ch05.htm

来自「Maximum Security (First Edition) 网络安全 英文」· HTM 代码 · 共 978 行 · 第 1/4 页

	was created by efforts at Sun Microsystems. It vaguely resembles C++. For more information
	about Java, visit the Java home page at <A HREF="http://java.sun.com/"><TT>http://java.sun.com/</TT></A>.
	
<HR>


</BLOCKQUOTE>

<P>This information gets digested by other sources into an advisory, which is often
no more than 100 lines. By the time the average, semi-security literate user lays
his or her hands on this information, it is limited and watered-down.</P>
<P>Thus, redundancy of data on the Internet has its limitations. People continually
rehash these security documents into different renditions, often highlighting different
aspects of the same paper. Such digested revisions are available all over the Net.
This helps distribute the information, true, but leaves serious researchers hungry.
They must hunt, and that hunt can be a struggle. For example, there is no centralized
place to acquire all such papers.</P>
<P>Equally, as I have explained, end-user documentation can be varied. Although there
should be, there is no 12-set volume (with papers by Farmer, Venema, Bellovin, Spafford,
Morris, Ranum, Klaus, Muffet, and so on) about Internet security that you can acquire
at a local library or bookstore. More often, the average bookstore contains brief
treatments of the subject (like this book, I suppose).</P>
<P>Couple with these factors the mind-set of the average system administrator. A
human being only has so much time. Therefore, these individuals absorb what they
can on-the-fly, applying methods learned through whatever sources they encounter.
<H4><FONT COLOR="#000077"><B>The Dissemination of Information</B></FONT></H4>
<P>For so many reasons, education in security is wanting. In the future, specialists
need to address this need in a more practical fashion. There must be some suitable
means of networking this information. To be fair, some organizations have attempted
to do so, but many are forced to charge high prices for their hard-earned databases.
The National Computer Security Association (NCSA) is one such organization. Its RECON
division gathers some 70MB per day of hot and heavy security information. Its database
is searchable and is available for a price, but that price is substantial.


<BLOCKQUOTE>
	<P>
<HR>
<FONT COLOR="#000077"><B>Cross Reference:</B></FONT><B> </B>To learn more about NCSA
	RECON, examine its FAQ. NCSA's database offers advanced searching capabilities, and
	the information held there is definitely up-to-date. In short, it is a magnificent
	service. The FAQ is at <A HREF="http://www.isrecon.ncsa.com/public/faq/isrfaq.htm"><TT>http://www.isrecon.ncsa.com/public/faq/isrfaq.htm</TT></A>.
	You can also get a general description of what the service is by visiting <A HREF="http://www.isrecon.ncsa.com/docz/Brochure_Pages/effect.htm"><TT>http://www.isrecon.ncsa.com/docz/Brochure_Pages/effect.htm</TT></A>.
	
<HR>


</BLOCKQUOTE>

<P>Many organizations do offer superb training in security and firewall technology.
The price for such training varies, depending on the nature of the course, the individuals
giving it, and so on. One good source for training is Lucent Technologies, which
offers many courses on security.


<BLOCKQUOTE>
	<P>
<HR>
<FONT COLOR="#000077"><B>Cross Reference:</B></FONT><B> </B>Lucent Technologies'
	WWW site can be found at <A HREF="http://www.attsa.com/"><TT>http://www.attsa.com/</TT></A>.<BR>
	
<HR>

<HR>
<FONT COLOR="#000077"><B>NOTE:</B></FONT><B> </B>Appendix A, &quot;How to Get More
	Information,&quot; contains a massive listing of security training resources as well
	as general information about where to acquire good security information. 
<HR>


</BLOCKQUOTE>

<P>Despite the availability of such training, today's average company is without
a clue. In a captivating report (<I>Why Safeguard Information?</I>) from Abo Akademi
University in Finland, researcher Thomas Finne estimated that only 15 percent of
all Finnish companies had an individual employed expressly for the purpose of information
security. The researcher wrote:

<DL>
	<DD>The result of our investigation showed that the situation had got even worse;
	this is very alarming. Pesonen investigated the security in Finnish companies by
	sending out questionnaires to 453 companies with over 70 employees. The investigation
	showed that those made responsible for information security in the companies spent
	14.5 percent of their working time on information security. In an investigation performed
	in the UK over 80 percent of the respondents claimed to have a department or individual
	responsible for information technology (IT) security.
</DL>

