T5L4
Security
Introduction
Imagine the following scenario: Someone comes to your home while you're sleeping or even while you're working around your yard. Carefully using an open window, the intruder creeps into your living room and begins examining all of your things. He picks up first one item, then another, looking over each one to see if he'd like to keep it. After going quietly through your entire house without your noticing, he sets the catch on the window so he can return later, when you're not home or when you simply aren't watching. It will be then that he will take all of what he wants. How would you feel, upon noticing that your things had been slightly moved? What would your feeling be if you returned later from a store and found all of your property gone?
When people are robbed, they understandably feel both angry and violated. This scenario, however, also describes what happens when a computer is attacked. A hacker who finds a vulnerability in your system can come in, look around, and even leave herself an opening so she can return and hijack your property at leisure. Security of your computer, therefore, is important. This lesson serves as an overview of general issues involving computer security.
By the time you are done with this lesson, you should be able to:
- Describe four key security concepts in a network computing environment.
- Explain five types of security in a network computing environment.
Security Concepts
People unfamiliar with security issues tend to see security as a nuisance. They may believe the measures needed to provide security are unnecessary or cost prohibitive, or that they obstruct the user's experience. However, in an environment like the World Wide Web where anonymity is so easy to achieve, security is essential. Four key security concepts are presented here.
- Authentication
- Authorization
- Non-Repudiation
- Data Integrity
Types of Security
Maintaining a secure computing environment is an ongoing process that requires attention to detail, and all five types together are necessary for a truly secure environment. Although we have separated each of the five types of security for the purposes of our discussion, in reality, each type is intricately interrelated and interdependent upon the others.
- Physical
- Social
- Host
- Network
- Application
Additional Resources
WebMonkey - Security Issues
[[ ]]
<devhead> - Security
[[ ]]
webreview.com - Security
[[ ]]
Security Concepts - Authentication
Authentication is one of the most basic security concepts and is very important. Authentication is proving that you are who you say you are. Proof of identity can be accomplished through:
- A shared secret (i.e., password),
- Something you have (i.e., smart card, certificates, etc.), or
- Something you are (i.e., retinal scans, thumb prints, etc.)
Some of these authentication options may sound futuristic, but all are a reality. For example, most of you probably use a password every day of your lives. This password could be one to your computer at work, one to your favorite Web site, or even the pin number for your ATM card or calling card.
Proving who you are through something you have is probably more common than you think. Many of you have an ID card for work (or school) that allows you into buildings or special areas. Perhaps you have seen ads for the American Express Blue credit card. This card contains a small microchip to prevent on-line theft and thus, is an excellent example of this type of authentication. Even credit cards and ATM cards serve as similar examples. Imagine going to a department store with your credit card number written on a slip of paper. You wouldn't be purchasing anything that day!
Last, something you are--as a type of authentication--is becoming more common. The field is called biometrics and is one of the most rapidly growing fields in the computer industry. At present, most people outside of highly secure government facilities do not use biometrics, but in the near future, you may have to log on to your computers and favorite Web sites by pressing your thumb on a small pad.
Security Concepts - Authorization
Authorization is the next security concept. As a Webmaster or security specialist, once you have proven a person is who he or she claims to be, you must determine what this user is allowed to do. For example, when you use your ATM card, you are only allowed to make transactions for accounts that are in your name. This theory applies to the computer world. For example, just as you would not want strangers to have access to your personal bank account, you would not want every user on your local area network to have full access to your machine. Authorization is managed by assigning users to groups having a specific set of rights, or by assigning a set of rights to each user.
Let's look at an example of when to assign users to groups. Imagine you are asked to conduct an on-line survey of people in your company. Your company has 100,000 employees, and you have already randomly selected a sample of 1,000 people. You would assign these 1,000 users to a group, so that only they could complete the survey. In this case, a whole group of users is assigned a specific set of rights.
However, as mentioned earlier, you might want or need to assign a set of rights to an individual user, rather than to a group. In Windows NT, each user has what is called an Access Control List, or ACL, which defines his or her rights within a local NT environment.
