Redemption Steps

Previous page
Table of content
Next page

As with many things, the first step towards redemption is to understand the problem and know when you have a problem. If youve gotten this far, then youre at least aware of how unreliable DNS information can be.

Unlike many other problems, were not able to give you specific details, but here are some possible tools you can use. One of the easiest approaches is to ensure that connections are running over SSL. If youre dealing with internal applications, you will probably want to set up an enterprise-level certificate server and push out the enterprise root certificate out to all of the client systems.

Another approach is to use IPSecif IPSec is running over Kerberos, then some amount of client and server authentication is done for you, and you can be assured that if anyone can connect to your system at all, then that system is at least participating in the same Kerberos realm (or in Windows terminology, domain/forest). IPSec using certificates works as well, though the Public Key Infrastructure (PKI) infrastructure may be a challenge to set up and run correctly. A drawback to the IPSec approach is that the underlying network information isnt readily accessible at the application layeryour app is then at the mercy of the network admin. Another way to use IPSec is to require IPSec between your system and the DNS server. You can then at least be sure that you made it to your DNS server, and your confidence in internal name resolution is improved. Please note that we did NOT say that the problem was solved just improved.

If authentication is performed using Kerberos, or Windows authentication, and the clients and servers are both recent versions, then MITM attacks against the authentication layer are effectively dealt with by the protocols. Password cracking remains a threat.

If the application is critical, then the most secure way to approach the problem is to use public key cryptography, and to sign the data in both directions. If privacy is required, use the public key to encrypt a one-time symmetric session key, and deliver it to the other system. Once a symmetric session key has been negotiated, data privacy is taken care of, and signing a digest of the message proves where it came from. This is a lot of work, and you need someone to review your cryptography, but it is the most robust solution.

A cheap and dirty way to solve the problem is to take the DNS system out of the problem entirely by dropping back to mapping DNS names to IP addresses using a hosts file. If youre concerned about local network layer attacks, using static arp entries can take care of arp spoofing. The overhead involved in this approach generally isnt worth it, except in the instance of systems youve intentionally isolated from the main network.


Previous page
Table of content
Next page
19 Deadly Sins of Software Security. Programming Flaws and How to Fix Them
Writing Secure Code
ISBN: 71626751
EAN: 2147483647
Year: 2003
Pages: 239
Authors: Michael Howard, David LeBlanc
BUY ON AMAZON
WebLogic: The Definitive Guide
Cisco ASA: All-in-One Firewall, IPS, and VPN Adaptive Security Appliance
PMP Practice Questions Exam Cram 2
Lean Six Sigma for Service : How to Use Lean Speed and Six Sigma Quality to Improve Services and Transactions
MPLS Configuration on Cisco IOS Software
GDI+ Programming with C#
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy