1
WEB SECURITY
Web Security considerations
The World Wide Web is fundamentally a client/server application running over
the Internet and TCP/IP intranets.
The Web presents new challenges not generally appreciated in the context of
computer and network security:
The Internet is two way. Unlike traditional publishing environments, even
electronic publishing systems involving teletext, voice response, or fax-
back, the Web is vulnerable to attacks on the Web servers over the
Internet.
The Web is increasingly serving as a highly visible outlet for corporate and
product information and as the platform for business transactions.
Reputations can be damaged and money can be lost if the Web servers
are subverted.
Although Web browsers are very easy to use, Web servers are relatively
easy to configure and manage, and Web content is increasingly easy to
develop, the underlying software is extraordinarily complex. This complex
software may hide many potential security flaws. The short history of the
Web is filled with examples of new and upgraded systems, properly
installed, that are vulnerable to a variety of security attacks.
A Web server can be exploited as a launching pad into the corporation's
or agency's entire computer complex. Once the Web server is subverted,
an attacker may be able to gain access to data and systems not part of
the Web itself but connected to the server at the local site.
2
Casual and untrained (in security matters) users are common clients for
Web-based services. Such users are not necessarily aware of the security
risks that exist and do not have the tools or knowledge to take effective
countermeasures.
Web Security Threats
Table 17.1 provides a summary of the types of security threats faced in using
the Web. One way to group these threats is in terms of passive and active
attacks.
Passive attacks include eavesdropping on network traffic between browser
and server and gaining access to information on a Web site that is
supposed to be restricted.
Active attacks include impersonating another user, altering messages in
transit between client and server, and altering information on a Web site.
Threats Consequences Countermeasures
Integrity Modification ● Loss of Cryptographic
of user data information checksums
Trojan ● Compromise of
horse machine
browser ● Vulnerabilty to
Modification all
of memory other threats
Modification
of message
traffic in
transit
Confidentiality Eavesdropping on ● Loss of Encryption, web
the Net information proxies
● Theft of info from ● Loss of privacy
3
server
● Theft of data
from client
● Info about
network
configuration
● Info about which
client talks to
server
Denial of ● Killing of user Disruptive Difficult to prevent
Service threads Annoying
● Flooding machine Prevent
with bogus user from
requests getting
● Filling up disk or work done
memory
● Isolating machine
by DNS attacks
Authentication .Impersonation of .Misrepresentation Cryptographic
legitimate users of user techniques
● Data forgery ● Belief that false
information is
valid
Another way to classify Web security threats is in terms of the location of the
threat: Web server, Web browser, and network traffic between browser and
server.
Issues of server and browser security fall into the category of computer system
security.
Web Traffic Security Approaches
A number of approaches to providing Web security are possible. The various
approaches that have been considered are similar in the services they provide
4
and, to some extent, in the mechanisms that they use, but they differ with
respect to their scope of applicability and their relative location within the TCP/
IP protocol stack.
The advantage of using IPSec is that it is transparent to end users and
applications and provides a general-purpose solution. Further, IPSec includes a
filtering capability so that only selected traffic need incur the overhead of IPSec
processing.
Another relatively general-purpose solution is to implement security just above
TCP (Figure 17.1b). The foremost example of this approach is the Secure
Sockets Layer (SSL) and the follow-on Internet standard known as Transport
Layer Security (TLS). At this level, there are two implementation choices.
For full generality, SSL (or TLS) could be provided as part of the underlying
protocol suite and therefore be transparent to applications. Alternatively, SSL
can be embedded in specific packages. For example, Netscape and Microsoft
Explorer browsers come equipped with SSL, and most Web servers have
implemented the protocol.
Application-specific security services are embedded within the particular
application. Figure 17.1c shows examples of this architecture. The advantage of
this approach is that the service can be tailored to the specific needs of a given
application. In the context of Web security, an important example of this
approach is Secure Electronic Transaction (SET).