|
trip report from the eighth World Wide Web conference
in toronto, canada
tutorial 11: web security and beyond
|
author: clifford neuman, university of southern california
(USC), information sciences institute (ISI)
number of attendees: approx. 45
introduction:
security is one of the major concerns in an electronic commerce
environment. but while in a "normal" computer environment security
basically means "keep everybody out of the systems", the situation in
e-commerce is more difficult. we want to grant our customers some degree of
access to some information, but at the same time, we have to protect other data
from being accessible by everyone.
unique security requirements in an electronic commerce environment:
- provide controlled access to internal system resources for outsiders which
leads to a conflict between isolation for security and connection for ease of
use and currency of data
- unlike in a corporate environment, there is no control over the client's
system
- some customers may not want their accounts to be available over the network
types of attacks:
- network attacks, e.g. sniffing for passwords, credit card
numbers etc. or data stream modification
- impersonation
- server compromise: attackers may try to access data that
was transferred encrypted but is now stored on the server in clear.
- client compromise: bugs in the browser or in helper
applications (e.g. postscript or PDF viewer etc.) may allow server to upload
and execute arbitrary files. JavaScripts or Java applets may perform functions
that they should not (e.g. reading or writing unintended files or unintended
communication, such as sending out the history of the browser)
- denial of service attacks to put a company at least
temporarily out of business
- traffic analysis, e.g. increasing email traffic between
two companies with some merging potential may indicate that there is something
going on
- invasion of privacy
countermeasures:
- set up appropriate security policies, e.g. who can read
and who can update data, what data has to be encrypted when transferred over
the network and so on. but remember: even if the data gets transmitted
encrypted using SSL or a similar protocol, it will be stored on the server and
on the client (local cash !) in clear.
- Secure HTTP (SHTTP): protects web objects such as
documents and forms, but is not well suited for lengthy exchanges (compute
extensive)
- authentication: could be based on password, IP-address
(very weak), or cryptography (e.g. kerberos)
- server attacks: isolate critical data from the web site,
ensure proper placement of the web server in relation to a firewall (preferably
between two firewalls), disable any unnecessary services and avoid scripts (use
programs instead). for recovery, have backup copies of system binaries ready in
a safe place, keep journals of updates through the day and maintain daily
checkpoints of databases.
- client attacks: install browsers and helper applications
only from trusted sources (check certificates). disable Java, JavaScripts and
configure secure variants of helper applications.
- denial of service attacks: there are no truly effective
solutions. check information from CERT and configure systems as secure as
possible.
- traffic analysis: there is not too much that can be done
against it. connections to web servers can be routed through intermediaries to
protect privacy, such as www.anonymizer.com
- user privacy: disable cookies, but this may be painful on
most websites. configure the browser carefully. close the browser after
supplying sensitive data.
future:
- there will be more integration of e-commerce business for good or worse
- developments towards single logon to the web, probably based on smart cards
conclusion:
again a short but comprehensive overview of this subject by
clifford neuman, who also gave the tutorial about electronic payment systems. security issues on
e-commerce servers can't be stressed enough. if someone manages to compromise
an e-commerce server, this may cause enormous damage to that company or
organization.
the tutorial is available
on the
web.
to main document
production note:
this trip report was written on a Vadem Clio
C-1000 running Windows CE with Pocket Word. It was then transferred to a DELL
Latitude notebook and modified as needed. this document is supposed to be HTML
V4.0 compliant.
this page conforms with the WAG
tutorial_11.html / 17-may-1999 (ra) /
reto ambühler
!!! Dieses Dokument stammt aus dem
ETH Web-Archiv und wird nicht mehr gepflegt !!!
!!! This document is stored in the
ETH Web archive and is no longer maintained !!!