Security
Introduction
Security issues can be divided into two categories: system security (for example, ensuring that other people cannot change your Web site) and information security (for example, ensuring that the customer details from an online store are safe).
System security
It is important to ensure that your system is secure, and reduce the chance that hackers can break into your Web server and alter pages.
System security is a strong responsibility, especially if you operate your own Web server.
Information security
Some Web sites may store sensitive information, such as the personal details (and perhaps even credit card numbers) of users. You should analyse the information stored and work out which information must be kept secure.
As the operator of such a site, you have a responsibility to keep this information safe.
Encryption
Encryption, which makes it difficult for other people to intercept information, can be an important aid to security. However, encrypted Web connections (indicated by a padlock icon in the browser) do not ensure that information is held securely.
Complex issue
Making a site secure can be complicated. If you don't understand some of the basic concepts, you are unlikely to create a secure site simply by using 'secure' software.
Passwords
There are two important issues in system security. One is in the use of passwords, which should be chosen and used securely. However secure a system might be, it is normally left wide open if the password used to access it is compromised.
Problems with passwords
Most systems use passwords to restrict access. It is possible to obtain a password in several ways:
- guessing
If you choose a particularly simple password (your mother's maiden name, your pet's name, your favourite sports team) then people may be able to guess the password - brute-force search
There are programs which can try many passwords, for example by going through every word in a dictionary - social engineering
It is often possible to trick people into revealing passwords, for example by phoning up and pretending to be the Internet service provider or a member of the company - obtaining stored passwords
Sometimes people store passwords on their computer, on post-it notes, in their diary, etc. In this case, the password can easily be obtained by somebody with physical access - obtaining shared passwords
When the same password is used for several systems, anybody who obtains the password for one system already has it for all others - installing trojans
There are 'trojan horse' software programs which install invisibly on your computer, monitoring keystrokes. These are often associated with computer viruses - interception
If passwords are sent across an unencrypted connection, it may be possible to intercept the password as it is transmitted (this is usually a relatively low risk)
Using passwords securely
You can avoid these problems by:
- using a good password
Choose a password that is reasonably long (at least 8 characters) and is not made up of simple words. Use punctuation and numbers if possible - ensure systems limit password attempts
If possible, make sure that the system allows only a certain number of password attempts before locking out the account - not storing passwords
Do not store important passwords on your computer, or write them down - not sharing passwords
Use different passwords for all important systems - never giving out passwords
Do not give out your password to anybody - maintaining general levels of computer security
Use a virus checker and ensure that your email program is configured securely and kept up to date - using secure connections for passwords
Make sure that passwords are sent across secure connections so that they cannot be intercepted in transit
Software security
Another system security issue is the actual software that makes up the system. This software may have bugs and security holes that permit access even without a password. System software should be kept current with security patches and updates.
Software flaws
Web servers are complicated programs and frequently contain bugs which may, under certain conditions, allow hackers access to your system even if they cannot get a password.
If you use a Web hosting provider, then it is their responsibility to ensure that software is kept updated (but you should check they actually do this). If you run your own server then you must be very careful to secure it.
Keeping software current
Security problems are often discovered in Web servers. Sometimes these problems are relatively minor, only allowing an attacker to disable your server until you can fix the problem (a 'denial of service attack'). Frequently, though, security holes will allow hackers significant or full access to the machine and its files.
Server manufacturers issue patches (updates) to their software when a problem is found. You must ensure that your server, and other key software such as the operating system, is kept current. This also applies to any other critical machines. For example, if you get a virus on your home machine, which you use to log into the server, then your password might be stolen; so it is important that you keep your email software updated.
Do not fall into the trap of thinking that a particular server is 'secure' because it says so or because it is developed by a large company. For example, Microsoft's Internet Information Server is frequently hacked.
Using minimal software
Configure software (especially servers) so that all unnecessary features are disabled. Some software ships with many unnecessary features active, which means that if a hole is found in any of those features, your system could be vulnerable even if you do not use the features.
Using firewalls
'Firewall' software prevents access to your server except via specific 'ports'. Though firewall software can be helpful in reducing security risks, it is not an overall solution because you are still vulnerable to attacks that might occur via your Web server or other ports that you really have to allow.
Information security
Some of the information on your Web site may need to be stored securely. You should pay particular attention to the way this information is stored. The first step is to decide exactly which information needs special attention.
General personal information
If you store personal information about other people, then (apart from your legal responsibilities, for example under the Data Protection Act in the UK) you should consider the importance of that information.
For example, a person's name is generally not particularly critical information - but if, for example, you provide a confidential resource such as information about homosexuality, it could be catastrophic if the information is revealed.
Credit card details
Credit card details always need to be treated with the utmost care. There are many examples of sites which have lost large numbers of credit cards; the cards are then used for fraud. In a famous example, the site 'CD Universe' had hundreds of thousands of credit card details stolen; these details were posted to the Internet.
Secure site information
Some sites may include information on their own behalf, not for users, but which is nevertheless security-critical. For example, a company Web site might contain financial information about the company which should not be visible outside the company.
Handling secure information
Once you have decided which information needs to be handled securely, you need to consider how that information might be at risk, and take steps to reduce that risk.
We will take the example of credit card numbers from an online store.
Maintaining system security
Your first step should be to keep system security as high as possible. Ensure that all software is current and that the software is reliable. (For example, if you use a shopping cart program, make sure there are no known holes in that program and make sure it has been examined by security experts.)
Securing information in transit
Whenever the credit card numbers are transmitted, this must be done securely. For example, the site should have an encrypted connection when the user initially types in the number. However, many sites then send the order details by unencrypted email! Clearly this introduces the risk of interception.
Reducing consequences of failure
No site is perfectly secure. For example, even if you keep your software current, there will always be a period between when a security hole is discovered, and when you install a patch from the manufacturer that fixes that hole.
In order to handle this risk, you must make sure that the consequences of a break-in to your Web site are not serious. For example, you should not store customer credit card details on an Internet-connected machine for any longer than absolutely necessary. You should make certain that the information is deleted, or transferred to a safe, off-Net computer, as soon as possible after the order has been received.
If your system is broken into, you will then only lose a few credit card numbers instead of hundreds or thousands.
Detecting failure
You should have some way of finding out when your site is compromised (for example, by regularly checking logs, though be aware that an intelligent attacker may be able to remove their traces from logs). If you suspect your site might have been compromised, you should immediately set about cleaning the site, selecting new passwords and keys, and so on.
Encryption
Web sites use encryption to keep information secure in transit. Modern encryption works using a 'public key' scheme. If done properly, this encryption is not reasonably broken, but you need to pay careful attention to the points when unencrypted information is available.
What public key encryption achieves
Public key encryption allows you to transfer a message securely between two people who might not have previously communicated. Even if all communications between the two people are intercepted, they cannot easily be decrypted.
Conceptual overview
Imagine that you have a briefcase containing secret documents. You can send that briefcase to the recipient, but it might be intercepted. In order to protect against this, you obtain a special unbreakable padlock, which you use to secure the briefcase.
You lock the briefcase and send it to your recipient. Now, even if the briefcase is intercepted, you are safe because it cannot be opened. Unfortunately, when your recipient receives it, they cannot open it because they don't have the key to the padlock.
You could send the recipient the key as well as the briefcase... but if both are intercepted, the attacker can easily open it and obtain the documents.
Instead, your recipient also purchases an unbreakable padlock. When they receive the locked briefcase, they lock it with their padlock, so that it is now locked twice. They then send it back to you.
You receive the briefcase, unlock and remove your padlock, and send it back. It is still locked with the recipient's padlock.
Finally the recipient receives it, unlocks their padlock, and can open the case.
Note that the briefcase was always locked (from when it was sent until when the message was finally received), and you did not have to transfer the keys.
Public key encryption
Public key encryption achieves the same type of security as described, although not in exactly the same manner. The message is not actually sent back and forth three times.
Instead, both parties (the sender and recipient) have a pair of mathematical codes known as keys; a private key which must be kept secret and cannot be transferred, and a public key which can be made public.
When a message is encrypted using a combination of the sender's private key and the recipient's public key, it can only be decrypted using the recipient's private key and the sender's public key. (Some complicated maths which I'm not going to explain makes this happen, so just trust me.)
So, if the recipient sends their public key to the sender, the sender can then encrypt the message using their private key, and send it - along with the sender's public key - to the recipient. The message is secure because it cannot be decrypted without the recipient's private key which was not transferred.
Key sizes
The size of a key is measured as a number of bits. If a key is small, it may be possible to break the encryption without having access to the private key.
Some encryption on the Web uses only 40 bits. This is not secure and is easily broken. However, the more common 128-bit keys should be secure for most purposes at present (in other words, the amount of computer time it would currently take to break a 128-bit key is not worth gaining a few credit card numbers).
Encryption security issues
Fundamentally, a public-key encrypted message is not secure if the private key that is needed to decrypt the message is not secure.
For example, Web servers which provide secure connections work by storing the private key on the server (so that the server can decrypt messages). This means that the message is secure in transit, but is not secure if anybody hacks into the server.
Similarly, there is not too much point encrypting data if you are going to store the private key on the same system.
You could securely store data on a server by encrypting it so that it can only be read using a private key that is not present on the server (but is available on another system that isn't connected to the Internet). Periodically, you could transfer information from the server to your isolated machine, and then access that data using the private key stored on that machine.
Scare stories
There are many scare stories relating to security breaches on the Web. Here are a few embarrassing examples.
Credit card breaches
This story summarises a few credit card breaches that involved blackmail attempts.
"Another case that drew much attention involved the theft of some 300,000 card numbers from CDUniverse.com in December 1999. In that episode, a teenage Russian hacker released thousands of the numbers online when the music e-tailer refused to meet his $100,000 extortion demand."
This story describes how 2,700 customer credit card numbers were exposed by the Consumers' Association, a UK organisation which promotes its own Web security mark.
This email was sent to customers of Playboy.com, a major online site. It makes entertaining reading.
Web site defacement
This defacement archive lists defaced Web sites (you can also view the defacements). Although Web site defacement is not normally serious, you probably would not want your company's Web site to be replaced by one of these defaced pages. Look at the sheer number of sites that are defaced each day.
Viruses
Viruses spread mostly due to poor security practices (such as people opening email attachments). However, if you are running out-of-date email software you could be infected by an incoming virus even without opening an attachment.
The anti-virus software provider MessageLabs tracks current viruses, and you can see a 'top 10' of current viruses. They also provide descriptions. At the time of writing, the current number one virus is W32/BadTrans.B-mm, which installs itself without any user intervention (if you have an unpatched email client), sends itself to everyone you know, and also installs a trojan that monitors passwords you type and emails them to the virus creator.
Summary
Security is a very serious issue on the Web. If your site contains any sensitive data, you need to take steps to reduce security risks.
Passwords
Make sure that you use passwords securely.
Software updates
Always keep your software current, immediately applying any security patches that the manufacturer provides. This is particularly important for server software, but might also be an issue for certain software on your own computer such as your email program and browser.
Sensitive information
Treat sensitive information like credit card numbers carefully. Do not store sensitive information on the server for any longer than necessary; if you must store this information for any length of time, transfer it to a machine which is not connected to the Internet. Do not transfer sensitive information without encryption.
Encryption
Public key encryption can protect your data in transit, but encryption is not a guarantee of security.