×

Uh-oh, it looks like your Internet Explorer is out of date.

For a better shopping experience, please upgrade now.

Web Security Sourcebook
     

Web Security Sourcebook

by Aviel D. Rubin, Daniel E. Geer Jr., Marcus Ranum
 

"The authors . . . bring wide-ranging experience to this work, moving from theory to hands-on, bit-shoveling practical advice." -Steven M. Bellovin

A serious security sourcebook for Web professionals and users.

The front door is unlocked and wide open. The alarm's not working and no one's home. All of your valuables, money, and intimate details of your life are

Overview

"The authors . . . bring wide-ranging experience to this work, moving from theory to hands-on, bit-shoveling practical advice." -Steven M. Bellovin

A serious security sourcebook for Web professionals and users.

The front door is unlocked and wide open. The alarm's not working and no one's home. All of your valuables, money, and intimate details of your life are just sitting inside, waiting to be taken. No, it's not your house . . . it's your computer.

The Web now penetrates every aspect of our lives, from the home PC to the business office. But with each advance in convenience comes a geometric increase in vulnerability to the integrity of data and software as well as to the confidentiality of information. Although the flaws inherent in the Web are real, solutions are available. Let Aviel Rubin, Daniel Geer, and Marcus Ranum give you the answers.

Here's a book that's valuable today and indispensable for the future. It includes basic and advanced techniques for client-side and server-side security, browser security, writing secure CGI scripts, firewalls, and secure e-commerce. There's a special appendix that demystifies the complex world of cryptography. And the book comes with access to a dedicated Web site containing up-to-the-minute information on the latest security threats and solutions.

So whether you're a Webmaster trying to close the door on sites and applications, or an everyday user hoping to keep your desktop safe, this is your essential source on:

• Protecting and securing Web pages, search engines, servers, and browsers

• Writing impregnable applets and scripts, and avoiding the dangers inherent in every language

• Using (and abusing) firewalls and cryptographic controls

• Securing commerce and payment transactions

Product Details

ISBN-13:
9780471181484
Publisher:
Wiley
Publication date:
07/08/1997
Pages:
368
Product dimensions:
7.50(w) x 9.20(h) x 0.80(d)

Read an Excerpt

Chapter 2: Basic Browser Security

OBTAINING A VALID BROWSER

The Microsofts Internet Explorer is usually obtained with Windows 95 or through a software vendor. The danger of this program being tampered with is no greater than the danger of the operating system being modified; the latter is the more serious security threat. Thus, if users trust that they have a valid operating system, they usually have confidence in their browser. The same is not true for Netscape. Netscape Navigator and Internet Explorer are both readily available through the Internet. Whereas most Explorer users obtain their browsers with their operating systems or in software stores, the Netscape users tend to download their browsers from an ftp site.

When you obtain a program by ftp through the Internet, you run the risk that you will get a maliciously modified copy instead. A program is vulnerable at the distribution site and in transit. In fact, if the DNS has been attacked, a user may not even be communicating with the correct server when he or she requests a file.

If an attacker can cause a user to download a modified browser, the consequences can be serious. A trojanized browser might appear to behave correctly. The user would have no idea that he or she was not running the correct program. Because a Web browser requires an Internet connection, a trojanized browser could give an attacker unlimited access to the user's machine and everything on it. The attacker could use this access to read and replace files, to run programs on the target machine, to disrupt service, and even to access secret cryptographic keys that may be stored on the local disk. By controlling the browser, theattacker could fool the user into entering passwords and other confidential information that would normally be reserved for trusted programs.

A maliciously modified browser need not be very sophisticated to be effective. A browser that automatically modifies SSL options, for example, to specify weak encryption would compromise all communication with secure servers. Another simple attack would mail information to the attacker about the user's browsing habits, enabling targeted advertising or blackmail. Because most browsers now come with built-in mail and newsreading capabilities, attackers could spy on someone by having a trojanized browser forward a copy of all e-mail to a specific location. They could even avoid detection by having the forwarded mail encrypted with a public key.

Several things can be done to distribute a file and guarantee its authenticity and integrity. Authenticity means that the file actually comes from the right place, and integrity means that it has not been modified. The most obvious protection is for the distributor to digitally sign the files. Digital signatures, however, require public key infrastructure. And, clearly there are open problems with certifying public keys.

One solution to the problem of secure software distribution on the Internet is Betsi (http://info.bellcore.com/BETSI/betsi. html). IETF RFC 1805 describes the protocol. Betsi is an interim solution to the problem, one that has been in place for a year and a half and can be expected to prevail until a more rigorous infrastructure displaces it. It requires users to obtain one valid public key and some widely available cryptographic software, namely PGP (http://Web.mit.edu/network/pgp.html) and MD5. More information about these programs is available in Appendix A. Users can obtain these programs from the site of their choosing. Betsi's public key is also widely available. The key has been signed by some well-known people whose public keys are also widely available, including Phil Zimmerman, the author of PGP, The fingerprint of Betsi's PGP public key is:

5F 34 26 5F 2A 48 6B 07 90 C9 98 C5 32 C3 44 OC

In Betsi, there are authors and users. Authors are people who wish to distribute software securely. Netscape is an example of an author. Users are people who wish to download programs with integrity and authenticity guarantees. Authorsmust register with Betsi in advance. To do so, they present Betsi with a public key, then Betsi verifies their identity. There are several approaches to this verification; the method chosen depends on the level of security required.

Once authors are registered, they can communicate securely with Betsi because they will share valid copies of one anothers' public keys. When an author has a file to distribute, he or she creates an integrity certificate request for the file. The request contains items such as the name of the author, the name of the file(s) to be certified, the cryptographic hash of the file, and so on. The author then signs the request with his or her private key and sends it to Betsi. Here is an example of such a request:

- - - - - BEGIN PGP SIGNED MESSAGE - - - - Author Name: Some Author Author Organization: Software Company, Inc. Hash function: MD5 Date of certificate creation: 09/17/96 4e74a2197b1b9f2561 distribution.tar.z f4632efda0e7ce66e4 archive.tar.Z

- - - - - BEGIN PGP SIGNATURE - - - - - Version: 2.6.2
0AQG.EAP+IloB/bewd
/V2TYG9TRLajxH4Ynp[
9Dawx8R1iQc1D7E+qM
05bjcJuFEvo=
=1X8u
- END PGP SIGNATURE - - - - -

Betsi receives this message and checks the signature. At this point, the message is verified as authentic, and any modifications to the message are detected during the verification. Next, Betsi replies to the author with a signed integrity certificate, which states that the named author is registered and that he or she has requested a certificate linking certain hash values to filenames. Here is an example of such a certificate: ...

Meet the Author

AVIEL D. RUBIN is a senior technical staff member at AT&T Labs-Research and an Adjunct Professor of Computer Science at New York University, where he teaches cryptography and computer security. He has served on several program committees for major security conferences and will be the program chair for the 1998 USENIX security conference.

DANIEL GEER is Vice President of CertCo, which specializes in secure electronic commerce.

MARCUS J. RANUM has been working with network security and firewalls for the last seven years. During that time he has developed three popular firewall products: the DEC SEAL, TIS Firewall Toolkit, and TIS Gauntlet.

Customer Reviews

Average Review:

Post to your social network

     

Most Helpful Customer Reviews

See all customer reviews