book

Web Security and Commerce

by Simson Garfinkel, Gene Spafford

June 1997

Intermediate to advanced

506 pages

14h 29m

English

O'Reilly Media, Inc.

Read now

Unlock full access

Web Security & Commerce
Preface
The Web: Promises and Threats
About This Book
Chapter-by-ChapterWhat You Should KnowWeb Software Covered by This BookWhy Another Book on Computer Security?
Conventions Used in This Book
Comments and Questions
Acknowledgments
I. Introduction
1. The Web Security Landscape
Web Security in a NutshellWhy Worry about Web Security?TerminologyWhat’s a “Secure Web Server” Anyway?
The Web Security Problem
Securing the Web ServerSecuring Information in TransitSecuring the User’s Computer
Credit Cards, Encryption, and the Web
A Typical TransactionNew Lessons from the Credit Card Example

Firewalls: Part of the Solution
Locating Your Web Server with Respect to Your Firewall
Risk Management
II. User Safety
2. The Buggy Browser: Evolution of Risk
Browser HistoryThe Return of Block Mode<blink>AnimationHelper ApplicationsProgrammability
Data-Driven Attacks
Social EngineeringBug ExploitationsWeb-Based Programming Languages
Implementation Flaws: A Litany of Bugs
3. Java and JavaScript
JavaJava the LanguageJava SafetyJava SecuritySafety is not securitySandboxSecurityManager classClass LoaderBytecode VerifierJava Security PolicySetting Java policy from Netscape Navigator 2.3Setting Java policy from Internet Explorer 3.0Setting Java policy from Netscape Navigator 4.0Setting Java policy from Internet Explorer 4.0Java Security ProblemsJava implementation errorsJava design flawsThe Java DNS policy disputeJava Security Future
JavaScript
JavaScript SecurityJavaScript and Resource ManagementJavaScript and Privacy
Denial-of-Service Attacks
Do Denial-of-Service Attacks Matter?Kinds of Denial-of-Service AttacksCPU and stack attacksCan’t break a running scriptSwap space attacksWindow system attacksCan Denial-of-Service Attacks Be Stopped?
JavaScript-Enabled Spoofing Attacks
Spoofing Username/Password Pop-Ups with JavaSpoofing Browser Status with JavaScriptMirror Worlds
Conclusion
4. Downloading Machine Code with ActiveX and Plug-Ins
When Good Browsers Go BadCard SharkThe Sexy Girls Pornography Viewer
Netscape Plug-Ins
Getting the Plug-InEvaluating Plug-In SecurityWhen Security Fails: Macromedia ShockwaveTactical Plug-In Attacks
ActiveX and Authenticode
Kinds of ActiveX ControlsThe <OBJECT> TagAuthenticodeInternet Exploder
The Risks of Downloaded Code
Programs That Can Spend Your MoneyTelephone billing recordsElectronic funds transfersPrograms That Violate Privacy and Steal Confidential InformationA wealth of private data
Is Authenticode a Solution?
Signed Code is Not Safe CodeSigned Code Can Be HijackedReconstructing After an AttackRecovering from an Attack
Improving the Security of Downloaded Code
Trusted VendorsSeparate Execution Contexts
5. Privacy
Log FilesThe Refer LinkLooking at the Logs
Cookies
Anatomy of a CookieCookies for TrackingDisabling CookiesCookies That Protect Privacy
Personally Identifiable Information
Anonymizers
Unanticipated Disclosure
Violating Trade SecretsRevealing Disparaging Remarks
III. Digital Certificates
6. Digital Identification Techniques
IdentificationThe Need for Identification TodayCredentials-Based Identification SystemsForgery-proof IDsUsing a document-based ID systemComputerized Identification TechniquesPassword-based systems: something that you knowPhysical tokens: something that you haveBiometrics: something that you areLocation: someplace where you areUsing Digital Signatures for IdentificationPhysical devices for digital signaturesVeritas: digital signatures for physical credentials
Public Key Infrastructure
Certification AuthoritiesRevocationCertification practices statement (CPS)The X.509 v3 Certificate
Problems Building a Public Key Infrastructure
Private Keys Are Not PeopleDistinguished Names Are Not PeopleThere Are Too Many Robert SmithsToday’s Digital Certificates Don’t Tell EnoughX.509 v3 Does Not Allow Selective DisclosureDigital Certificates Allow For Easy Data AggregationHow Many CAs Does Society Need?How Do You Loan a Key?Are There Better Suited Alternatives to Public Key Digital Signatures?Why Do These Questions Matter?
