Before we continue, it's important to define some core security vocabulary. Although we've generally defined security, the concept can still be somewhat nebulous. No doubt you've heard that "a system is secure" or that "system A is more secure than system B," but what do such phrases mean? Specifically, security is often thought of as comprising the following categories:
The first three categories are sometimes referred to the "Golden Rules" because they start with the letters Au, the chemical symbol for gold in the periodic table of elements. In the following sections, we'll describe these categories in detail.
Authentication is the process by which an entity, also called a principal, verifies that another entity is indeed who or what it claims to be. A principal can be a user, some executable code, or a computer. Authentication requires evidence in the form of credentials, and evidence can be in one or more of the following forms:
Proving that a principal is not an imposter depends upon the trustworthiness of the credentials. Credentials are trustworthy to the extent that they are correct or not—that is, absolutely. If a principal possesses the correct credentials, identity is verified regardless of who the principal is. In other words, authentication is a black-and-white process, resulting in a positive or negative response to a claim of identity.
However, the strength of the credentials is also important. For example, access to highly secure data might require credentials such as biometrics—for example, your thumbprint, a voice analysis, or a retinal scan, all of which are incredibly difficult to forge. Because biometrics are hard to counterfeit, they are often referred to as strong credentials. Passwords, on the other hand, are a weak credential because they are relatively easy to falsify.
Examples of some current authentication technologies include the following:
Chapter 3, "Windows 2000 Security Overview," Chapter 4, "Internet Explorer Security Overview," Chapter 5, "Internet Information Services Security Overview," Chapter 6, "SQL Server Security Overview," Chapter 7, "COM+ Security Overview," and Chapter 8, "Practical Authentication and Authorization," will further cover authentication issues.
Once a principal's identity is authenticated, the principal will want to access resources, such as printers, files, Registry keys, Active Directory attributes, and tables in a database. Access is determined by performing an access check to see if the authenticated entity has access to the resource being requested.
Access is determined by comparing information about the principal with access control information associated with the resource—this information, for example, might be held in an access control list (discussed in Chapter 3). If Alice is given full access to the file Info.txt, she can read, write, and delete that file. Suppose Bob has read-only access to this same file. If he attempts to write to or delete the file, he will be denied access.
As you can see, degrees of authorization exist—Alice might have complete access to A, B, and C, while Bob might have only read access to B, and so on.
Examples of authorization mechanisms include
Chapter 3 and Chapter 8 will describe authorization in detail.
The aim of auditing, also called logging, is to collect information about successful and failed access to objects, use of privileges, and other important security actions and to log them in some form of file for later analysis. Logging also aids in debugging applications because without logging you can only guess why someone was denied access to a resource.
Examples of audit logs include
Chapter 3 and Chapter 9, "Practical Privacy, Integrity, Auditing, and Nonrepudiation," cover auditing in detail.
Privacy, sometimes referred to as confidentiality, is a means of hiding information from prying eyes and is usually performed using encryption. By using privacy technologies, Alice can send a secret message to Bob, and anyone using a network protocol analyzer, such as Microsoft Network Monitor, cannot see what Alice has sent.
Examples of privacy technology include
Chapter 3 and Chapter 9 go into privacy in detail.
Integrity refers to the ability to protect data from being deleted or changed either maliciously or by accident. If Alice orders 100 widgets from Bob, she doesn't want an attacker to modify the order en route to Bob to 1000 widgets. In the worst case, integrity checks determine whether the data has been changed.
NOTE
Maliciously adjusted data is usually more serious than deleted data. If data is missing because it has been deleted, you know you need to use the last backup made to reinstate the missing data. However, if data is maliciously changed, you might not notice the change for a long time and the erroneous data might be used to make critical business decisions.
Examples of integrity technology include
Chapter 9 covers integrity in detail.
Another important aspect of security is availability, or the ensuring that a legitimate user is not denied access to a requested resource. For example, Alice, a valid user, won't be able to place an order by using your Web-based application if Bob, a malicious user, has launched an attack against your Web site that consumes all your network bandwidth. As far as Alice is concerned, your Web site is unavailable, so she might go elsewhere, perhaps to a competitor, to place her order.
Examples of availability technology include
Please note that load-balancing and failover technologies are beyond the scope of this book.
Nonrepudiation is a technique for providing proof that an action occurred so as to prevent a principal from fraudulently reneging on a transaction. For example, if Alice purchases an item, she might have to sign for the item upon receipt. The vendor can then use the signed receipt as evidence that Alice did indeed receive the package.
A complete nonrepudiation plan requires providing authentication, authorization, auditing, and data integrity. Nonrepudiation also requires that you inform the principal that the action he or she is about to take is legally binding. As you can imagine, nonrepudiation is extremely important for e-commerce.
We'll cover nonrepudiation in Chapter 9.