Professional Documents
Culture Documents
23559568 אבטחת מידע
23559568 אבטחת מידע
2000
www.mh2000.co.il :
2000
www.mh2000.co.il
.1
: , ,
" Java " :10 ,
, , ,
, ) , ,(
VPN (Virtual Private Networking) :
: ) ,(hosts , ,
) ,(routers ).(switches
2000 www.mh2000.co.il
.
.
: , ,,
.
?
#
:
# #
?
?
,,
' )(?
#
?
2000
www.mh2000.co.il
# #
:
#
, %
# ) #//
(.
# :
:
,
: ,FireWall
:
: ,
2000 www.mh2000.co.il
2000
random-message
{random-message}bobs-priva
te-key
Digital signature
Unless you know exactly what you are encrypting, it is
never a good idea to encrypt something with your private
key and then send it to somebody else.
This is because the encrypted value can be used against you
(remember, only you could have done the encryption
because only you have the private key).
So, instead of encrypting the original message sent by
Alice, Bob constructs a message digest and encrypts that.
A message digest is derived from the random message in a
way that has the following useful properties:
The digest is difficult to reverse. Someone trying to
impersonate Bob couldn't get the original message back
from the digest.
An impersonator would have a hard time finding a
different message that computed to the same digest value.
By using a digest, Bob can protect himself:
He computes the digest of the random message sent by
Alice and then encrypts the result.
He sends the encrypted digest back to Alice.
Alice can compute the same digest and authenticate Bob
by decrypting Bob's message and comparing values.
The technique just described is known as a digital
signature.
In the revised authentication protocol some (or all) of the
data is originated by Bob:
A->B
2000
www.mh2000.co.il 2000
10
Certificate
How does Bob hand out his public key in a trustworthy
way?
Say the authentication protocol looks like this:
A->B
B->A
A->B
B->A
hello
Hi, I'm Bob,
bobs-public-key
prove it
Alice, This Is bob
{ digest[Alice, This
Is Bob] }
bobs-private-key
2000
11
hello
Hi, I'm Bob,
bobs-certificate
prove it
Alice, This Is bob
{ digest[Alice, This
Is Bob] }
bobs-private-key
hello
Hi, I'm Bob,
www.mh2000.co.il 2000
12
A->M
M->A
bobs-certificate
prove it
????
www.mh2000.co.il
2000
13
Exchanging A Secret
Once Alice has authenticated Bob, she can do another thing
- she can send Bob a message that only Bob can decode:
A->B
{secret}bobs-public
-key
www.mh2000.co.il 2000
14
hello
Hi, I'm Bob,
bobs-certificate
prove it
Alice, This Is bob
{ digest[Alice, This
Is Bob] }
bobs-private-key
ok bob, here is a
secret {secret}
bobs-public-key
{some
message}secret-key
www.mh2000.co.il
2000
15
hello
hello
B->M
M->A
A->M
M->B
B->M
M->A
A->M
M->B
B->M
M->A
prove it
prove it
Alice, This Is bob
{ digest[Alice, This
Is Bob] }
bobs-private-key
Alice, This Is bob
{ digest[Alice, This
Is Bob] }
bobs-private-key
ok bob, here is a
secret {secret}
bobs-public-key
ok bob, here is a
secret {secret}
bobs-public-key
{some
message}secret-key
Garble[ {some
message}secret-key ]
16
this point Alice trusts Bob, so she may believe the garbled
message and try to act on it.
Note that M doesn't know the secret - all he can do is
damage the data encrypted with the secret key. Depending
on the protocol, M may not produce a valid message. Then
again, he may get lucky.
To prevent this kind of damage, Alice and Bob can
introduce a message authentication code (MAC) into their
protocol.
A MAC is a piece of data that is computed by using a
secret and some transmitted data.
The digest algorithm described above has just the right
properties for building a MAC function that can defend
against M:
MAC := Digest[ some
message, secret ]
2000
17
hello
Hi, I'm Bob,
bobs-certificate
prove it
Alice, This Is bob
{ digest[Alice, This
Is Bob] }
bobs-private-key
ok bob, here is a
secret {secret}
bobs-public-key
{some
message,MAC}secret-key
The "Parrot"
Another technique M can use is the "Parrot":
If M is recording conversations, he may not understand
them but he can replay them.
M can do some really nasty things sitting between Alice
and Bob.
The solution is to introduce random elements from both
sides of the conversation.
www.mh2000.co.il 2000
18
www.mh2000.co.il
2000
19
www.mh2000.co.il 2000
20
2000
21
User-Maintained directories
Allowing any user on the host system to add documents to
your web site is a wonderfully democratic system.
However, you do have to trust your users not to open up
security holes. This can include:
publishing files that contain sensitive system information,
creating CGI scripts, server side includes, or symbolic
links that open up security holes.
Unless you really need this feature, it's best to turn it off.
When a user needs to create a home page, it's probably best
to give him his own piece of the document root to work in,
and to make sure that he understands what he's doing.
Whether home pages are located in user's home directories
or in a piece of the document root, it's best to disallow
server-side includes and CGI scripts in this area.
www.mh2000.co.il 2000
22
www.mh2000.co.il
2000
23
www.mh2000.co.il 2000
24
2000
25
www.mh2000.co.il 2000
26
www.mh2000.co.il
2000
27
FireWalls
4. FireWalls
A firewall puts up a barrier that controls the flow of
traffic between networks.
The safest firewall would block all traffic, but that defeats
the purpose of making the connection, so you need to
strictly control selected traffic in a secure way.
The highest level of protection today is provided by
application-level proxy servers.
www.mh2000.co.il 2000
28
proxy server
A proxy server (a.k.a application gateway) is an
application that mediates traffic between a protected
network and the Internet.
Proxy services run at the application level of the network
protocol stack for each different type of service (FTP,
HTTP, etc.):
2000
29
FireWalls
Classifying Firewalls
Any device that controls network traffic for security
reasons can be called a firewall, and in fact the term
"firewall" is used in a generic way.
Three major types of firewalls that use different strategies
for protecting network resources:
The most basic firewall devices are built on routers
and work in the lower layers of the network protocol
stack. They provide packet filtering and are often
called screening routers:
www.mh2000.co.il 2000
30
www.mh2000.co.il
2000
31
FireWalls
www.mh2000.co.il 2000
32
2000
33
FireWalls
34
www.mh2000.co.il
2000
35
FireWalls
www.mh2000.co.il 2000
36
FireWall Example
Our ISP has assigned us the addresses:
201.123.102.32 for our gateway's external interface
201.123.102.33 for our external mail server.
Organizational policy says:
Allow all outgoing TCP connections
Allow incoming SMTP (port 25) and DNS (port 53) to
external mail server
Block all other traffic
FireWall server commands :
deny ALL
forward tcp ALL to 201.123.102.33 25
forward tcp ALL to 201.123.102.33 53
forward udp ALL to 201.123.102.33 53
www.mh2000.co.il
2000
37
FireWalls
Firewall Policies
If an intruder can find a hole in firewall, then the firewall
has failed. There are no in-between states.
Must implement a firewall policy.
The most basic firewall policy is as follows:
Block all traffic, then allow specific services on a
case-by-case basis.
This policy is restrictive but secure.
Security policies must be outlined in advance so
administrators and users know what type of activities are
allowed on the network.
Policy statement should address internal and external
access, remote user access, virus protection and
avoidance, encryption requirements, program usage, and a
number of other considerations, as outlined here:
Network traffic to and from outside networks such as
the Internet must pass through the firewall. The traffic
must be filtered to allow only authorized packets to
pass.
Never use a firewall for general-purpose file storage
or to run programs, except for those required by the
firewall.
Do not allow any passwords or internal addresses to
cross the firewall.
If you need to provide services to the public, put them
on the outside of the firewall and implement internal
settings that protect the server from attacks that would
deny service.
www.mh2000.co.il 2000
38
www.mh2000.co.il
2000
39
E-Commerce
5. E-Commerce
eCommerce is the use of internetworked computers to
create and transform business relationships.
Applications provide business solutions that improve the
quality of goods and services, increase the speed of
service delivery, and reduce the cost of business
operations.
It's a new methodology of doing business in three focal
areas:
Business-to-business
Business-to-consumer
Intra-business
Mostly associated with buying and selling information,
products, and services via the Internet
Also used to transfer and share information within
organizations
through
intranets
to
improve
decision-making and eliminate duplication of effort.
www.mh2000.co.il 2000
40
www.mh2000.co.il
2000
41
E-Commerce
www.mh2000.co.il 2000
42
www.mh2000.co.il
2000
43
E-Commerce
E-Commerce resources
CommerceNet
(www.commercenet.com)
is
a
not-for-profit market and business development
organization, whose mission is to support electronic
commerce.
The
Israeli
E-Commerce
(http://ecomm.netvision.net.il)
http://www.ecommerce.gov/:
US
e-commerce policies and resources
Forum
government
CNET's Builder.com
CyberAtlas
eMarketer
ComputerWorld's
Electronic
(www.computerworld.com/stats)
Commerce
Stats
www.mh2000.co.il 2000
44
2000
45
E-Commerce
46
www.mh2000.co.il
2000
47
E-Commerce
E-Commerce Solutions
3 E-Commerce Solutions:
Buy a ready-made solution. Examples:
Intershop 3.0 (http://www.intershop.com/products):
48
www.mh2000.co.il
2000
49
E-Commerce
Exercise
Build an internet store at yahoo:
go to store.yahoo.com
following the instructions, build your on store in the
internet (it's only a 10-day free test)
choose virtual products for selling
try building order forms
when finished, see your page at :
store.yahoo.com/<store-name>
Answer the following questions:
How secure is your store from unauthorized clients or
hackers?
How secure is your information when hosted at
yahoo?
(refer to the "Privacy Policy" at Yahoo site)
www.mh2000.co.il 2000
50
2000
www.mh2000.co.il
51
www.mh2000.co.il 2000
52
www.mh2000.co.il
2000
53
Improved Caching
HTTP/1.1 allows developers to decide which parts of a
page a proxy server should cache.
Can control items caching with the Vary: Accept
header. for example, 3 clients ask for a page from
server through a proxy:
GET /page
Accept: image/gif
Client 1
GET /page
Accept: image/gif
/page
Vary: Accept
Content-Type: image/gif
/page
Content-Type: image/gif
GET /page
Accept: image/gif
Client 2
/page
Content-Type: image/gif
GET /page
Accept: image / jpeg
Client 3
/page
Content-Type: image / jpeg
Proxy
Server
GET /page
Accept: image / jpeg
/page
Vary: Accept
Content-Type: image / jpeg
54
server again.
In the example above, the proxy has two versions of /page
cached - one of type image/gif, and one of type
image/jpeg. It serves the correct one according to the
Accept: header sent by the client.
www.mh2000.co.il
2000
55
Cookies
A cookie is a small piece of information that the server
sends to the browser - along with an HTML page.
When a cookie arrives, the browser generally saves this
information to your hard drive;
When returning to that site, some of the stored
information will be sent back to the Web server, along
with the new request.
Example: Shopping sites are a good example of cookies
in action:
You browse a series of Web pages for items to buy,
and when you find something you want, you "add it"
to your shopping cart by clicking a button on the page.
even though communicating through an "anonymous"
connection, the site always knows exactly what's in
your personal shopping cart.
Cookies work their magic by expanding the abilities of
HTTP. A normal HTTP response header looks something
like this:
HTTP/1.0 200 Found
Date: Wed, 30 Oct 1996 23:48:22 GMT
Server: Apache/1.3
Location: http://www.mh2000.co.il/
Content: text/html
The HTTP cookie is set by the server, mostly by
client-side script like JavaScript and VBScript. The form
of the cookies is a set of <name>=<value> pairs.
www.mh2000.co.il 2000
56
www.mh2000.co.il
2000
57
www.mh2000.co.il 2000
58
(1 HTTP # "
TELNET HTTP ,
.
/ .Telnet
( ,/ /# 80
.port
, GET HEAD #
% ,:
GET /file.html HTTP/1.0
: Windows Telnet
.echo
(2/ Cookies # / .
/ cookie % )
,(yahoo.com/ # ""
.
2000
www.mh2000.co.il
59
Computer Viruses
7. Computer Viruses
Viruses can be divided into classes according to the
following characteristics:
environment
Operating system (OS)
different algorithms of work
destructive capabilities
Not to forget: there exist also other "harmful" programs or
so called "malware", such as Trojan horses.
www.mh2000.co.il 2000
60
ENVIRONMENT
According to the ENVIRONMENT viruses can be divided
into:
file
boot
macro
network
File viruses either infect executables in various ways
(parasitic - the most common type of viruses), or create file
doubles (companion viruses), or use filesystem specific
features (link viruses).
Boot viruses either save themselves in disk boot sector, or
to the Master Boot Record, or change the pointer to an
active boot sector.
Macro viruses infect document files, electronic
spreadsheets and databases of several popular software
packages.
Network viruses use protocols and commands of computer
network or email to spread themselves.
There's is a large number of combinations - for example
file-boot viruses infecting both files and boot sectors on
disks.
Another example of the combo - network macro-virus, not
only infecting the documents which are being edited, but
also sending copies of itself by email.
www.mh2000.co.il
2000
61
Computer Viruses
Operating System
The target Operating System (namely the OS specific
objects prone to attack) is the second level of division of
viruses into classes:
Each file or network virus infects files of one particular or
several OS - DOS, Windows 3.xx, Windows95/NT, OS/2
etc.
Macro viruses infect the Word, Excel, Office97 format
files.
Boot viruses are also format oriented, each attacking one
particular format of system data in boot sectors of disks.
62
the help of the DPMI calls and to copy own code into it
(the "Ph33r" virus).
The third way is to stay resident as a VxD driver
(Windows 3.xx and Windows95) or as a Windows NT
driver.
www.mh2000.co.il
2000
63
Computer Viruses
Algorithms
Among OPERATING ALGORITHMS the following
features stand out:
TSR capability
the use of Stealth algorithms
self encryption and polymorphic capability
the use of non-standard techniques
A TSR virus while infecting a computer leaves its resident
part in RAM, which then intercepts system calls to target
objects and incorporates into them.
Resident viruses reside in memory and are active until
power down or until operating system reboot.
Nonresident viruses do not infect computer memory
and are active for an limited time only.
Some viruses leave small resident parts in RAM
which do not spread the virus. such viruses are
considered nonresident.
Macro viruses can also be considered residents, because
they reside in computer memory during all the run time of
the infected editor program.
Here the editor plays the role of operating system, and
"system reboot" means the editor program termination.
In multitasking operating systems the lifetime of a resident
DOS virus can also be limited by the moment of closing of
the infected DOS window, the activity of boot viruses in
some operating systems is limited to the moment of
installation of OS disk drivers.
www.mh2000.co.il 2000
64
2000
65
Computer Viruses
www.mh2000.co.il 2000
66
Destructive Capabilities
On their DESTRUCTIVE CAPABILITIES viruses can be
divided as follows:
harmless, that is having no effect on computing (except
for some lowering of free disk space as a result of
propagation);
not dangerous, limiting their effect to lowering of free
disk space and a few graphical, sound or other FX);
dangerous viruses, which may seriously disrupt the
computer's work;
very dangerous, the operating algorithms of which
intentionally contain routines which may lead to losing
data, data destruction, erasure of vital information in
system areas, and even according to one of the
unconfirmed computer legends inflict damage to the
moving mechanical parts by causing resonance in some
kinds of HDDs.
www.mh2000.co.il
2000
67
www.mh2000.co.il 2000
68
2000
69
www.mh2000.co.il 2000
70
www.mh2000.co.il
2000
71
72
2000
73
www.mh2000.co.il 2000
74
Applet Attacks
Packers (compressors)
Packers take Trojan executables and compress them so
they are unrecognizable to anti-virus software
Packers are programs that will do just this, effectively
rendering your anti-virus software useless at defending
against known Trojans.
Packers are compression tools that compress win32 .EXE
files, and actually change the binary signature of the
executable.
The resulting compressed executable can bypass any
static anti-virus scanning engine (because the virus
signature is compressed).
Binders
Binders are programs that allow hackers to "bind" two or
more executables together resulting in a single .EXE file.
These are useful tools as they easily allow a hacker to
insert Trojan executables into harmless .EXE animations,
e-greetings and other EXEs that are commonly passed
around as e-mail attachments.
There are several "point and click" binders available for
free download on the Web including Infector v2 (pictured
left), Exe-Maker, Exe-Joiner, Trojan Man, Elitewrap and
TOP.
www.mh2000.co.il
2000