1. Trang chủ
  2. » Công Nghệ Thông Tin

Webmaster''''s Guide to the Wireless Internet part 48 ppt

10 147 0

Đang tải... (xem toàn văn)

THÔNG TIN TÀI LIỆU

Thông tin cơ bản

Định dạng
Số trang 10
Dung lượng 125,47 KB

Nội dung

442 Chapter 10 • Securing Your Wireless Web WTLS and Point-to-Point Security Models The term point-to-point security describes an approach where information is pro- tected at each leg of the journey from a user to a Web server by the appropriate security technology for each part of the communication.As we have seen, this approach has inherent weaknesses at the points where the security methods www.syngress.com cyclic redundancy check (CRC) algorithm, which represents the integrity of information as a number. ■ Privacy Privacy means that information communicated between two people or computers is inscrutable to third par- ties. Encrypting information so that only the sender and recipient understand it ensures privacy. ■ Public Key In public-key cryptography the sender and recip- ient each get two keys: a private key and a public key. The public key is made accessible while the private key remains secret. The sender of a message encrypts the information using the recipient’s public key but the information can only be decrypted using the recipient’s private key. ■ Secret Key In secret key cryptography the sender and recip- ient use the same method of encrypting and decrypting information. A shared piece of information or secret known only to a message’s sender and recipient can be used to encrypt and decrypt the message. This is known as secret key or symmetric cryptography. ■ Trojan A program that appears to be legitimate but is designed to have destructive effects on the programs and data of the computer onto which the Trojan program has been loaded. ■ Virus A program that replicates itself by infecting other pro- grams. Viruses are typically programmed to append their exe- cutable code to other programs, resulting in their propagation. ■ Worm A malicious program that replicates itself over a net- work and that typically fills all of the storage space or net- work capacity. Worms typically exploit a specific vulnerability, such as a buffer overflow in a particular network application, in order to execute their own code on remote machines. 159_wg_wi_10 10/22/01 5:47 PM Page 442 Securing Your Wireless Web • Chapter 10 443 change between legs of the data’s journey.The most important technology in the point-to-point security model is WTLS.WTLS is the equivalent of SSL for WAP, and it provides encryption between wireless browsers and WAP gateways.The most standard form of WTLS (WTLS Class I) is designed to work together with SSL so that WTLS operates on the wireless network side of the WAP gateway and SSL operates on the Internet side.WTLS and SSL together ensure that infor- mation is encrypted from point to point all the way from a wireless browser to a Web server (see Figure 10.4). How WTLS Works WTLS is the part of the WAP specification designed to ensure the privacy, authenticity, and integrity of communication. Communications traffic in the air may also be encrypted depending on the wireless network and air-connect tech- nology but, like WTLS, this does not provide true end-to-end encryption. The three main components of WTLS are: (1) the handshaking protocol that provides for key exchange; (2) a record structure for encrypted information; and (3) the Wireless Identity Module (WIM).The handshaking protocol is used when a client and server (a WAP gateway) initiate a session. During the handshaking www.syngress.com Figure 10.4 Point-to-Point Security Model Internet Wireless Network WAP Phone Web Server WAP Gateway WTLS works between devices and WAP gateways. SSL works between WAP gateways and Web servers. 159_wg_wi_10 10/22/01 5:47 PM Page 443 444 Chapter 10 • Securing Your Wireless Web process, the client lists supported cryptographic and key exchange methods, and the server chooses a preferred method.After authenticating each other ,the client and server select a protocol version and cipher.WTLS borrows from the SSL standard and supports the RC5, DES, 3DES and IDEA ciphers, although the DES and 3DES ciphers are the more typically used.Three key exchange methods are supported including RSA, Diffie-Hellman, and Elliptic Curve Diffie-Hellman, with the RSA method being the most commonly used.WTLS also provides a way keys to be exchanged anonymously based on the servier’s public key.When authenticating anonymously, the client encrypts a secret key using the server’s public key, and sends a Client Key Exchange message.The record structure of WTLS provides a mechanism for the data’s privacy and integrity to be checked, and the WIM is the core software logic that performs all of the actual cryptog- raphy, including handshaking, authentication, and encryption. WTLS Classes The version 2.0 WAP specification incorporates three classes of WTLS security, offering successively stronger levels of security.WTLS Class I only provides encryp- tion between the wireless browser and the WAP gateway, after which the gateway is responsible for the data’s security.WTLS Class II is a close analog of SSL on the Internet because it allows SSL-like encryption directly between wireless browsers and Web servers.WTLS Class III provides a framework for PKI security. The WAP Gap Mobile devices using WAP do not connect directly to Web sites or applications nor do they directly support the HTTP protocol or SSL. In effect,WAP gateways act like proxy servers for mobile devices.A gateway translates one kind of communica- tion to another kind. In this case a WAP gateway translates communication from the WAP protocol to HTTP over the Internet.When a WAP gateway relays a request to a Web server on behalf of a mobile device, it uses the WAP protocol to communicate with the device and HTTP to communicate with the Web server. Like Web browsers,WAP gateways support SSL, which is the standard method of encrypting HTTP communications. SSL is normally used between Web browsers and Web servers. Communication between a mobile device and a WAP gateway is secured using WTLS. and communication between the WAP gateway and Web servers is secured using SSL.WAP gateways decrypt WTLS communication and then re-encrypt the communication using SSL.This means that inside the WAP gateway, the information is unencrypted at one point. It is theoretically possible for www.syngress.com 159_wg_wi_10 10/22/01 5:47 PM Page 444 Securing Your Wireless Web • Chapter 10 445 the WAP gateway to malfunction and establish unencrypted HTTP communication rather than using SSL.This flaw is referred to as the WAP gap (see Figure 10.5) and it is the ideal point for a man-in-the-middle attack. How Likely is a WAP Gateway Compromise? WTLS Class I is the most widely deployed security standard on the wireless Web for WAP devices (there are currently many more DoCoMo i-mode devices in use).WTLS Class I communication is theoretically flawed because it is possible, however improbable, that a mobile operator’s WAP gateway can be compromised or that it might not initiate SSL connections over the Internet. However, what is more important to you as a wireless Webmaster , is that the software and configu- ration of the mobile operator’s WAP gateway and the security of the WAP gateway itself are totally outside your control; you have no way of knowing if one or more of these machines has been compromised or if you are being victimized by a man in the middle attack. Experts disagree about how serious the WAP gap really is or whether it can be successfully exploited. However, the fact that the WAP gap exists means that the design of WTLS Class I, and of the wireless Web today, is imperfect at best. www.syngress.com Figure 10.5 The WAP Gap Internet Wireless Network WAP Gateway WTLS works between devices and WAP gateways. Potentially unencrypted HTTP communication. Web Server WAP Phone The "WAP Gap" is between WTLS and SSL. 159_wg_wi_10 10/22/01 5:47 PM Page 445 446 Chapter 10 • Securing Your Wireless Web SECURITY ALERT There are two methods of testing SSL between a WAP gateway and a Web server or Web-based application. The first is to directly enter an HTTPS Universal Resource Locator (URL) on the device and see if the WAP gateway successfully connects. The more secure method is to restrict all communications to SSL (TCP/IP port 443). Enforcing SSL at the Web server is the best way to guarantee that information is secure. The Seven Layers of Point-to-Point Security Point-to-point security can be broken down into seven layers, corresponding to the steps in the communication path between mobile devices and Web servers or applications. Despite concerns like the WAP gap and mistrust of WASPs, these seven security layers provide practical assurance that applications and transactions are reasonably secure. For most organizations, content and information such as e- mail that are made available through wireless devices are adequately served by a point-to-point security model.This is only because the security requirements are low. For banking solutions such as consumer banking and mobile credit card applications, point-to-point security as it exists today (primarily using WTLS Class I security) is not acceptable. Nonetheless, in the fierce competition to reach the wireless market first, even a theoretically flawed security solution may pose an acceptable risk when balanced with other business considerations. Device limita- tions and the lack of common global standards mean that relatively high levels of security cannot be widely deployed today. Point-to-point security forms the only real alternative because it can be widely deployed.The seven layers of point-to- point security are: 1. Embedded Security Technology 2. Secure Air-Connect Technologies 3. Mobile Operator Network Security 4. Secure Mobile operator Gateways 5. Authentication 6. Data Center and Network Security 7. Secure Application Interfaces www.syngress.com 159_wg_wi_10 10/22/01 5:47 PM Page 446 Securing Your Wireless Web • Chapter 10 447 Embedded Security Technology The first layer of defense in a computer system is always the end terminal. Physical access to the device must be controlled. If the device is a phone, it will often have a lock code or password feature that prevents it from being used unless a code is entered. PDAs such as Palm OS devices have password and lock features to prevent unauthorized access in the event that the device is lost or stolen. Notebook computers have the same capabilities either as a Basic Input/Output System (BIOS) feature orbuilt in to the operating system. In order to be effective, all of these features require configuration.As a wireless Webmaster, it is up to you to set security policies and to define standard configurations for the devices used to access your network and servers. Unlike desktop workstations, you have to expect that mobile devices will inevitably be lost or stolen. Guidelines covering what and how to communicate can protect confidential information when all else fails. Security policies are your final line of defense: users must be told what can be communicated through mobile devices and what can be stored on mobile devices such as PDAs. Users should be advised to treat their wireless communica- tions in the same way they would a private conversation with a coworker in a public place. www.syngress.com Security Policies An excellent example of security guidelines comes from the world of investment banking, where security is of supreme importance because of the ramifications for transactions. Unlike most corporate users, investment banking professionals are keenly aware of security issues and that the ultimate responsibility for confidentiality rests upon the bankers themselves. Investment banking professionals must observe a strict standard and adhere to protocols that ensure the highest level of confidentiality possible. They must always use caution when discussing business, par- ticularly in a public place such as an airport, elevator, or restaurant. As with products that are not yet announced in other industries, invest- ment bankers often use code names for their projects and clients even in internal discussions. Developing & Deploying… Continued 159_wg_wi_10 10/22/01 5:47 PM Page 447 448 Chapter 10 • Securing Your Wireless Web Mobile Operator Network Security WTLS extends security beyond the inherent air-connect security, across the entire mobile operator network, right to the edge of the Internet at the WAP gateway. Once traffic leaves the WAP gateway it is no longer secured by the air- connect technology,WTLS, or the network operator’s internal network security. At the same time, users may roam to areas where they do not have the same cov- erage or may use a less secure air-connect technology like the analog AMPS system.The security technologies implemented in air interfaces such as CDMA are designed to protect the network and subscribers from misuse such as stolen phone numbers or unauthorized network use. Security of the air interface itself and the mobile operator’s network enhances the security of wireless data services such as WAP browsing, but were designed to protect data communications. Secure Mobile Operator Gateways The WAP gap and the potential for man-in-the-middle attacks mean that the secu- rity of mobile operator WAP gateways is critical. Inside the WAP gateway, informa- tion encrypted through WTLS Class I security is decrypted and then re-encrypted using SSL.The information is vulnerable at that point; ss a wireless Webmaster you have no control of the mobile operator’s WAP gateway and no way of knowing if one or more of these machines has been compromised. For organizations buying network service from a carrier, it is reasonable to request a description of network security as would normally be provided by an Internet service provider.The only way to be certain that WAP gateway security is not an unmanaged risk is not to depend on it, relying instead on end-to-end SSL or PKI security. Authentication Exposing applications and information on the Web means providing more than one line of defense against unauthorized access and malicious hacking.The sim- plest strategy is to support a single authentication standard such as Remote www.syngress.com When using mobile devices to communicate, investment banking professionals must rely first and foremost upon the established best practices within their field and observe the same precautions they would when sending e-mail outside the company or when traveling. Regardless of the security technology used, any communication technology is only as secure as the policies and practices observed by users. 159_wg_wi_10 10/22/01 5:47 PM Page 448 Securing Your Wireless Web • Chapter 10 449 Authentication Dial-In User Service (RADIUS) or Lightweight Directory Access Protocol (LDAP)-based user ID/password authentication.Technologies such as SecureID can easily be added to wireless applications but are cumbersome for users because of the constraints of entering information quickly using a mobile phone or wireless PDA. SECURITY ALERT As with local area network (LAN) or host access user IDs and passwords, wireless user IDs and passwords should follow standard guidelines for length and composition. Users may wish to simplify their passwords to make wireless applications more usable, but as a wireless Webmaster you must consider that cracking will be done over the Internet and not from mobile devices. Weak passwords can be quickly broken, and this is especially true for numeric personal identification number (PIN)-based passwords, which are the easiest passwords to enter on a phone. Data Center and Network Security If you are using a WASP you must make sure that the WASP data center facility is secure.This means physical security, security policies, operational methodology and procedures, and tools to detect and protect against intrusion attempts.Your WASP should be able to clearly articulate their security architecture and practices including: 1. Secure Data Center Design 2. Customer Network Isolation 3. Secure Router Configurations 4. VPNs and Private Pipes 5. Secure Methodology 6. Security Management 7. Security Auditing www.syngress.com 159_wg_wi_10 10/22/01 5:47 PM Page 449 450 Chapter 10 • Securing Your Wireless Web Secure Data Center Design A secure data center design involves a physical network architecture (see Figure 10.6) that isolates servers and customer information from access over the Internet.This is commonly accomplished through a double firewall scheme where Internet-accessible servers are separated from other machines, and where access to machines through a second firewall is restricted in any of several ways, such as being limited to a particular network address and application. Customer Network Isolation Isolating customer networks means that firewalls are configured to compartmen- talize each customer’s servers and data.This mitigates the risk that another cus- tomer’s application might receive secure information if it were unencrypted for any reason within the service provider’s network. www.syngress.com Figure 10.6 Typical Secure Data Center Network Design DMZ Network Back-End Applications Wireless Application (Front-end Web Server) Data Center Network Internal Firewall Content Sources (Database Servers, etc.) Load Balancer VPN Server Internet External Firewall Router 159_wg_wi_10 10/22/01 5:47 PM Page 450 Securing Your Wireless Web • Chapter 10 451 Secure Router Configurations Like any service provider, a WASP must have secure network router and device configurations.This means that devices are properly configured following well- defined security guidelines.The best way to ensure that your WASP’s network router configurations are secure is through an independent audit. VPNs and Private Pipes Availability of Virtual Private Network technology or private network connec- tions (“private pipes”) is an important consideration.A VPN acts like a conduit over the Internet. Information passing through the conduit is encrypted, but the encryption is transparent to applications on either end of the connection.VPNs allow information to be passed over the Internet with no practical risk of a com- promise.Another method involves establishing private network connections between the WASP data center and customer networks.This approach is more costly than a VPN, but is also theoretically more secure since it bypasses the Internet completely. Secure Methodology Secure deployment methodologies and remote administration protocols such as SSH are necessary to ensure that there is no exposure of secure information or systems at any point, even when new system components are being deployed. Secure methodology can include administration procedures and tools so that only authorized personnel can perform administrative tasks. Secure methodology guards against accidental exposure and malicious activity within the WASPs network. Security Management Designing and deploying a secure system does not mean that it will remain secure indefinitely. Security flaws in software applications and computer or net- work router operating systems are discovered and corrected over time. Monitoring and timely deployment of security patches will correct known vul- nerabilities, and all service providers should have clear procedures to accom- plishing this on an ongoing basis. Security Auditing You should negotiate independent auditing as a term of your contract with a WASP.A WASP will not give you direct access to their network, firewalls, or routers, therefore you must rely on their self-report or obtain the contractual right www.syngress.com 159_wg_wi_10 10/22/01 5:47 PM Page 451 . from the WAP protocol to HTTP over the Internet. When a WAP gateway relays a request to a Web server on behalf of a mobile device, it uses the WAP protocol to communicate with the device and HTTP to. and SSL together ensure that infor- mation is encrypted from point to point all the way from a wireless browser to a Web server (see Figure 10.4). How WTLS Works WTLS is the part of the WAP specification. gateways .The most standard form of WTLS (WTLS Class I) is designed to work together with SSL so that WTLS operates on the wireless network side of the WAP gateway and SSL operates on the Internet

Ngày đăng: 04/07/2014, 02:20