Secure client/server interaction.

Secure client/server interaction.

Secure client/server interaction

In modern information systems built in the client/server architecture, three levels are usually distinguished:

• presentation level (implements the functions of input and display of data);

• application level (responsible for universal services, as well as functions specific to a certain subject area);

• level of access to information resources (performing fundamental functions of storage and management of information and computing resources).

The connection between the levels is provided by the transaction and communications manager. The use of Internet/Intranet technology has made its own changes to this classic scheme, placing a universal client — a Web navigator (possibly supplemented with application applets) — at the presentation level and assigning the functions of an information concentrator (which it is advisable to combine with the duties of the transaction and communications manager) to the Web server. The result is the scheme shown in the figure.

Client workstations are connected to the Web server via both local and global networks. The hardware platform of client systems is either fully functional computers (stationary and/or mobile) or simpler communicators.

The server systems of most organizations are distributed across several production sites, usually connected by public communication channels. From the users' point of view, such dispersion is unnoticeable, since they interact with the Web server, but from the security point of view, this circumstance is very significant. The software configuration of client workstations is not rigid. It can be dynamically replenished by applets or other active agents received over the network.

In the following, we will consider the protection of the described client/server configurations, that is, distributed, heterogeneous, multi-service, evolving systems.

Network threats are the most dangerous for them, since direct user work is not allowed on the servers. If an intruder has gained access to the server, then at least one defense line has already been overcome.

Threats in the network environment can be divided into the following types:

• network eavesdropping;

• changing corporate data flows:

• impact on infrastructure network services:

• forging network packets:

• sending abnormal packets:

• generating abnormal traffic:

• refusing to perform actions.

Network eavesdropping can be undertaken by attackers to achieve the following goals:

• interception of transmitted information:

• interception of authentication information:

• traffic analysis.

Changing corporate data flows entails the following security violations:

• theft, reordering, duplication of information;

• modification and insertion of own data (illegal intermediary).

Impact on infrastructure network services means:

• interference with the operation of the name service;

• changing the routes of corporate information flows.

Forgery of network packets can take the following forms:

• address forgery;

• connection interception:

• imitation of the work of other servers.

Sending anomalous packets and generating anomalous traffic are attacks on availability that have recently become relatively widespread. Finally, denial of action is an application-level threat, which is real, first of all, due to the distribution of client/server systems.

It is most expedient to build protection for systems created in the client/server architecture according to the same scheme, that is, to allocate a set of security services that can be used by both servers and clients. Such an approach frees application components from functions that are not typical for them, which is important for increasing reliability, simplifying and accelerating their development and updating. Of course, some functions (for example, access control) can be implemented within the application component or operating system, but this is more the exception than the rule.

The set of security services is designed to provide protection against the threats listed in the previous section. In addition, a necessary condition in this case is compliance with architectural security and, in particular, the impossibility of bypassing protective means.

Security services are designed to be technological, allowing for easy integration into existing systems and development in the process of system evolution. To achieve this, it is necessary to follow standards, primarily Internet standards, as the most widespread and viable.

Security services must have a convenient, detailed software interface supported by software manufacturers.

In addition, they must be managed. This means that centralized configuration and auditing are supported in a distributed environment, which are robust against network threats. In addition, security services must be integrated with common management systems.

Security services should be transparent whenever possible, and the overhead and inconvenience they cause should be minimal.

The following security services are considered to be the most important for protecting client/server systems:

• authentication:

• access control;

• firewalling;

• encryption;

• integrity and authenticity control.

Modern identification/authentication tools must meet two conditions:

• be resistant to network threats;

• support the concept of single sign-on to the network.

The first requirement can be met using cryptographic methods. Today, approaches based on the Kerberos system or a directory service with X.509 certificates are generally accepted.

Single sign-on to the network is a requirement for transparency and convenience for users. If there are many information services in the corporate network that allow independent access, then multiple identification/authentication becomes too burdensome.

Single sign-on to the network is achieved by centralized storage of data used for authorization, i.e., for determining user authority. Authorization is an area that is on the border between management and information security, so enterprise-wide authentication solutions can rely on both management and purely security tools.

Access control is probably the most researched area of ​​information security. «Discretionary» and «mandatory» management have entered all theoretical courses and assessment criteria. It also dominates in practice.

In recent years, so-called role-based management has been actively developing. Its essence is that intermediate entities — roles — are placed between users and their privileges. Several roles can be active for each user at the same time, each of which will give him certain rights.

Since there are many fewer roles than users and privileges, their use (roles) helps reduce complexity and, therefore, improve the manageability of systems. In addition, based on the role model, it is possible to implement such important principles as separation of duties (this does not allow one to influence any important process alone).

For some commonly used services, such as the Web, role-based access control is not only natural, but also relatively easy to implement (in the Web case — based on cgi procedures). In our opinion, this area deserves the attention of information security specialists.

Firewalling as a security service performs the following functions:

• restricts inter-network access by filtering transmitted data;

• transforms transmitted information.

Firewalls filter information based on a predefined rule base, allowing for more flexible security solutions than traditional operating systems. With complex filtering that covers the network, transport, and application layers, rules can include network addresses, the amount of data transferred, application layer operations, environmental parameters (such as time), etc.

The transformation of transmitted information can affect both service fields of packets and application data. In the first case, we are usually talking about address translation, which helps to hide the topology of the protected system. This is a unique property of the screening service, which allows you to hide the existence of some access objects. Data transformation can consist, for example, in their encryption.

Encryption is the most important means of ensuring confidentiality.

For modern computer encryption services, it is important to ensure sufficient functional richness of interfaces and their standardization.

The idea is to create secure invariant components that could be freely (at least from a technical point of view) integrated into existing and future configurations.

Let's look at the technical and regulatory issues of computer encryption.

Of the first, the most pressing issue is productivity. Software implementation on general-purpose processors is not an adequate means. Another technical challenge is to develop a wide range of products intended for use in all types of computer and network equipment — from personal communicators to powerful gateways.

Of the regulatory issues, we note the need for official recognition of the admissibility of using foreign tools and algorithms (since this is prescribed, for example, by IPsec specifications).

In modern systems, integrity and authenticity control should extend not only to individual data groups, hardware or software components. It must cover distributed configurations and protect information flows from unauthorized modification.

Today, there are enough solutions for integrity and authenticity control with both system and network orientation (usually control is performed transparently for applications as part of the general protocol activity). The software interface to this service is standardized (as part of the general security service interface, GSS-API).