Preface Acknowledgements Contents 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 URLs References
PROTECTING THE WEB SITE *
Crashes *
On-site Intruders *
Internet Crime *
Commandeering a Server *
Secure Socket Layers *
Attacking Servers *
Firewalls *
Facilitating Authoring Access to Remote Servers *
CONTROLLING ACCESS *
Who's Responding — Biometrics *
GLOSSARY *
REFERENCES *
URLs *
This chapter concerns security. The Web is published everywhere. Maybe that’s not the kind of distribution best suited for you!
In the heterogeneous, hacker-happy world of the Internet, network managers can never be entirely sure of the safety of their networks. While Macs have decided security advantages compared to Unix-based Internet hosts, even pure-Mac sites should have operators who know the latest options for putting LAN resources under lock and key.
In a survey last year of more than 300 IS professionals and their network sites, the Computer Security Institute of San Francisco found that about 20 percent of organizations with an Internet connection admitted to suffering a "security incident."
Ironically, the Mac is less vulnerable (and therefore more appealing) because of the proprietary, closed operating system and hardware that hindered its popularity in the general business market. Unix is still king of Internet server platforms, and Microsoft Windows NT plays the great contender, but the Mac has found a comfortable middle ground as a popular platform for the Web and Internet services.
Streeter, 1996, p. 33
This quote appeared in the first edition of Web-Teaching. We began reworking this chapter during the week of February 6, 2000. During that week, "unknown persons" variously described as hackers attacked several popular commercial Web sites. Although the attacks did no lasting damage, their volume created what is described as a denial of service {U18.01} Voluminous requests were directed toward the target sites during a very brief time (seconds). As a result, access to the sites by regular customers became either very slow or nonexistent. From the outset, knowledgeable persons recognized that the Web was subject to such problems, and that the battle between hackers and the worldwide commercial establishment would continue far into the future.
Your server needs protection — from power interruptions, on-site intruders, and Internet-based intruders. One standard admonition always seems to apply: back up; back up; back up; and then, don’t forget to back up the material at the site. Don't forget to back up the material on a second computer; or even at a second site. If you are running your own server, keep it under lock and key in a controlled access area. You have the same things to fear from permitting access to your server as you would have permitting access to your desktop computer, to your records, to your exams, and to your laboratories.
As noted in Chapter 10, it is necessary to deal with computer crashes. Crashes are an unavoidable problem; they happen. The key is to discover and recover. As mentioned earlier, devices such as Rebound can help detect and correct site problems. Web serving and Web monitoring services are another reasonable solution.
It is probably as likely that your hardware will be stolen, or that someone will unlawfully access your office and make changes on your server, as it is that some nefarious, Net-based activity will lead to problems with your server. Exams in high stakes courses often have been locked away in departmental and college safes. Your server should receive similar respect relative to the traditional problems of theft and tampering.
There are several ways in which data may end up in unintended hands. The Internet is based upon breaking information down into packets, and sending these packets across a massive, dynamically-interlinked network. The packets that leave one computer and arrive at another may not arrive in the order sent, and they may not even traverse identical paths in getting from point to point. It is possible to intercept packets along the way — a process called packet sniffing.
As of this writing, there have been few reported cases where packet sniffing has been criminal. Nevertheless, to address this issue, browsers and servers often encode (encrypt) information so that, without the necessary codes or keys, deciphering meaning from packets is nearly impossible. Whenever you see "https://," the associated data transactions are encrypted.
Hackers attempt to gain access to servers. There are two common reasons for these attempts. One is to obtain information from the server. Credit card information can be a prime target. Another goal of hackers may be to use your server as a launching device for some inappropriate activity. In this way, it seems as if the "attack" is coming from you, but it actually is coming from software that has been placed on your server without your knowledge. One way to forestall this kind of hacking is to have layers of servers, the first of which uses read-only CD-ROMs to store the key information. On the one hand, you will need to "burn" a new ROM every time you want to make a change. On the other, no one will be able to write to that ROM. So, if the ROM includes good firewalls, it is a reasonable security strategy.
The SANS Institute (System Administration, Networking, and Security) {U18.02}, "is a cooperative research and education organization through which more than 96,000 system administrators, security professionals, and network administrators share the lessons they are learning and find solutions for challenges they face." SANS has developed a list of the top ten {U18.03} most critical Internet security threats, and offers suggestions about ways to address these threats.
