- Shopping Bag ( 0 items )
Attacks on government Web sites, break-ins at Internet service providers, electronic credit card fraud, invasion of personal privacy by merchants as well as hackers—is this what the World Wide Web is really all about?
Web Security & Commerce cuts through the hype and the front page stories. It tells you what the real risks are and explains how you can minimize them. Whether you're a casual but concerned Web surfer or a system administrator responsible for the security of a ...
Ships from: Springfield, VA
Usually ships in 1-2 business days
Ships from: acton, MA
Usually ships in 1-2 business days
Attacks on government Web sites, break-ins at Internet service providers, electronic credit card fraud, invasion of personal privacy by merchants as well as hackers—is this what the World Wide Web is really all about?
Web Security & Commerce cuts through the hype and the front page stories. It tells you what the real risks are and explains how you can minimize them. Whether you're a casual but concerned Web surfer or a system administrator responsible for the security of a critical Web server, this book will tell you what you need to know. Entertaining as well as illuminating, it looks behind the headlines at the technologies, risks, and benefits of the Web. Whatever browser or server you are using, you and your system will benefit from this book.
Encryption is the fundamental technology that protects information as it travels over the Internet. Although strong host security can prevent people from breaking into your computer-or at least prevent them from doing much damage once they have broken in-there is no way to safely transport the information that resides on your computer to another computer over a public network without using encryption.
But as the last chapter explained, there is not merely one cryptographic technology: there are many of them, each addressing a different need. In some cases, the differences between encryption systems represent technical differences-after all, no one solution can answer every problem. Other times, the differences are the result of restrictions resulting from patents or trade secrets. And finally, restrictions on cryptography sometimes result from political decisions.
Cryptography and Web Security
Security professionals have identified four keywords that are used to describe all "I" of the different functions that encryption plays in modem information systems. The different functions are these:
Confidentiality Encryption is used to scramble information sent over the Internet and stored on servers so that eavesdroppers cannot access the data's content. Some people call this quality "privacy," but most professionals reserve that word to refer to the protection of personal information (whether confidential or not) from aggregation and improper use.
Authentication Digital signatures are used to identify the author of a message; people who receive the message can verify the identity of the person who signed them. They can be used in conjunction with passwords or as an alternative to them.
Integrity Methods are used to verify that a message has not been modified while in transit. Often, this is done with digitally signed message digest codes.
Nonrepudiation Cryptographic receipts are created so that an author of a message cannot falsely deny sending a message.
Strictly speaking, there is some overlap among these areas. For example, when the DES encryption algorithm is used to provide confidentiality, it frequently provides integrity as a byproduct. That's because if an encrypted message is altered, it will not decrypt properly. In practice, however, it is better engineering to use different algorithms that are specifically designed to assure integrity for this purpose, rather than relying on the byproduct of other algorithms. That way, if the user decides to not include one aspect (such as encryption) because of efficiency or legal reasons, the user will still have a standard algorithm to use for the other system requirements.
What Cryptography Can't Do
Cryptography plays such an important role in web security that many people use the phrase secure web server when they really mean cryptographically enabled web server. indeed, it is difficult to imagine securing data and transactions sent over the Internet without the use of cryptography.
Nevertheless, encryption isn't all-powerful. You can use the best cryptography that's theoretically possible, but if you're not careful, you'll still be vulnerable to having your confidential documents and messages published on the front page of the San Jose Mercury News if an authorized recipient of the message faxes a copy to one of the reporters. Likewise, cryptography isn't an appropriate solution for many problems, including the following:
Cryptography can't protect your unencrypted documents. Even if you set up your web server so that it only sends files to people using 1024-bit SSL, remember that the unencrypted originals still reside on your web server. Unless you separately encrypt them, those files are vulnerable. Somebody breaking into the computer on which your server is located will have access to the data.
Cryptography can't protect against stolen encryption keys. The whole point of using encryption is to make it possible for people who have your encryption keys to decrypt your files or messages. Thus, any attacker who can steal or purchase your keys can decrypt your files and messages. That's important to remember when using SSL, because SSL keeps copies of the server's secret key on the computer's hard disk. (Normally it's encrypted, but it doesn't have to be.)
Cryptography can't protect against denial-of-service attacks. Cryptographic protocols such as SSL are great for protecting information from eavesdropping. Unfortunately, attackers can have goals other than eavesdropping. In banking and related fields, an attacker can cause great amounts of damage and lost funds by simply disrupting your communications or deleting your encrypted files.
Cryptography can't protect you against the record of a message or the fact that a message was sent. Suppose that you send an encrypted message to Blake Johnson, and Blake murders your lover's spouse, and then Blake sends you an encrypted message back. A reasonable person might suspect that you have some involvement in the murder, even if that person can't read the contents of your messages. Or suppose there is a record of your sending large, encrypted messages from work to your competitor. If there is a mysterious deposit to your bank account two days after each transmission, an investigator is likely to draw some conclusions from this behavior.
Cryptography can't protect against a booby-trapped encryption program. Someone can modify your encryption program to make it worse than worthless. For example, an attacker could modify your copy of Netscape Navigator so that it always uses the same encryption key. (This is one of the attacks that was developed at the University of California at Berkeley.)
Fundamentally, unless you write all of the programs that run on your computer, there is no way to completely eliminate these possibilities. They exist whether you are using encryption or not. However, you can minimize the risks by getting your cryptographic programs through trusted channels and minimizing the opportunity for your program to be modified. You can also use digital signatures and techniques like code signing to detect changes to your encryption programs.
Cryptography can't protect you against a traitor or a mistake. Humans are the weakest link in your system. Your cryptography system can't protect you if your correspondent is taking your messages and sending them to the newspapers after legitimately decrypting them. Your system also may not protect against one of your system administrators being tricked into revealing a password by a phone call purporting to be from the FBI.
Thus, while cryptography is an important element of web security, it is not the only part. Cryptography can't guarantee the security of your computer if people can break into it through other means. But cryptography will shield your data, which should help to minimize the impact of a penetration if it does occur. Today's Working Encryption Systems
Although encryption is a technology that will be widespread in the future, it is already hard at work on the World Wide Web today. In recent years, more than a dozen cryptographic systems have been developed and fielded on the Internet.
Working cryptographic systems can be divided into two categories. The first group are programs and protocols that are used for encryption of email messages. These programs take a plaintext message, encrypt it, and either store the ciphertext or transmit it to another user on the Internet. Such programs can also be used to encrypt files that are stored on computers to give these files added protection. Some popular systems that fall into this category include the following:
The second category of cryptographic systems are network protocols used for providing confidentiality, authentication, integrity, and nonrepudiation in a networked environment. Such systems require real-time interplay between a client and a server to work properly. Some popular systems that fall into this category include the following:
All of these systems are summarized in Table 11-1 and are described in the sections that follow. For detailed instructions on using these systems, please refer to the references listed in the Appendixes.
One of the first widespread public key encryption programs was Pretty Good Privacy (PGP), written by Phil Zimmermann and released on the Internet in June 1991. PGP is a complete working system for the cryptographic protection of electronic mail and files. PGP is also a set of standards that describe the formats for encrypted messages, keys, and digital signatures.
PGP is a hybrid encryption system, using RSA public key encryption for key management and the IDEA symmetric cipher for the bulk encryption of data.
Referring to the encryption checklist at the beginning of this chapter, PGP offers confidentiality, through the use of the IDEA encryption algorithm; integrity, through the use of the MD5 cryptographic hash function; authentication, through the use of public key certificates; and nonrepudiation, through the use of cryptographically signed messages.
PGP is available in two ways, as a standalone application and as an integrated email program available from PGP, Inc. The standalone program runs on many more platforms than the integrated system but is more difficult to use. PGP, Inc., is also developing plug-ins for popular email systems to allow them to send and receive PGP-encrypted messages.
A problem with PGP is the management and certification of public keys. PGP keys never expire: instead, when the keys are compromised, it is up to the keyholder to distribute a special PGP key revocation certificate to everyone with whom he or she communicates. Correspondents who do not learn of a compromised key and use it weeks, months, or years later to send an encrypted message do so at their own risk. As a side effect, if you create and distribute a PGP public key, you must hold onto the secret key for all time because the key never expires.
PGP public keys are validated by a web of trust. Each PGP user can certify any key that he or she wishes, meaning that the user believes the key actually belongs to the person named in the key certificate. But PGP also allows users to say that they trust particular individuals to vouch for the authenticity of still more keys. PGP users sign each other's keys, vouching for the authenticity of the key's apparent holder.
The web of trust works for small communities of users, but not large ones. For example, one way that PGP users sign each other's keys is by holding ritualistic key signing parties. Users gather, exchange floppy disks containing public keys, show each other their driver's licenses, whip out their private keys, and then have an orgy of public key encryptions as their private keys are pressed against each other. It's a lot of fun, especially in mixed company. Key signings are a great way to meet people, as they are usually followed by trips to establishments involving the consumption of large amounts of alcohol, pizza, and/or chocolate. Unfortunately, this is not a practical way to create a national infrastructure of public keys.
Another way that PGP public keys are distributed is by the PGP public key servers located on the Internet. Any user on the Internet can submit a public key to the server, and the server will dutifully hold the key, send a copy of the key to all of the other servers, and give out the key to anybody who wishes it. Although there are many legitimate keys in the key server, there are also many keys that are clearly fictitious. Although the key servers work as advertised, in practice they are ignored by most PGP users. Instead of putting their keys on the key servers, most PGP users distribute their public keys on their own personal web pages. PGP's ability to certify identity reliably is severely hampered by the lack of a public key infrastructure....
The defaced web site was on the Internet for hours, until FBI technicians discovered the attack and pulled the plug. For the rest of the weekend, people trying to access the Department's home page saw nothing, because Justice didn't have a spare server.
The defaced web server publicly embarrassed the Department of Justice on national radio, TV, and in the nation's newspapers. The Department later admitted that it had not paid much attention to the security of its web server because the server didn't contain any sensitive information. After all, the web server was simply filled with publicly available information about the Department itself; it didn't have sensitive information about ongoing investigations.
By getting on the Web, the Department of Justice had taken advantage of a revolutionary new means of distributing information to the public--a system that lowers costs while simultaneously making information more useful and more accessible. But after the attack, it became painfully clear that the information on the web server didn't have to be secret to be sensitive. The web server was the Department's public face to the online world. Allowing it to be altereddamaged the Department's credibility.
It was not an isolated incident. On September 18, 1996, a group of Swedish Hackers broke into the Central Intelligence Agency's web site (http://www.odci.gov/cia). The Agency's response was the same as the FBI's: pull the plug first and ask questions later. A few months later, when a similar incident resulted in modification of the U.S. Air Force's home page, the Department of Defense shut down all of its externally available web servers for several days while seeking to secure its servers and repair the damage.
Then on Monday, March 3, 1997, a different kind of web threat reared its head. Paul Greene, a student at Worcester Polytechnic Institute, discovered that a specially written web page could trick Microsoft's Internet Explorer into executing practically any program with any input on a target computer. An attacker could use this bug to trash a victim's computer, infect it with a virus, or capture supposedly private information from the computer's hard drive. The bug effectively gave webmasters total control over any computer that visited a web site with Internet Explorer.
Microsoft posted a fix to Greene's bug within 48 hours on its web site, demonstrating both the company's ability to respond and the web's effectiveness at distributing bug fixes. But before the end of the week, another flaw with the same potentially devastating effects had been discovered in Internet Explorer. And the problems weren't confined only to Microsoft: within a week, other researchers reported discovering a new bug in Sun Microsystem's Java environment used in Netscape Navigator.
