a pretty much untraceable
hit-and-run breach of the site for insertion, modification, deletion or wholesale access
to data a 30 second exercise instead of a much longer one."
Checkpoint Questions
1. How can information about a badly configured site be revealed to attackers? How
can this information be used to attack the site?
2. What are shell metacharacters and how can they be used to infiltrate a website?
3. Why should you not use your system password file to authenticate web users?
Introduction
COSC1300 - Lecture Notes
COSC1300
Web Specific Attacks
Cryptography
Table Of Contents
Introduction
Security Issues
Basic Terms
Typical Security Attacks
Web Specific Attacks
Web Server Security
Cryptography
Basic Encryption
Symmetric Key Encryption
Asymmetric Key Encryption
Authentication
Secure Web Servers
Firewalls
Privacy
When interfacing a web server script with a DBMS, make sure that the username under
which the connection is established is one of minimum privilege. In this way, potential
damage can be minimised should someone discover the database password from a script.
Some application servers, such as ColdFusion, allow server side scripts to be encrypted with
a cipher, so that they are decrypted on-the-fly when executed. Use this feature.
Do not rely on client-side validation of your form data. A JavaScript on a web page which
restricts data content, no matter how cleverly written, can not prevent someone from crafting
their own version of your form and submitting it from their website. Client-side form
validation can provide convenient feedback for users before form submission but it does not
guarantee valid data input to your scripts and hence does not provide security.
Private "intranet" sites can be restricted with passwords but it is also advisable to restrict the
subnets from which a HTTP query can be sent. Using Apache, the httpd.conf file allows
these restrictions to be set. Numeric IP addresses are preferable to domain name restrictions
as it is more difficult to forge an IP address than a domain name. A packet filtering router can
further reduce the opportunity for unauthorised access.
A .htaccess file can be used to restrict access to certain directories on a site. This file can in
turn use the htpasswd authentication mechanism to provide each user with a login name and
password for the site, allowing fine-grained access control. The drawback of the htpasswd
scheme is that the passwords are sent across the network as plaintext. A suitable use would
be to protect your documents from plagiarism, or restrict access to a forum, but for
e-commerce or other high-security communication needs, an encrypted link is required.
Lets see how we can add Authentication to a directory. First, we must create the file
.htaccess in the directory we wish to protect. It might look something like this:
AuthType Basic
AuthUserFile /home/html/.htpasswd
AuthName SameAsForums
AuthGroupFile /dev/null
<Limit GET POST>
require valid-user
order deny,allow
deny from TomThumb
allow from all
</Limit>
This specifies that the user name and password provided by the user should be compared
with those stored in the
/home/html/.htpasswd
file. We wish to use HTTP Basic authentication, and dont want to allow any user called
TomThumb. Of course, we must create the /home/html file. To do this, we use the
htpasswd command from the apache/bin directory. Lets add two users with the
username/password pairs student/tigerland and silk/road:
/usr/local/apache/bin/htpasswd -cb /home/html/.htpasswd student tigerland
/usr/local/apache/bin/htpasswd -b /home/html/.htpasswd silk road
The -c switch is used the first time around in order to create the file; it should not be used
when adding more users, since it will overwrite the existing file with a new, empty one.
Looking at the contents of this file, we find the user name in plaintext followed by a hash of
the password.
student:Y56IMX83dtdTc
silk:Y5hk2AHT7jQqM
If we want to use HTTP Digest authentication, which is much more secure than Basic
authentication, we would use:
AuthType Digest
AuthDigestFile /home/html/.htdigest
AuthName SameAsForums
The .htdigest file needs to be created with the htdigest command from the apache/bin
directory:
/usr/local/apache/bin/htdigest -c /home/html/.htdigest SameAsForums student
Adding password for student in realm SameAsForums.
New password:
Re-type new password:
Unfortunately, we cant always use Digest authentication, since not all browsers support this
method. More importantly, it is implemented in the Apache mod_auth_digest, which is not
compiled into the Apache web server by default.
