Security Needs in an Internet Environment
This section outlines the security needs of systems within a Web environment using the following headings:
■ Confidentiality
■ Authentication
■ Authorization
■ Non-Repudiation
■ Network Attacks
■ Fault Containment
■ Complex User Management Requirements
Confidentiality
Confidentiality refers to not revealing or exposing critical or sensitive information.
Data must be stored and transmitted securely, so that information such as credit card numbers cannot be stolen.
Over the Internet and in Wide Area Network (WAN) environments, both public carriers and private network owners often route portions of their network through insecure land lines, extremely vulnerable microwave and satellite links, or a number of servers. This situation leaves valuable data open to view by any interested party. However, communications known to be sensitive, such as credit card numbers, are routinely encrypted, so that even if observed, they cannot be read or used.
In Local Area Network (LAN) environments within a building or campus, insiders with access to the physical wiring can potentially view data not intended for them.
Network sniffers can easily be installed to eavesdrop on network traffic. Packet sniffers can be designed to find and steal user names and passwords. Frequent password changes can lessen the risk of misuse, since the stolen data would only be usable until the next change.
Authentication
Authentication ensures that users are who they claim to be. Some authentication methods require the user to be known in advance, by name and password, but other methods dispense with this requirement by using unforgeable certificates.
Security Needs in an Internet Environment
Authentication can be applied in several ways at various points of vulnerability to guard against unauthorized access and actions.
The idea remains the same even though authentication mechanisms vary for different contexts. In database authentication, the database performs both
identification and authentication of users. In external authentication, the operating system or network service performs the authentication. When database user identities are verified by SSL (Secure Sockets Layer), they are called global users, and their access to the database through global roles is authenticated by means of an enterprise directory. When users are allowed to connect through a proxy server, the verification is called multitier authentication and authorization.
Requiring passwords at several points can act as a layered defense against unauthorized access and actions in that a stolen password at one level would not unlock all lower level services. Some companies safeguarding sensitive or valuable data, such as credit card firms, require several items of identification, such as social security number, mother’s maiden name, and mailing zipcode. These items are usually not used as multiple passwords but rather as a combined authentication mechanism when passwords have not yet been established. They are advantageous in being specific to the individual while remaining generally not easy to access or to guess, criteria often suggested for selecting passwords. On the other hand,
passwords generally should be selectable and easy to change, advantages that these items lack.
Password-Related Threats
However, there are problems inherent in requiring users to have multiple passwords. In large systems, users must remember several passwords for the different applications and services that they use. For example, a developer can have access to a development application on a workstation, a PC for sending e-mail, and several computers or intranet sites for testing, reporting bugs, and managing configurations. Security vulnerabilities arise from the typical user responses to the problem of managing multiple passwords:
■ Users often select easily guessed passwords—such as a name, fictional
character, or a word found in a dictionary. All of these passwords are vulnerable to attacks that simply try every word in a list or dictionary of commonly-used passwords, such as "guest," "welcome," or "admin".
Security Needs in an Internet Environment
■ Users with complex passwords may write them down where an attacker can easily find them, or they may just forget them—requiring costly administration and support efforts.
All of these strategies compromise password secrecy and service availability. From the user’s point of view, remembering multiple passwords is a hassle. From an administrator’s viewpoint, maintaining multiple user accounts and passwords is complex, time-consuming, and expensive. Password queries from legitimate users account for a high percentage of help-desk time. And user reactions to the
complexity often compromise the intended security benefits.
Authorization
Authorization guards against misuse of systems, applications, or data after access has already been granted; it controls what objects and actions can be used.
Authorization generally refers to the process that determines what a user can access or maintains a record thereof. The enforcement of that authorization is called access control, which can require an additional password or validate a request for
resources against lists of approved users or permissible activities. For example, a directory that lists your privileges performs an authorization function, whereas database software using that information to limit which data you can see is doing access control.
Unauthorized Access to Data
As an example, the data and services provided by an Oracle database can be protected by such authorization actions. Using Oracle9i Application Server can mediate access to services provided by the back-end database. For each transaction, Oracle9i Application Server reports a user identity to the database. At that point, the database’s native access controls take over, providing resource restrictions based on the identity of the requestor as established by the authentication function. The user’s database privileges determine the specific data (that is, the tables, columns, and rows) that are accessible to him.
Intrusions
Authorization is also a defense against hackers who may try to corrupt your Web site. They also try to redirect users to a different site, fooling a client or server into believing that the site is something it is not.
To prevent corruption, you can control access to the administrative functions that govern the content of the site. To help protect against stolen Web connections, you can employ user authorization and encryption.
Security Needs in an Internet Environment