投資資訊主辦招商銀行財(cái)富管理室.ppt

Session: Essentials of Application Security 應(yīng)用系統(tǒng)安全內(nèi)幕,鐘衛(wèi) 微軟公司,Session Overview 概述,The Importance of Application Security 應(yīng)用系統(tǒng)安全的重要性 Secure Application Development Practices 開發(fā)安全的系統(tǒng)的實(shí)踐 Security Technologies 可用的安全技術(shù) Secure Development Guidelines 開發(fā)安全應(yīng)用的指導(dǎo),Session Prerequisites 課程的要求,Development experience with Microsoft Visual Basic, Microsoft Visual C+, or C# 在Visual Basic, Microsoft Visual C+, or C#有實(shí)際的開發(fā)經(jīng)驗(yàn) Internet user experience Internet 用戶,Level 200,The Importance of Application Security 應(yīng)用程序安全的重要性,The Importance of Application Security 應(yīng)用系統(tǒng)安全的重要性 Secure Application Development Practices 開發(fā)安全的系統(tǒng)的實(shí)踐 Security Technologies 可用的安全技術(shù) Secure Development Guidelines 開發(fā)安全應(yīng)用的指導(dǎo),Trustworthy Computing 可信計(jì)算,“Trustworthy Computing has four pillars: Reliability means a computer system is dependable, is available when needed, and performs as expected and at appropriate levels. Security means a system is resilient to attack, and the confidentiality, integrity, and availability of both the system and its data are protected. Privacy means that people can control their personal information and organizations that use the information faithfully protect it. Business integrity is about companies in our industry being responsible to customers and helping them find appropriate solutions for their business issues, addressing problems with products or services, and being open in interactions with customers.”,Bill Gates July 18, 2002,Common Types of Attacks 常見的攻擊類型,Examples of Security Intrusions 安全侵入的例子,CodeRed ILoveYou Nimda,Consequences of Poor Security 低安全級(jí)別會(huì)引發(fā)的一些問題,Stolen intellectual property 知識(shí)產(chǎn)權(quán)被竊取 System downtime 系統(tǒng)停滯 Lost productivity 系統(tǒng)效率低下 Damage to business reputation 損害了公司的商業(yè)信譽(yù) Lost consumer confidence 喪失客戶的信心 Severe financial losses due to lost revenue 導(dǎo)致嚴(yán)重的經(jīng)濟(jì)損失,Challenges When Implementing Security 我們?cè)谔岣邞?yīng)用安全時(shí)遇到的挑戰(zhàn),The Developer Role in Application Security 作為一個(gè)開發(fā)人員在系統(tǒng)安全的責(zé)任,Developers must: 開發(fā)者必須： Work with solution architects and systems administrators to ensure application security 與架構(gòu)師和系統(tǒng)管理員一起商討系統(tǒng)的安全性問題 Contribute to security by: 會(huì)給系統(tǒng)安全帶來的好處 Adopting good application security development practices 采用開發(fā)安全應(yīng)用的一些策略 Knowing where security issues occur and how to avoid them 知道安全問題會(huì)發(fā)生在什么地方以及如何避免 Using secure programming techniques 提高編寫安全代碼的技巧,Secure Application Development Practices 開發(fā)安全應(yīng)用的實(shí)踐,The Importance of Application Security 應(yīng)用系統(tǒng)安全的重要性 Secure Application Development Practices 開發(fā)安全的系統(tǒng)的實(shí)踐 Security Technologies 可用的安全技術(shù) Secure Development Guidelines 開發(fā)安全應(yīng)用的指導(dǎo),Holistic Approach to Security 安全的整體性考慮,“Security is only as good as the weakest link” 安全只不過是最薄弱的一個(gè)環(huán)節(jié),Security Throughout Project Lifecycle 項(xiàng)目生命周期各個(gè)環(huán)節(jié)的安全問題,The SD3 Security Framework SD3安全框架,Threat Modeling 威脅建模,Threat modeling is: A security-based analysis of an application 對(duì)于應(yīng)用程序的安全分析 A crucial part of the design process 設(shè)計(jì)過程中至關(guān)重要的環(huán)節(jié) Threat modeling: Reduces the cost of securing an application 減少應(yīng)用程序的安全隱患 Provides a logical, efficient process 規(guī)定一個(gè)合理有效的流程 Helps the development team:幫助開發(fā)組 Identify where the application is most susceptible 幫助分析判斷系統(tǒng)最容易受到攻擊的環(huán)節(jié) Determine which threats require mitigation and how to address those threats 決定如何降低被攻擊的風(fēng)險(xiǎn)和如何定位攻擊,Ongoing Education 不斷的學(xué)習(xí),Provide training about: 預(yù)防攻擊需要學(xué)習(xí)的東西 How security features work 安全策略是怎樣工作的 How to use the security features to build secure systems 怎樣應(yīng)用安全策略構(gòu)建安全系統(tǒng) What security issues look like in order to identify flawed code 不同的安全問題暴是因?yàn)楹畏N缺陷代碼引起的 How to avoid common security issues 如何避免常見的安全問題 How to avoid repeating mistakes 如何避免常見的錯(cuò)誤,Input Validation 輸入校驗(yàn),Buffer overruns 緩沖區(qū)溢出 SQL injection 數(shù)據(jù)庫輸入 Cross-site scripting 跨網(wǎng)站指令碼攻擊,“All input is evil until proven otherwise!”,Buffer Overruns 緩沖區(qū)溢出,Practices for Improving Security 提高應(yīng)用程序安全的各種實(shí)踐,Security Technologies 安全技術(shù),The Importance of Application Security 應(yīng)用系統(tǒng)安全的重要性 Secure Application Development Practices 開發(fā)安全的系統(tǒng)的實(shí)踐 Security Technologies 可用的安全技術(shù) Secure Development Guidelines 開發(fā)安全應(yīng)用的指導(dǎo),Overview of Security Technologies 安全技術(shù)概要,Developers need to use and apply: 開發(fā)者常常需要下面的一些安全手段 Encryption 加密 Hashing 哈希（散列） Digital signatures 數(shù)字簽名 Digital certificates 數(shù)字證書 Secure communication 安全的通訊方式 Authentication 身分認(rèn)證 Authorization 授權(quán) Firewalls 防火墻 Auditing 審核 Service packs and updates 補(bǔ)丁和更新,Encryption 加密,Encryption is the process of encoding data: 加密是對(duì)數(shù)據(jù)的重新編碼的過程 To protect a users identity or data from being read 保護(hù)用戶數(shù)據(jù)被任意讀取 To protect data from being altered 百戶用戶數(shù)據(jù)被任意修改 To verify that data originates from a particular user (non-repudiation) 驗(yàn)證數(shù)據(jù)來源于特定的用戶 Encryption can be: 加密的方式 Asymmetric 不對(duì)稱形式 Symmetric 對(duì)稱形式,Symmetric vs. Asymmetric Encryption 對(duì)稱性加密 vs 非對(duì)稱性加密,User B,User A,Data,Data,Hash Value,Hash Algorithm 哈希算法,Data,Hash Value,Hash Value,Hash Algorithm 哈希算法,If hash values match, data is valid 如果生成的hash值和有A傳過的hash匹配的話，說明數(shù)據(jù)真實(shí),User A sends data and hash value to User B,Verifying Data Integrity with Hashes 使用哈希驗(yàn)證數(shù)據(jù)完整性,User B,User A,Data,Hash Value,Hash Algorithm,User A Private Key 私鑰,Data,Hash Value,User A Public Key 公鑰,Hash Algorithm,Hash Value,If hash values match, data came from the owner of the private key and is valid,Digital Signatures 數(shù)字簽名,How Digital Certificates Work 數(shù)字證書的工作流程,Private Key,Private/Public Key Pair 私鑰/公鑰對(duì),User 用戶,Application 應(yīng)用程序,Computer 計(jì)算機(jī),Service 服務(wù),Certified Administrator 鑒定管理員,Certification Authority 證書認(rèn)證,Public Key,Secure Communication Technologies 安全的通訊方式技術(shù),Technologies include: IPSec SSL TLS RPC encryption,Secure Communication How IPSec Works 安全的通訊方式IPSec,Secure Communication How SSL Works 安全的通訊方式SSL,SSL 服務(wù)器證書,Viewing a Web Site on a Non-Secure Server 察看一個(gè)無證書認(rèn)證的web站點(diǎn) Generating a Certificate Request 生成一個(gè)證書申請(qǐng) Requesting a Trial Certificate 請(qǐng)求一個(gè)臨時(shí)證書 Installing the SSL Certificate 安裝證書 Testing the SSL Certificate 測(cè)試SSL認(rèn)證,Verifies the identity of a principal by: Accepting credentials Validating those credentials Secures communications by ensuring that your application knows who the caller is,Encrypting the data is not enough! 僅僅對(duì)于數(shù)據(jù)的加密是不夠的！,Authentication Purpose of Authentication 身份認(rèn)證身份認(rèn)證的作用,Authentication Authentication Methods 身份認(rèn)證身份認(rèn)證方式,Basic 基本 Digest 摘要 Digital signatures and digital certificates 數(shù)字簽名和數(shù)字證書 Integrated 集成 The Kerberos version 5 protocol NTLM Microsoft Passport 微軟Passport Biometrics 生物認(rèn)證,Authentication Basic Authentication 身份認(rèn)證基本認(rèn)證,Is simple but effective 簡(jiǎn)單有效 Is supported by all major browsers and servers 所有主要的瀏覽器和 服務(wù)期都支持 Is easy to program and set up 簡(jiǎn)單編程就能建立 Manages user credentials 管理用戶信任級(jí)別 Requires SSL/TLS 需要SSL/TLS支持,Authentication How Digest Authentication Works 身份認(rèn)證數(shù)字認(rèn)證的工作流程,Authentication Client Digital Certificates 身份認(rèn)證客戶端數(shù)字證書,Used in Web applications web應(yīng)用 Server secures communications using SSL/TLS with a X.509 server certificate 服務(wù)器 