Security of Web Applications

sweetlipscasteSecurity

Nov 2, 2013 (3 years and 9 months ago)

60 views

Doc. Ing. Ladislav
Hudec, CSc., CISA

Security of Web Applications

Ladislav Hudec

Faculty of Electrical Engineering and Information Technology

Slovak University of Technology, Bratislava

prepared for SOFSEM 2001, November 26, 2001, Pie
šťany

http://www.dcs.elf.stuba.sk/~lhudec/


Doc. Ing. Ladislav
Hudec, CSc., CISA

Agenda


1. Security services and technologies

2. Web security considerations

3. Network security

4.
IPSec
-

IP Secure protocol


5.
SSL
-

Secure Socket Layer Protocol

6. Firewalls

7. References

Doc. Ing. Ladislav
Hudec, CSc., CISA

An

organization

faces

numerous

challenges

in

implementing

appropriate

security

controls

to

secure

its

systems

and

information
.

The

basic

challenges

are

as

:




security

is

not

built

into

IT



security

is

always

an

afterbought



lack

of

management

commitment



immaturity

of

software

processes
.


Doc. Ing. Ladislav
Hudec, CSc., CISA

Security services and technologies


New

IT

systems

have

incorporated

a

defined

set

of

controls

to

ensure

their

security
.

Web

applications

(
e
.
g
.

e
-
commerce)

are

no

different

in

that

regard

and

require

the

same

set

of

security

controls
.


The

primary

security

controls

are
:



Confidentiality



Access

control

(autentication

and

authorization)



Integrity



Availability



Nonrepudiation
.

Doc. Ing. Ladislav
Hudec, CSc., CISA

Confidentiality

refers

to

the

protection

of

information

from

unauthorized

disclosure

to

a

person

or

computing

entity
.

Cryptography

enables

confidentiality

and

protects

data
.



Access

control

(autentication

and

authorization)

autenticates

the

identity

of

the

entity

trying

to

access

a

computing

resource,

and

controls

the

use

of

computing

resource

per

predetermined

levels

of

entitlement
.

Authentication

by

static

password,

token,

one

time

password,

biometrics

autentication,

public

and

private

key

autentication
.


Integrity

controls

protect

the

data/or

computing

resource

from

any

intentional

or

unintentional

tampering
.

It

is

ensured

by

cryptography,

hash

function

and

proper

access

control
.

(antivirus

software,

signing

the

mobile

code)
.


Doc. Ing. Ladislav
Hudec, CSc., CISA


Availability
refers to the continuity of IT processing and
the availability of information. Adequate configuration of
the system and controlled processes and procedures guards
against denial of services attack.

Nonrepudiation

controls ensure that users cannot deny
actions they undertook. Other organizations require their
users to read and agree to business agreements that hold
users aaccountable to their authentication tokens.
Transactions entered through those passwords are thus a
user‘s sole responsibility.

Doc. Ing. Ladislav
Hudec, CSc., CISA

Web security considerations

Web presents new challenges (not generally appreciated) in
the context of computer and network security
:


the Internet is
two way


the web is increasingly serving as a
highly visible outlet


although web browsers are very easy to use, web servers are
relatively easy to configure and manage, the web content is
increasingly easy to develop,
the underlying software is
extraordinarily complex


a web server
can be exploited as a launching pad for attack

on corporation
’s internal network


causual and untrained (in security matters) users

are
common clients for web based services.

Doc. Ing. Ladislav
Hudec, CSc., CISA

Web security threats

Integrity
:

Doc. Ing. Ladislav
Hudec, CSc., CISA

Web security threats

Confidentiality
:

Doc. Ing. Ladislav
Hudec, CSc., CISA

Web security threats

Denial of services
:

Doc. Ing. Ladislav
Hudec, CSc., CISA

Web security threats

Authentication
:

Doc. Ing. Ladislav
Hudec, CSc., CISA

Network security

Another

way

to

classify

web

security

threats

is

in

terms

of

the

location

of

the

threat
:


web

server


web

browser


network

traffic

between

browser

and

server
.


Issues

of

server

and

browser

security

fall

into

the

category

of

computer

system

security
.


Issues

of

network

traffic

between

server

and

browser

fall

into

the

category

network

security
.


Doc. Ing. Ladislav
Hudec, CSc., CISA

TCP/IP model of network architecture



Application layer

-

offers services to users, provides network
management (TELNET, HTTP, SMTP, .. protocols)


Transport layer
-

provides data flow between two end nodes of
network.
TCP

protocol (reliable, with connection) a
UDP

(connectionless, unreliable)


Network layer
-

provides packet transmission over network.
IP
protocol (connectionless, unreliable),
ICMP

protocol.


Network interface layer
-

provides the same services as link
and physical layer in RM OSI.

Doc. Ing. Ladislav
Hudec, CSc., CISA

IP/IPSec

TCP

HTTP

FTP

SMTP

IPSec
-

IP Secure protocol


Ensures
authentication, confidentiality and integrity of IP
packets

between two nodes (extensions of IP protocol)



AH and EPS headers



key and algorithm management according IKE (Internet Key
Exchange)
-

combination of ISAKMP and Oakley



creates
a

tunnel at the network layer

Doc. Ing. Ladislav
Hudec, CSc., CISA

IPSec
-

IP secure protocol

IPSec services

Doc. Ing. Ladislav
Hudec, CSc., CISA

SSL
-

Secure Socket Layer Protocol



IP

TCP

SSL Record Protocol

SSL Change Cip.
Spec Protocol

SSL Alert
Protocol

HTTP

SSL Handshake
Protocol

SSL connection

-

is a transport (RM OSI) that provides suitable
type of services. Every connection is associated with one
session.

SSL session
-

is an association between a client and a server.
Sessions are created by the Handshake protocol (defines set of
cryptographic security parameters, that can be shared among
multiple connections).

Doc. Ing. Ladislav
Hudec, CSc., CISA

SSL
-

Secure Socket Layer Protocol

SSL Record Protocol

-

provides two services for SSL
connections


confidentiality

-

handshake protocol defines shared secret key
for encryption of SSL payloads


integrity

-

handshake protocol defines shared secret key to
form message authentication code MAC

Operations of SSL Record Protocol


fragment


compress


add MAC


encryption

Doc. Ing. Ladislav
Hudec, CSc., CISA

SSL
-

Secure Socket Layer Protocol


Change Cipher Spec Protocol


uses the SSL Record protocol


is the simplest of SSL protocols


only single byte message with value 1 and causes the
pending state to be copied into the current state (updates
cipher suite to be used in this connection).

Doc. Ing. Ladislav
Hudec, CSc., CISA

SSL
-

Secure Socket Layer Protocol



Alert Protocol


used to convey SSL
-
related alerts to the peer entity


two types of alerts: warning and fatal


in the case of fatal alert SSL immediately terminates the
connection (the other connections of the session can
continue but no new one is established)

Doc. Ing. Ladislav
Hudec, CSc., CISA

SSL
-

Secure Socket Layer Protocol


Handshake Protocol


the most complex part of SSL


allows server and client to authenticate each other


negotiates an encryption and MAC algorithm and
cryptographic keys to be used to protect data sent in an SSL


is used before any application data are transmitted


consists of four phases

Doc. Ing. Ladislav
Hudec, CSc., CISA

SSL
-

Secure Socket Layer Protocol

Handshake Protocol, Phase 1
-

Establish Security
Capabilities

server_hello

client_hello

Client

Server

Time

Establishes security capabilities,
including protocol version,
session ID, cipher suite,
compression method, and initial
random numbers

Doc. Ing. Ladislav
Hudec, CSc., CISA

SSL
-

Secure Socket Layer Protocol

Handshake Protocol, Phase 2
-
Server Authentication and
Key Exchange

certificate_request

Client

Server

Time

Server may send certificate, key
exchange and request certificate.
Server signals end of hello
message phase.




Dotted transfers are optional or
situation
-
dependent messages
that are not always sent

certificate

server_key_exchange

server_hello_done

Doc. Ing. Ladislav
Hudec, CSc., CISA

SSL
-

Secure Socket Layer Protocol

Handshake Protocol, Phase 3
-
Client Authentication and
Key Exchange

certificate_verify

Client

Server

Time

Client sends certificate, if
requested. Client sends key
exchange. Client may send
certificate verification.




Dotted transfers are optional or
situation
-
dependent messages
that are not always sent

certificate

client_key_exchange

Doc. Ing. Ladislav
Hudec, CSc., CISA

SSL
-

Secure Socket Layer Protocol

Handshake Protocol, Phase 4
-
Finish

Client

Server

Time

Changes cipher suite and finishes
handshake protocol.

change_cipher_spec

finished

finished

change_cipher_spec

Doc. Ing. Ladislav
Hudec, CSc., CISA

SSL
-

Secure Socket Layer Protocol

Supported key exchange methods:


RSA
-

secret key is encrypted with the receiver’s RSA
public key (receiver’s certificate available)


fixed Diffie
-
Hellman
-

server’s certificate contains the D
-
H
public parameters


ephemeral Diffie
-
Hellman
-

the D
-
H public keys are
exchanged, signed using the sender’s private RSA or DSS
key


anonymous Diffie
-
Hellman
-

base D
-
H algorithm is used
with no authentication


Fortezza

Doc. Ing. Ladislav
Hudec, CSc., CISA

SSL
-

Secure Socket Layer Protocol


Supported cipher algorithms:


RC4, RC2, DES, 3DES, DES40, IDEA, Fortezza

Supported MAC algorithms:



MD5, SHA
-
1



Transport Layer Security (TLS) is an IETF
standardisation initiative for producing an Internet
standard version of SSL. (Current version of TLS is very
similar to SSLv3.)

Doc. Ing. Ladislav
Hudec, CSc., CISA

Firewalls

Outer
untrusted

network
(Internet,
other LAN)

Inner
protected
network

(LAN)

Firewall

Doc. Ing. Ladislav
Hudec, CSc., CISA

Definition of firewall

Firewall is a collection

of components placed between two
networks that collectively have the following properties:


all traffic from inside to outside
, and vice versa, must
pass through the firewall


only authorised traffic
, as defined by the local security
policy, will be allowed to pass


the firewall
itself is immune to penetration.



Doc. Ing. Ladislav
Hudec, CSc., CISA

Level of firewall operation


Packet filter

Application
specific proxy

In circuit proxy

Doc. Ing. Ladislav
Hudec, CSc., CISA

Packet filter


is a
multiported internetworking device

applying a set
of rules to each incoming IP packet for deciding whether
it will be forwarded or dropped


filtering is based on information found in packet
headers

(protocol numbers, source and destination IP
addresses, source and destination port numbers, TCP
connection flags, other options)


routers supporting packet filtering
-

screening routers


static packet filtering
-

stateless inspection (FTP session)


dynamic packet filtering
-

stateful inspection


implementation of
high level security policy

to filtering
rules?

Doc. Ing. Ladislav
Hudec, CSc., CISA

Circuit level gateways


the idea of circuit level gateway is
fundamentally
different

from packet filtering


it takes a TCP connection request from the client,
authenticates and authorises the client, and
establishes a
second TCP connection

to the origin server on the
client’s behalf


after having successfully established this second TCP
connection, gateway
simply relays data

forth and back
between the two connections


implementation by
SOCKS


SOCKS follows a customised client approach (it requires
customisation and modification to client software, no
change is usually required to user procedures)

Doc. Ing. Ladislav
Hudec, CSc., CISA

Circuit level gateway (in circuit proxy) firewall

Outer
untrusted
network
(Internet,
other LAN)

Inner
protected
network
(LAN)

In circuit proxy

SOCKS

http server

Telnet
client

Other application

http client

Other application

Telnet
server

Doc. Ing. Ladislav
Hudec, CSc., CISA

Application level gateways


is
conceptually similar

to a circuit level gateway (application
level gateway understands the application protocol being
relayed, whereas the second is generic and not application
specific)


when a client contacts gateway using some application
protocol (Telnet, FTP, HTTP,..), the
gateway asks

for some
valid user
authentication and authorisation information


for valid users gateway either connects itself to a
preconfigured remote system (SMTP server) or asks the user
to enter the name of a remote system to be accessed on the
user’s behalf


after having established the second TCP connection, gateway
fully controls data stream

that is relayed between the two
connections

Doc. Ing. Ladislav
Hudec, CSc., CISA

Application level gateways (Application specific
proxy) firewall

Outer
untrusted
network
(Internet,
other LAN)

Inner
protected
network
(LAN)

Application
specific proxy

http client

Telnet
server

Other
servers

Telnet
client

Other
clients

http server

Http proxy
Telnet proxy
Other proxy

Doc. Ing. Ladislav
Hudec, CSc., CISA

Firewalls configurations


firewall system consists of packet filters and application
gateways (circuit or application level)


There are many possibilities to combine these components in
firewall configurations.
The most commonly used

configurations in practise today


dual homed firewalls


screened subnet firewalls.

