Table of Contents s343

TABLE OF CONTENTS

I Instroduction 1

Why Security

Security Policy

II Security Problems Overview 2-3

Possible Threats and attacks

III Security Solution Alternatives 4-7

Hardware Security

Software Security

Network Security

IV Comparison & Evaluation 8-9

Username & Password vs. Security Token

Encryption-Shared Key vs. Public/Private Key

Pros & Cons of Kerberos

Evaluation of firewalls

V Recommendation 10-12

Different types of security architectures

Under various circumstances

VI Conclusion 13

I. Introduction 1

Why Security

Reliability and security is a concern for any computer system. These issues require Special attention when considering a change from mainframe to client/server Technologies. Since mainframes are very secure because they are generally placed in ‘glass rooms’ with hardened infrastructure and controlled access, while client/server systems are distributed and therefore more difficult to secure.

Before we move a further step into the discussion of security issues in Client/Server Computing, let’s first take a brief look at the characteristics that make client/server Configuration distinct from ordinary distributed processing.

§  There is a heavy reliance on bringing user-friendly applications to the users on their own system. This gives the user a great deal of control over

the timing and style of computer usage.

§  There is an emphasis on centralizing database and many network management and utility function, although the applications are dispersed.

§  There is a commitment, by both user organizations and vendors, to open and modular systems.

§  Networking is fundamental to the operation. Thus the network management and network security have a high priority in organizing and operating information systems.

From above, we could see that client/server computing really provide users the flexible and extensive usage of computer resources, while its more sophisticated user community and open environment also bring the security concern. In general, security in C/S systems, is a major challenge, because more points of contact(files and programs are accessible from network) exist, and each host cannot know its potential users.

Security Policy

To minimize the damage because of security incidents, we need to have a complete idea about what we need to protect against first. Thus it is necessary for each organization to make a security policy that is understandable and visible to everyone within the organization. The basic components of security management should include the following:

§  Confidentiality—The protection of information against unauthorized access;

§  Integrity—Making sure the information is accurate and complete;

§  Availability—Making sure information is available when needed.

II. Security Problem Overview 2

Possible Threats & Types of Attacks

Having specified the assets we are trying to protect and pertinent guidelines for preventing the security incidents, now let us take a brief look at different types of attacks and possible security threats.

Impersonation

A major threat in E-shopping: for example, a user set up an account with the company that manages the Web site to purchase products and to transfer credit card information for future purchases. If the attacker eavesdropping on message between a Web server and client to intercept the initial sign-on dialogue, he or she can later come back to the site, change the shipping address, and order products using the stolen account information. There are really two facets to this threat:

1.  Someone gains unauthorized access to transaction between a Web server and a Web browser;

2.  Someone impersonate another user to perform unauthorized transactions.

Sniffing

If an attacker is on the same network which is under attack, the easiest way to attack it is by sniffing the network--connecting a system to the network and examining all network traffic that goes by. The attacker will be able to get user ID and password combinations when user type them in over the network.

IP Spoofing

In C/S environment, most systems provide services to other systems. Not all systems are trusted to use certain services. To distinguish trusted from non-trusted systems, the IP number of the requesting host can be used. However, IP numbers can easily faked. Faking an IP address is called IP spoofing. It is possible to send out IP packets with a fake source IP address. The response from the system under attack will send back to the real owner of the IP number. The attacker would therefore first do a denial of service attack on the owner of the IP number. Not seeing the data sent back is not a problem to the attackers: when they send a command that will make the remote system vulnerable, they can check immediately whether the attack was successful or not.

Software Threats--Trojan Horse

An unprivileged user will use a bug in a privileged program. A trojan horse is an unprivileged program that collects the privilege of the user running it.

For example: an attacker might write a program that gives a directory listing, like the ls command in UNIX, but at the same time it creates a new program that runs with the users privileges. An attacker will then wait for somebody with privileges to run the trojan horse program after which the user has the same privilege. The privileged user will not notice any strange behavior of the program as it will continue to perform the expected tasks.

II. Security Problems Overview 3

Data-driven attacks

With a data-driven attack, the attacker send data in which there is a hidden exploit. The data somehow gets executed on the system under attack, either by software with security bugs or by unknown users. It is impossible to check the data as it might hold executable code for any architecture in existence, or it might be compressed in a weird format.

Denial of Service

Denial of service attacks are the hardest to protect against. A denial of attack is an attack where the attacker renders the system useless, e.g. by using up all the systems resources. And you can't stop offering the services because there are also legitimate users.

III. Security Solution Alternative 4

Effective security must be defined as part of the enterprise-wide architecture put in place as an organization moves to the client/server model.

There are various traditional as well as the state of arts security solutions with different level of complexity available nowadays. Following is a brief introduction of some of the most popular adopted methodologies.

Physical Security

Prevent access to physical devices (network, computer, etc)

Secured computer rooms

Security of the server should start by placing physical barriers around unauthorized access. Because users do not need physical access to the database and application servers, both should be placed in a locked room.

*Frequently the existing host computer room can be used to hold workgroup servers.

Diskless workstations

Diskless workstations can prevent information from being copied to a floppy and removed or from being left where someone might break into the workstation to access the hard disk. No sensitive data should be stored on the client workstation or on an unprotected workgroup server.

Software Security

Authentication:

Be performed to ensure a user or program has specific access to a resource or data.

The authentication process normally relies on some sort of shared (between resource provider and resource seeker) secret or ir-reproductive attribute:

§  Password

§  Retinal image

§  Finger print

§  Algorithm in "Smart" care

§  Physical location (IP address)

Every user of a client/server application should be assigned a personal ID and password. The ID can be used to assign authority and track access. Customized procedures can be built for each individual ID to manage backup, access times, and prompting.

III. Security Solution Alternatives 5

Network Authentication

Authentication on public network will be a little bit different, cause network packets can travel through many "unknown" (untrusted) routers and computers. And it surely add certain risks such as network sniffing and traffic logging etc.

Methods:

ü  Username and Password

Protocols using this method are:

·  POP

·  FTP

·  HTTP

ü  Using security token

A security token is given to a client by a server. The client can then use this token to uniquely identify itself to the server in the future. And A server could identify a client with a token by relying on a piece of information that is hard to change: like IP address of the client. The server somehow needs to correlate the token with the address when the client uses it. Commonly used approaches server used to create a token are:

·  Random String Approach

--Server needs to keep a database of token and the clients it belongs to;

--Server needs to manage timeouts of tokens.

·  One-way Scrambling Approach

--Create a string that contains information about the client;

--Use something like md5 or unix crypt to create a scramble string.

Encryption:

After a client has been authenticated, the traffic on the network can still be sniffed. A solution is encryption of all traffic.

There are two basic types of encryption:

Shared key encryption: One key both encrypts and decrypts

III. Security Solution Alternatives 6

Public/private key encryption : One key encrypts, another different but related key for decrypts(see figure 2)

With this approach, all participants have access to public keys, and private keys are generated locally by each participant and therefore need never be distributed. As long as a user protects his or her private key, incoming communications is secure. At any time, a user can change the private key and public the companion public key to replace the old public key.

Figure 2

*A client can send authentication information by encrypting the info with the server's public key. The server will then use its own private key to decrypt the information.

Digital Signature: The same encryption method used to authenticate a message.(see figure 3)

Figure 3

*A client encrypts information with its own private key. The server will look up the client's published key and decrypt the information.

A combination of the previous two methods allows for mutual authentication.

III. Security Solution Alternatives 7

Kerberos

An authentication and session encryption system.

Three levels of security:

§  One time authentication

§  Safe messages(authentication of each message)

§  Private messages(authentication and encryption of each message)

Kerberos uses a separate ticket granting server that gives a ticket to a user or application. This ticket can then be used for any number of resources on the network. If a client wants to talk to a server, both the client and the server will talk to the authentication server to establish that the client is authorized.

Network Security

Firewalls

Gateways that separate two networks in a controlled manner.

A firewall is always placed between two networks to create a security domain. It restricts people from getting to machines or networks within the security domain if they are on ‘the outside’. It can also restrict people inside the security domain from getting out. This is possible because all traffic that goes from the security domain to the outside and vice versa to pass the firewall.

The configuration of a firewall can vary depending on the need of the site, the budget and the security policy. Following is the possible firewall configuration:

Packet filter:

A packet filter looks at all incoming and outgoing packets and filters them according to a set of rules. The hardware normally used is just a router with access lists. When using a packet filter, the connection that are allowed will go directly from the originating host to the destination host.

Single-homed bastion host:

In most cases, this configuration is combined with two routers, the internal and external router. In between them is a piece of network on which there is a host, the bastion host, which control, monitor and log sessions(access control on application level).

Dual-homed bastion host:

In this configuration, the bastion host is connected to two different networks, the External and internal networks. The bastion host does not route traffic from one Network to the other so it is impossible to get past the bastion host without making a connection.

IV. Comparison and Evaluation 8

Among all those security solutions we have studied in the above chapter, each has its own pros and cons and thus could be used separately or combined in different situations to achieve the higher functionality and efficiency. Studying the advantages and disadvantage of deploying those security solution alternatives and making the comparison where necessary will certainly be helpful for us to have an in-depth understanding of the security issues in client/server computing environment.

Comparison of two methods used in Network Authentication

Comparing two basic types of encryption

IV. Comparison and Evaluation 9

Pros & cons of using Kerberos