Note in general that the more complex the functionality of a site, the more likely it is that you
are going to have a security hole. Custom CGIs, application servers and online databases all
present oppotunities for clever crackers. The assertion "there is no reason why anyone would
want to crack our site" is naive. Crackers will scan random IP addresses looking for possible
security holes. Your machine could be compromised, then used in a politically motivated
DDoS attack against another organisation.
Note again that the most secure place to run a webserver is a machine without a command
shell. According to Lincoln D. Steins "World Wide Web Security FAQ", online at
http://www.w3.org/Security/Faq/www-security-faq.html, the most secure web server setup is
"a bare-bones Macintosh running a bare-bones Web server". The FAQ also says: "Windows
NT systems seem to be more vulnerable at the current time, partly the OS is relatively new
and the big bugs havent been shaken out, and partly because the NT file system and user
account system are highly complex and difficult to configure correctly". However, there is no
substitute for expert administration, and and the FAQ goes on to say that UNIX, while
inherently more secure than NT, can be less secure in the hands of a novice administrator.
Of particular interest is the WN server, developed by John Franks at Northwestern University
in Illinois, USA. The WN server runs on UNIX and is supposedly very secure by default.
More information is available here: http://hopf.math.nwu.edu/.
The free OpenBSD operating system ( http://www.openbsd.org) claims to be a very secure
operating system, and is probably worth considering for a web server installation. The project
homepage proudly states: "Three years without a remote hole in the default install! Only one
localhost hole in two years in the default install!"
Checkpoint Questions
1. What is the principle of minimum privilege?
2. Imagine you administer the website of a non-profit organisation with no commercial or
political affiliations. Why would anyone want to crack your site?
3. Which web software products are considered more secure? How does the use of secure
web server software not guarantee security?
Cryptography
Copyright 2000 RMIT Computer Science
All Rights Reserved
COSC1300
Web Server Security
Basic Encryption
Table Of Contents
Introduction
Security Issues
Basic Terms
Typical Security Attacks
Web Specific Attacks
Web Server Security
Cryptography
Basic Encryption
Symmetric Key Encryption
Asymmetric Key Encryption
Authentication
Secure Web Servers
Firewalls
Privacy
5. Cryptography
The word cryptography comes from greek origins, meaning "secret writing". >From The
Free On-line Dictionary of Computing (15Feb98) at http://www.foldoc.org/ :
Cryptography
The practise and study of encryption and decryption - encoding data so that it can only
be decoded by specific individuals. A system for encrypting and decrypting data is a
cryptosystem. These usually involve an algorithm for combining the original data
("plaintext") with one or more "keys" - numbers or strings of characters known only to
the sender and recipient. The resulting output is known as "ciphertext".
The security of a cryptosystem usually depends on the secrecy of (some of) the keys
rather than with the supposed secrecy of the algorithm. A strong cryptosystem has a
large range of possible keys so that it is not possible to just try all possible keys (a
"brute force" approach). A strong cryptosystem will produce ciphertext which appears
random to all standard statistical tests. A strong cryptosystem will resist all known
previous methods for breaking codes ("cryptanalysis").
Cryptography is useful for several different applications in the context of web security:
Use of a cipher to encrypt sensitive data such as credit card numbers is advisable
Checkpoint Questions
1. How can cryptography be used in the daily operation of a web site which includes
e-commerce features?