The Web: Promises and Threats
The Department of Justice, the Air Force, and the CIA were lucky. Despite the public humiliation resulting from the break-ins, none of these organizations had sensitive information on their web servers. A few days later, the systems were up and running again--this time, we hope, with the security problems fixed. But things could have been very different. Microsoft and the millions of users of Internet Explorer were lucky too. Despite the fact that the Internet Explorer bug was widely publicized, there were no attacks resulting in widespread data loss.
Instaed of the heavy-handed intrusion, the anti-government hackers could have let their intrusion remain hidden and used the compromised computer as a base for attacking other government machines. Or they could have simply altered the pages a tiny bit--for example, changing phone numbers, fabricating embarrassing quotations, or even placing information on the web site that was potentially libelous or pointed to other altered pages. The attackers could have installed software for sniffing the organization's networks, helping them to break into other, even more sensitive machines.
A few days before the break-in at www.usdoj.gov, the Massachusetts state government announced that drivers could now pay their speeding tickets and traffic violations over the World Wide Web. Simply jump to the Registry of Motor Vehicles' web site, click on a few links, and pay your speeding ticket with a credit card number. "We believe the public would rather be online than in line," said one state official.
To accept credit cards safely over the Internet, the RMV web site uses a "secure" web server. Here, the word secure refers to the link between the web server and the web browser. It means that the web server implements certain Cryptographic protocols so that when a person's credit card number is sent over the Internet, it is scrambled so the number cannot be intercepted along the way.
But the web server operated by the Massachusetts Registry isn't necessarily more secure than the web server operated by the Department of Justice. Merely using cryptography to send credit card numbers over the Internet doesn't mean the computer can't be broken into. And if the computer were compromised, the results could be far more damaging than a public relations embarrassment. Instead of altering web pages, the cooks could install software into the server that would surreptitiously capture credit card numbers after they had been decrypted. The credit card numbers could be silently passed back to the outside and used for committing credit fraud. It could take months for credit card companies to discover the source of the credit card number theft. By then, the thieves could have moved on to other victims.*
Alternatively, the next time a web server is compromised, the attackers could simply plant violent HTML code that exploits the now well-known bugs in Netscape Navigator or Microsoft Internet Explorer.
These stories illustrate both the promise and the danger of the World Wide Web. The promise is that the Web can dramatically lower costs to organizations for distributing information, products, and services. The danger is that the computers that make up the Web are vulnerable. They can and have been compromised. Even worse: the more things the Web is used for, the more value organizations put online, and the more people are using it, the more inviting targets all of these computers become.
Security is the primary worry of companies that want to do business on the World Wide Web, according to a 1997 study of 400 information systems managers in the U.S. by strategic Focus, Inc., a Milpitas, California, consulting firm, "For any kind of electronic commerce, security is a major concern and will continue to be for some time," said Jay Prakash, the firm's president, who found security to be an issue for 55 percent of the surveyed companies.
About This Book
This is a book about World Wide Web security and commerce. In its pages, we will show you the threats facing people in the outline world and ways of minimizing them.
This book is written both for individuals who are using web browsers to access information on the Internet and organizations that are running web servers to make data and services available. It contains a general overview of Internet-based computer security issues, as well as many chapters on the new protocols and products that have been created to assist in the rapid commercialization of the World Wide Web.
Topics in this book that will receive specific attention include:
How to lessen the chances that your server will be broken into
This book covers the fundamentals of web security, but it is not designed to be a primer on computer security, operating systems, or the World Wide Web. For that, we recommend many of the other fine books published by O'Reilly & Associates, including Æleen Frisch's Essential System Administration, Chuck Musciano and Bill Kennedy's HTML: The Definitive Guide, Shishir Gundavaram's CGI Programming on the World Wide Web, Deborah Russel and G.T. Gangemi's Computer Security Basics, and finally our book, Practical UNIX & Internet Security. An in-depth discussion of cryptography can be found in Bruce Schneier's Applied Cryptography (John Wiley & Sons).
This book is divided into seven parts; it includes 19 chapters and five appendixes:
Part I, Introduction, describes the basics of computer security for computers connected to the Internet.
Chapter 1, The Web Security Landscape, gives a brief history of the Web, introduces the terminology of web security, and provides some examples of the risks you will face doing business on the Web.
Part II, User Safety, looks at the particular security risks that users of particular web browsers face. It provides information on the two current browsers used most frequently: Microsoft's Internet Explorer and Netscape Navigator. This part of the book is aimed at users.
Chapter 2, The Buggy Browser: Evolution of Risk, explains the history of browsers and looks at the biggest security threat of all: careless and hasty implementation leading to faults.
Chapter 4, Downloading Machine Code with ActiveX and Plug-Ins, looks at the serious dangers of running arbitrary code on your computer.
Chapter 5, Privacy, looks at the questions of online privacy, cookies, and the disclosure of secrets.
Part III, Digital Certificates, explains what digital certificates are and how they are used to establish identity and trust on the Web.
Chapter 6, Digital Identification Techniques, explains how cryptography is sued to assure identity in a networked environment.
Chapter 7, Certification Authorities and Server Certificates, gives a hands-on view of the particular kinds of digital certificates that are used to establish the identity of web servers.
Chapter 8, Client-Side Digital Certificates, discusses the pros and cons of digital certificates that are used to establish the identity of users on the World Wide Web.
Chapter 9, Code Signing and Microsoft's Authenticode, explains how digital certificates can be used to sign executable programs and how those signatures are verified.
Part IV, Cryptography, gives an overview of cryptography and discusses how it pertains to the Web today. This part is especially useful to individuals and organizations interested in publishing and doing business on the World Wide Web.
Chapter 10, Crytography Basics, discusses the role of encryption and message digests.
Chapter 11, Cryptography and the Web, discusses the role of encryption on the Internet.
Chapter 12, Understanding SSL and TLS, is a general overview of the Secure Socket Layer and Transport Layer Security protocols.
Part v, Web Server Security, explores techniques for securing web servers.
Chapter 13, Host and Site Security, contains information about basic UNIX and Windows NT security* as well as physical security.
Chapter 14, Controlling Access to Your Web Server, discuses how you can restrict information on a web server to particular users by access control systems built into web servers.
Chapter 15, Secure CGI/API Programming, discusses security issue when writing CGI scripts and taking advantage of web server APIs.
Part VI, Commerce and Society, takes a look at the critical issues involving money and society on the World Wide Web. This part of the book is of general interest.
Chapter 16, Digital Payments, looks at credit cards, digital cash, and other ways of paying for things online.
Chapter 17, Blocking Software and Censorship Technology, examines at technologies that are used for controlling access to the Internet by children and people living in totalitarian countries.
Chapter 18, Legal Issues: Civil, looks at a number of civil concerns involved with publishing information on the World Wide Web.
Chapter 19, Legal Issues: Criminal, continues our survey of legal issues by looking at criminal problems that can arise from web content.
Part VII, Appendixes, contains summary and technical information.
Appendix A, Lessons from Vineyard.NET, is a personal account of creating and running an Internet service provider and trying to ensure its security.
Appendix B, Creating and Installing Web Server Certificates, shows the installation of the Apache-SSL web server and the certificate procurement and installation process. Although the specific technical information contained in this chapter may be obsolete by the time this book is printed, the procedure illustrates the process that must be followed for most web servers in use.
Appendix C, The SSL 3.0 Protocol, is a technical walk through the details of the SSL 3.0 protocol. It includes sample code for creating a SSL (Secure Socket Layer) client and server and information on SSLeay.
Appendix D, The PICS Specification, is a technical walkthrough of the details of the PICS standard.
Appendix E, References, tells you where you can go for more information. It covers both electronic and paper sources. We have tried to keep it short so that it will be approachable.
What You Should Know
Web security is a complex topic that touches on many aspects of traditional computer security, computer architectures, system design, software engineering, Internet technology, mathematics, and the law. To keep the size of this book under control, we have focused on conveying information and techniques that will not readily be found elsewhere
To get the most out of this book, you should already be familiar with the operation and management of a networked computer. You should know how to connect your computer to the Internet; how to obtain, install, and maintain computer software; and how to perform routine system management tasks, such as backups. You should have a working knowledge of the World Wide Web, and you should know how to install and maintain your organization's web server.
That is not to say that this is a book written solely for "propeller-heads" and security geeks. Great effort has been taken to make this book useful for people who have a working familiarity with computers and the web, but are not familiar with the nitty-gritty details of computer security. That's why we have the introductory chapters on cryptography and SSL.
Web Software Covered by This Book
A major difficulty in writing a book on web security is that the field is moving incredibly quickly. While we were working on this book, Netscape released three generations of web servers and browsers; Microsoft released its Internet Explorer 3.0 web browser and previewed its 4.0 browser; and WebTV Networks released a set-top box that allows people to surf the web without a PC and was eventually bought by Microsoft. At least three "secure" web servers were announced and released during that time period as well.
It is extremely difficult to track the field of web security, and it is impossible to do so in a printed publication such as this. So instead of providing detailed technical information regarding the installation and configuration of particular software that is sure to become obsolete shortly after the publication of this volume, we have instead written about concepts and techniques that should be generally applicable for many years to come.
In writing this book, we used a wide variety of software. Examples in this book are drawn from these web servers:
Microsoft Internet Information Server
Netscape FastTrack Server
The following web browsers were used in the creation of this book:
Microsoft Internet Explorer
Spry Real Mosaic
Why Another Book on Computer Security?
In June 1991, O'Reilly & Associates published our first book, Practical UNIX Security. The book was 450 pages and contained state-of-the-art information for securing UNIX computers on the Internet. Five years later, we published the revised edition of our book, now entitled Practical UNIX & Internet Security. During the intervening years, the field of computer security had grown substantially. Not surprisingly, so had our page count. The new volume was 1000 pages long.
Some people joked that the second edition was so big and took so long to read that its most likely use in the field of computer security was that of a weapon--if anybody tried to break into your computer, simply hit them on the head with the corner of the three-pound opus. It would stop them cold.
Perhaps. For the serious computer security administrator, 1000 detailed pages on running secure UNIX and Internet servers is a godsend. Unfortunately, much of the information in the book is simply not relevant for the administrator who is seeking to manage a small web site securely. At the same time, the book misses key elements that are useful and important to the web administrator--technology developed in the year following the book's publication. Moreover, our 1996 book focuses on UNIX servers; not every site uses UNIX, and not every person is a system administrator.
Clearly, there is a need for a book that would give time-pressed computer users and system managers the "skinny" on what they need to know about using the Web securely. Likewise, there is a need for a new book that covers the newest developments in web security: SSL encryption, client-side digital signature certificates, special issues pertaining to electronic commerce. This is that book.
Conventions Used in This Book
The following conventions are used in this book:
Italic is used for file and directory names and for URLs. It is also used to emphasize new terms and concepts when they are introduced.
Constant Width is used for code examples and any system output.
Posted March 27, 2001
The content contained within the book was very obvious. Too obvious even if the book was a Dummies title book. Also, this book while 400+ pages long contained about 50 pages of useful information. Each topic contained dozens of analogies to describe them. One or two analogies would have been sufficient for most people. I am convinced the list of these analogies were solely there to increase the size of this book. One topic in particular, Digital Certificates, included 8 pages of analogies including the explanation to readers that most computers don't have cameras that can identify a users face visually and that drivers licenses and passports are used to identify people in the real world. I was very disappointed I expect a lot more from O'Reilly.Was this review helpful? Yes NoThank you for your feedback. Report this reviewThank you, this review has been flagged.