The Worry About Web Security

Published Date: 02 Nov 2017

Why should web security require special attention apart from the general subject of computer and Internet security? Because the Web is changing many of the assumptions that people have historically made about computer security and publishing:

The Internet is a two-way network. As the Internet makes it possible for web servers to publish information to millions of users, it also makes it possible for computer hackers, crackers, criminals, vandals, and other "bad guys" to break into the very computers on which the web servers are running. Those risks don't exist in most other publishing environments, such as newspapers, magazines, or even "electronic" publishing systems involving teletext, voice-response, and fax-back.

The World Wide Web is increasingly being used by corporations and governments to distribute important information and conduct business transactions. Reputations can be damaged and money can be lost if web servers are subverted.

Although the Web is easy to use, web servers and browsers are exceedingly complicated pieces of software, with many potential security flaws. Many times in the past, new features have been added without proper attention being paid to their security impact. Thus, properly installed software may still pose security threats.

Once subverted, web browsers and servers can be used by attackers as a launching point for conducting further attacks against users and organizations.

Unsophisticated users will be (and are) common users of WWW-based services. The current generation of software calls upon users to make security-relevant decisions on a daily basis, and yet users are not given enough information to make informed choices.

It is considerably more expensive and more time-consuming to recover from a security incident than to take preventative measures ahead of time.

Worry about Web Security

The World Wide Web is the fastest growing part of the Internet. Increasingly, it is also the part of the Internet that is most vulnerable to attack.

Web servers make an attractive target for attackers for many reasons:

Publicity

Web servers are an organization's public face to the Internet and the electronic world. A successful attack on a web server is a public event that may be seen by hundreds of thousands of people within a matter of hours. Attacks can be mounted for ideological or financial reasons; alternatively, they can simply be random acts of vandalism.

Commerce

Many web servers are involved with commerce and money. Indeed, the cryptographic protocols built into Netscape Navigator and other browsers were originally placed there to allow users to send credit card numbers over the Internet without fear of compromise. Web servers have thus become a repository for sensitive financial information, making them an attractive target for attackers. Of course, the commercial services on these servers also make them targets of interest.

Proprietary information

Organizations are using web technology as an easy way to distribute information both internally, to their own members, and externally, to partners around the world. This proprietary information is a target for competitors and enemies.

Network access

Because they are used by people both inside and outside an organization, web servers effectively bridge an organization's internal and external networks. Their position of privileged network connectivity makes web servers an ideal target for attack, as a compromised web server may be used to further attack computers within an organization.

Unfortunately, the power of web technology makes web servers and browsers especially vulnerable to attack as well:

Server extensibility

By their very nature, web servers are designed to be extensible. This extensibility makes it possible to connect web servers with databases, legacy systems, and other programs running on an organization's network. If not properly implemented, modules that are added to a web server can compromise the security of the entire system.

Browser extensibility

In the same manner that servers can be extended, so can web clients. Today, technologies such as ActiveX, Java, JavaScript, VBScript, and helper applications can enrich the web experience with many new features that are not possible with the HTML language alone. Unfortunately, these technologies can also be subverted and employed against the browser's user--often without the user's knowledge.

Disruption of service

Because web technology is based on the TCP/IP family of protocols, it is subject to disruption of service: either accidentally or intentionally through denial-of-service attacks. People who use this technology must be aware of its failings and prepare for significant service disruptions.

Complicated support

Web browsers require external services such as DNS (Domain Name Service) and IP (Internet Protocol) routing to function properly. The robustness and dependability of those services may not be known and can be vulnerable to bugs, accidents, and subversion. Subverting a lower-level service can result in problems for the browsers as well.

Pace of development

The explosive growth of WWW and electronic commerce has been driven by (and drives) a frenetic pace of innovation and development. Vendors are releasing new software features and platforms, often with minimal (or no) consideration given to proper testing, design, or security. Market forces pressure users to adopt these new versions with new features to stay competitive. However, new software may not be compatible with old features or may contain new vulnerabilities unknown to the general population.

The solution to these problems is not to forsake web technology but to embrace both the limitations and the appropriate security measures. However, it is also important to understand the limits of any system and to plan accordingly for failure and accident.

The Web Security Problem

The web security problem consists of three major parts:

Securing the web server and the data that is on it. You need to be sure that the server can continue its operation, the information on the server is not modified without authorization, and the information is only distributed to those individuals to whom you want it to be distributed.

Securing information that travels between the web server and the user you would like to assure that information the user supplies to the web server (usernames, passwords, financial information, etc.) cannot be read, modified, or destroyed by others. Many network technologies are especially susceptible to eavesdropping, because information is broadcast to every computer that is on the local area network.

Securing the user's own computer you would like to have a way of assuring users that information, data, or programs downloaded to their systems will not cause damage--otherwise, they will be reluctant to use the service. You would also like to have a way of assuring that information downloaded is controlled thereafter, in accordance with the user's license agreement and/or copyright.

Along with all of these considerations, we may also have other requirements. For instance, in some cases, we have the challenges of:

Verifying the identity of the user to the server

Verifying the identity of the server to the user

Ensuring that messages get passed between client and server in a timely fashion, reliably, and without replay

Logging and auditing information about the transaction for purposes of billing, conflict resolution, "nonrepudiation," and investigation of misuse

Balancing the load among multiple servers

To properly address these concerns requires the interaction of several of our three main components, along with the underlying network and OS fabric.

Securing the Web Server

Securing the web server is a two-part proposition. First, the computer itself must be secured using traditional computer security techniques. These techniques assure that authorized users of the system have the capabilities to do their own work and only those capabilities. Thus, we may want to authorize anonymous users to read the contents of our main web page, but we do not want them to have the ability to shut down the computer or alter the system accounting files. These traditional techniques also assure that people on the Internet who are not authorized users of the system cannot break into it and gain control. Chapter 13, Host and Site Security, presents an overview of several generic techniques; the references in Appendix E, References, contain many more.

Server security is complicated when a computer is used both as a traditional time-sharing computer and as a web server. This is because the web server can be used to exploit bugs in the host security, and failings in host security can be used to probe for problems with the web server. For example, a poorly written CGI script may make it possible to change a web server's configuration file, which can then be modified so that the web server runs with excess privileges. By using a host security flaw, an attacker could then create a privileged CGI script that would lead to granting the attacker full access to the entire computer system. Thus, one of the best strategies for improving a web server's security is to minimize the number of services provided by the host on which the web server is running. If you need to provide both a mail server and a web server, your best bet is to put them on different computers.

Another good strategy for securing the information on the web server is to restrict access to the web server. The server should be located in a secure facility, so that unauthorized people do not have physical access to the equipment. You should limit the number of users who have the ability to log into the computer. The server should be used only for your single application: otherwise, people who have access to the server might obtain access to your information. And you should make sure that people who access the server for administrative purposes do so using secure means such as Kerberized Telnet, SecureID, S/Key, or ssh.

Wireless Networks Security

No computer network is truly secure, but how does wireless network security stack up to that of traditional wired networks?

Unfortunately, no computer network is truly secure. It's always theoretically possible for eavesdroppers to view or "snoop" the traffic on any network, and it's often possible to add or "inject" unwelcome traffic as well. However, some networks are built and managed much more securely than others. For both wired and wireless networks alike, the real question to answer becomes - is it secure enough?

Wireless networks add an extra level of security complexity compared to wired networks. Whereas wired networks send electrical signals or pulses of light through cable, wireless radio signals propogate through the air and are naturally easier to intercept. Signals from most wireless LANs (WLANs) pass through exterior walls and into nearby streets or parking lots.

Network engineers and other technology experts have closely scrutinized wireless network security because of the open-air nature of wireless communications. The practice of wardriving, for example, exposed the vulnerabilities of home WLANs and accelerated the pace of security technology advances in home wireless equipment.

Overall, conventional wisdom holds that wireless networks are now secure enough to use in the vast majority of homes, and many businesses. Security features like 128-bit WEP and WPA can scramble or encrypt network traffic so that its contents cannot easily be deciphered by snoopers. Likewise, wireless network routers and wireless access points (APs) incorporate access control features such as MAC address filtering that deny requests from unwanted clients.

Obviously every home or business must determine for themselves the level of risk they are comfortable in taking when implementing a wireless network. The better a wireless network is administered, the more secure it becomes. However, the only truly secure network is the one never built!