The web security problem consists of three major parts:
Securing the web server and the data that is on it. You need to be sure that the server can continue its operation, the information on the server is not modified without authorization, and the information is only distributed to those individuals to whom you want it to be distributed.
Securing information that travels between the web server and the user. You would like to assure that information the user supplies to the web server (usernames, passwords, financial information, etc.) cannot be read, modified, or destroyed by others. Many network technologies are especially susceptible to eavesdropping, because information is broadcast to every computer that is on the local area network.
Securing the user’s own computer. You would like to have a way of assuring users that information, data, or programs downloaded to their systems will not cause damage—otherwise, they will be reluctant to use the service. You would also like to have a way of assuring that information downloaded is controlled thereafter, in accordance with the user’s license agreement and/or copyright.
Along with all of these considerations, we may also have other requirements. For instance, in some cases, we have the challenges of:
Verifying the identity of the user to the server
Verifying the identity of the server to the user
Ensuring that messages get passed between client and server in a timely fashion, reliably, and without replay
Logging and auditing information about the transaction for purposes of billing, conflict resolution, “nonrepudiation,” and investigation of misuse
Balancing the load among multiple servers
To properly address these concerns requires the interaction of several of our three main components, along with the underlying network and OS fabric.
Securing the web server is a two-part proposition. First, the computer itself must be secured using traditional computer security techniques. These techniques assure that authorized users of the system have the capabilities to do their own work and only those capabilities. Thus, we may want to authorize anonymous users to read the contents of our main web page, but we do not want them to have the ability to shut down the computer or alter the system accounting files. These traditional techniques also assure that people on the Internet who are not authorized users of the system cannot break into it and gain control. Chapter 13, presents an overview of several generic techniques; the references in Appendix E, contain many more.
Server security is complicated when a computer is used both as a traditional time-sharing computer and as a web server. This is because the web server can be used to exploit bugs in the host security, and failings in host security can be used to probe for problems with the web server. For example, a poorly written CGI script may make it possible to change a web server’s configuration file, which can then be modified so that the web server runs with excess privileges. By using a host security flaw, an attacker could then create a privileged CGI script that would lead to granting the attacker full access to the entire computer system. Thus, one of the best strategies for improving a web server’s security is to minimize the number of services provided by the host on which the web server is running. If you need to provide both a mail server and a web server, your best bet is to put them on different computers.
Another good strategy for securing the information on the web server is to restrict access to the web server. The server should be located in a secure facility, so that unauthorized people do not have physical access to the equipment. You should limit the number of users who have the ability to log into the computer. The server should be used only for your single application: otherwise, people who have access to the server might obtain access to your information. And you should make sure that people who access the server for administrative purposes do so using secure means such as Kerberized Telnet, SecureID, S/Key, or ssh.
There are many ways to protect information from eavesdropping as it travels through a network:
Physically secure the network, so that eavesdropping is impossible.
Hide the information that you wish to secure within information that appears innocuous.
Encrypt the information so that it cannot be decoded by any party who is not in possession of the proper key.
Of these techniques, encryption is the only one that is practical. Physically securing the Internet is impossible. Information hiding only works if the people you are hiding it from do not know how it is hidden.
One of Netscape Communication’s early innovations was its Secure Socket Layer (SSL), a system for automatically encrypting information as it is sent over the Internet and decrypting it before it is used.
SSL is an important part of web security, but it is only one component. Ironically, even though SSL was originally developed to allow the transmission of information such as credit card numbers over the Internet, new protocols may allow those kinds of financially oriented transmissions to be conducted more simply and more securely. Meanwhile, technologies such as digital certificates are eliminating the need to use SSL’s cryptographic channel for sending usernames and passwords. The real promise of SSL, then, may be for providing secure administrative access to web servers and for allowing businesses to transmit proprietary information over public networks.
Current implementations of SSL in the U.S. provide two levels of security: export-grade and domestic. These two levels are a direct result of U.S. government restrictions on the export of cryptographic technology. Export-grade security protects data against casual eavesdropping, but cannot resist a determined attack. For instance, a relative novice with a single Pentium computer can forcibly decrypt an export-grade SSL message in less than one year using a brute force search (trying every possible encryption key). Domestic-grade security is much stronger: for practical purposes, messages encrypted with SSL’s typical domestic-grade encryption should resist brute force attempts at decryption for at least 10 years, and should possibly be secure for 30 years or longer. Unfortunately, most versions of Netscape Navigator in circulation provide only for export-grade security, not domestic.
Another risk to information in transit is a denial-of-service attack resulting from a disruption in the network. A denial of service can result from a physical event, such as a fiber cut, or a logical event, such as a bug in the Internet routing tables. Or it can result from a sustained attack against your servers from attackers on the Internet: the attacker might try bombarding your web server with thousands of requests every second, preventing legitimate requests from getting through.
Today there is no practical way to defend against denial-of-service attacks (described further in Chapter 3), although redundancy and backup systems can help to minimize their impact. Ultimately, it will take effective use of the legal system to pursue and prosecute attackers to make these attacks less frequent.
Security flaws in web browsers have been front-page news. Magazines print horror stories of people who downloaded computer viruses and other rogue programs from the Internet. As a result of these accounts in the media, users are increasingly cautious of the Web.
Caution should increase in coming years as web-based computers are increasingly used for financial transactions. Attacks are already starting to appear. As this book went to press, the Chaos Computer Club demonstrated an ActiveX component written in Visual Basic that could initiate electronic funds transfers using Quicken. In another story, a U.S. court served a restraining order against a web site that gave users access to “free” pornography, provided that the user download and run a special “viewer.” Unknown to the user, the viewer program disconnected the user’s computer from the user’s local Internet service provider and placed a long-distance phone call to Eastern Europe. It is not difficult to imagine a computer virus that remains dormant until a user types in the password to unlock an electronic wallet, then silently copies the user’s credit card numbers and payment information over the Internet to an undisclosed location.
Web developers also wish to be protected from users. Companies putting pay-per-view information on a web site would like to prevent users from downloading this information and sharing it with others who have not paid for the service. Many web sites that provide information freely to the public would prefer that users pick up the data directly, so that the sites can track downloads, gain additional information about their readers, and possibly charge their advertisers more money.
It is impossible to impose technical solutions that limit the spread of information once it has been provided to the user. If the data is viewed on the user’s screen, that information can simply be copied off the screen and either printed or saved in a file. Although a number of “copy protection” systems for web data have been proposed (and marketed), they can all be subverted. About the best method available for some forms of binary data is " digital watermarking.” This involves making very small, hidden alterations to the data to store a form of identification of the material. The alterations can’t be noticed by the user, and are done in a special fashion to defeat attempts to remove them. Images, sound files, and other watermarked data can be examined with programs that find and display the identifying information, showing the true owner and possibly the name of the person for whom the copy was first produced.
 Therefore, someone with access to a typical university computing lab or commercial workstation workgroup can break a key in as little as a matter of hours. A modest investment in hardware and software beyond that further reduces the time to less than a few hundred seconds.
 Although 128-bit symmetric encryption key used in an SSL transaction is likely to be uncrackable for thousands of years, advances in factoring and computer speed will make the 1024-bit public key used to encrypt the 128-bit key vulnerable over time.