Ten Policy Questions
Is legislation necessary at all?Where should PKI legislation occur?Is licensing of certification authorities the right approach?Should legislation endorse public key cryptography, or be “technology neutral”?Should legislation endorse the X.509 paradigm?How should liability and risk be allocated in a PKI?What mechanisms should be used to allocate risk?Should digitally signed documents be considered “writings” for all legal purposes?How much evidentiary weight should a digitally signed document carry?Should governments act as CAs?
7. Certification Authorities and Server Certificates
Certificates TodayDifferent Kinds of Certificates
Certification Authority Certificates
Bootstrapping the PKI
Server Certificates
The SSL Certificate FormatObtaining a Certificate for Your ServerCertificate renewalViewing a Site’s CertificateWhen Things Go WrongNot yet valid and expired certificatesWrong server addressNetscape Navigator 3.0’s New Certificate WizardAdding a New Site Certificate with Internet Explorer
Conclusion
8. Client-Side Digital Certificates
Client CertificatesSupport for Client-Side Digital Certificates
A Tour of the VeriSign Digital ID Center
Generating a VeriSign Digital IDInstalling Your Digital CertificateBehind the ScenesBehind the scenes with Netscape NavigatorBehind the scenes with Internet ExplorerFinding a Digital IDRevoking a Digital IDVeriSign’s Class System
9. Code Signing and Microsoft’s Authenticode
Why Code Signing?Code Signing in TheoryCode Signing TodayCode Signing and U.S. Export Controls
Microsoft’s Authenticode Technology
The “Pledge”Publishing with AuthenticodeSigning a programThe Code Signing WizardVerifying Authenticode SignaturesSupport for Authenticode in Internet ExplorerControlling Authenticode in Internet Explorer
Obtaining a Software Publisher’s Certificate
Other Code Signing Methods
IV. Cryptography
10. Cryptography Basics
Understanding CryptographyRoots of CryptographyTerminologyA Cryptographic ExampleIs Cryptography a Military or Civilian Technology?Cryptographic Algorithms and Functions
Symmetric Key Algorithms
Cryptographic StrengthAttacks on Symmetric Encryption AlgorithmsKey search (brute force) attacksCryptanalysisSystems-based attacks
Public Key Algorithms
Attacks on Public Key AlgorithmsFactoring attacksAlgorithmic attacksKnown versus published methods
Message Digest Functions
Message Digest Algorithms at WorkUses of Message Digest FunctionsAttacks on Message Digest Functions
Public Key Infrastructure
11. Cryptography and the Web
Cryptography and Web SecurityWhat Cryptography Can’t Do
Today’s Working Encryption Systems
PGPS/MIMESSLPCTS-HTTPSETCyberCashDNSSECIPsec and IPv6KerberosSSH
U.S. Restrictions on Cryptography
Cryptography and the U.S. Patent SystemThe public key patentsHistory of the public key patentsThe public key patents todayPublic key patents overseasCryptography and the U.S. Trade Secret LawTrade secrets under U.S. LawRC2, RC4, and trade secret lawCryptography and U.S. Export Control Law
Foreign Restrictions on Cryptography
12. Understanding SSL and TLS
What Is SSL?SSL VersionsFeaturesDigital CertificatesU.S. ExportabilitySSL ImplementationsSSL NetscapeSSLRefSSLeaySSL JavaPerformance
TLS Standards Activities
SSL: The User’s Point of View
Browser PreferencesNavigator preferencesInternet Explorer preferencesBrowser Alerts and Indicators
V. Web Server Security
13. Host and Site Security
Historically Unsecure Hosts
Current Major Host Security Problems
PoliciesPassword SniffingProtection against sniffingUse a token-based authentication system.Use a non-reusable password system.Use a system that relies on encryption.Security ToolsSnapshot toolsChange-detecting toolsNetwork scanning programsIntrusion detection programsFaults, Bugs, and Programming ErrorsInitial purchaseBugs and flawsLoggingBackups
Minimizing Risk by Minimizing Services
Secure Content Updating
Back-End Databases
Physical Security
14. Controlling Access to Your Web Server
Access Control StrategiesHidden URLsHost-Based RestrictionsFirewallsIdentity-Based Access Controls
Implementing Access Controls with <Limit> Blocks
