Practical techniques for securing distributed computing systems.
Computing security is, at its core, more than a technical issue: It's a fundamental business challenge. Managers have plenty of security alternatives, but little real guidance on making intelligent decisions about them. And today's distributed, multivendor, Internet-connected environments encompass more insecure systems and networks than ever before.
Security in Distributed Computing offers the manager of distributed systems a thorough, common-sense framework for cost-effective computer security. Learn how to:
This book reviews critical risk areas in distributed systems, including networks, operating systems, applications, middleware, and the Internet. It considers the unique challenges of security in UNIX and Windows NT environments. And it presents detailed information about technologies that can help you respond, including:
Security in Distributed Computing also presents valuable, in-depth recommendations of how to design and implement a security strategy.
The more your organization comes to rely on distributed systems, the more important security will become. When you need to make important business decisions about security, you'll appreciate the practical advice and insight this book delivers.
I. UNDERSTANDING THE PROBLEM.1. “Computing Security” A Business Issue.
Business Drivers. Business Issues. Summary.2. Distributed Security Challenges.
Stories. Security Issues. The Top Ten List. Conclusions.
II. FOUNDATIONS.3. Computing Security Basics.
What is Security? Trust—What Is It? Trust—Why Do We Need It? Summary.4. Security Architecture.
Foundation. Trust. Control. Summary.5. Foundations.
Principles. Security Policy Framework. Security Criteria. Summary.6. Security Policy.
Security Policy Framework. Example of a Policy. The Process of Creating Policies. Summary.
III. TECHNOLOGIES.7. The Network.
A Tale of Two Networks. Systems Network Architecture. Introducing TCP/IP. SNA versus TCP/IP Security. Conclusions.8. Network Operating Systems.
About Network Operating Systems? Issues Surrounding NOS Implementations. Conclusions.9. Client/Server and Middleware.
Client/Server. Middleware. Enabling Technology. Distributed Objects. Things to Watch Out For. Summary.10. UNIX Security.
Why has UNIX Such a Bad Reputation for Security? UNIX Security. Typical Abuses. Conclusions.11. More UNIX Security.
UNIX Network Services. A Burglar's Tools. Conclusions.12. UNIX Solutions.
Control Monitors. Conclusions.13. Windows NT Security.
Security Controls. Networking. Conclusions.14. The Internet.
What is the Internet? Internet Firewall. Conclusions.15. Cryptography.
Private Key Encryption. Public Key Encryption. Encryption Issues. Digital Signature. Summary.16. The DCE Environment.
What is DCE? Concerns about DCE. Conclusions.17. DCE Security Concepts.
DCE Authentication. Authorization. Is DCE Bulletproof? Conclusions.18. Distributed Database.
What is a RDBMS? Different Models to Enable Applications. Issues Surrounding RDBMS. What is a Data Warehouse? Conclusions.19. On-Line Transaction Processing.
What Is a Transaction? Components of a Transaction Processing System. The Top Five List. Summary.
IV. SOLVING THE PROBLEM.20. Secure Applications.
Concepts. System Development Life Cycle. Summary.21. Implementation Examples.
Electronic Mail. Lotus Notes. What's Next. Summary.22. Security Management.
System Management. Network Management. Conclusions.23. Developing a Security Strategy.
A Security Strategy. The Security Strategy Roadmap. Conclusions.24. Auditing.
What Is an Audit? What Role Should Audit Play? Sample Criteria for a UNIX Audit. The Basics of Computer Auditing. Expanding the Focus. Other Types of Audits. Conclusions.25. The Future.
Viruses. Personal Computer Access Controls. How Far Should Security Be Extended? Conclusions.Appendix D. Remote Access.
The problem of safeguarding corporate computing from misuse is a perplexing one for many organizations. From the smallest personal business to the world's largest financial corporations, organizations have experienced assaults or security problems with their computing systems.
Computer security incidents, which have been widely reported by the press, have increased the general publicös awareness of the existence of the problem. Management appreciation of the problem, and their commitment to address it, has never been higher. New commercial security solutions, offspring from the advanced technologies used in the defense industry, are available in the marketplace. Corporate expenditures on these technologies have been rapidly rising.
Most organizations have recognized that the problem exists, and have taken active measures to address it. But incidents and attacks continue to be reported, almost on a daily basis. Unfortunately, there is a strong feeling in the computing community that the problem is going to get a lot worse. Why, then, isn't the problem of computing security being solved?
The answer lies in the fact that computing security is a business problem with many complex aspects. It cannot be solved by technical solutions alone. In fact, uncoordinated expenditures on diverse technical solutions actually contribute to the problem. The purpose of this book is to make the reader aware of all aspects of the problem. It will guide you through the issues and the somewhat confusing array of potential solutions.
When you stop and think about it, there are a number of analogies one can draw between computer and home security. We lock our doors at home as a basic preventive measure. This action by itself does not make a break-in to our home impossible, but it certainly makes it more difficult. As with home security, locking the doors to computing assets is simply common sense.
There also needs to be balance in our approach to security. There is no point in spending money on a superb lock on the front door if the back door doesn't have a lock—neither does it make much sense to only lock one door!
Balance is likewise required in expenditures on security solutions. No one would spend $100,000 on home security to protect $5,000 worth of contents. This is especially true if the neighborhood hasn't experienced a break-in in the past five years. The cost of security must be appropriate to the expected loss and associated risk.
It is also common sense that we should focus on the most likely security exposures. Thieves do not usually carry ladders. Money should therefore be first spent on barring the lower level windows.
Unfortunately, you cannot simply buy total security. The best technology will be of little use if people are unaware of their responsibilities. If your children leave the door unlocked when you are away, whether or not you've used the strongest lock in the world is immaterial. Security cannot be viewed in isolation from the environment. The safety of our homes is directly related to the security of our neighborhoods. You cannot fully address one without addressing the other.
The movement to distributed, client-server technologies has dramatically changed the computing environment of many organizations. The complex systems that are present in mainframe environments have assured trust in their operation. Mainframe security solutions, such as those available from IBM and Computer Associates, have allowed strong, centralized controls to be enforced. The security of a distributed, client-server world, however, is much more complex. Unlike the mainframe, the controls and security functions are distributed across several platforms and are not usually under the control of any single processor. The challenge is to ensure that distributed controls are all working together for a common goal.
We will identify and explain the key issues in computer security today. These are issues that must be addressed if the overall business problem of computing security is to be solved. The key issues in computing security include the need to securely authenticate users and to authorize their actions. Networking has allowed the global computing community to communicate and interact as never before, but it has also exposed corporate networks and computing systems to access by outsiders. Employing technology in an effective manner to address computing security is another key issue.
Explaining the technology involved in computing security is a key focus of this book. The ins and outs of various security technologies will be explained. Our intent is not simply to discuss technology, but to provide an understanding of how technology can be used to solve key security issues.
One example of a key issue is how to trust the integrity of an authentication process when it is communicated over a network. Most network traffic, including the user identification and authentication password, is currently transmitted in clear text. By monitoring network traffic, it is possible to discover passwords and use them to compromise security.
The Kerberos model of trusted-third party authentication can be utilized to address the problem of maintaining the integrity of the authentication process. Named after Cerberus, the mythical three-headed dog that guarded that gates of Hades, the Kerberos model provides a method for authentication within heterogeneous technologies. It presupposes that the network is untrusted, and that any traffic sent over the network may be intercepted. Kerberos has been designed to counter this threat. We will examine the authentication model through its implementation in the Distributed Computing Environment (DCE) of the Open Software Foundation (OSF). Armed with an understanding of its strengths and weaknesses, the reader will be able to judge how effectively OSF/DCE solves distributed computing security problems.
On-line transaction processing (OLTP) has traditionally been delivered from large mainframe-based systems or specialized transaction processing systems. The “Big Iron” was needed to supply the networking capabilities, the central control with the raw horsepower required to push through transactions and maintain control over the shared database. The OLTP system processes transactions to collect or review the information of the business systems and post changes to the shared databases of the organization. The migration of these transactions to distributed servers and the desktop has made the provision of security, with the same protection and utility as the host-centric OLTP systems, difficult. The challenges of system management and security must also be addressed for the promise of effective distributed OLTP systems to be realized.
There are two driving requirements to provide transaction processing systems on “open system” platforms. The first requirement is to provide a robust transaction processing environment on the nonmainframe platform while maintaining the same function and capabilities as the mainframe. The second is to provide a distributed processing capability to allow transactions to execute functions and access data across more than one operating platform. The Encina technology from Transarc was developed to address the transaction processing environment on a UNIX platform. The IBM transaction monitor, CICS, has been ported to the UNIX environment by both IBM and Hewlett-Packard. These transaction monitors, when coupled with the DCE components of OSF and enabled with Encina, provide distributed transaction processing capabilities. The implementation of these technologies to provide a trusted transaction environment, through DCE, will be explored.
We will also study the centralized management of the controls on distributed systems. Using advanced network and system management technologies, confirmation can be obtained that security controls have been established and remain in place. Network alerts may also be used to provide early indications of illicit activity. We will examine the use of dynamic alert techniques and provide suggestions for implementing various detection mechanisms.
The problem of computing security cannot be addressed by technology alone. We will spend a good deal of time discussing the people and organizational aspects. This will include a comprehensive review of the formulation of computing security policy, the areas it should cover, and how best to communicate the policy to users. The security policy outlines the decisions of the organization on security and provides the foundation upon which a security program can be based. Commitment by management to security awareness programs is required to realize the benefits of these important activities.
An architecture is a structured way of describing the functionality of the various components. It presents the relationship of complex components in a manner that makes it easy to understand. Computing security can also benefit from an architecture as a way to describe the components and how they interrelate. A security architecture includes elements which attempt to guarantee the confidentiality of information and ensure that all access to the computing resources is authorized and authenticated. The overall objective of the architecture is to allow trust to be placed in the distributed environment. We need to be able to trust all of the points, or have compensating controls, where users access the various systems rather than have the trust placed only where the information and tools are resident. The security architecture is comprised of a number of building blocks which together define the framework or a comprehensive solution. We will review an approach to a security architecture and outline how it can be used as a basis for the enterprise security solution.
Another nontechnical area that will be explored is the role of audit. An explanation of the purpose of a computing audit, why it is important, and how to best prepare for an audit review is covered. The interrelationship of the Audit Department with other corporate departments is examined, and suggestions are provided to make this relationship more effective.
One of the most important areas when dealing with the problem of computing security is the use of a structured methodology. A security strategy is a series of specific steps that an organization can take to raise the existing level of security within the organization from a base level to a more secure one. The strategy methodology will take an organization through an organized process of assessing where they are currently positioned with their computing environment, defining where they want to be, and planning the steps required to get them there. Using a defined methodology ensures that all the windows and doors have been locked. That planned new addition to the house will also include secure doors and windows while it is being built. The methodology has been successfully used to address the problem in a number of diverse organizations.
This book is for anyone interested in the area of computing security. System administrators and analysts will be able to understand how core technologies such as Kerberos and public and private key encryption work. Application developers and architects will benefit by understanding how the security components fit together and should be integrated into the system design. Security must be designed in and not added on.
For those given the responsibility for security management or audit of distributed computing applications, this book will provide insight into the core security issues in client-server computing. Senior managers, concerned with the safety of computing security, will be guided through a methodology to address the problem.
Computing security is a business issue as well as a technical one. It is a complex problem which will require a number of issues to be addressed. Sophisticated technologies are available to address various security problems; however, they must be used in a planned and coordinated manner to be effective. The development of a security strategy and architecture is required. This book will make you more aware of both the problems of computing security and their potential solutions. Hopefully, you will be able to avoid that “I wish I'd remembered to lock the door!” feeling before travelling too far on the road to distributed, client-server computing.
This book is intended to provide the reader with an appreciation for the challenge of obtaining security in distributed computing. It is intended to describe the overall problem and present some ideas about how it may be solved. We have purposefully focused on areas that will give the reader an appreciation of what it will take to meet the challenge, rather than providing an encyclopedia of computing security. For this reason, we have limited our examination to selected technology topics.
For example, the role of personal computers in the distributed systems has not been extensively examined. This is because personal computers running DOS and perhaps Windows have very few security mechanisms. The solution to this problem is to add third-party security software or hardware products to the personal computer. A discussion of the various vendor offerings would add little to our overall objective of describing the business challenge of security in distributed computing. We have focused our discussion on the problem facing distributed client systems, which include personal computers, instead of focusing on the personal computer itself.
For the same reason, we have spent little effort in describing solutions for remote access to networks and systems. While remote access adds to the challenge of security, there are a number of solutions available to address this particular problem in the marketplace. The discussion of these solutions will not significantly add to our examination of the key problem; How do I authenticate an individual over an untrusted network?
We expect that while many people may read the book cover to cover, quite a few may only be interested in selected sections of the book. We have used a roadmap diagram, shown below, to demonstrate where a particular chapter or section is located in the general flow of the book: