SiteSource - building security conscious e-commerce and online e-business websites for Australian companies.

<body> <BR>At SiteSource we create e-business & e-commerce wesites for designed for the Australian environment.<BR><h1 align="center"><font face="Geneva, Arial, Helvetica, sans-serif">Developer's Guide - Security</font></h1> <p align="left"><font face="Georgia, Times New Roman, Times, serif"><a href="http://www.sitesource.com.au/"><font face="Arial Narrow, Arial Black, Arial, serif"><strong>SiteSource</strong></font></a></font></p> <p align="left"><font face="Georgia, Times New Roman, Times, serif"></font></p> <p><font face="Georgia, Times New Roman, Times, serif">Bandwidth<br> Multimedia elements automatically detect bandwidth and deliver content appropriately. It is possible to see the difference between a <a href="http://isp.sitesource.com.au/">broadband</a> delivery and dial up (pictured below).</font></p> <p><font face="Georgia, Times New Roman, Times, serif"><br> Design Trade Offs<br> File Size vs Quality<br> In some broadband clips the quality was better than that of the pictures being telecast by TV in Australia (where they are using video phones to cover the war). There was the usual compromise of quality and stream in dial up connections.</font></p> <p><font face="Georgia, Times New Roman, Times, serif">Delivery Medium<br> Obviously the surfer requires the real media plug in to view video/audio content, other than that all other content is deliverable by browser.</font></p> <p><font face="Georgia, Times New Roman, Times, serif">Project Constraints<br> This project is constrained by the sources of its information, and therefore must be focussed on TV and radio styled delivery mechanisms. (There is no other real interactivity)</font></p> <p><font face="Georgia, Times New Roman, Times, serif">End user<br> I am unable to determine if there has been end user testing, but the site as a whole is well targeted to work with its audience.</font></p> <p><font face="Georgia, Times New Roman, Times, serif"><br> Introduction<br> Originally designed for closed military use, the developers of the internet did not consider security as an issue while they were developing it. (To be able to access the system, you had already been security cleared, and the complete system was closed with no general access.) Indeed, as the system was appropriated into the general community and used by mostly educational communities – their need for security was also minimal. </font></p> <p><font face="Georgia, Times New Roman, Times, serif">The first problems with security came about as the system was opened up, and any anonymous user could access or create web sites. Where previously to gain access you were screened by the military or educational institution, now there is no clearance required. And in typical human style, this brings in the good and the bad. </font></p> <p><font face="Georgia, Times New Roman, Times, serif">There are various security risks. It depends on your relationship with the internet as to what risks you face. As a web surfer, armed with a modern browser you face different risks to those of an administrator hosting a web site or the owner of the web site.</font></p> <p><font face="Georgia, Times New Roman, Times, serif">Site Owner<br> Similar Concerns<br> Across each of the three types of internet users there are some similarities in concerns, as well as some which are specific to only one. There are a lot of similarities between what will concern a site host server and the actual site owner, so I will try not too double up too much.</font></p> <p><font face="Georgia, Times New Roman, Times, serif">Page Defacement<br> Primarily this is a major concern to the site owner. They have gone to the trouble of developing a web site, for whatever their reasons (commercial, educational/informational or personal). Defacement comes when the developed site is changed in some way, either by the alteration, removal or addition of text, graphics or multimedia elements.</font></p> <p><font face="Georgia, Times New Roman, Times, serif">The type of defacement could simply be cyber graffiti, or more deliberate attempts to pervert the messages of the site owner.</font></p> <p><font face="Georgia, Times New Roman, Times, serif">Denial of Service<br> Primarily of concern to the site owner - as it would interrupt traffic to their site, it is also of concern to the site host - as it would effect their servers. A Denial of Service attack is where there is an overwhelming number of malicious requests to access the site or site server, which causes other legitimate requests to be refused – thus causing the site to be unavailable to be accessed.</font></p> <p><font face="Georgia, Times New Roman, Times, serif">There are a variety of know ways that this type of attack can be launched. Most are focussed on weaknesses in the structure of the TCP/IP process. They all revolve around multiple traffic, hitting the site’s server and overwhelming its capacity to deal with their frequency and quantity. </font></p> <p><font face="Georgia, Times New Roman, Times, serif">Data Theft/Access<br> The owner may use the web site to present information from linked computer systems like a database, or File Transfer Protocol access to specific files like a music file. The problem is someone who is not meant to access this information may do so, or someone may change or remove the information.</font></p> <p><font face="Georgia, Times New Roman, Times, serif">To be able to do this the perpetrator would have to gain access to the site server, so this sort of attack is obviously of concern to a site host as well, as it can’t occur until the hosts server has been compromised.</font></p> <p><font face="Georgia, Times New Roman, Times, serif"><a href="http://diy.sitesource.com.au/">Site Host</a><br> Hacking<br> This involves accessing the site server, without the server owners permission to do so. Onced accessed this can lead to the perpetrator performing other attacks depending upon the level of access they have gained.</font></p> <p><font face="Georgia, Times New Roman, Times, serif">Virus Attacks<br> As information enters the site’s server, it may be designed to interact with the server in a way that the receiver had not intended. Information might enter the server from an email, file transfer or various other ways. Once inside it can then perform a function or tasks that weren’t anticipated by the receiver. This is known as a virus attack. It is also of concern to web servers as they may accept a virus onto their systems.</font></p> <p><font face="Georgia, Times New Roman, Times, serif">Once on the system a virus can do many things, depending upon its programming and the access it has gained.</font></p> <p><font face="Georgia, Times New Roman, Times, serif">CGI Scripting<br> Programs that are run on the web server may have bugs in them, or worse may have hidden malicious content. Either way they may enable external access to the server, attack the server or attack the web surfers’ platform. (See later for discussion on applets and active X.)</font></p> <p><font face="Georgia, Times New Roman, Times, serif">Operating System / Network Access<br> Holes in <a href="http://estore.sitesource.com.au/">software</a> care always a problem, the issue here is where a problem with the operating system could be exploited to allow malicious access to a site server. Alternatively network software that has not been set up correctly may also created weaknesses that could be exploited to gain access.</font></p> <p><font face="Georgia, Times New Roman, Times, serif">Web Server<br> As with the problems discussed above, a web server that has not been correctly configured correctly or has bugs in it can be a security risk. The web server itself may have holes in it that allow access to the network, aside form access to files on the web server itself.</font></p> <p><font face="Georgia, Times New Roman, Times, serif">Wireless Networks<br> Signals between elements of a wireless network are easier to intercept than those between a fixed wire. Malicious interception with mobile devices fitted with correct network adaptors is possible not only of networks, but also for site surfers using WAP or similar technologies.</font></p> <p><font face="Georgia, Times New Roman, Times, serif">Site Browser<br> Spoofing<br> This occurs where traffic to a specific site is redirected to another. It may be done in such a subtle way that the surfer may not realise that they are not actually interacting with the real site. Thus the surfer may be tricked into giving out information they wouldn’t have given had they not thought they were on a specific site. (For example credit card details.)</font></p> <p><font face="Georgia, Times New Roman, Times, serif">CGI Scripting<br> This will be discussed in detail later, but as stated above, a malicious program may act in a way other than anticipated once it has been activated by the surfer’s browser.</font></p> <p><font face="Georgia, Times New Roman, Times, serif">Intercepting TCP/IP<br> Information travelling across the network in its basic form is not secure. There are various technologies available to intercept and interpret these signals. In regards to internet technology this isn’t just the interactions the user has with a site but also their FTP’s or emails.</font></p> <p><font face="Georgia, Times New Roman, Times, serif">Multimedia Content<br> The way that some multimedia is generated and served creates risks for the site surfer. As they may deliver more than was anticipated, including malicious content.</font></p> <p><font face="Georgia, Times New Roman, Times, serif">Risk Reduction<br> Owner<br> Host Selection<br> Obviously a site owner must make a careful selection of who is to host their site. Choosing a host that prioritises security is likely to significantly reduce risk, as opposed to choosing one that doesn’t.</font></p> <p><font face="Georgia, Times New Roman, Times, serif"><a href="http://solutions.sitesource.com.au/">Business Continuity Plans</a><br> There should be a comprehensive plan on what will happen in the event of a security break. This revolves from back-up of information through to keeping multiple persons in the company able to deal with the site. Continuity plans should also be used by Site hosts.</font></p> <p><font face="Georgia, Times New Roman, Times, serif">Owners might also want to consider insuring against any risk, if they are likely to suffer commercially from it.</font></p> <p><font face="Georgia, Times New Roman, Times, serif">Host<br> Operating System<br> Choice of operating system is important, with some software manufactures being bigger risk targets than others because of the faulty products they supply or the market share that they have.</font></p> <p><font face="Georgia, Times New Roman, Times, serif">The next thing is to <a href="http://results.sitesource.com.au/">consider</a> the set up of the operating system, if this is not done correctly it may enhance the risk of malicious attack.</font></p> <p><font face="Georgia, Times New Roman, Times, serif">Web Server<br> Consider simplifying system design – a more complex system is likely to have more holes and bug in it than a simpler one. Also reduce the amount of whistles and bells activated. This may have the effect of ruling out some cutting edge technologies but the balance is improving security.</font></p> <p><font face="Georgia, Times New Roman, Times, serif">Firewall<br> A firewall provides a barrier between the outside environment an the internal network. (It can also be used by web surfers in the same way to provide a barrier between the outside environment and their platform.) The firewall can then be set to analyse all communication through it and then permit or reject the flow based on a system of protocols.</font></p> <p><font face="Georgia, Times New Roman, Times, serif">Authentication<br> Access to the network can be restricted by authenticating who is actually attempting to access it, and then rejecting access from those not permitted to do so. this is discussed in more detail later.</font></p> <p><font face="Georgia, Times New Roman, Times, serif">Anti-Spoofing Software<br> Software is available for site hosts to help prevent sites that they host from being spoofed.</font></p> <p><font face="Georgia, Times New Roman, Times, serif">Back-up<br> Backing up all information and files regularly helps aid in recovery speed if there is a malicious attack. As relevant up to date replacement information is available and quickly accessed.</font></p> <p><font face="Georgia, Times New Roman, Times, serif">Security Policy<br> A written security policy ensures that there is a focus on risk reduction. It should be used to control, monitor and terminate access.</font></p> <p><font face="Georgia, Times New Roman, Times, serif">Tamper Resistant Hardware<br> In this example the site administrator may decide to use a secure device to improve security. For example a smart card & smart card reader may help reduce access risks.</font></p> <p><font face="Georgia, Times New Roman, Times, serif">Browser<br> Encryption<br> The site surfer should only submit delicate information over more secure systems. Encryption of data is designed to ensure that it can not be comprehended if intercepted on route to the correct location. This is discussed in detail a little later.</font></p> <p><font face="Georgia, Times New Roman, Times, serif">Certificates<br> Certificates enable verification of user and sites. A valid site certificate alerts the user that the site meets certain security specifications, a valid security certificate installed onto a surfer’s browser ensures that the user is identified as the correct one to the web site.</font></p> <p><font face="Georgia, Times New Roman, Times, serif">Web Browser Updates<br> Keeping up to date with browser software is important. As new bugs are found and fixed the web surfer should apply the fixes to the software that they use.</font></p> <p><font face="Georgia, Times New Roman, Times, serif">Keeping Up to Date<br> Active<br> Visit Helpful Sites<br> There are a number of sites that can be visited to help keep up to date with advances in security as well as information about new risks. These range from the W3C official site to software manufactures sites as well as third parties like netcraft.com who produce useful applications to help assist with security management.</font></p> <p><font face="Georgia, Times New Roman, Times, serif">Program Patches<br> Always apply patches to all software used as soon as they become available. This is because, as a risk is identified and fixed, it is widely publicised and malicious attackers alerted to the problem may take advantage of it on systems that haven’t been updated.</font></p> <p><font face="Georgia, Times New Roman, Times, serif">Administrative Tools<br> There are various administrative tools available to check the security level of the site. For example – SATAN can be run to identify site issues against a known based of potential risks.</font></p> <p><font face="Georgia, Times New Roman, Times, serif">Passive<br> Mail Lists<br> Being a member of various relevant mailing lists and societies can keep you informed as risks are identified and solutions found. </font></p> <p><font face="Georgia, Times New Roman, Times, serif">Automated Updates<br> Some software programs provide a facility for automatically updating themselves as new versions are released. If this is done automatically it reduces the risk of human failure to do the job.</font></p> <p><font face="Georgia, Times New Roman, Times, serif">Web Secure Transactions <br> Secure Transactions<br> As discussed previously information exchanged over the internet can be intercepted then viewed, changed or deleted with malicious purpose. Indeed the anonymous nature of the internet may can lead to malicious attempts by sites or users to present themselves as someone that they are not. This creates a problem when commerce is transacted using the internet. The solution is to provide the ability to transfer the information securely and confirm who it is that the information is coming from and going to.</font></p> <p><font face="Georgia, Times New Roman, Times, serif">As you can see there are various elements involved in creating a secure environment to exchange information. (Some servers even use server call back, where a user attempts to log in, then the server actually calls them back at the location that they should be at.)</font></p> <p><font face="Georgia, Times New Roman, Times, serif">User Authentication<br> The first element is determining who is actually accessing the site. This is known as authenticating the user. This can be done by user knowledge and/or location. That is the user might be prompted to input information that only they should know (like a user name and password) and the second is to verify the IP address that the user is at, to ensure that it is a valid address for that user. </font></p> <p><font face="Georgia, Times New Roman, Times, serif">Of course there are ways to get around these protections, so there are other parts to the equation.</font></p> <p><font face="Georgia, Times New Roman, Times, serif">Digital Signatures<br> These are devices that are added to any communication to authenticate it, and if the communication is tampered with, they are broken. In this way a site can present itself and the communication it is sending to the user as theirs, and likewise a user can sign their communications as theirs. </font></p> <p><font face="Georgia, Times New Roman, Times, serif">A digital signature is just like a personal signature & old fashioned wax seal - where the sender can be verified by it and any tampering is readily evident.</font></p> <p><font face="Georgia, Times New Roman, Times, serif">Encryption<br> The final option is to encrypt the information. That is apply a special code to the information that is very hard to crack, and only the user and site know how to interpret.</font></p> <p><font face="Georgia, Times New Roman, Times, serif">SSL & SHTTP<br> SSL<br> SSL stands fro Secure Socket Layer – and is an encryption system that Netscape helped to build. It is designed to convert protocols like HTTP and FTP. SSL has the provision not just to encrypt the data but also authenticate the user and hosts identity.</font></p> <p><font face="Georgia, Times New Roman, Times, serif">SSL creates a secure connection between site and user over which any amount of data can be exchanged. It is done by the server sending a lock (which it has the key to) to the user. The user then locks the information they are sending with this lock – so if it is intercepted enroute the interceptor doesn’t have they key to open it. At the same time the user can send their lock with the message so the server can lock any information that it send back.</font></p> <p><font face="Georgia, Times New Roman, Times, serif">40/128 bit SSL<br> The difference between 40 bit & 128 bit SSL is the number of possible “keys” that can be created to open the “lock” – either 2^40 or 2^128 respectively. Unfortunately 40 bit encryption can be broken with current technology, however, today’s technology is not capable of breaking a 128 bit key.</font></p> <p><font face="Georgia, Times New Roman, Times, serif">SHTTP<br> Secure HTTP (SHTTP) is designed to send individual messages securely across the internet. It is a good complimentary system to SSL, and now most sites that offer SSL do so over a SHTTP connection. Unfortunately SHTTP is limited by browser support and the fact that it can only conduct one way communication securely. The advantage is that it enables a SSL lock to be sent to the user in a more secure way than sending it via normal HTTP. The user can then use the SSL lock, to lock the information to send back to the server.</font></p> <p><font face="Georgia, Times New Roman, Times, serif">Business Value Adding<br> There are a variety of businesses that can help site managers implement security measures. In fact all of the technologies that I have discussed above are available for sale. You have to purchase SSL encryption from a company to be able to implement it into your site. There are limitations on who can purchase 128 bit SSL out of North America. Various companies sell different digital certificates (eg. verisign & esign), these can be purchased and added to your site. SHTTP is also a commercial development, and there are licensing fees for using it.</font></p> <p><font face="Georgia, Times New Roman, Times, serif">Additionally companies may offer varying levels of support and complimentary products to supplement these technologies.</font></p> <p><font face="Georgia, Times New Roman, Times, serif">Browser Features<br> Netscape<br> This browser advises if it encounters a digital certificate that it doesn’t trust. It also prompts the user whenever they attempt to send information over an unsecured connection. Installed in the Netscape menu bar (under help) is a direct link to the security centre – and enables access to patches and other downloads. It also offers advice about various security issues. It also includes a cookie, password and form management tools in the tasks/security menu.</font></p> <p><font face="Georgia, Times New Roman, Times, serif">Netscape constantly displays a lock in the bottom right corner, and it is either locked or open to constantly show the state of encryption.</font></p> <p><font face="Georgia, Times New Roman, Times, serif">Internet Explorer<br> Internet Explorer offers the ability to set various security levels relating to security and privacy. (and the ability to prompt to load applets/active X or disable cookies). When SSL is activated IE displays a key in the bottom right corner of the browser window.</font></p> <p><font face="Georgia, Times New Roman, Times, serif">There is a link from the menu bar to the online support center, from there users can navigate manually to the security section and download updates and patches. It also offers the opportunity in advanced settings to automatically check for ie updates.</font></p> <p><font face="Georgia, Times New Roman, Times, serif">Active X Risks<br> Active X Defined<br> Active X is a plug-in developed by Microsoft that delivers interactive multimedia content. It is a composite of Object Linking and Embedding with the Microsoft Component Object Model.</font></p> <p><font face="Georgia, Times New Roman, Times, serif">Risks<br> Active X permits controls to reside on a system and use its resources, but they can also write to the local hard disk, giving them the ability to wipe out all of a user's data. </font></p> <p><font face="Georgia, Times New Roman, Times, serif">For security, Microsoft relies on digital signature technology from VeriSign. The signature (certificate), is wrapped around a control before it is placed on the network. These signatures identify the source of the control. </font></p> <p><font face="Georgia, Times New Roman, Times, serif">Microsoft's Authenticode technology, built into Internet Explorer, verifies the signature with a certificate authority and ensures that it has not been altered before a download takes place. Therefore an unsigned control can’t be downloaded. However, users can change this option to allow unsigned controls to download with a warning. </font></p> <p> </p> <p><font face="Georgia, Times New Roman, Times, serif">Java/JavaScript Risks<br> Java Applets Defined<br> An applet, is a small application designed to run on the surfer’s computer. An applet is embedded into a web page and can be accessed via a browser. In the case of a Java Applet, this applet is written using the Java language</font></p> <p><font face="Georgia, Times New Roman, Times, serif">Risks<br> Java uses "sandboxing," meaning that a Java application executes in a protected memory area. Critical areas such as the file system or the boot sector are strictly off-limits. Theoretically, this makes it impossible for applets built in Java to damage a computer or its contents. It also stops applets from working with other applications or piggybacking on system services, and it forces users to download an applet every time they want to use it.</font></p> <p><font face="Georgia, Times New Roman, Times, serif">While there are security precautions there are some risks, like buffer overflow crashes or increasing Denial of Service attack potential.</font></p> <p> </p> <p><font face="Georgia, Times New Roman, Times, serif">JavaScript Defined<br> JavaScript is an interpreted language designed for dynamically presenting information and interacting with the browser. It can open and close windows, manipulate form elements, adjust browser settings, and download and execute Java applets.</font></p> <p><font face="Georgia, Times New Roman, Times, serif">Risks<br> The risks are even smaller with JavaScript, and revolve around the potential to access information on the surfer’s computer. It has been documented that JavaScript can access files on a user’s computer, as well as other personally store information and transmit it back to the host.</font></p> <p></p> <p><font face="Georgia, Times New Roman, Times, serif">back to <a href="http://solutions.sitesource.com.au/packages/">Online designs for business</a> </font></p> <p><font face="Georgia, Times New Roman, Times, serif">next look at <a href="p4.php">ADSL broadband ISP Sydney</a></font></p> <p> </p> </body>