Secure Socket Layers (SSL) encode sensitive information such as credit card numbers that pass between client and server by creating a temporary "key" (a digital code book) that enables the computers on either end to scramble and unscramble information. All the computers relaying the message see it as massively encrypted.
In order to enable digital commerce, a certificate authority uses conventional strategies (investigators, documentation, etc.) to establish a company's identification. Certificates are provided by a certificate authority such as RSA Data Security Inc. {U18.04} or VeriSign {U18.05}. The authority issues a unique "certificate" as proof of identity. When the client encounters a secure Web page, the hosting server sends a "hello" message. The browser then replies with a "client hello." The server sends back a "server hello." Exchanging these enables the two computers to determine the enabled encryptions. The computers also exchange a "session ID," a unique identifier for that specific interaction. The browser asks for the server's "digital certificate."
After a client and a secure server have shaken hands, and after the client has checked the server's digital certificate, the client uses information in the digital certificate to encrypt a message back to server that only the secure server can understand. Using that information, the browser and the server create a "master key." This master key is like a codebook that both sides can use to encode and decode transmissions. Only the client and the server share that "master key", and it's good for only for that individual session. When the session ends, so does the utility of the code book.
The drawing of a padlock or key somewhere along the bottom of your browser's window indicates security (Figure 18.01). Browsers can alert you when you enter and leave a secure site.
Figure 18.01. Icon at bottom of browser software which indicates whether transactions are using a secure socket layer.
There have been reports of Internet crimes, however, and these involve taking information from servers. Credit card numbers have been stolen. There are many cases of credit card numbers coming from criminal activity by workers in businesses, too. Most of our readers need not keep any information on a server that is of potential value to other. Our first advice is to avoid keeping information likely to be the target of thieves on a computer.
Sometimes sensitive material must be stored on a server. Credit card information may be needed for off-campus student bill paying. And exams in high stakes courses have more potential for theft than information for a teacher workshop.
Hackers have been known to "charm" password information out of some unsuspecting employee by using a good story line. Sometimes just a little bit of access is all they need!
The U. S. Department of Justice has a section devoted to computer crime and intellectual property {U18.06}.
A firewall is a hardware— or software—based filtering mechanism that allows limited access to your site from the Internet. "Approved" traffic can move in and out according to a plan. You select the services necessary for your teaching, but bar others who may have significant security holes, or malicious intents.
It is possible to use software that attempts to detect and prevent inappropriate site access. NetBarrier {U18.07} is such software.
Do you know what really happens when your Mac is connected to the Internet or an AppleTalk network? Do you realize that if you are connected to the Net, the Net is connected to you? Uncountable numbers of malicious vandals are able to sneak their way into your personal files undetected. With the Internet, we have entered an era of an information security way, where everyone needs to be armed with a real-time response to any intrusion attempt.
Experts estimate that between 85% and 97% of intrusions are never detected. This is essentially because computers are not protected correctly. But now, there is an optimum security solution available for Macintosh, to protect your computer from intrusions three levels of defense. NetBarrier combines a personal firewall, antivandal detector and a network filter.
NetBarrier
A related issue is the need to facilitate access between machines. When building and maintaining a Web site, the work is often done from a variety of machines and locations. Timbuktu Pro software helps accomplish this. It is not necessary to be physically near a server to modify its content.
Timbuktu Pro is ideal for people who own more than one computer, or need to collaborate with others over a LAN, through a modem, or over the Internet. Timbuktu Pro is essential for help desk, server, and web administrators. No more walks down the hall. No more trips to remote offices. You can even teach friends or family members how to use their computer right over the Internet! Experience the freedom to go anywhere knowing you can access your computer from home, hotel, remote office or wherever you are. With Timbuktu Pro you're never out of touch.
Timbuktu {U18.08}
Timbuktu allows logging on to the server from home or vice versa. Files can be moved using a straightforward interface. That's the good news; that's the bad news. Your machine is susceptible to hacking should anyone else with Timbuktu acquire your user ID and password.
Figure 18.02. Timbuktu file transfer interface. Move files over the Internet from office to home machines.
