Securing E-Commerce - PowerPoint PPT Presentation

1 / 24
About This Presentation
Title:

Securing E-Commerce

Description:

The attackers uploaded a PHP script to a world-writeable ftp directory (dubious) ... Now considered the most secure commercially available solution. ... – PowerPoint PPT presentation

Number of Views:31
Avg rating:3.0/5.0
Slides: 25
Provided by: harry66
Category:

less

Transcript and Presenter's Notes

Title: Securing E-Commerce


1
Securing E-Commerce
  • CSEM02
  • University of Sunderland
  • Harry R. Erwin, PhD

2
Resources
  • Garfinkel and Spafford, 1996, Practical UNIX and
    Internet Security, OReilly, ISBN 1-56592-148-8
  • Anderson, 2001, Security Engineering, Wiley,
    ISBN 0-471-38922-6.
  • Norberg, 2001, Securing Windows NT/2000 Servers,
    O'Reilly, ISBN 1-56592-768-0. Most of this
    lecture is based on Norberg.
  • Zwicky, Cooper, and Chapman, 2000, Building
    Internet Firewalls, second edition, O'Reilly,
    ISBN 1-56592-871-7.

3
The Most Common Threats Involving E-Commerce
  • Intrusiontypically in the form of site
    defacement, with damage to the companys
    reputation.
  • Denial of servicepreventing authorized users
    from using the system, resulting in loss of
    business.
  • Information theftunauthorized persons obtaining
    private information, resulting in legal liability.

4
A Typical Attack
  • How lthttp//www.apache.orggt was hacked
  • (from Norberg, based on a BugTraq report on May
    4, 2000)
  • The attackers uploaded a PHP script to a
    world-writeable ftp directory (dubious).
  • The web server root directory was the same as the
    ftp server root directory (bad).
  • The PHP script executed UNIX commands (bad) that
    created a shell server bound to a high port that
    was open (badno firewall).
  • Finally, they used a database process that was
    running as root (more bad) to create a setuid
    root shell.

5
What is a Body to Do?
  • You must have and maintain a high level of
    security for your site.
  • This is feasible, but it requires awareness and
    knowledge.

6
Security Strategies (Zwicky)
  • Least privilegeprocesses and users should have
    only the privileges they need for their job
  • Defense in depthmultiple security layers
  • Choke pointlimit access to your system
  • Weakest linkattacks will seek vulnerabilities
  • Fail-safe stancedeny access if the system fails
  • Universal participationeverybody buys in
  • Diversity of defensemultiple mechanisms
  • Simplicityonly the simple can be made secure
  • Security through obscurityis valid (but weak)

7
Building a Secure Site
  • Plan for it. Cover all the bases and formally
    analyze your requirements.
  • Define your policies. (UK and Microsoft
    definition, not US government definition.) See
    RFC 2196, Site Security Handbook.
  • Provide physical security.
  • Implement access control.
  • Use a firewall.

8
Operating a Secure Site
  • Audit access policy violations.
  • Make frequent backups.
  • Collect logs on a separate and secure system.
  • Ask others to review your plans and work.
  • Use encryption.

9
The Bastion Host
  • The critical strongpoint in the networks
    security.
  • Are hardened.
  • Are audited regularly.
  • May use modified software.
  • The software in use will be trustedhence should
    be designed, tested, and configured for safe
    operation.
  • Be prepared for their being compromised.

10
The Perimeter Network
  • A DMZ (demilitarized zone)
  • A firewall system, serving as a single point of
    entry.
  • An untrusted network on the outskirts of the
    private trusted network.
  • Serves as an intermediate stage between the
    internet and the internal network.
  • Multiple compartments.
  • Default-deny access.

11
What is the Problem with this Network?
internet
firewall
http only
odbc only
Web Server
DBMS Server
firewall
internal network
12
Perimeter Components
  • Routers (provide access control)
  • Firewall gateways
  • Application-level gateways (layer 7)
  • Packet filters (layer 4)
  • Bastion hosts
  • email servers
  • www servers
  • ftp servers
  • victim machines (or sacrificial goats)
  • etc.
  • Switches and hubs

13
Rules of Thumb
  • Default-deny
  • Defense in depth
  • Keep it simple
  • Take a phased approach
  • Plan, plan, plan

14
Hardening a Bastion Host
  • Enforce least privilegeapplications and users
    should run with only the privilege level needed
    to run correctly
  • Separate portsone or a few fixed TCP/IP ports
    per application. Block the rest.
  • Use cryptography
  • Dont trust your applications

15
Host Design Steps
  1. Minimal OS with the latest service pack.
  2. Install only the applications you need.
  3. Reapply the service pack and add necessary
    patches
  4. Remove/disable unneeded OS components
  5. Harden the OS
  6. Restrict access to files and other objects.

16
UNIX, Windows, or MacOS X?
  • MacOS Xis BSD UNIX, and Apple takes security
    very seriously. Now considered the most secure
    commercially available solution.
  • UNIX is preferred over Windowshas better tools
    for building a bastion host and better remote
    management.
  • Windows NT/2000in some ways stronger than UNIX,
    but network security is much weakertoo many
    ports open and too many services. Much harder to
    administer if UNIX-style hardening is done. Much
    weaker security if not. YMMV.

17
Windows NT Rules
  • NetBIOSavoid. TCP/IP only. Do not connect to the
    public network until fully hardened.
  • Never, ever, install MS Office or development
    tools. Remove all unnecessary applications,
    network services, and system processes.
  • No LINUX dual boot. Use CYGWIN instead.
  • US version of Windows (updated most quickly)
  • NTFS
  • Standalone member server. No domains. No user
    accounts.

18
Secure Remote Administration of Windows Servers
  • Symantec pcAnywhere
  • Windows 2000 Terminal Services with IPSec. Use
    File Copy utility from the Server Resource Kit.
  • Open Source
  • SSH
  • Cygwin (UNIX emulation)
  • TCP Wrappers
  • VNC

19
Backup Policy
  • Think about
  • Who does backups?
  • How often are backups taken?
  • Local or network?
  • Where are the media stored?
  • Who may restore data to the system?
  • How often are the backups tested?

20
Remember Bruce Schneiers Three Rules of Security
  • Schneier Risk Demystification Numbers do matter
    and are not that hard to understand.
  • Schneier Secrecy Demystification Secrecy is
    anathema to security
  • Its brittle
  • It conceals abuse
  • It prevents sensible trade-offs
  • Schneier Agenda Demystification Know the agendas
    of the people involved in a security decision.
    That will usually predict their decisions.

21
Conclusions
  • You can secure e-commerce, but
  • Plan carefully
  • Define your policies
  • Provide physical security
  • Implement access control
  • Firewalls
  • And manage it carefully

22
After All That, You Still Want to Be Certified
  • SSCP
  • One year of experience in at least one area
  • Three-hour exam in seven areas
  • Agree to the code of ethics
  • Continuing education
  • CISSP
  • Three to four years of experience
  • Six-hour exam in ten areas
  • Agree to the code of ethics
  • Background approval
  • Continuing education

23
SSCP Knowledge Areas
  • Access Controls
  • Administration
  • Audit and Monitoring
  • Risk, Response and Recovery
  • Cryptography
  • Data Communications
  • Malicious Code/Malware

24
CISSP Knowledge Areas
  • Access Control Systems Methodology
  • Applications Systems Development
  • Business Continuity Planning
  • Cryptography
  • Law, Investigation Ethics
  • Operations Security
  • Physical Security
  • Security Architecture Models
  • Security Management Practices
  • Telecommunications, Network Internet Security
Write a Comment
User Comments (0)
About PowerShow.com