Peeling Back the Layers of Security
|
In the previous section we looked at the building blocks of security: confidentiality, integrity, nonrepudiation, authorization, authentication, and availability. If we think of that as a horizontal view of security, looking across all of the available tools, then in this section we are looking vertically, down through the communications layers on which the building blocks of security stand.
Table 2-1 shows the seven layers of the Open System Interconnect (OSI) stack.
| Layer Number | Layer Name | Example of Technology that Uses this Layer |
|---|---|---|
| Layer 7 | Application | E-mail, directory services |
| Layer 6 | Presentation | Encrypted data, compressed data POP/SMTP |
| Layer 5 | Session | POP/25, SSL |
| Layer 4 | Transport | TCP, UDP |
| Layer 3 | Network | Packets IP, ARP |
| Layer 2 | Data Link | PPP, 802.11 |
| Layer 1 | Physical | ADSL, ATM |
Though we will see in Chapter 3 that Web Services security has specific implications for layer 7, the application layer, the security at other levels of the OSI stack is also important. Let’s look some of the OSI layers, examining how they are vulnerable to security breaches. A common thread emerges—by sending an application data that it doesn’t expect, vulnerabilities can be probed and exploited. We’ll see how this was possible at lower layers of communication, and in the next chapter we’ll see how it now occurs at the application layer.
Network Layer
Security options at the network layer are largely unchanged from the time before Web Services existed. Firewalls continue to be vital, even if new vulnerabilities and challenges have opened up at higher layers of the OSI stack.
Choosing and Configuring a Firewall
The network layer is protected by firewalls. Firewalls examine IP packets coming into and leaving an organization. They ensure that suspicious or malicious packets are not allowed to pass through. Routers also perform packet filtering. One of the major debates in information security concerns the ongoing importance of firewalls. Historically, firewalls were used to block unwanted protocols by blocking the TCP ports that they used. However, the ports for Web browsing would be left open. Consequently, many application vendors adapted their product to use the Web ports—that is, ports 80 and 443 (for SSL). This had the effect of bypassing firewalls. However, that does not mean that firewalls are no longer useful. Firewalls continue to guard against lower layers of communication.
Next, we will examine one of these attacks: the so-called “ping of death.”
Example: Blocking the “Ping of Death”
The evocatively named “ping of death” attack involved pinging a computer with a packet greater than 65,536 bytes (as opposed to the default 64 bytes). It struck in the late 1990s, and found vulnerabilities in UNIX, MacOS, Netware, printers, and routers. An IP datagram of 65,536 bytes is illegal. However, the design of IP packets meant that it was possible to create such a datagram by exploiting the method by which packets are fragmented. When the packet is reassembled, it can overflow the buffer, causing unpredictable results.
This targeting of a buffer overflow is a common attack method that we will see in the next chapter. Web Services is not as vulnerable to buffer overflow attacks as earlier integration technologies were. However, it is still important to learn the lesson of the “ping of death” and not take it for granted that the input to a system will be as expected. “Never trust your input” is a useful rule to keep in mind.
Session and Transport Layers
The session and transport layers also have specific security technologies. These are not superseded by Web Services security. They are still very useful in order to secure network communications at layers under the application layer. In particular, they remain important for ensuring the confidentiality of SOAP communications.
SSL
SSL provides both confidentiality (through encryption) and authentication (using digital certificates) for HTTP traffic. The use of SSL for confidentiality is phenomenally successful. It is the de facto means of encrypting information traveling from a Web browser to a Web server. The use of SSL for authentication of Web sites is successful also. Using SSL, a user of a Web browser can ensure that the Web site they are visiting is authentic. Companies such as VeriSign issue digital certificates to Web sites so that Web sites can prove their identity to potential customers. SSL provides for authentication in the reverse direction also—that is, for a user of a Web browser to prove his or her identity to a Web site. This aspect of SSL is not as successful, however. That is because the overhead of generating a public and private key pair, and then registering this with a PKI, is unattractive for most Web browser users. Consequently, on the B2C Internet, consumers can be sure of the identity of the authenticated online stores with which they transact, but the stores typically cannot be 100 percent sure of the identity of their customers.
Application Layer: S/MIME
S/MIME is a solution for confidentiality, integrity, and nonrepudiation for e-mail messages. It uses encryption for confidentiality, and digital signatures for integrity and nonrepudiation. Note that the provision of nonrepudiation relies on the existence of a PKI.
A SOAP message may, in time, be sent using SMTP (Simple Mail Transport Protocol) and when that happens S/MIME will be a useful technology for security. The type of digital signature used in S/MIME is a PKCS#7 signature. This has been superseded to some extent by XML Signature.
|