<P>The Brits made some extraordinary claims! &quot;Of course we have an information
security department. Doesn't everyone?&quot; In reality, the percentage of companies
that do is likely far less. One survey conducted by the Computer Security Institute
found that better than 50 percent of all survey participants didn't even have written
security policies and procedures.
<H4><FONT COLOR="#000077"><B>The Problems with PC-Based Operating Systems</B></FONT></H4>
<P>It should be noted that in America, the increase in servers being maintained by
those new to the Internet poses an additional education problem. Many of these individuals
have used PC-based systems for the whole of their careers. PC-based operating systems
and hardware were never designed for secure operation (although, that is all about
to change). Traditionally, PC users have had less-than close contact with their vendors,
except on issues relating to hardware and software configuration problems. This is
not their fault. The PC community is market based and market driven. Vendors never
sold the concept of security; they sold the concept of user friendliness, convenience,
and standardization of applications. In these matters, vendors have excelled. The
functionality of some PC-based applications is extraordinary.</P>
<P>Nonetheless, programmers are often brilliant in their coding and design of end-user
applications but have poor security knowledge. Or, they may have some security knowledge
but are unable to implement it because they cannot anticipate certain variables.
<I><TT>Foo</TT></I> (the variable) in this case represents the innumerable differences
and subtleties involved with other applications that run on the same machine. These
will undoubtedly be designed by different individuals and vendors, unknown to the
programmer. It is not unusual for the combination of two third-party products to
result in the partial compromise of a system's security. Similarly, applications
intended to provide security can, when run on PC platforms, deteriorate or otherwise
be rendered less secure. The typical example is the use of the famous encryption
utility Pretty Good Privacy (PGP) when used in the Microsoft Windows environment.</P>
<P><B>PGP</B> PGP operates by applying complex algorithms. These operations result
in very high-level encryption. In some cases, if the user so specifies, using PGP
can provide military-level encryption to a home user. The system utilizes the public
key/private key pair scenario. In this scenario, each message is encrypted only after
the user provides a <I>passphrase</I>, or secret code. The length of this passphrase
may vary. Some people use the entire first line of a poem or literary text. Others
use lines in a song or other phrases that they will not easily forget. In any event,
this passphrase must be kept completely secret. If it is exposed, the encrypted data
can be decrypted, altered, or otherwise accessed by unauthorized individuals.</P>
<P>In its native state, compiled for MS-DOS, PGP operates in a command-line interface
or from a DOS prompt. This in itself presents no security issue. The problem is that
many people find this inconvenient and therefore use a <I>front-end</I>, or a Microsoft
Windows-based application through which they access the PGP routines. When the user
makes use of such a front-end, the passphrase gets written into the Windows swap
file. If that swap file is permanent, the passphrase can be retrieved using fairly
powerful machines. I've tried this on several occasions with machines differently
configured. With a 20MB swap file on an IBM compatible DX66 sporting 8-16MB of RAM,
this is a formidable task that will likely freeze the machine. This, too, depends
on the utility you are using to do the search. Not surprisingly, the most effective
utility for performing such a search is GREP.


<BLOCKQUOTE>
	<P>
<HR>
<FONT COLOR="#000077"><B>NOTE:</B></FONT><B> </B>GREP is a utility that comes with
	many C language packages. It also comes stock on any UNIX distribution. GREP works
	in a way quite similar to the <TT>FIND.EXE</TT> command in DOS. Its purpose is to
	search specified files for a particular string of text. For example, to find the
	word <TT>SEARCH</TT> in all files with a <TT>*.C</TT> extension, you would issue
	the following command:</P>
	<PRE><FONT COLOR="#0066FF">GREP SEARCH *.C</FONT></PRE>
	<P>There are free versions of GREP available on the Internet for a variety of operating
	systems, including but not limited to UNIX, DOS, OS/2, and 32-bit Microsoft Windows
	environments. 
<HR>


</BLOCKQUOTE>

<P>In any event, the difficulty factor drops drastically when you use a machine with
resources in excess of 100MHz and 32MB of RAM.</P>
<P>My point is this: It is by no fault of the programmer of PGP that the passphrase
gets caught in the swap. PGP is not flawed, nor are those platforms that use swapped
memory. Nevertheless, platforms that use swapped memory are not secure and probably
never will be.


<BLOCKQUOTE>
	<P>
<HR>
<FONT COLOR="#000077"><B>Cross Reference:</B></FONT><B> </B>For more information
	about PGP, visit <A HREF="http://web.mit.edu/network/pgp.html"><TT>http://web.mit.edu/network/pgp.html</TT></A>.
	This is the MIT PGP distribution site for U.S. residents. PGP renders sufficiently
	powerful encryption that certain versions are not available for export. Exporting
	such versions is a crime. The referenced site has much valuable information about
	PGP, including a FAQ, a discussion of file formats, pointers to books, and of course,
	the free distribution of the PGP software. 
<HR>


</BLOCKQUOTE>

<P>Thus, even when designing security products, programmers are often faced with
unforeseen problems over which they can exert no control.


<BLOCKQUOTE>
	<P>
<HR>
<FONT COLOR="#000077"><B>TIP:</B></FONT><B> </B>Techniques of secure programming
	(methods of programming that enhance security on a given platform) are becoming more
	popular. These assist the programmer in developing applications that at least won't
	weaken network security. Chapter 30, &quot;Language, Extensions, and Security,&quot;
	addresses some secure programming techniques as well as problems generally associated
	with programming and security. 
<HR>


</BLOCKQUOTE>

<H3><FONT COLOR="#000077"><B>The Internet's Design</B></FONT></H3>
<P>When engineers were put to the task of creating an open, fluid, and accessible
Internet, their enthusiasm and craft were, alas, too potent. The Internet is the
most remarkable creation ever erected by humankind in this respect. There are dozens
of ways to get a job done on the Internet; there are dozens of protocols with which
to do it.</P>
<P>Are you having trouble retrieving a file via FTP? Can you retrieve it by electronic
mail? What about over HTTP with a browser? Or maybe a Telnet-based BBS? How about
Gopher? NFS? SMB? The list goes on.</P>
<P>Heterogeneous networking was once a dream. It is now a confusing, tangled mesh
of internets around the globe. Each of the protocols mentioned forms one aspect of
the modern Internet. Each also represents a little network of its own. Any machine
running modern implementations of TCP/IP can utilize all of them and more. Security
experts have for years been running back and forth before a dam of information and
protocols, plugging the holes with their fingers. Crackers, meanwhile, come armed
with icepicks, testing the dam here, there, and everywhere.</P>
<P>Part of the problem is in the Internet's basic design. Traditionally, most services
on the Internet rely on the client/server model. The task before a cracker, therefore,
is a limited one: Go to the heart of the service and crack that server.</P>
<P>I do not see that situation changing in the near future. Today, client/server
programming is the most sought-after skill. The client/server model works effectively,
and there is no viable replacement at this point.</P>
<P>There are other problems associated with the Internet's design, specifically related
to the UNIX platform. One is access control and privileges. This is covered in detail
in Chapter 17, &quot;UNIX: The Big Kahuna,&quot; but I want to mention it here.</P>
<P>In UNIX, every process more or less has some level of privilege on the system.
That is, these processes must have, at minimum, privilege to access the files they
are to work on and the directories into which those files are deposited. In most
cases, common processes and programs are already so configured by default at the
time of the software's shipment. Beyond this, however, a system administrator may
determine specific privilege schemes, depending on the needs of the situation. The
system administrator is offered a wide variety of options in this regard. In short,
system administrators are capable of restricting access to one, five, or 100 people.
In addition, those people (or groups of people) can also be limited to certain <I>types</I>
of access, such as read, write, execute, and so forth.</P>
<P>In addition to this system being complex (therefore requiring experience on the
part of the administrator), the system also provides for certain inherent security
risks. One is that access privileges granted to a process or a user may allow increased
access or access beyond what was originally intended to be obtained. For example,
a utility that requires any form of root access (highest level of privilege) should
be viewed with caution. If someone finds a flaw within that program and can effectively
exploit it, that person will gain a high level of access. Note that strong access-control
features have been integrated into the Windows NT operating system and therefore,
the phenomenon is not exclusively related to UNIX. Novell NetWare also offers some
very strong access-control features.</P>
<P>All these factors seriously influence the state of security on the Internet. There
are clearly hundreds of little things to know about it. This extends into heterogeneous
networking as well. A good system administrator should ideally have knowledge of
at least three platforms. This brings us to another consideration: Because the Internet's