![Cover image for Enterprise web services security Cover image for Enterprise web services security](/client/assets/5.0.0/ctx//client/images/no_image.png)
Available:*
Library | Item Barcode | Call Number | Material Type | Item Category 1 | Status |
---|---|---|---|---|---|
Searching... | 30000004580944 | TK5105.59 H64 2006 | Open Access Book | Book | Searching... |
On Order
Summary
Summary
Enterprise Web Services Security provides the information developers, application architects, and security professionals need to build security policies and strategies from the ground up in a Web Services environment. Most security books focus on computer, network, or Web Services Security in isolation, relegating the other areas to overview chapters or appendices. This book takes a holistic approach that mirrors the perspective one must have regardless of whether they are planning and implementing the security mechanisms for a Web Service, a Web site, or an enterprise. It details how to secure critical components such as workstations, servers, and networks, the goals behind an enterprise's security policies, the policies an organization should have in place, and how to communicate those policies using WS-Policy Framework and WS-Security Policy.
Author Notes
Rickland Hollar (McLean, VA) is a Senior Applications Architect with the central Intelligence Agency (CIA)
Rick Murphy (Annandale, VA) is a Senior Principal INFOSEC Scientist at Mitretek Systems, a public interest research and development firm
Table of Contents
Introduction | p. xxi |
1 Security in the Networked World | p. 1 |
Business on the Internet | p. 3 |
B2B | p. 3 |
B2C | p. 4 |
Evolving Business Models | p. 4 |
Information Protection | p. 5 |
Privacy | p. 5 |
Corporate Confidentiality | p. 6 |
Legal Obligations | p. 6 |
Web Services | p. 7 |
XML | p. 8 |
SOAP | p. 8 |
The Messaging Model | p. 9 |
Security Challenges | p. 10 |
Threats and Risks | p. 10 |
Policy | p. 10 |
Internet | p. 11 |
Intranet | p. 11 |
Extranet | p. 12 |
Wireless | p. 12 |
Countermeasures | p. 13 |
WS-*Family of Standards | p. 14 |
Virtual Domain Model for Web Services Security | p. 15 |
Security Domains | p. 15 |
Enclaves | p. 15 |
Trust Relationships | p. 16 |
The Model | p. 16 |
Summary | p. 16 |
References | p. 17 |
2 Threats and Attacks | p. 19 |
Threats, Vulnerabilities, and Countermeasures | p. 20 |
Ensuring Reliability | p. 21 |
Vandalism and Sabotage | p. 24 |
Denial of Service | p. 26 |
Privacy and Confidentiality Breaches | p. 27 |
Data Integrity Violations | p. 29 |
Man-in-the-Middle Attacks | p. 30 |
Spoofing Attacks | p. 31 |
Mobile-Code Threats | p. 32 |
Fraud | p. 34 |
Special Considerations for Web Services Environments | p. 35 |
Summary | p. 38 |
References | p. 39 |
3 Security Goals | p. 41 |
Protecting Your Assets | p. 42 |
Common Security Terms | p. 42 |
Reducing Vulnerabilities | p. 43 |
Realistically Assessing Threats | p. 47 |
Choosing the Right Countermeasures | p. 51 |
Recognizing and Accepting Residual Risk | p. 52 |
Classic Security Goals | p. 53 |
Confidentiality | p. 54 |
Integrity | p. 54 |
Availability | p. 55 |
Transaction Security Goals | p. 56 |
Authentication | p. 57 |
Scalability | p. 58 |
Nonrepudiation | p. 59 |
The Role of Security Policy in Web Services Security Enforcement | p. 60 |
Summary | p. 61 |
References | p. 61 |
