Securing User Services

1

• Securing User Services

2
Presentation Structure

• Securing e-mail.
• Securing news services.
• Securing terminal services.
• Securing Web services.
• Preventing machines from virus infection.

3
E-Mail

• Is a most widely used service on the Internet.
• Is a fundamental requirement for business
  communications.
• Is based on the Simple Mail Transfer Protocol
  (SMTP).
• See its RFC for the protocol at
• http//www.freesoft.org/CIE/RFC/index.htm

4
A Few of SMTP Commands

• HELLO (HELO)
• This command is used to identify the sender-SMTP
  to the receiver-SMTP.
• MAIL (MAIL)
• This command is used to initiate a mail
  transaction.
• RECIPIENT (RCPT)
• This command is used to identify an individual
  recipient of the mail data.
• DATA (DATA)
• The receiver treats the lines following the
  command as mail data from the sender.

5
Threats by Automatic Application Launching

• These threats arise from the automatic launching
  of viewer applications, such as, the launching
  provided through the use of MIME (Multipurpose
  Internet Mail Extensions).
• E-mail programs like outlook call viewer
  applications to process the MIME message,
  according to the content type (.jpg, .doc, .txt,
  .exe, etc).
• Files attached in the message may contain viruses
  or Trojan horses.

6
Securing Automatic Launching

• Dont automatically launch MIME messages because
  they may contain viruses and Trojan horses and
  should be saved to disk and checked separately.

7
Threats While E-mail Messages are in Transit

• Lack of confidentiality. Messages are exposed to
  eavesdropping.
• Lack of authenticity. Cant verify whom you are
  speaking with over the Internet.
• See an example of forging an e-mail message(the
  e-mail spoofing attack) in Fig 7.1 and 7.2, pg
  217 and 218, respectively.

8
Threats While E-mail Messages are in Transit

• Lack of Integrity. Cant be sure that a message
  received is the same as the message sent.
• Lack of nonrepudation. Cant bind a sender of a
  message to its transmitor.
• (SMTP also reflects the standard problems of most
  Internet services, e.g., Web, Ftp)

9
Securing E-mail in Transit

• The organization should implement a PKI (public
  and private key) plus a certificate authority
  together with their email system, as well as
  require employees to sign or encrypt whenever
  dealing with sensitive messages.
• As an employee, sign and/or encrypt whenever
  necessary.

10
CA Trust Models

• A top-down hierarchy (See Fig 7.4, page 228) is
  one of the trust model.
• A bottom-up hierarchy (See Fig7.6, page 232) is
  another one. Or the web of trust.

11
PKI Solutions with E-mail

• There are a number of approaches to securing
  e-mail messages, including
• Pretty Good Privacy (PGP)
• Privacy-Enhanced Mail (PEM)
• MIME Object Security Services (MOSS)

12
Pretty Good Privacy (PGP)

• In the late 1980s, Phil Zimmermann, a software
  developer in Boulder, Colorado, developed a
  program called Pretty Good Privacy (PGP) for
  securing e-mail messages.
• PGP was then rapidly adopted by many individuals
  as a way of providing information privacy for
  personal communications.
• This is because..

13
PGPs Success

• PGP is completely separate (via PGPTray) from
  email programs and this makes it easier to port
  to multiple platforms.
• PGP supports data compression.
• The bottom-up approach taken by PGP to manage the
  trust model is much more flexible than the
  top-down approach taken by PEM.

14
Privacy-Enhanced Mail (PEM)

• PEM is a way and also standard to secure e-mail
  messages.
• PEM was begun to work on in 1990 by the Privacy
  and Security Research Group of the Internet
  Research Task Force (IRTF).

15
Privacy-Enhanced Mail (PEM)

• PEM becomes a standard defined in a set of four
  documents, i.e., Internet RFCs (Request for
  Comments), 1421-1424.
• The standard specifies the manner in which
• public key cryptography,
• certificate management, and
• e-mail programs
• should be integrated to form a secure e-mail
  system.