Figure 18.03. Modified screen capture from Timbuktu. Timbuktu was controlling a server at one site from a different site.
On the Web, the intent is to make most site information accessible to everyone everywhere. Even when specialized software (plug-ins, helper applications) is required, these are nearly always both free of charge and readily downloadable.
For an intranet, a different philosophy prevails. Some universities and companies adopt an intranet approach to software licensing, and therefore they control access. Expect to see several strategies emerge for this. At UNL, KeyServer {U18.09} software is used. This software keeps track of the number of copies licensed for concurrent use. Each user has most of the program at their machine. When the software starts up, it seeks a key from the network. If a copy is available, the server sends back a key that permits use of the software. The number of copies available for use on the local network is reduced by one. When the user quits that software, the number of copies available increases by one. A problem arises when a copy is left running that a user no longer needs; the system depends on user courtesy for success. Key servers are generic solutions to the software licensing problem. Weblets, discussed in Chapter 17, offer another solution to protecting faculty authorship rights.
It is a straightforward matter to handle Web-based enrollment; it is much the same as selling something over the Web. HyperCard-based software could be used to gather individual student data in classes before the Web existed. Converting these packages to Web-based software turned out to be simple.
With Web {U18.10} software, controlling server access is easy. Protected materials are stored in folders. A proscribed character sequence within the folder's name indicates to Web that a user name and password must be submitted prior to access.
There are ways to do some verification of who's sitting at the client side, however. You may already make use of the most common of these — log-in ID with a password. In fact, these can be quite problematic in the absence of an automatic way to handle them. A student always can give their ID and password to an expert who might then take their tests.
Biometrics is the statistical study of biological phenomena. As applied to verifying the identification of humans, biometric identifiers are physiological and behavioral characteristics that are completely unique to a person — their fingerprint, hand shape, iris patterns, face, and voice being among them. Access control, however, can be very sophisticated. Figure 18.04, taken from the site of a company that sells systems to control access, illustrates access mechanisms. Together with voice, this reasonably sums up access control strategies in use at this time.
Figure 18.04. Access strategies from Bionetrix {U18.11}. With Permission.
Access strategies have turned away from ID's and passwords, and toward measuring a body characteristic. Thus fingerprints, handprints, iris patterns, face recognition, and sound or voice recognition serve as bases for identification. The larger commercial interests in this area are in systems like bank automated tellers. Today one uses a bank card and a password to access an account. That is likely to change to some biometric in the future. Several manufacturers offer fingerprint recognition software. Devices are readily available that lock others out of your PC. Fingerprints remain a gold standard for recognition (Figure 18.05). No inking of the fingers is necessary. Place the fingers on a recognition plate, and the device takes over. You can expect access to your money at an automated teller machine (ATM) to involve either fingerprint or iris access before too long, with truly world wide impact.
Figure 18.05. Fingerprint checking mouse from BioLink {U18.12}.
There still is a problem with this from a teacher's point of view. An expert might be standing right alongside a "fingerprinted" participant. Coaching deemed inappropriate could transpire without detection. For that reason, the idea of a TV camera with sound focused on the person sitting at the client terminal has attractions for teachers. This would be especially true if the system were to be automatic. FaceIt software, developed by Joseph Atick, serves this purpose.
The military has a special interest in controlling access. The U. S. Navy supported much of the research that led to FaceIt. The idea was to control gates such that only certain sailors could access a ship through its gang plank.
Figure 18.06. FaceIt® software makes positive identifications of persons against a library of expected faces. "FaceIt" Surveillance" {U18.13} finds faces in video input and performs manual or automatic searches against a watch list of individuals. Automatically finds up to 10 faces simultaneously in a single video frame." The site claims a recognition rate of 15 million faces per minute. It also claims that the technology can work with medium or poor quality images captured from video.
Another application is in bank security. In this situation, pictures are taken of customers and others, including thieves. From the images, a subsequent match becomes possible. It is possible to know with very high accuracy that a suspect is the same individual for whom one has video.
In Chapter 5, we discussed videoconferencing. Software systems for direct observations of students by teachers are already available.
Expect to see many approaches applied to computer testing. Certainly, when site access is controlled, it can be used for purposes of licensure, SAT tests, and so forth. The same system used by you for videoconferencing is likely to provide automatic identity verification—so that students can take secured exams 24 hours a day. The Graduate Record Examination {U18.14} of the Educational Testing Service is given as a computer examination. Students report to designated centers in order to take the examination. The exam is adaptive, and each student receives items as a function of their prior performance.
Figure 18.07. Laboratory for Web-based testing at UNL. With the exception of proctors regularly on duty, this laboratory appears the same as many other campus computer laboratories.
How you’ll prevent collaboration, use of two computers, and similar problems related to examination performance remain open. Just having verification possible throughout an exam period may be adequate. Videoconferencing for verification after the fact is very powerful.
We suspect that just having verification possible throughout an exam period will be adequate. Also, we believe that the human verification after the fact is very powerful. Teaching large classes presents special problems, however. With a class of 100 students, videoconferencing for verification would require 25 hours if only 15 minutes were spent with each student. Larger classes would be even more overwhelming.
For some areas, the practice bank can be made so large that, with computer randomness about specific details included, learning the material is far easier than learning some strategies for just passing test items. As for the exams themselves, having a powerful system can make it possible to use the practice tests and the real tests interchangeably.
biometrics: is the statistical study of biological phenomena. As applied to verifying the identification of humans, biometric identifiers are physiological and behavioral characteristics that are completely unique to a person—their fingerprint, hand shape, iris patterns, face, and voice being among them.
certificate authority: the Internet equivalent of a passport office. Certificate authorities issue digital certificates and validate the holder's identity and authority. CAs "embed an individual's or an organization's public key along with other identifying information into each digital certificate and then cryptographically ‘sign’ it as a tamper-proof seal, verifying the integrity of the data within it and validating its use." {U18.15}
firewall: allows limited access to your site from the Internet. "Approved" traffic can move in and out according to a plan. You select the services necessary for your teaching, but bar others.
packet sniffing: many network data analysis tools are able to capture packets and store them for later review. Though useful for problem analysis, this also permits capturing information, including sign-ons and passwords. Firewalls provide no protection against packet sniffing.
Secure Socket Layers (SSL): encode sensitive information such as credit card numbers that pass between client and server by creating a temporary "key" ( a digital code book) that enables the computers on either end to scramble and unscramble information. All the computers relaying the message see it as massively encrypted. The keys are dynamic, and last for a single session. The systems depends upon organizations that verify identities and issue certificates of identity called certificate authorities.
Streeter, A. (1996, June 24). Leave the doors open, but keep the information secure. MacWeek, p. 33—34.
U18.01. How a "denial of service" attack works, http://singapore.cnet.com/briefs/news/asia/20000210ca.html (accessed 4/4/00).
U18.02. About SANS, http://www.sans.org/aboutsans.htm (accessed 6/22/00).
U18.03. SANS Resources - How To Eliminate The Ten Most Critical Internet Security Threats, http://www.sans.org/topten.htm (accessed 6/22/00).
U18.04. RSA Security, http://www.rsasecurity.com/ (accessed 4/8/00).
U18.05. NPS Internet Solutions (Versign Digital Certificate), http://www.npsis. com/help/verifaq.html (accessed 4/8/00).
U18.06. Computer Crime and Intellectual Property Section, U. S. Department of Justice, http://www.cybercrime.gov/ (accessed 4/4/00).
U18.07. NetBarrier, http://www.intego.com/ (accessed 4/4/00).
U18.08. Timbuktu, http://www.netopia.com/software/tb2/2000/ (accessed 4/4/00).
U18.09. Sassafras Software (KeyServer) http://www.sassafras.com/faq.html (accessed 4/4/00).
U18.10. WebSTAR, http://www.starnine.com/webstar/webstar.html (accessed 4/4/00).
U18.11. Bionetrix, http://www. bionetrix.com/home.html (accessed 4/4/00).
U18.12. BioLink (mouse) http://www.biolinkusa.com/product.htm (accessed 4/4/00).
U18.13. Visionics Corporation, http://www.faceit.com/ (accessed 4/4/00).
U18.14. Graduate Record Examination, http://www.gre.org/cbttest.html (accessed 4/4/00).
U18.15. Certificate Authority Program http://home.netscape.com /security/caprogram/ (accessed 4/8/00).