Basic Encryption
Copyright 2000 RMIT Computer Science
All Rights Reserved
COSC1300
Cryptography
Table Of Contents
Introduction
Security Issues
Basic Terms
Typical Security Attacks
Web Specific Attacks
Web Server Security
Cryptography
Basic Encryption
Symmetric Key Encryption
Asymmetric Key Encryption
Authentication
Secure Web Servers
Firewalls
Privacy
6. Basic Encryption
Some definitions:
encrypt - to covert ordinary data into code
decrypt - to recover the original data from encoded data
plaintext - unencrypted data
ciphertext - encrypted data
key - a fixed-size chunk of data used to encrypt and / or decrypt data
cryptosystem - a known protocol for encrypting and decrypting data
cryptanalysis - the branch of cryptography concerned with decoding encrypted
data
symmetric cryptosystem - a cryptosystem which relies on the same key for
encryption and decryption of data
asymmetric cryptosystem - a cryptosystem which uses different keys for the
encryption and decryption of data
cipher - a type of key used to encrypt and decrypt data in symmetric
cryptosystems, usually using an XOR algorithm
public key cryptosystem - an asymmetric cryptosystem which consists of public
key, circluated freely to the general public for encryption and a private key, used
exclusively by the owner for decryption
white noise - a signal which has no distinguishable recurring patterns in it - it
Checkpoint Questions
What characteristic does data encrypted with strong cryptography exhibit?
What is cryptanalysis and how does one generally go about it?
Cryptography
COSC1300 - Lecture Notes
Web Servers and Web Technology
COSC1300
Basic Encryption
Table Of Contents
Introduction
Security Issues
Basic Terms
Typical Security Attacks
Web Specific Attacks
Web Server Security
Cryptography
Basic Encryption
Symmetric Key Encryption
Asymmetric Key Encryption
Authentication
Secure Web Servers
Firewalls
Privacy
The major disadvantage is that both the sender and receiver need to know the key, so
some secret protocol for key exchange is needed. A typical situation for using a
symmetric system is to first use a strong asymmetric system to exchange keys, then use
symmetric encryption with a "session key" (used for only one session) for exchange of
data. This allows good security with good performance.
"To prove the insecurity of DES, EFF built the first unclassified hardware for cracking
messages encoded with it. On Wednesday, July 17, 1998 the EFF DES Cracker, which
was built for less than $250,000, easily won RSA Laboratorys "DES Challenge II"
contest and a $10,000 cash prize. It took the machine less than 3 days to complete the
challenge, shattering the previous record of 39 days set by a massive network of tens
of thousands of computers."
"Six months later, on Tuesday, January 19, 1999, Distributed.Net, a worldwide
coalition of computer enthusiasts, worked with EFFs DES Cracker and a worldwide
network of nearly 100,000 PCs on the Internet, to win RSA Data Securitys DES
Challenge III in a record-breaking 22 hours and 15 minutes. The worldwide computing
team deciphered a secret message encrypted with the United States governments Data
Encryption Standard (DES) algorithm using commonly available technology. From the
floor of the RSA Data Security Conference & Expo, a major data security and
cryptography conference being held in San Jose, Calif., EFFs DES Cracker and the
Distributed.Net computers were testing 245 billion keys per second when the key was
found."
Checkpoint Questions
1. What is the major advantage of symmetric cryptosystems over asymmetric
cryptosystems?
2. What major logistical disadvantage do symmetric cryptosystems suffer from?
Basic Encryption
COSC1300 - Lecture Notes
Web Servers and Web Technology
COSC1300
Symmetric Key Encryption
Authentication
Table Of Contents
Introduction
Security Issues
Basic Terms
Typical Security Attacks
Web Specific Attacks
Web Server Security
Cryptography
Basic Encryption
Symmetric Key Encryption
Asymmetric Key Encryption
Authentication
Secure Web Servers
Firewalls
Privacy
the private key corresponding to that public key, even though they do not have access to
the private key.
This example scenario demonstrates the use of public key cryptography:
Alice wishes to send a message to Bob. She wants to be certain that the message will
not be readable by anyone except Bob. Bob wants to be certain that the message he
receives is from Alice and not someone impersonating Alice. Alice and Bob each
have their own private key and each others public keys.
To accomplish the goal, Alice takes the message and encrypts it with Bobs public
key, then her own private key. She then transmits the message to Bob. Bob now uses
Alices public key and his own private key to recover the original message. He knows
now with a degree of certainty that the message came from Alice, without knowing
her private key.