16
Privacy-Enhanced Mail (PEM)

• There are three major implementations of PEM
  available today
• The Toolkit for Interoperable Privacy Enhanced
  Mail (TIPEM), developed by RSA Data Security,
  Inc.,
• RIPEM, developed by Michigan State University,
  and
• TIS/PEM, developed by Trusted Information Systems
  company.

17
MIME Object Security Services (MOSS)

• Due to the lack of support for nontext messages
  by PEM, the IETF began in 1993 to work on PEM to
  integrate MIME support with PEM specifications.
• The work becomes another standard called MOSS
  which is specified in Internet RFC 1848.

18
USENET News (NetNews)

• All NetNews use the Network News Transfer
  Protocol (NNTP).
• NNTP has a small set of commands (like SMTP) that
  are used to send messages
• between news servers, and
• between servers and news readers (programs to
  read news) that are used by end users.

19
A Few of NNTP Commands

• List Returns a list of valid newsgroups and
  associated information
• Group Selects the newsgroup, whose name is given
  as argument.
• Article The article with that message identifier
  is returned.
• Post The article should be sent including header
  and body to the NNTP server.

20
Forged Articles

• Forged articles
• Most news servers allow for interactive
  communications via Telnet and understand a small
  set of commands. That is,
• You can Telnet to a news server to do something.
• A command can be used to submit a forged news
  article to the news server (that you Telneted to)
  with the same article ID as another message.
• Without the digital signature, dont completely
  trust the article, especially the sensitive ones.

21
Policy Violations

• An employee may post proprietary information to a
  newsgroup.
• An employee may post inflammation statements that
  look really bad to the organisation.
• Make sure to check the organisations policy
  about posting articles in NetNews, what you can
  post, and what you cant.
• Also make sure to attach a disclaimer Thats
  your own opinion if that is nothing to do with
  the organisation.

22
Terminal Services

• Terminal services, such as Telnet, r-commands
  (e.g., rlogin, rsh) are provided to allow access
  to remote systems.

23
Securing Terminal Services

• r-commands make use of the trust mechanism via
  the .rhosts file.
• Avoid using it.
• Dont share your password with others and change
  the password at least every few months.
• With some client programs, users can save
  passwords for the next time login, e.g.,
  SecureCRT.
• Dont do that.

24
Securing Terminal Services

• Dont persist in accessing to the Terminal server
  where you are not authorised.
• Dont persist in accessing the private
  files/directories of peers, such as mail boxes.

25
Web Services

• Web is one of the most popular information
  retrieval services in use nowadays.

26
Threats to Users from using Web

• There are 3 categories of threats to users from
  using Web
• Threats to information in transit,
• Threats to the user machine caused by browser
  bugs, and
• Threats to the end system caused by helper
  applications.

27
Threats to Information in Transit

• The threats posed to information in transit via
  HTTP are very similar to those posed by e-mail,
  Telnet, or any other Internet service.
• E.g., data confidentiality.
• Consider the following scenarios..

28
Threats to Information in Transit

• A user could transmit his/her credit card number
  through a Web form. This credit card number could
  then be eavesdropped while in transit.
• A subscriber to an information server could
  access a piece of information via the providers
  Web page.
• But the information could be eavesdropped
  while in transit.

29
Securing Information in Transit

• Make sure that the protocol used or supported for
  transmitting sensitive data is secure.
• All the three standards below attempt to
  incorporate encryption (data confidentiality) and
  digital signature (user authenticity).
• S-HTTP (Secure HTTP) created by CommerceNets
  Secure Mosaic browser,
• Secure Sockets Layer (SSL) created by Netscape,
  and
• Private Communications Technology (PCT) created
  by Microsoft Corporation.

30
Threats by Browser Bugs

• Random generator bug in Netscape.
• Netscape version before 1.12 used a poor
  choice of a random number generator, as a
  significant part of any cryptographic function
  (also in Netscapes browser) to produce a key.
• It was then possible for an intruder to
  predict what the key would be and decrypt
  supposedly private messages.

