Technologies to Address Security Risks

Although there are many ways of breaking into computer infrastructures, numerous technologies can be employed to reduce the security risks. This section discusses some of them, and the next section discusses best practices.

Encryption

By its nature, TCP is not a secure protocol. In TCP, all information is delivered in clear text. Therefore, if someone can intercept TCP packets, she'll be able to read the information contained in them. When this information is public in nature, for example, catalog information at a department store, this is perfectly okay. However, to securely transmit private, sensitive information on the very public Internet, this information must be encrypted.

Encrypting information involves putting the original information through an algorithm that converts it to an unreadable format. An encryption key is used to determine how the algorithm will exactly encrypt the data. This enables many organizations to use the same algorithms in their own unique ways. This is just like having two homeowners who use the same lock manufacturer, but each has a unique key to open the lock.

After the information has been encrypted, it can be sent to its recipients. For the recipients to read the information, they must apply a decryption algorithm using a decryption key. Of course, the information sender must be very careful about who has this decryption key. If it falls into the wrong hands, people who should not be able to read data will be able to.

There are two standard ways of encrypting and decrypting. When the number of recipients is small and well known, symmetric cryptography can be used. In this case, the same key is used to encrypt and decrypt messages. Both the sender and receivers of messages must possess this key and the sender distributes it in a secure manner.

When the number of recipients is large or changes considerably over time, public key cryptography is the preferred method. One key is used to encrypt messages (a public key) and another is used to decrypt them (a private key). This is referred to as asymmetric encryption. Only intended recipients should possess the private key. When sending messages on a public network (for example, the Internet), someone might be able to see an encrypted message, either legitimately or not, but only those who possess the private key can decrypt it.

Although asymmetric encryption is very useful for the Internet, it turns out that the algorithms are more than a thousand times slower than symmetric cryptography. For this reason, many corporations use a combination of both methods to secure different types of information.

Encrypting information is one of the best ways to protect yourself against packet sniffers and man-in-the-middle attacks. Keeping decryption keys out of the hands of someone who could use them against you is equally important.

Encryption can be done in one of two places:

• A the application level using encryption software; for example, PGP (www.pgp.com)

• At the network level using encrypted communication protocols, for example, HTTPS

Authentication, Data Integrity, Nonrepudiation, and Digital Signatures

Signatures are used for identity authentication and digital signatures have the same purpose in cyberspace. Before sending out a message, the sender puts it through an algorithm that produces a hash value. Each message produces a unique hash value. This hash value is then encrypted with the sender's private key and attached to the original message. Because only the sender has this private key, receivers can be sure of the source of the message. This provides authentication just as a hand-written signature does.

The encrypted hash value serves as the message's digital signature. A message receiver decrypts the message using the sender's public key and puts it though the same hashing algorithm. If the hash value is the same as the original, the receiver can be sure that the message has not been altered in transit. This provides data integrity and nonrepudiation. Nonrepudiation is important in that it ensures that the sender of a message cannot claim that he isn't the originator of that message. For example, a bank account holder sends a transfer transaction using an encrypting message. He later attempts to dispute this transaction with the bank. The bank states that the message was encrypted with the account holder's private key and therefore he originated the transaction. Additionally, digital signatures are continuing to become a de facto standard on the Internet and the legal bindings associated with them are moving towards those associated with written signatures.

The information inside of a digital certificate includes the name and other personal information of the party for which the certificate was issued, the name of the CA that issued the certificate, the public key, and the start and end date of the certificate lifetime. Certificates are only valid for a period of time and CAs can revoke certificates.

Digital signatures are used in digital certificates. A digital certificate is a file that contains security information about one's identity, including your name and contact information, expiry date, a public key, and an encrypted digital signature (thumbprint) produced by a trusted organization. The latter is the proof that the certificate is valid and has not been altered. The key in a digital certificate can be used for encrypting messages and digital signatures. When both the client and the server use digital certificates, both parties get the benefit of authentication, data integrity, and nonrepudiation. An example of this is shown in Figure 26.4.

Certificate Authorities

Certificate authorities (CAs) are trusted entities that issue digital certificates and keep a copy of them in a very secure manner. CAs generally have strict security policy in place using mechanisms such as smart cards and biometrics (such as retina scans and fingerprinting) to track the whereabouts of their employees.

Individuals and corporations apply with certificate authorities to request digital certificates. The CAs verify applicant credentials to ensure that they are who they say they are and this involves checking public records for businesses. When the CA is certain of the applicant's credentials, it issues the digital certificate. This is sent to the applicant and a copy is placed in a public certificate directory. As depicted in Figure 26.5, Internet Explorer contains a certificate manager that stores certificate information including the CA that issued it.

Secure Sockets Layer

SSL is a protocol that works with digital certificates to provide authentication for a Web server and optionally for a Web client. It also encrypts data sent so that only authorized parties can read it. Additionally, it ensures that messages sent are not altered in transit. SSL can work with TCP/IP-based protocols by using SSL tunneling. SSL tunneling means that SSL records are placed or tunneled within TCP/IP records. Hypertext Transfer Protocol with SSL (HTTPS) allows a Web browser and a Web server to communicate using SSL.

Public Key Infrastructure

When digital certificates and cryptography are used in combination to provide authentication, data integrity, and nonrepudiation, the resulting landscape is referred to as Public Key Infrastructure (PKI). Using PKI, businesses and individuals can confidently exchange information and enact business transactions over the public Internet and be confident that their messages provide authorization, and are private and unalterable.

Antivirus Software

Once installed on a machine, antivirus software scans that machine's files looking for viruses. This software can be run manually or can be set up to run on a regularly scheduled basis. Antivirus software keeps an internal database of what viruses look like and how to find them. For example, at the time of this writing, Symantec's Norton AntiVirus, a leading antivirus application for Windows, has database entries for more than 61,000 viruses! It's important to keep this internal database current. As shown in Figure 26.6, antivirus software can also keep track of the last time new virus definitions were loaded, when your machine was last scanned for viruses, and how many viruses have been found.

Antivirus software should be installed on each computer in your organization. The software also should be updated regularly as new viruses are detected. Thankfully, most antivirus software has a means of automating its updates. Once a cracker has a program running on your computer, he can use it for his own purposes. A virus can initiate communication back to the attacker to exchange information. Therefore, it's important to have personal firewall software running that will detect this communication, disallow it, and expose the virus that's running.

Virus hoaxes are created to cause computer users to panic. Fortunately, there are many places on the Internet to verify whether a virus is real or fictitious. Symantec and McAfee, both vendors of antivirus software, have created the following Web pages for this purpose: http://www.symantec.com/avcenter/hoax.html and http://vil.mcafee.com/hoax.asp. The best way to avoid being duped by virus hoaxes is to keep your antivirus software and its virus definitions current.

Personal Firewall Software

When a machine is connected to the Internet, it's fairly easy for software on that machine to communicate through the Internet. Sometimes this is intended, as in an Internet browser. The best way to monitor which applications are allowed to use the Internet is by installing personal firewall software. This software monitors all applications attempting to use the Internet and enables you to maintain strict control over what applications can access the Internet and what protocols they can use. An example of this is in Figure 26.7.

Firewalls

Firewalls are either hardware- or software-based and are used to restrict communications between two different areas of a network. They're typically placed between the public Internet and a company's private network. If used correctly, firewalls severely reduce the threat of being hacked. However, many protocols such as Firewall-Friendly FTP and SOAP are marketed as firewall friendly and are intended to go through firewalls undisturbed. If there are security issues with these protocols, an attacker will be able to exploit them without having to worry about getting past a firewall.

Depending on the resources available, a corporation might want to add additional firewalls to gain increases in security. One such method is to put a stateful firewall between each tier in the infrastructure. Stateful firewalls keep track of client requests and can pair up requests and responses. This can help prevent rogue code running on the Web or application server from initiating a request. Each stateful firewall is configured to allow only incoming requests (or responses to incoming requests) on a specific protocol. The decision to use multiple firewalls is a balancing act of security versus performance versus cost. If the information in a database and/or the functionality of the application server is critical, you should consider placing these components behind multiple firewalls, as depicted in Figure 26.8. However, the extra firewalls can dramatically raise the cost of the system and decrease its performance.

Antisniffer Tools

As mentioned earlier, packet sniffers are a tool for eavesdropping on communications sent over computer networks. Because a packet sniffer simply makes copies of information without changing the original, it can be difficult to detect one running on your network. Ethernet networks work by broadcasting packets of information to every machine on a network. Each of these machines has a network interface card (NIC) listening for these packets. When a NIC sees a packet not intended for the IP address it's assigned to, it just ignores that packet. However, a packet sniffer consists of a network interface card listening for messages that aren't intended for it. This is also referred to as operating in promiscuous mode. Antisniffers are tools that can detect when network interface cards are operating in promiscuous mode.