Security Concepts - Non-Repudiation
Non-repudiation is a legal term that means evidence is necessary to prove that a person who claims authorship of an act actually performed the act. For example, when you sign your credit card receipt after you using your card, you are providing evidence that you own and are authorized to use the card. In an on-line environment, however, non-repudiation is much more difficult to prove.
[[show signature for credit card receipt]]
For example, you may have seen check boxes on Web-based forms that read, "Click here if you agree." This is an attempt to obtain an on-line "signature" from the user. Congress recently passed a bill into law that allows the checkbox to be a legally binding signature, but expect further debate on this topic as there will undoubtedly be groups who challenge the law. However, some new technologies, such as Public Key Infrastructure and smart cards like the American Express Blue card, are making non-repudiation easier to achieve.
Security Concepts - Data Integrity
As used here, integrity refers to the data sent between two hosts. It simply means that the data sent is exactly the same as the data received. For example, imagine that someone intercepts a postcard you send in the mail and adds to your content--the integrity of your data has been compromised. Normally, sending data over the Internet is somewhat equivalent to sending a postcard. There are large numbers of people who are capable of reading and altering your data. There are tools available, though, to prevent such interception.
Secure Socket Layer (SSL) is one of the more common methods in use today to ensure data integrity. Have you ever seen the protocol in your location bar (note the s on the end of http), or the small lock or solid key in the bottom of your browser? These symbols indicate that the server you are connecting to is running SSL, and that your data will be encrypted between your host and its destination. It is like sending your data in a sealed envelope instead of on a postcard. Not everyone can read the message being sent, and tampering with your data is more difficult. Once the data is received, however, it is decrypted and then its protection becomes the responsibility of the local server administrator.
Types of Security - Physical
Physical security is typically one of the most overlooked components in the security chain. To achieve physical security, you must consider who has physical access to your machine and what that person(s) can physically do. Can he steal the machine or extract important information? Given physical access to your machine, most security experts will be able to obtain privileged access to it. The year 2000 scare involving stolen nuclear secrets from Los Alamos, New Mexico, is an example of a breach of physical security. The computer hard drives that stored sensitive data were physically missing. There was no high tech "hacking" involved. Fortunately, the missing hard drives were found.
There are several precautions you can take in the physical security arena. First, choose the location of your mission-critical machines carefully. For example, desktop machines must be accessible by their users. However, servers do not need to be, nor should be, physically accessible to anyone other than system administrators. The first and most important step in obtaining physical security is to protect your mission-critical machines in a locked room where access is limited to system administrators only. By limiting the machines' physical access, you will prevent almost all physical security problems.
If you do not have the ability to lock your mission-critical machines in a controlled environment, several steps can be taken to prevent problems. First, enable a boot password on your machine. When the boot password option is enabled, someone trying to reboot the machine to gain access will require a password. The disadvantage of employing a boot password is that if the machine crashes--any time day or night--someone must be there to reboot it.
Another step to enhance physical security is to disable booting from anything but the internal hard disk. Without this precaution in place, someone could restart your computer, boot from a floppy disk, mount your hard drive, and read all of its data without ever having to supply a password or logon.
Enabling a boot password and booting only from the internal hard disk will improve security, but there is an easy way to bypass both of these steps. Inside some machines is a jumper (a hardware device) that can be used to bypass both booting security measures. However, this type of security breach requires someone to physically open the case to your computer.
The only way to truly prevent a breach in physical security is to put your machines in a controlled access environment.
Types of Security - Social
Social security is probably the most difficult component to achieve because it involves users, not computers. Social security requires training your users in good computing practices, including creating good passwords, changing passwords frequently, not giving out information via e-mail or the phone, and so on. Imagine, for example, that a systems employee receives a phone call from the "new" systems administrator for his department. This so-called administrator asks the employee for his existing password to update his documentation. The employee gives his password, and now the hacker has an entry point into the system.
Create policies for acceptable use, proper passwords, data backups, and anything else that involves security and users. These policies should be read and approved by your management. Document the hardware, software, and special configurations you have made to mission-critical machines. Such documentation will be important in the event that your machine is compromised and you need to rebuild it. Document all of your procedures, especially those related to security. You should have procedures about whom to call for each machine, how to restore from backups, how to reinstall from original media, and what stance you want to take with intruders... whether or not to pursue legal action. This decision should be made far in advance of a machine's being compromised.
Types of Security - Host
Host security is the security of local computing resources. These resources can include file systems, local accounts, exported file systems (called file shares), printers attached to the system, patching, or updating of the operating system, and so on. Some measures taken to secure the host may seem obtrusive to your users, and they may complain of inconvenience when you try to implement measures. For example, on a network at a high school, the faculty users were unable to select from the Windows NT Start menu for security reasons. The only way to choose a word-processing program on the network was to pick one in a pre-selected window, and since some network programs had been updated, the faculty users were unable to access the most recent versions until the pre-selected window was revamped by the system administrator. However, despite user perception of inconvenience, the security of the system is of utmost importance. Remember, host security can be compromised by leaving too many services available to the user.
Types of Security - Network
Network security is the security of the resources that handle your data while in transit from one host to another. This is quite an exciting and interesting field, because it is so multidimensional. Network security not only involves securing your data, but also involves securing all the hardware that is used to get your data from one place to another. Often a firewall, a device for blocking unwanted traffic, will be used.
Sniffing is a good example of a network security issue. Sniffing refers to the act of "listening in" to network traffic being sent between other computers. It is similar to the way one can listen to other people's CB radio conversations by using his or her own CB radio. A sniffer could potentially hear passwords or any other sensitive information that may be in transmission over the network. Fear not, however: there are ways, both with hardware and software, that make sniffing a network either impossible or fruitless. Due to the nature of the Internet today, network security has become the most important area for secure computing environments around the world.
Types of Security - Application
Application security is dependent upon on all of the other security components in a system. Application security encompasses everything related to and involved in the writing of an application--including good code in the application itself, the browser that delivers it (in the case of Web-based applications), the database that stores any information collected, how data is transmitted over the network, and so on.
Let's consider an example. Imagine that you have a Web form that creates a file in a specific directory on your server. On the form is a field where the user enters a file name. When the user submits the form, it calls up a CGI to process the data. You later learn that a novice has written your script and accidentally created loopholes in the code that allow users to use the form for a purpose not intended.
In this scenario, a malicious user could use the script to write a file to any location on your server, even overwriting important system files. This security problem could be avoided, however, if your script was written specifically with measures to prevent such interference from happening. A well-written script would perform a check to see if the user is trying to write to a directory he does not have permission to access. Then, the Web server would not allow the user to overwrite important system files. With this precaution in place, even if someone does use a script improperly (either unintentionally or otherwise), the user is unable to harm your system.
Security Summary
This lesson is designed for you to gain some basic information about security issues and their role with the internet. When you are finished with the lesson, you should be able to do the following:
- Describe four key security concepts in a network computing environment.
- Explain five types of security in a network computing environment.
A short summary of these topics is listed below. If you do not understand these things, you should review the lesson at least once. If you are still having difficulty, you should consider other sources of information that compliment this lesson, such as textbooks, tutors, and instructors.
Security Concepts
Authentication
Authentication is proving that you are who you say you are. Proof of identity can be accomplished through:
- A shared secret (i.e., password),
- Something you have (i.e., smart card, certificates, etc.), or
- Something you are (i.e., retinal scans, thumb prints, etc.)
Authorization
Authorization is determining what a user is allowed to do, access, and change.
Non-Repudiation
Non-repudiation is a legal term that means evidence is necessary to prove that a person who claims authorship of an act actually performed the act. This is difficult to do on the web. Sometimes checkboxes that read "I agree." are used.
Data Integrity
Integrity refers to the data sent between two hosts. It simply means that the data sent is exactly the same as the data received.