Doc. Ing. Ladislav
Hudec, CSc., CISA

Dual homed firewalls


bastion host with
two network interfaces


IP forwarding and routing capabilities are disabled, IP packets
can no longer be routed between the two networks segments


screening router

is typically placed between bastion host and
Internet (ensuring that any IP packets arriving from Internet is
correctly addressed to the bastion host)


outer network segment
can host specialised systems

(information and network access servers)


this configuration can be replicated for performance reason
-

parallel dual homed firewall


simple and secure configuration

Doc. Ing. Ladislav
Hudec, CSc., CISA

The architecture of dual homed firewall
configuration

Bastion host
(Application gateway)

Outer
untrusted
network
(Internet,
other LAN)

Inner
protected
network
(LAN)

Router

Screening
router

Inner network
segment

Outer network
segment

Doc. Ing. Ladislav
Hudec, CSc., CISA

Screened subnet firewalls


bastion host with
one network interfaces

on outer network
segment


two screening routers used to create outer network segment
called screened subnet or
demilitarised zone


outer network segment can host application gateways running
on one or more bastion hosts, as well as some
additional
servers that require carefully controlled Internet access


two screening routers provide redundancy

(attacker should
subvert two routers in order to reach internal machines)

Doc. Ing. Ladislav
Hudec, CSc., CISA

Screened subnet firewalls


servers on the outer network segment could be
the only
systems seen from the Internet

(no other system name would
be known to DNS database)


some services could
passed around the bastion host

and the
corresponding application gateways

Doc. Ing. Ladislav
Hudec, CSc., CISA

The architecture of a screened subnet firewall
configuration

Outer
untrusted
network
(Internet,
other LAN)

Inner
protected
network
(LAN)

Screening
router

Screening
router

Demilitarised zone

Bastion host
(Application
gateway)

Outer network
segment

Doc. Ing. Ladislav
Hudec, CSc., CISA

References


OPPLIGER, R.
: Security Technologies for the World Wide Web. Artech House,
2000, ISBN 1 58053 045 1

OPPLIGER, R
.: Internet and Intranet Security. Artech House, 1998

STEIN, L.D
.: Web Security: A Step by Step Reference. Addison
-
Wesley, Reading,
MA, 1998

TANENBAUM, A.S
.: Computer Networks. 3
rd

Edition, Prentice Hall, 1996

CHESWICK, W.R., BELLOWIN, S.M.:

Firewalls and Internet Security: Repelling
the Wili Hacker, Addison
-
Wesley, Reading, MA, 1994, 2000

SCHUBA, C.L.:

On The Modeling, Design, and Implementation of Firewall
Technology. PhD Thesis, Purdue University, December 1997


Doc. Ing. Ladislav
Hudec, CSc., CISA

References


Request For Comments


RFC

RFC2316, Report of the IAB Security Architecture Workshop, April 1998

RFC2068, Hypertext Transfer Protocol


HTTP/1.1, January 1997

RFC2069, Extension to HTTP: Digest Access Authentication, January 1997

RFC1929, Username/Password Authentication for SOCKS V5, June 1996

RFC2138, Remote Authentication Dial In User Service (RADIUS), April 1997

RFC2401, Security Architecture for the Internet Protocol, November 1998

RFC2402, IP Authentication Header, November 1998

RFC2406, IP Encapsulating Security Payload (ESP), November 1998

RFC2408, Internet Security Association and Key Management Protocol (ISAKMP),
November 1998

RFC2409, The Internet Key Exchange (IKE), November 1998

RFC2246, The TLS Protocol Version 1.0, January 1999


Doc. Ing. Ladislav
Hudec, CSc., CISA





THANK YOU FOR YOUR
ATTENTION