Server authenticates clients using data in client X.509 certificate, if required Certificate authority issues a certificate for which the server holds a root certificate Used in distributed applications 分布式應(yīng)用 Application uses SSL/TLS communication channel 應(yīng)用程序使用SSL/TLS信道 Client and server applications authenticate using certificates 客戶端與服務(wù)器端均使用證書 Can be deployed on smart cards 可以部署于職能卡,Authentication When to Use Integrated Authentication 身份認(rèn)證何時(shí)使用集成認(rèn)證,Authentication How to Use Kerberos Version 5 身份認(rèn)證如何使用Kerberos Version 5,演示3IIS認(rèn)證方式,Using Anonymous Authentication 使用密名認(rèn)證 Using Basic Authentication 使用基本認(rèn)證 Using Integrated Windows Authentication 使用集成認(rèn)證,Authorization What is Authorization? 授權(quán)什么是授權(quán),Authorization:授權(quán) Occurs after your client request is authenticated 發(fā)生于客戶端請(qǐng)求驗(yàn)證之后 Is the process of confirming that an authenticated principal is allowed access to specific resources 確認(rèn)身份驗(yàn)證之后對(duì)于資源的訪問權(quán)限 Checks rights assigned to files, folders, registry settings, applications, and so on 察看訪問文件，文件夾，注冊(cè)表，應(yīng)用程序等的權(quán)限 Can be role-based 可以基于角色 Can be code-based 可以基于代碼,Authorization Common Authorization Techniques授權(quán)常見的授權(quán)技術(shù),IIS Web permissions (and IP/DNS restrictions) IISweb訪問權(quán)限 .NET role-based security .net 基于角色的安全 .NET code-access security .net 基于代碼的安全 NTFS access control lists (ACLs) NTFS訪問控制列表 SQL Server logons SQL 登陸 SQL Server permissions SQL訪問權(quán)限,Authorization Impersonation/Delegation Model,Client identity is used to access downstream resources,Authorization Trusted Subsystem Model 授權(quán)可信子系統(tǒng)模型,Clients are mapped to roles 客戶端映射到角色 Dedicated Windows service accounts are used for each role when accessing downstream resources 當(dāng)用戶需要訪問資源時(shí)，賬戶服務(wù)被啟動(dòng),演示4：可信子系統(tǒng)模型的認(rèn)證技術(shù),Reviewing the Application 回顧Application Setting Authentication on the Web Server 設(shè)置Web Server的認(rèn)證方式 Using Service Accounts on the Web Server 在Web Server使用賬戶服務(wù),Firewalls 防火墻,Firewalls can provide: Secure gateway to the Internet for internal clients 保護(hù)客戶端的網(wǎng)關(guān) Packet filtering 信息包過濾 Circuit-level filtering 不斷循環(huán)的過濾 Application filtering 應(yīng)用過濾 Auditing 審核 Firewalls cannot provide: Protection against application-level attacks over HTTP or HTTPS 提供應(yīng)用程序在HTTP or HTTPS抵御攻擊的能力,Auditing 審核,Auditing actions include tracking: Resource access and usage Successful and unsuccessful logon attempts Application failures Auditing benefits include: Help for administrators to detect intrusions and suspicious activities Traceability for legal, non-repudiation disputes Diagnosis of security breaches,Service Packs and Updates 補(bǔ)丁和更新,Secure Development Guidelines,The Importance of Application Security 應(yīng)用系統(tǒng)安全的重要性 Secure Application Development Practices 開發(fā)安全的系統(tǒng)的實(shí)踐 Security Technologies 可用的安全技術(shù) Secure Development Guidelines 開發(fā)安全應(yīng)用的指導(dǎo),Proactive Security Development,Integrate security improvements throughout the development process 講安全整合到開發(fā)的過程中去 Focus on security and ensure that your code can withstand new attacks 關(guān)注安全問題，確保您的代碼抵御攻擊的能力 Promote the key role of education 加強(qiáng)關(guān)鍵人員的學(xué)習(xí) Raise awareness within your team 提高各團(tuán)隊(duì)的安全意識(shí) Learn from your mistakes and from the mistakes of others 從自己或他人的錯(cuò)誤中吸取教訓(xùn),Windows XP SP2 Advanced Security Technologies,Network protection 網(wǎng)絡(luò)的保護(hù) Memory protection 內(nèi)存的保護(hù) Safer e-mail handling 更加安全處理郵件 More secure browsing 更加安全的訪問 Improved computer maintenance Protection from internal threats 提高了應(yīng)對(duì)攻擊的手段 Get more information on Windows XP Service Pack 2 at /sp2preview,Client Firewall turned on by default 客戶端windows防火墻,Closes ports that are not in use Reduces