This is illustrated in the following diagram:
The major difficulty in an e-commerce scenario is that we dont know if the public key
we have received is from an honest, genuine merchant who is accountable for their
actions, or a swindler who is collecting the carefully encrypted credit card numbers sent
to them and skimming five cents off each to make a million dollars. For this reason we
need Digital Certificates and Certifying Authorities to ensure the authenticity and
accountability of online merchants and establish a relationship of trust. This will be
further explained later.
Although asymmetric encryption schemes on their own are slow, we can use an
asymmetric scheme to perform exchange of a secret key, valid only for one
communication "session". The randomly-generated secret key is used for the duration of
a session to encrypt the data using a symmetric algorithm to speed up the
communication process. The secret key is discarded at the end of the session between
the two parties.
"Pick a random number and go to gaol." Practitioners who use strong cryptography
should be aware that in some parts of the world its usage, export or import is explicitly
prohibited. Laws in some countries regard hiding a secret key from the authorities as
withholding evidence, and the penalties are severe. Strong cryptography is still classified
in many countries as a munition, so that the distribution of software and algorithms is
equivalent to selling military weapons.
Several examples of asymmetric cryptosystems include:
Rivest-Shamir-Adelman (RSA) - described below.
Pretty Good Privacy (PGP) - originally developed in 1991 by Phil Zimmermanof
Boulder, Colorado, USA, this shareware software was intended to provide "strong
cryptography for the masses". The felony charges levelled against the author for
export of munitions were dropped in 1996. PGP is still widely used, worldwide.
Elliptic Curve Cryptography (ECC) - the current state of the art, resistant to search
techniques applied to RSA.
Diffie-Hellman - possibly the first ever public key cryptosystem, originally
published in 1976, uses the discrete logarithm problem as a basis.
ElGamal - invented in 1985, based on the discrete logarithm problem
LUCELG PK - first published in Dr Dobbs Journal in 1994, comparable speed to
RSA, uses a patented recursive algorithm involving "Lucas functions". The
technology is marketed by a New Zealand company, LUCENT (no relation to
Lucent Technologies, Inc of USA).
workstations.
Using this technology in 1996 it was possible to factor a 432-bit in 750 MIPS-years (ie.
750 machines running at one million operations per second for one year). This means
that RSA with a 512-bit key provides only marginal security, so in practice 1024-bit
keys should be used. It should also be noted at this point that many cryptographic
implementations exported from the USA prior to January 2000 (when export controls
were lifted) have relatively short private keys and typically employ ciphers of no longer
than 40 bits. The Elliptic Curve Cryptosystem exhibits much stronger resistance than
RSA and may be the future of public key cryptography.
Lets assume Alice wants to send a message to Bob, and they are concerned about the
possibility of tampering. They agree to use a digital signature. Then, there are two
components: the original message and the digital signature, which is basically a one-way
hash (of the original data) that has been encrypted with Alices private key. To validate
the integrity of the data, at the receiving end, Bob uses Alices public key to decrypt the
hash. He then uses the same hashing algorithm on the received message to generate a
new one-way hash of the same data. Finally, Bob compares the new hash against the
original hash. If the two hashes match, the data has not changed since it was signed. If
they dont match, the data may have been tampered with since it was signed, or the
signature may have been created with a private key that doesnt correspond to Alices
public key. (There are other simple approaches, like that discussed in the lecture, of
using human-readable signatures. The principles are the same).
In this way, we can use "digital certificates" to test the integrity of the received message,
as well as to make sure that, the public key and private key combination are a valid pair.
Checkpoint Questions:
1. What keys are involved in an asymmetric cryptosystem and how are they used?
2. How can encryption and authentication be performed using the same set of keys?
3. How are symmetric and asymmetric cryptosystems combined in a practical
implementation?
Authentication
Copyright 2000 RMIT Computer Science
All Rights Reserved
COSC1300
Asymmetric Key Encryption
Table Of Contents
Introduction
Security Issues
Basic Terms
Typical Security Attacks
Web Specific Attacks
Web Server Security
Cryptography
Basic Encryption
Symmetric Key Encryption
Asymmetric Key Encryption
Authentication
Secure Web Servers
Firewalls
Privacy
9. Authentication
Authentication in the context of web security means quite simply proving that a party is
indeed who they claim to be. This proof is necessary to establish a relationship of trust
between parties so that commerce can occur. Authentication also implies some form of
accountability as well. Accountability means that a party whose identity has been proven
can be held resposible for their actions. This kind of accountability seeks to reduce the
possibility of fraud.
In the previous section a description of a basic authentication process using RSA was
given. This system works in a mathematical sense, and one can prove irrefutably using a
public key supplied that the party they have contacted is indeed the one who supplied
the key. But one cannot prove that they are who they claim to be when they supplied the
public key without some outside interaction. Apart from that, you can not keep the
public keys of hundreds of thousands of web servers around the world.
This is where "Certifying Authorities" come in. A "Certifying Authority" (CA) is a
business that vouches for the identities of other individuals and organizations. Instead of
keeping everyones public key in your browser, you keep the public keys of a few
well-known and trusted CAs. When an organization (for example, a company doing
e-commerce) first wants to establish a digital signature, it presents documentary
evidence to a CA that it is who it says it is. When the CA is satisfied that the
organization is legitimate, it takes the organizations public key and encrypts it with
CAs private key, creating a "signed cerificate" that it returns to the organization.
The organization can now present its clients with proof of legitimacy. When it needs to
communicate with the clients, it sends a copy of its signed certificate, which the client
attempts to decrypt with the CAs public key. If the certificate decrypts correctly, the
client gets a copy of the organizations public key, which the client can then use to send
messages to the organization or to verify the organizations digital signature.
In short, the encrypted communication between the web servers and web browsers can
be described as follows. Browser software ships with the public keys of a few trusted
CAs. When a browser contacts an encrypting server, the server sends its signed
certificate, which the browser decrypts with the CAs public key. Provided that the
certificate decrypts correctly, the browser acknowledges, the server and the browser
exchange the public keys, and then they begin the web transaction. In the following
diagram, the steps of an encrypted server client communication are illustrated.
In order to upkeep their trustworthy reputation, CAs must ensure that the certificates
they issue are only sent to reputable customers. In general you must have a domain
name registered with a domain registry and proof that you have authority to transact
business under the organisation name appearing in your request. This is mainly for the
purposes of accountability, so that certificate owners who engage in fraudulent practices
can be identified.
The certificate must also be checked against the current time to make sure that it has not
expired. The "root CA" is an organization in which trust is assumed. The root CA signs
its own certificate. All certificates issued by the root CA are signed with the root CAs
private key and thus can be verified with the roots public key. Rather than every single
organization applying for a certificate from the root CA, it is possible to have a
certificate issued by a subordinate of the root CA. The subordinate signs the certificates
they issue. This leads to hierarchies of CAs and this phenomenon is known as
certificate chaining.
A digital certificate is a random number generated by a CA that uniquely identifies a
party. A commonly used certificate infrastructure is defined in standard X.509v3 of the
International Telecommunications Union (ITU) as well as RFC2459 of the Internet
Society.
A digital certificate (DC) is bound to a distinguished name (DN), representing a
"subject", which is either a person or entity. The DN consists of a series of
"name=value" pairs that uniquely identify the subject, for example:
uid=jcitizen,e=jcitizen@acme.com.au,cn=Jill Citizen,o=Acme Corp.,c=AU
where uid, e, cn, o and c are the user ID, email address, common name, organisation,
and country, respectively. Other name, value pairs may be used.
A typical certificate consists of:
the version of the X.509 standard supported
the serial number of the certificate, unique to the issuing CA
information about the subjects public key, including the algorithm used and a
representation of the key itself
the DN of the CA that issued the certificate
the period in time for which the certificate is valid
the DN of the subject
optional certificate extensions, perhaps to define the type of certificate (email
signing, SSL client, SSL server, etc.)
the cryptographic algorithm used by the CA to create its own digital signature
the CAs digital signature, obtained by hashing all of the data in the certificate
together and encrypting it with the CAs private key
protocol.
Checkpoint Questions:
1. Why is trust needed in the online marketplace?
2. How is a digital certificate used to prove the identity of an online merchant to a
customer?
COSC1300
Authentication
Firewalls
Table Of Contents
Introduction
Security Issues
Basic Terms
Typical Security Attacks
Web Specific Attacks
Web Server Security
Cryptography
Basic Encryption
Symmetric Key Encryption
Asymmetric Key Encryption
Authentication
Secure Web Servers
Firewalls
Privacy
All information transported with SSL is organised into records of a certain maximum
size. Records are encrypted and their integrity assured using a Message Authentication
Code (MAC) generated by a special hash function called a "MD5 digest". SSL records
come in four varieties:
application data
handshake messages
error messages
change cipher specification
The SSL handshake, performed when establishing a connection, agrees upon a cipher
suite to use and performs a cipher exchange using public keys. Typical SSL
implementations use some combination of an RSA or Diffie-Hellman asymmetric
cryptosystem for cipher exchange, RC4 or triple-DES ciphers and MD5 or SHA-1 MAC
digests. Ciphers are exchanged using a 512-bit public key algorithm. Ciphers in use can
be changed at any time during a session using SSLs dynamic renogotiation feature.
3. Convert the key into a signed certificate with one years validity:
>
4. To use the certificate, add the following line to your httpd.conf file:
SSLCertificateFile /path/to/certs/new.cert.cert
SSLCertificateKeyFile /path/to/certs/new.cert.key
It is also possible to create client certificates, ie. become a CA, like this (as a
prerequisite, you must have a server certificate):
1. Sign the client request using the CA key:
> openssl x509 -req -in client.cert.csr -out client.cert.cert
-signkey my.CA.key -CA my.CA.cert -CAkey
Checkpoint Questions:
1. What mechanism used in SSL provides tamper-evident packaging for data?
2. What is the SSL handshake and what information is exchanged in it?
Authentication
COSC1300 - Lecture Notes
Firewalls
Copyright 2000 RMIT Computer Science
COSC1300
Secure Web Servers
Privacy
Table Of Contents
Introduction
Security Issues
Basic Terms
Typical Security Attacks
Web Specific Attacks
Web Server Security
Cryptography
Basic Encryption
Symmetric Key Encryption
Asymmetric Key Encryption
Authentication
Secure Web Servers
Firewalls
Privacy
11. Firewalls
11.1 Introduction to Firewalls
An effective way to protect a local network is to use a firewall. In architectural terms, a
firewall is a fire-resistant wall designed to prevent the spread of a fire through a
building. In a computer network it also acts as a prevention device, intended to stop
particular kinds of traffic from entering a local network in order to reduce security risks.
They can also prevent the machines on the LAN from accessing certain services outside
the LAN.
A firewalls job is to connect two networks, the local network and the outside world.
Typically a firewall is multi-homed, meaning that it has two or more network devices,
each with its own IP address. For most small LANs a single firewall is enough, with one
network device connected to the outside world and one to the LAN. The firewall decides
which traffic passes between the cards. Firewalls are configured to permit certain
essential traffic, such as smtp (email), ftp and http, while blocking others, such as
particular database services which parties on the LAN may need access to, but the
outside world need not know about. The firewall examines the port number of the
destination to which each packet is going and makes a decision as to whether the packet
should be allowed through. The same process is applied to packets entering the network
through the firewall.
2. Server Insecure
This configuration puts the web server outside the firewall in the so-called
"demilitarised zone" (the DMZ). The server is then freely accessible from outside
the LAN and appears to machines inside the LAN as just another Internet host, and
treated with the appropriate level of distrust. A server in this configuration is more
vulnerable to cracking as packets sent to it are not screened, but hopefully this will
"draw the fire" away from the machines on the LAN.
port (usually 80). In this case the web server machine should be made very secure,
with no access to other machines on the network including network mounted
filesystems.
Checkpoint Questions:
1. What is a firewall and how does it improve network security?
2. What are five possible topologies for firewalls and webservers?
Privacy
Copyright 2000 RMIT Computer Science
All Rights Reserved
COSC1300
Firewalls
Table Of Contents
Introduction
Security Issues
Basic Terms
Typical Security Attacks
Web Specific Attacks
Web Server Security
Cryptography
Basic Encryption
Symmetric Key Encryption
Asymmetric Key Encryption
Authentication
Secure Web Servers
Firewalls
Privacy
12. Privacy
As you have probably discovered while programming web applications, the server can access
quite a bit of information about the client. Take a look at what the server knows about you:
http://www.privacy.net/analyze/
http://www.astalavista.net/new/network.php
In order the server being able to identify you, or, for that matter, someone else logging your
visit to a site under surveillance, you might want to make use of a proxy. The server will see
the request as coming from the proxy; there is no direct contact between you and the server.
Most proxies available for use are actually not configured properly; few people want to gift
valuable bandwidth to all and sundry. Lists of available proxies are published on the Web; one
such list is available at Astalavista. Often, the network administrator notices the huge increase
in bandwidth usage, and reconfigures the proxy to deny requests from external users.
Several sites offer anonymous use of their proxy server. One such site is Anonymizer; another
is SafeWeb. Of course, this assumes you trust the proxy provider. But it is obvious that those
who want to keep tabs on your activities will try to play the role of proxy provider. For
example, it is public knowledge that the CIA has a stake in SafeWeb. It is also rumoured that
some "activist" sites are set up to attract interested parties, and thus identify them!
Many other Web-based services collect information about you as you surf; the Netscape
"Whats related" feature is the subject of a number of privacy concerns, although Netscape
naturally tries to downplay them.
7027299029
22:0
HumanClickID
727.770.70.756-795007258-9997772
Once a company has a profile of my interests, it can tailor advertising to make it more likely I
will click on an ad. Read a bit about what DoubleClick does.
Web Bugs are similar to banner ads, but are invisible to the user; they are used to build up a
profile of the user.
You can find a lot of useful information about privacy issues on the Privacy Power! web site.
Content filtering
Controlling what pops up during normal surfing, and defining limits for what children or
others may see, is very difficult. The Web is a huge collection of pages that are being created
and removed all the time; its impossible to define a list of off-limits sites, and leave it.
The main options are:
URL filtering:
make a list of permitted sites; only these sites can be visited. Look at the ChiBrow
- Childrens Browser.
make a list of banned URLs yourself (a hopeless task!), or depend on a service
provider to do this for you; look at Surf on the safe side and Surf Monkey.
Text filtering: Search the page for unwanted words, expunge unwanted words, or
refuse to load the page altogether.
Content ratings; we need to trust someone to rate sites for us; some systems rely
on the web site declaring their content, which is hardly a dependable method of
eliminating unwanted content. See Content Rating and Filtering.
Filtering is not foolproof, since filtering software is not intelligent enough to block all
unwanted pages without blocking innocuous pages as well. Some see any form of
filtering as an infringement on civil liberties, and provide software to circumvent it.
For further information on filtering, see:
the CPSR filters FAQ
Child Welfare filters
GetNetWise tools for families
Web filters: Which ones work?
Internet filtering software.
Checkpoint Questions:
Contributors:
Vaughan Shanks (shanks@cs.rmit.edu.au)
Saied Tahaghoghi (stahagho@cs.rmit.edu.au)
Firewalls