Garfinkel, S. and Spafford, E.H. Web Security and Commerce. O'Reilly and Associates, Sebastopol, CA, 1997.  Home/Search   Document Not in Database   Summary   Related Articles   Check

....technologies are revolutionizing information technology and creating unprecedented opportunities for developing largescale distributed applications. At the same time, there is a growing concern over the security of Web based applications, which are rapidly being deployed over the Internet [4]. For example, e commerce the leading Web based application is projected to have a market exceeding 1 trillion over the next several years. However, this application has already become a security nightmare for both customers and business enterprises as indicated by the recent episodes ....

.... of public and private enterprises are in the forefront of adopting Internetbased WFMSs and finding ways to improve their services and decision making processes, hence we are faced with the daunting challenge of ensuring the security and privacy of information in such Web based applications [4]. Typically, a Web based application can be represented as a three tier architecture, depicted in the figure, which includes a Web client, network servers, and a back end information system supported by a suite of databases. For transaction oriented applications, such as e commerce, ....

[Article contains additional citation context not shown here]

Garfinkel, S. and Spafford, E.H. Web Security and Commerce. O'Reilly and Associates, Sebastopol, CA, 1997.

....a vulnerability database from a text file at startup, keeping the entire contents resident in memory for the lifetime of the tool. Vulnerabilities can be added to the database, removed and changed with ease. The ITS4 vulnerability database currently contains 131 calls culled from many sources[4, 5, 8] including the Bugtraq archives[12] and our own personal experience. The largest single class of problems in our database are race conditions involving file accesses. Functions susceptible to buffer overflows also account for many entries. Several different pseudorandom number routines are flagged ....

S. Garfinkel and G. Spafford. Practical Unix and Internet Security. O'Reilly and Associates, Inc., 1996.

....a vulnerability database from a text file at startup, keeping the entire contents resident in memory for the lifetime of the tool. Vulnerabilities can be added to the database, removed, and changed with ease. The ITS4 vulnerability database currently contains 131 calls culled from many sources [4, 5, 8] including the Bugtraq archives [12] and our own personal experience. The largest single class of problems in our database are race conditions involving file accesses. Functions susceptible to buffer overflows also account for many entries. Several different pseudo random number routines are ....

S. Garfinkel and G. Spafford. Practical Unix and Internet Security. O'Reilly and Associates, Inc., 1996.

....to the service process. Finally, Java has a sophisticated exception handling mechanism, so unexpected data values will not cause the program to misbehave and crash the server. Instead an exception is generated which is handled and the program usually terminates neatly with a run time error [3]. Security Architecture Java Servlets have been designed with Internet security issues in mind and mechanisms for controlling the environment in which the Servlet will run have been provided. CGI scripts generally have fairly free access to the server s resources and badly written scripts can ....

....Features of SSL SSL allows for different security features being chosen. First of all, different encryption algorithms can be used to produce ciphertexts and authentication messages. For authentication, different hash algorithms can be negotiated. SSL can also use X509.v3 peer certification [3]. Using a session identifier, active states of SSL are identified, where a state consists of a number of keys involved in the session, both on the server and on the client side, and sequence numbers to count the messages exchanged. By using these different parameters, SSL sets up a session ....

S. Garfinkel and G. Spafford. Web Security and Commerce. O'Reilly and Associates, 1997.

....to people via the Internet. But why limit access For example, a company may like to make important and confidential documents available only to its executive board easily and securely. Table 1. 1 contains some reasons that organizations or individuals may want to limit access to their websites [9]. The World Wide Web is one mechanism for delivering a variety of Internet content easily, but what about security Unfortunately, today s Web is extremely vulnerable to security compromises of varying degrees. How can one limit access over the Web 9 1. The information on your webserver may only ....

Simson Garfinkel and Gene Spafford. Web Security and Commerce. O'Reilly and Associates, Inc., Sebastopol, California, 1997.

.... run operating systems where user capabilities are unlimited (e.g. Windows95) are at highest risk not only themselves, but because they can be exploited for a number of purposes (e.g. data logging of a local subnet) Data spoofing An alternative way to utilize spoofing is to perform data spoofing [33, 6]. If the attacker can somehow see the datagrams, they can either substitute their payload, or inject false datagrams into the traffic in order to carry an integrity attack. In some cases such integrity attacks might lead to opening a back door to the system, and in others they may be directed at ....

Garfinkel Simon, et al. Practical UNIX and Internet Security, O'Reilly and Associates, 1996

....who are not authorised to access or modify some information, acting as intruders, may attempt to achieve that specific goal. An important part of creating a secure and safe environment for a program to run is facing the potential threats inherent in distributed client server and Web technology [GS97] which may be exploited by any of the threat agents mentioned above. The main threats can be classified with respect to the potential result as [MSB95] disclosure: loss of confidentiality and privacy, modification: loss of integrity, fabrication: loss of authenticity, and ....

Simson Garfinkel and Gene Spafford. Web Security and Commerce. O'Reilly and Associates, Sebastopol, CA, USA, 1997.

....checksum with Random Art would be more user friendly, efficient, and the user would not need to keep a paper with the checksum. 4. 2 User Authentication via Image Recognition Even after years of research in security, authentication schemes based on passwords still have numerous shortcomings [12, 9]. In general, neither simple nor very complex passwords provide the desired security. Shorter, simpler passwords, which are easy to remember, are too easily guessed with a password cracker program and user specific vocabulary. On the other hand, if the password is very complex the user cannot ....

Simson Garfinkel and Gene Spafford. Practical Unix and Internet Security. O'Reilly and Associates, 1996.

....help. Avoiding swapping in an executable component with malicious behavior is virtually impossible. Nonetheless, it is a key maintenance challenge for component based systems. Malicious behavior detection is difficult enough with source access, and nearly impossible to detect without source access [5]: The mass market software industry has also seen a problem with logic bombs and Trojan horses. For example, in 1994 Adobe distributed a version of a new Photoshop 3.0 for the Macintosh with a time bomb designed to make the program stop working at some point in the future; the time bomb had ....

....do not register and pay the fee, shareware usually times out. Usually, source code is not distributed with shareware, and thus all of the same maintenance problems already discussed with respect to COTS software apply here as well. Similar to the COTS Trojan horse problems, Garfinkle and Spafford [5] state the following concerning shareware: Like shrink wrapped programs, shareware is also a mixed bag. Some shareware sites have system administrators who are very conscientious, and who go to great pains to scan their software libraries with viral scanners before making them available for ....

S. GARFINKEL AND G. SPAFFORD, editor. Practical Unix and Internet Security, Second Edition. O'Reilly and Associates, Inc., 1996.

....21, 20.20.20.5, 1700) then the source host port is 21, which identifies the connection as ftp. Some ports are assigned to commonly known services, such as ftp, telnet, login, etc. whereas other ports are non assigned (for a sample list of assigned ports, see Appendix G in Garfinkel and Spafford [5]) Furthermore, ports can be privileged (those ports below 1024) or non privileged (1024 and up) When converting a source and destination port pair to a service, if one of the ports is an assigned port, the service is identified with that assignment (in the above example, the service would be ....

S. Garfinkel and G Spafford. Practical Unix and Internet Security, 2cnd Edition. O'Reilly and Associates, Inc., 1996.

....the plaintext lengths of the first four fields of the file total 57 bytes long while the RSA ciphertext of the fields is 191 bytes long due to padding done by the RSA algorithm. The implementation of the ICFRS cryptographic protocol is similar to the approach taken by Pretty Good Privacy (PGP) [5]. However, PGP lacks a specific means to transfer an encrypted file from one computer to another. Additionally, the copyright laws governing PGP would not meet the requirement of the overall project. Therefore, customized software was developed for the file transfer scheme of ICFRS. The software ....

Simson Garfinkel PGP: Pretty Good Privacy, O'Reilly and Associates, Inc., 1995.

....the section about CGI: To be on the safe side, if you must pass a string gotten (sic) from a form to a shell command, you should make sure the string contains only alphanumeric characters, dashes, underscores and periods. Similar conservative advice comes from the well respected security guide [Garfinkel 1996]: to paraphrase their advice (p. 546) again in the context of CGI, avoid spawning external processes; or at least avoid passing them user supplied strings; or at least avoid passing ; 3 This, given the 160 character budget imposed by SMS, has generally been seen as a feature ....

Simson Garfinkel, Gene Spafford, Practical UNIX and Internet Security (2 nd ed), O'Reilly and Associates, 1996.

....stated above are: the disclosure threat, the integrity threat and the denial of service threat [1] Trust is 2 The word control is used generally, and is not to be confused with its use in the context of communication services. the level of confidence that a system will behave as expected [23]. Thus, a threat model is an abstract representation of the assets and resources in a system and the associated elements of threat as they pertain to those assets and resources. A threat tree [1, 59, 67] is an example of a threat model. A trust model associates each component of a system with a ....

Simson Garfinkel and Gene Spafford. Practical UNIX and Internet Security. O'Reilly and Associates, Inc., second edition, April 1996.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC