(Base One logo) .NET database and distributed computing tools

Network Security and Building Secure Applications

Any computer application may pose a risk to a company's information assets and its good name, as well as its tangible property. Important data could be lost or falsified, essential services rendered unavailable, or confidential information revealed, with potentially disastrous consequences. The problem of security is not new, but it has gotten worse, and there is reason to expect this trend to continue.

Inattention to security also carries legal risks, with a growing body of regulations mandating compliance to accepted standards of accountability, safeguarding the integrity of important information, protecting privacy, and making information available to authorized agencies. These regulations impose an additional burden, on top of the considerable technical challenges of creating secure applications, but they also encourage companies to do something in their own interest: understand security and plan for it from the outset.

One small oversight can lead to disaster - the Tacoma Narrows BridgeWhy security systems fail

  • Computer systems are complex, invariably having some bugs.
  • Information is vulnerable, especially in transit across the Internet.
  • People are involved, adding unpredictable human factors.
  • Security is inherently difficult to engineer and test (because it pertains to negative functionality).
  • Determined attackers really are out to get you!

With ever-increasing reliance on pervasive information technology and no immediate prospect of a less hostile world, the prognosis doesn't look good. Nevertheless, countermeasures can be cost-effective in a well designed system. The key to successful security is taking the whole system into account, because a single weakness can break the entire chain.


The elements of security

Consider the requirements of a secure system and how those requirements might be threatened, whether by deliberate attack or otherwise. The following table briefly summarizes each basic aspect of security, its vulnerabilities, and the kinds of security practices that help to mitigate those risks.

Element / Threat Vulnerabilities Countermeasures
Availability

maintaining timely access to information and services

Threat: Customers are deprived of service - you might as well be out of business.

  • application crash due to software error (i.e., a bug)
  • system hangs instead of degrading gracefully under heavy usage
  • distributed denial of service (DDOS) attack
  • power outage
  • diverse types of hardware failure
  • natural disaster
  • riot or terrorist attack
  • inability to restore data promptly after a system failure
  • robust application design with comprehensive exception handling
  • provision for ample peak capacity and built-in overload protection
  • limits on request execution times
  • firewall and router configuration with network traffic monitoring and adaptive filtering
  • segmented network topology
  • hardening the TCP/IP stack
  • UPS and redundant hardware, ready to swap into service
  • automated transaction logging and recovery mechanisms
Authentication

ensuring legitimate identification of users and their agents

Threat: An anonymous or bogus identity enters a restricted area, opening the door to further mischief.

Passwords and keys can be misappropriated in any of these ways:
  • phishing and other email-based social engineering scams
  • spyware infection acquired from any of a variety of web browsing exploits, such as cross-site scripting and pharming
  • breaking weak passwords by brute force
  • packet sniffing on insecure network traffic
  • physical eavesdropping
  • theft of keys and computers
  • discarded computers and media

Or authentication could be bypassed altogether, through:

  • holes in application design or system configuration that provide an avenue for circumventing normal perimeter defenses
  • Trojan "back door" planted by a virus or worm
  • man-in-the-middle attacks and other variations of session hijacking
  • education on common security threats and safe practices
  • policies encouraging use of strong passwords with periodic expiration
  • operating system lockdown, updates, and patch management
  • malware scanning, blocking, and removal tools
  • biometrics, smart cards, and two factor authentication technologies
  • cryptographically secure storage and transmission of passwords, keys, and session state information
  • strongly encrypted communications protocols, such as SSL and IPSec
  • cryptographic hashing for secure password storage, session control, and proxy authentication
  • multiple authentication, session timeouts, and logout functionality
  • automatic lockout after repeated failed login attempts
  • independent penetration testing
  • preparing for rapid incident response
Authorization

restricting the actions a user is permitted to take

Threat: An attacker gains access to restricted resources without proper approval, setting the stage for breach of confidentiality or data tampering.

  • exposed system files and resources for which access has not been sufficiently restricted
  • buffer overruns, SQL injection, cross-site scripting, and other forms of parameter manipulation, gaining access to more capabilities than intended
  • escalation of privileges by exploiting known operating system vulnerabilities
  • abuse of administrative privileges
  • insider knowledge about details of application design, network configuration, file names, or database structure
  • configuration of network components, databases, workstations, and servers according to best practice guidelines
  • employing all available access control mechanisms, including those at the application level
  • thorough input validation and other defensive coding practices
  • principles of least privilege and constrained I/O
  • compartmentalized architecture to limit damage
  • activity monitoring and intrusion detection systems
  • deterrence through secure audit trails
Accountability

preserving a record of what was done and by whom

Threat: A transaction becomes untraceable and refutable, because of failure to capture and retain data proving its source.

  • inadequate logging due to design oversight or insufficient security requirements planning
  • log files lost, damaged, or simply not adequately secured to comply with legal evidentiary standards
Facilities for automated, secure logging, which provide the basis for a number of essential functions:
  • audit trails that guarantee non-repudiation
  • automatic database recovery following interrupted operations
  • diagnosing unexplained failures
  • intrusion detection and forensic analysis
  • tracking down and prosecuting cyber-criminals
Confidentiality

hiding sensitive information from unauthorized viewers

Threat: News of a breach of confidential information causes embarrassment and legal liability.

Sensitive information may be exposed because of failure to adequately restrict access, due to:
  • hastily constructed applications
  • ignorance of regulatory requirements
Application designers must be educated and adhere to policies regarding the use of encryption and access controls for compliance with applicable privacy laws and regulations, such as:
  • Health Insurance Portability and Accountability Act (HIPAA)
  • Gramm-Leach-Bliley Act (GLBA)
  • Cardholder Information Security Program (CISP)
  • Data Protection Act (in the UK)
Integrity

guaranteeing that information remains accurate and complete

Threat: Data is missing or falsified, casting a shadow over the entire system's credibility.

  • physical loss or damage due to failure of hardware or storage medium
  • malicious tampering by an attacker who has penetrated defenses
  • error in application program logic (bug), e.g. due to improper synchronization of multi-user access, race conditions, etc.
  • backup storage
  • physical security
  • effective access controls
  • checksums and hashed message authentication codes
  • safe coding practices: defense in depth, peer design review, diligent testing and quality assurance
  • rigorous transaction processing techniques
  • compliance with legislation safeguarding the accuracy of financial data, e.g. Sarbanes-Oxley Act (SOX).

Security resources on the web


Base One develops tools and provides consulting services for building secure distributed applications.

Visual Studio | Database Technology | Distributed Computing | BFC
 


Home Products Consulting Case Studies Order Contents Contact About Us

Copyright 2012, Base One International Corporation