0 evaluări0% au considerat acest document util (0 voturi)
338 vizualizări40 pagini
The Internet is perhaps the area of largest growth for networks. The technology started as a research project funded by the Department of Defense. Within a few years, virtually every computer in the world is expected to be connected to the Internet.
The Internet is perhaps the area of largest growth for networks. The technology started as a research project funded by the Department of Defense. Within a few years, virtually every computer in the world is expected to be connected to the Internet.
Drepturi de autor:
Attribution Non-Commercial (BY-NC)
Formate disponibile
Descărcați ca PPTX, PDF, TXT sau citiți online pe Scribd
The Internet is perhaps the area of largest growth for networks. The technology started as a research project funded by the Department of Defense. Within a few years, virtually every computer in the world is expected to be connected to the Internet.
Drepturi de autor:
Attribution Non-Commercial (BY-NC)
Formate disponibile
Descărcați ca PPTX, PDF, TXT sau citiți online pe Scribd
AGENDA Understanding Infrastructure Security Introduction The Internet is perhaps the area of largest growth for networks. The Internet is a worldwide network that offers the capability of instantaneous connections between networks, no matter where they’re located. Introduction The technology started as a research project funded by the Department of Defense and has grown at an enormous rate. Within a few years, virtually every computer in the world is expected to be connected to the Internet. This situation creates a security nightmare and is one of the primary reasons the demand for professionals trained in information and computer security is expected to grow exponentially. Working with Ports and Sockets As we’ve already discussed, the primary method of connection between systems using the Internet is the TCP/IP protocol. This protocol establishes connections and circuits using a combination of the IP address and a port. A port is an interface that is used to connect to a device. Sockets are a combination of the IP address and the port. For example, if you attempt to connect to a remote system with the IP address 192.168.0.100, which is running Working with Ports and Sockets Securing Internet Connections a website, you’ll use port 80 by default. The combination of these two elements gives you a socket. The full address and socket description would then be 192.168.0.100:80. Working with Ports and Sockets IP is used to route the information from one host to another through a network. The four layers of TCP/IP encapsulate the information into a valid IP packet that is then transmitted across the network. Figure 3.15 illustrates the key components of a TCP packet requesting the home page of a website. The data will be returned from the website to port 1024 on the originating host. Working with Ports and Sockets The source port is the port that is addressed on the destination. The destination port is the port to which the data is sent. In the case of a web application, the data for port addresses would both contain 80. A number of the fields in this packet are used by TCP for verification and integrity, and you need not be concerned with them at this time. Working with Ports and Sockets However, the data field contains the value Get/. This value requests the home or starting page from the web server. In essence, this command or process requested the home page of the site 192.168.0.100 port 80. The data is formed into another data packet that is passed down to IP and sent back to the originating system on port 1024. Working with Ports and Sockets The connections to most services using TCP/IP are based on this port model. Many of the ports are well documented, and the protocols to communicate with them are well known. If a vendor has a technological weakness or implements security poorly, the vulnerability will become known and exploited in a short time. Working with E-Mail E-mail is one of the most popular applications in use on the Internet. Several good e-mail servers and clients are available. Figure 3.16 demonstrates the process of transferring an e- mail message. Working with E-Mail Simple Mail Transport Protocol Simple Mail Transport Protocol (SMTP) is a mail delivery protocol that is used to send e-mail between an e-mail client and an e-mail server as well as between e-mail servers. Messages are moved from client to server to client via the Internet. Working with E-Mail Each e-mail message can take a different path from the client to the server. In the case of Figure 3.16, the clients are on two different e- mail servers; they could both be on the same server, and the process would appear transparent to the user. SMTP uses port 25 and TCP for connections. Working with E-Mail Post Office Protocol Post Office Protocol (POP) is a newer protocol that relies on SMTP for message transfer to receive e-mail. POP provides a message store that can be used to store and forward messages. If a server isn’t operating, the originating server can store a message and try to resend it later. POP3 uses port 110. The POP protocol uses TCP for connections. Working with E-Mail Internet Message Access Protocol Internet Message Access Protocol (IMAP) is the newest player in the e-mail field, and it’s rapidly becoming the most popular. Like POP, IMAP has a store-and-forward capability. However, it has much more functionality Working with E-Mail IMAP allows messages to be stored on an e- mail server instead of being downloaded to the client. It also allows messages to be downloaded based on search criteria. Many IMAP implementations also allow connections using web browsers. The current version of IMAP (IMAP 4) uses port 143 and TCP for connections. Working with the Web When two hosts communicate across the Web, data is returned from the host using Hypertext Markup Language (HTML). HTML is nothing more than a coding scheme to allow text and pictures to be presented in a specific way in a web browser. HTML can be created any number of ways, including via manual coding and in graphical design programs. Working with the Web HTML files are read, interpreted by your browser, and displayed on your system. If you want to see what HTML looks like, you can set your browser to view source code—you’ll see things similar to word-processor coding for virtually every characteristic of the web page you’re viewing. Working with the Web Websites are collections of these pages, which are called into your browser when you click a link or scroll through the pages. Most developers want more than the ability to display pages and pages of colored text on your computer. To make creative and sophisticated websites possible, web browsers have become more complicated, as have web servers. Current browsers include audio, visuals, animations, live chats, and almost any other feature you can imagine. Working with the Web This ability to deliver content over the Web is accomplished in one of several ways. The most common approach involves installing applications that talk through the server to your browser. The applications require additional ports to be opened through your firewall and routers. Unfortunately, doing so inherently creates security vulnerabilities. Working with the Web Secure Sockets Layer and Transport Layer Security Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are two common protocols used to convey information between a web client and a server. The SSL protocol uses an encryption scheme between the two systems. The client initiates the session, the server responds, indicating that encryption is needed, and then they negotiate an appropriate encryption scheme. Working with the Web TLS is a newer protocol that merges SSL with other protocols to provide encryption. TLS supports SSL connections for compatibility, but it also allows other encryption protocols, such as Triple DES, to be used. SSL/TLS uses port 443 and TCP for connections. Working with the Web HTTP/S HTTP Secure (HTTP/S) is a protocol that is used for secure connections between two systems that use the Web. It protects the connection, and all traffic between the two systems is encrypted. HTTP/S uses SSL or TLS for connection security, and it uses port 443 and TCP for connections. Working with the Web Vulnerabilities of Web Add-ins The growth of the Web and demands from users for more features has spurred the creation of a new set of vulnerabilities that must be evaluated and managed. Increasingly, web browsers and other web-enabled technologies allow servers to send instructions to the client to provide multimedia and other capabilities. This is creating a problem for security professionals because these protocols offer potential weaknesses. Working with the Web ActiveX ActiveX is a technology that was implemented by Microsoft to customize controls, icons, and other features, which increases the usability of web-enabled systems. ActiveX runs on the client. It uses a method called Authenticode for security. Authenticode is a type of certificate technology that allows ActiveX components to be validated by a server. Working with the Web ActiveX components are downloaded to the client hard disk, potentially allowing additional security breaches. Web browsers can be configured so that they require confirmation to accept an ActiveX control. However, many users don’t understand these confirmation messages when they appear, and they automatically accept the components. Working with the Web Automatically accepting an ActiveX component or control creates the opportunity for security breaches on a client system when the control is used because an ActiveX control contains programming instructions that can contain malicious code or create vulnerabilities in a system. Working with the Web Buffer Overflows Buffer overflows occur when an application receives more data than it’s programmed to accept. This situation can cause an application to terminate or to write data beyond the end of the allocated space. Termination may leave the system sending the data with temporary access to privileged levels in the attacked system, while overwriting can cause important data to be lost. This exploitation is usually a result of a programming error in the development of the software. Working with the Web Common Gateway Interface Common Gateway Interface (CGI) is an older form of scripting that was used extensively in early web systems. CGI scripts were used to capture data from a user using simple forms. Working with the Web Cookies Cookies are text files that a browser maintains on the user’s hard disk in order to provide a persistent, customized web experience for each visit. A cookie typically contains information about the user. Working with the Web For example, a cookie can contain a client’s history to improve customer service. If a bookstore wants to know your buying habits and what types of books you last viewed at its site, it can load this information into a cookie on your system. The next time you return to that store, the server can read your cookie and customize what it presents to you. Working with the Web Cookies can also be used to time-stamp a user to limit access. A financial institution may send your browser a cookie once you’ve authenticated. The server can read the cookie to determine when a session is expired. Working with the Web Obviously, cookies are considered a risk because they have the potential to contain your personal information, which could get into the wrong hands. If security is your utmost concern, the best protection is to not allow cookies to be accepted. Almost every browser offers the option of enabling or disabling cookies. If you enable them, you can usually choose whether to accept/reject all or only those from an originating server. Working with the Web Cross-site scripting (XSS) Using a client-side scripting language, it is possible for a ne’er-do-well to trick a user into visiting their site and having code then execute locally. When this is done, it is known as cross- site scripting. As an example, UserA may get a message telling him that he needs to make changes to his XYZ account, but the link in the message is not really to the XYZ site (a phishing ploy). Working with the Web When he clicks on the link, a JavaScript routine begins to run on his machine. Since the script is running on UserA’s system, it has his permissions and can begin doing such things as running malevolent routines to send/delete/alter data. The best protection against cross-site scripting is to disable the running of scripts. Working with the Web Input Validation Anytime a user must supply values in a session, validation of the data entered should be done. Many vendors, however, have fallen prey to input validation vulnerabilities within their code. In some instances, empty values have been accepted, while others have allowed privilege escalation if certain backdoor passwords were used. Working with the Web The best protection against input validation vulnerabilities is for developers to follow best practices and always validate all values entered. As an administrator, when you learn of an input validation vulnerability with any application on your system, you should immediately stop using it until a patch has been released and installed.