Commands Before the <Limit>. . . </Limit> DirectiveCommands Within the <Limit>. . . </Limit> Block<Limit> ExamplesManually Setting Up Web Users and Passwords
A Simple User Management System
The newuser Script
15. Secure CGI/API Programming
The Danger of ExtensibilityPrograms That Should Not Be CGIsCGIs with Unintended Side EffectsThe problem with the scriptFixing the problem
Rules To Code By
Specific Rules for Specific Programming Languages
Rules for PerlRules for CRules for the UNIX Shell
Tips on Writing CGI Scripts That Run with Additional Privileges
Conclusion
VI. Commerce and Society
16. Digital Payments
Charga-Plates, Diners Club, and Credit CardsA Very Short History of CreditPayment Cards in the United StatesThe Interbank Payment Card TransactionThe charge card check digit algorithmThe charge slipCharge card feesRefunds and Charge-BacksUsing Credit Cards on the Internet
Internet-Based Payment Systems
DigiCashEnrollmentPurchasingSecurity and privacyVirtual PINEnrollmentPurchasingSecurity and privacyCyberCash/CyberCoinEnrollmentPurchasingSecurity and privacySETTwo channels: one for the merchant, one for the bankSmart CardsMondex
How to Evaluate a Credit Card Payment System
17. Blocking Software and Censorship Technology
Blocking SoftwareProblems with Blocking Software
PICS
What Is PICS?PICS ApplicationsPICS and CensorshipAccess controls become tools for censorshipCensoring the network
RSACi
18. Legal Issues: Civil
Intellectual PropertyCopyright LawCopyright infringementSoftware piracy and the SPAWarezPatent LawCryptography and the U.S. Patent SystemTrademark LawObtaining a trademarkTrademark violationsTrademarks and domain names
Torts
Libel and DefamationLiability for DamageIncorporation
19. Legal Issues: Criminal
Your Legal Options After a Break-InFiling a Criminal ComplaintLocal jurisdictionFederal jurisdictionFederal Computer Crime LawsHazards of Criminal Prosecution
Criminal Hazards That May Await You
If You or One of Your Employees Is a Target of an Investigation . . .The Responsibility To Report Crime
Criminal Subject Matter
Access Devices and Copyrighted SoftwarePornography, Indecency, and ObscenityCryptographic Programs and Export Controls
Play it Safe . . .
Laws and Activism
VII. Appendixes
A. Lessons from Vineyard.NET
Planning and PreparationLesson: Whenever you are pulling wires, pull more than you need.Lesson: Pull all your wires in a star configuration, from a central point out to each room, rather than daisy-chained from room to room. Wire both your computers and your telephone networks as stars. It makes it much easier to expand or rewire in the future.Lesson: Use centrally located punch-down blocks or 10Base-T wiring blocks for both your computer networks and your telephone networks.Lesson: Don’t go overboard.Lesson: Plan your computer room carefully: you will have to live with its location for a long time.
IP Connectivity
Lesson: Set milestones and stick to them.Lesson: Get your facilities in order.
Commercial Start-Up
Working with the Phone CompanyLesson: Design your systems so that they will fail gracefully.Lesson: Know your phone company. Know its terminology, the right contact people, the phone numbers for internal organizations, and everything else you can find out.Incorporating Vineyard.NETInitial ExpansionLesson: Build sensible business partnerships.Accounting SoftwareLesson: Use your web server for as much as you can.Lesson: Have programs be table-driven as often as possible.Lesson: Tailor your products for your customers.Lesson: Build systems that are extensible, and always practice good software engineering.Lesson: Automate everything you possibly can.Publicity and PrivacyLesson: Always be friendly to the press.Lesson: Never give out your home phone number (and please don’t give out mine!).Lesson: It is very difficult to change a phone number. So pick your company’s phone number early and use it consistently.
Ongoing Operations