31
From the WWW Security FAQ

• Q76 Are there any known security problems with
  the Netscape Servers?
• It was found that the random number generator
  used within the server to generate encryption
  keys was relatively predictable, allowing a
  cracking program to quickly guess at the correct
  key. This hole has been closed in the recent
  releases of the software, and you should upgrade
  to the current version if you rely on encryption
  for secure communications. Both the server and
  the browser need to be upgraded in order to
  completely close this hole.

32
HTML Conversion Bug

• From http//thaicert.nectec.or.th/advisory/alert/M
  S03-23.php
• ???? HTML Conversion bug???????????? 10
  ??????? 2546???? ??????????????????
• ?????????????????????????????????????????????
  ???????????????????????????????????????????
  ??????????????????????????????????????????????????
  ??????????????????????????? Internet Explorer
  (IE.)
• ??????????????????????? Buffer
  Overflow ??????????????????????????? HTML (HTML
  Coversion) ????????????? ??????? ???? ???????
  Internet Explorer ??????? Outlook ??? Outlook
  Express ???????

33
Securing Browser Bugs

• As a user, when a system admin (IT function) asks
  all users to patch or upgrade the software, make
  sure to follow instructions as soon as possible.

34
Common Client Interface (CCI)

• Proposed by NCSA Mosaic, CCI is a development
  that allows a remote client (application) to
  execute and do things on the browsers machine.
• Java 2 Platform, Enterprise Edition (J2EE) for
  developing enterprise applications supports this
  standard.
• The J2EE Connector Architecture CCI simplifies
  the problem of writing code to connect a client
  to an underlying EIS's data store.

35
J2EE

• Created by Sun, J2EE technology and its component
  based model simplifies enterprise development and
  deployment.
• The J2EE platform manages the infrastructure and
  supports the Web services to enable development
  of secure, robust and interoperable business
  applications.

36
CCI Vulnerability

• This feature is useful in that the teacher can
  control what the students are seeing on their
  browser.
• This feature, however, poses a security risk to
  the business environment.
• Imagine what would happen if, each time
  a user within the organisation linked to a
  certain page with CCI code, that server told the
  users browser to mail back a password file.

37
Securing CCI

• CCI may cause remote attacks on the end systems,
  and generally users should disable this feature
  from the browser.

38
Threats by Helper Applications

• The threats are caused by the automatic execution
  (launching) of helper applications.
• Helper applications (Words, Ghostscript, Acrobat,
  Xmpeg, etc) are ones called by Web browsers to
  process specific types of data.

39
Threats by Helper Applications

• The same holds true for (csh, ksh, bash) shell
  scripts.
• -- The organisation may define a content type
  in all its browser, called application/csh, and
  configure the C shell as the associated helper.
• -- So once downloading a csh script from a Web
  server, the local system will dangerously execute
  the script!!!

40
Securing Helper Applications

• Never blindly execute helper applications.
  Carefully check the content of the file (from the
  Web) before executing it by the helper.

41
Virus Infection

• Virus infection comes from a number of sources
• file attachment in email,
• file download from the Internet,
• infected floppy disks,
• etc.

42
Virus Prevention

• Install and use an antivirus program. Also use
  the standard one that the organisation specifies.
  
• Update the virus pattern database every day or at
  least once a week.
• Perform a real time scan. This is to scan any new
  file received by the machine. This includes new
  files from a floppy disk.
• If possible, prepare a bootable disk in advance.
  In the case that the machine has been infected
  till you cant boot from the machine, use the
  disk to boot the machine.

43
Virus Prevention

• Many attacks from Internet use vulnerabilities in
  software to take control over the machine from
  the Internet, such as HTML conversion bug, etc.
  Hence set up your OS to patch itself and related
  software, such as IE automatically at real time.
  Windows can do so.
• In IE, study how to configure Security Zone. This
  will help to a certain level.
• In MS Word, disable the feature of executing
  Macro files many times attached with a MS word
  document file.

44
Virus Prevention

• In Windows systems, avoid sharing files in your
  LAN network. Many worms use LAN to spread
  themselves to other machines with the shared
  files.
• Do backup at least once a week. In case you lose
  the current day file. You still can get the last
  week file.
• Check virus news from many web sites, including
  http//thaicert.nectec.or.th.