Security ConcernsLesson: Don’t run programs with a history of security problems (e.g., sendmail).Lesson: Make frequent backups.Lesson: Limit logins to your servers.Lesson: Beware of TCP/IP spoofing.Lesson: Defeat packet sniffing.Lesson: Restrict logins.Lesson: Tighten up your system beyond manufacturer recommendations.Lesson: Eschew free software.Phone Configuration and Billing ProblemsCredit Cards and ACHLesson: If you have the time to write it, custom software always works better than what you can get off the shelf.Lesson: Live credit card numbers are dangerous.Lesson: Encrypt sensitive information and be careful with your decryption keys.Lesson: Log everything, and have lots of reports.Lesson: Explore a variety of payment systems.Lesson: Make it easy for your customers to save you money.Monitoring SoftwareLesson: Monitor your system.
Conclusion
B. Creating and Installing WebServer Certificates
Downloading and Installing Your Web Server
Apache-SSL
Obtaining Apache-SSLInstalling Apache-SSLInstalling Your VeriSign CertificateServer Key: To Encrypt or Not To Encrypt?Starting, Reloading, and Stopping Apache-SSL
C. The SSL 3.0 Protocol
History
SSL 3.0 Record Layer
SSL 3.0 Protocols
Alert ProtocolChangeCipherSpec ProtocolHandshake Protocol
SSL 3.0 Handshake
Sequence of Events1. ClientHello2. ServerHello3. Server Certificate4. Server Key Exchange5. Certificate Request6. Client Sends Certificate7. ClientKeyExchange8. CertificateVerify9. ChangeCipherSpec10. FinishedApplication Data
SSLeay
SSLeay ExamplesSSLeay ClientSSLeay ServerSSLeay CARunning the serverRunning the clientSSLeay ca.conf file
D. The PICS Specification
Rating Services
PICS Labels
Labeled DocumentsRequesting PICS Labels by HTTPRequesting a Label From a Rating Service
E. References
Electronic ReferencesMailing ListsAcademic-FirewallsBest of securityBugtraqCERT-advisoryCIAC-notesComputer underground digestFirewallsFWALL-userNT-securityRISKSWWW-securityUsenet GroupsWWW PagesApplied CryptographyApache change-passwordCIACCOASTDigiCrimeFIRSTNIHPrinceton SIPRSA Data SecuritySSLeay and SSLapps FAQTelstraWWW securitySoftware ResourcesCERN HTTP daemonchrootuidCOPS (Computer Oracle and Password System)ISS (Internet Security Scanner)KerberosportmapSATANSSHSOCKSStelSwatchtcpwrapperTigerTIS Internet Firewall ToolkittrimlogTripwireUDP Packet Relayerwuarchive ftpd
Paper References
Computer Crime and LawComputer-Related RisksComputer Viruses and Programmed ThreatsCryptographyGeneral Computer SecurityNetwork Technology and SecuritySecurity Products and Services InformationProgramming and System AdministrationMiscellaneous References
Index
Colophon

Content preview from Web Security and Commerce

Improving the Security of Downloaded Code

Although this chapter tells many scary stories, there are real protections that both users and developers can employ in order to protect against the dangers of downloaded code.

Trusted Vendors

One way to improve the security of downloaded code is to rely only on code from vendors with a good reputation who follow high standards in writing their programs.^[30]

If you choose to trust the code of these vendors, you also need to make sure that the programs you download are actually the programs these companies have created—and not booby-trapped copies. This is, in fact, exactly the rationale behind Microsoft’s Authenticode system.

Separate Execution Contexts

Another way to run downloaded code safely is to minimize the privileges available to the execution context in which the downloaded code runs. This is precisely the idea behind the Java “sandbox.” Unfortunately, implementing separate execution contexts for executable machine code requires modifications to both the browser and the operating system.

ActiveX controls currently run in the same execution context as the user’s web browser. With Windows 95, this means that the control has full access to the system. But on operating systems like Windows NT, it is possible that a control could be executed within a more restricted context with added security.

To realize added security, it would be necessary for the control to be run in a separate thread that lacked the ability to modify any portion of ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

What Successful Brick-and-Mortar Retailers Get Right

Publisher Resources

ISBN: 1565922697Catalog Page Errata

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design