4 The Internet and World Wide Web Infrastructure | p. 63 |
Internet 101 | p. 64 |
TCP/IP | p. 65 |
HTTP | p. 67 |
Security Domains | p. 71 |
Client System Vulnerabilities | p. 73 |
Browser Vulnerabilities | p. 74 |
Java Virtual Machine Vulnerabilities | p. 76 |
Networks | p. 77 |
TCP/IP Vulnerabilities | p. 77 |
HTTP Vulnerabilities | p. 79 |
SMTP Vulnerabilities | p. 79 |
Server Vulnerabilities | p. 81 |
Web Server Vulnerabilities | p. 82 |
Other Vulnerabilities | p. 82 |
Summary | p. 83 |
References | p. 83 |
5 Web Services | p. 85 |
Web Services Standards | p. 86 |
XML | p. 88 |
Elements and Attributes | p. 88 |
Namespaces | p. 90 |
Schemas | p. 92 |
Transformations | p. 96 |
SOAP | p. 99 |
Document Style Messages | p. 100 |
RPC Style Messages | p. 103 |
Binding | p. 105 |
WSDL | p. 105 |
UDDI | p. 109 |
Web Services Toolkits | p. 115 |
Summary | p. 116 |
References | p. 116 |
6 Security Policy Basics | p. 119 |
The Importance of Security Policy | p. 120 |
Steps in Developing a Security Policy | p. 122 |
Identify the Assets You Are Trying to Protect | p. 123 |
Identify the Threats You Are Protecting Against | p. 123 |
Map Threats to Probability of Loss and Cost | p. 125 |
Implement Cost-Effective Measures | p. 126 |
Continuously Review and Improve Security Policies | p. 126 |
The Security Policy Document | p. 127 |
Summary | p. 127 |
References | p. 128 |
7 Communicating Policy | p. 129 |
Expressing Security Policy in Web Services | p. 130 |
WS-Policy | p. 131 |
Normal Form | p. 132 |
Compact Form | p. 133 |
Merging Policies and Resolving Conflicts | p. 135 |
WS-SecurityPolicy | p. 135 |
SecurityToken Assertion | p. 136 |
Confidentiality Assertion | p. 138 |
Integrity Assertion | p. 139 |
Visibility Assertion | p. 142 |
SecurityHeader Assertions | p. 143 |
MessageAge Assertions | p. 144 |
Putting It Together: An Example | p. 144 |
WS-PolicyAttachment | p. 146 |
Tying Policies to Subjects | p. 146 |
Making Policies Discoverable | p. 148 |
Effective Policy | p. 152 |
Summary | p. 153 |
References | p. 153 |
8 Protecting the System Components | p. 155 |
Security Controls for the System Components | p. 156 |
The Client | p. 156 |
Workstation Vulnerabilities | p. 157 |
Operating System Security | p. 158 |
Browser Security | p. 159 |
Downloading Components | p. 164 |
ActiveX Security | p. 167 |
Java Security | p. 169 |
Scripting | p. 171 |
Plug-Ins | p. 172 |
The Network | p. 173 |
Network Vulnerabilities | p. 173 |
Wireless Communications | p. 174 |
Firewalls | p. 175 |
Gateways, Guards, and Routers | p. 176 |
Virtual Private Networks | p. 177 |
Servers | p. 177 |
Web Server Vulnerabilities | p. 179 |
Operating System Security | p. 181 |
Summary | p. 183 |
References | p. 184 |
9 Protecting Messages, Transactions, and Data | p. 187 |
Protecting a Web Services Exchange | p. 188 |
Securing the Communications Channel | p. 190 |
Link, Network, and Applications Layer Encryption | p. 191 |
Point-to-Point Encryption | p. 191 |
End-to-End Encryption | p. 192 |
Using SSL to Establish Secure Sessions | p. 192 |
Identity Management and Trust | p. 192 |
Trust Relationships | p. 193 |
Identity Management | p. 193 |
Passwords and Pass-Phrases | p. 195 |
Smart Cards | p. 196 |
Third-Party Brokers | p. 196 |
Certificate Authorities | p. 197 |
Kerberos Authentication Servers | p. 197 |
Policy Decision Points | p. 197 |
Microsoft .NET Passport | p. 197 |
Liberty Alliance | p. 198 |
Authentication | p. 198 |
User IDs and Passwords | p. 199 |
X.509 Public Key Authentication | p. 200 |
LDAP (The Role of Directory Services) | p. 201 |
Kerberos | p. 202 |
Authorization | p. 205 |
Basic Web Servers | p. 208 |
J2EE Applications Servers | p. 210 |
ASP.NET Servers | p. 211 |
Access Control | p. 213 |
Choosing the Identity Mapping Scheme | p. 217 |
Mandatory Access Controls | p. 219 |
Choosing the Access Control Decision Point | p. 220 |
Summary | p. 221 |
References | p. 221 |
10 Implementing the Information Security Triad | p. 225 |
Confidentiality | p. 226 |
Encryption | p. 226 |
Steganography | p. 242 |
SSL and TLS | p. 243 |
Integrity | p. 247 |
Digital Signatures | p. 247 |
Nonrepudiation | p. 250 |
Summary | p. 251 |
References | p. 251 |
11 Communicating Security Credentials | p. 253 |
Client-Server Credential Communication | p. 254 |
WS-Security | p. 255 |
Message Security Model | p. 255 |
Security Header Element | p. 256 |
XML Encryption | p. 265 |
XML Signature | p. 271 |
Message Protection | p. 276 |
Putting It Together: An Example | p. 277 |
Summary | p. 279 |
References | p. 280 |
12 Audit | p. 283 |
Goal of Audit | p. 284 |
What to Audit | p. 284 |
Auditable Events | p. 285 |
Audit Information | p. 286 |
Levels of Audit | p. 286 |
Network | p. 287 |
Server | p. 288 |
Components | p. 288 |
Application | p. 289 |
Active versus Passive Auditing | p. 292 |
Audit Data Processing | p. 293 |
Intrusion Detection and Prevention Systems | p. 294 |
Intrusion Detection System Basics | p. 295 |
Intrusion Prevention Systems | p. 295 |
Summary | p. 296 |
References | p. 296 |
13 Virtual Domain Model for Web Services Security | p. 299 |
Trust Relationships | p. 300 |
General Security Context Model | p. 301 |
Types of Trust Relationships | p. 302 |
Trust Relationships Between Principals | p. 303 |
Trust Domains | p. 304 |
Trust Relationships Between Domains | p. 306 |
Creating Physical and Logical Trust Domains | p. 308 |
Where Should Trust Relationships Be Created? | p. 308 |
What Credentials Will Be Used? | p. 309 |
What Are the Integrity and Confidentiality Considerations? | p. 310 |
How Will Credentials Be Provisioned? | p. 311 |
What Principals Will a Given Principal Trust? | p. 312 |
Creating Virtual Trust Domains | p. 314 |
Experience Based | p. 314 |
Reference Based | p. 315 |
Reputation Based | p. 318 |
Summary | p. 319 |
References | p. 320 |
14 Establishing and Communicating Trust | p. 321 |
Types of Trust Relationships | p. 322 |
WS-Trust | p. 324 |
The Web Services Trust Model | p. 324 |
Requesting and Returning Tokens: The STS Framework | p. 324 |
Negotiation and Challenge Extensions | p. 328 |
Key and Token Extensions | p. 329 |
WS-Federation | p. 330 |
Basic Concepts | p. 331 |
Federation Metadata | p. 333 |
Attribute and Pseudonym Services | p. 333 |
WS-SecureConversation | p. 334 |
Security Context | p. 334 |
Context Binding | p. 334 |
XKMS | p. 335 |
XML Key Registration Service | p. 335 |
XML Key Information Service | p. 336 |
XML Key Management Service Bulk Operations | p. 337 |
SAML | p. 337 |
XACML | p. 340 |
Summary | p. 344 |
References | p. 344 |
15 Pulling It All Together: Using Virtual Trust Domains to Secure Enterprise Web Services | p. 347 |
Enterprise Web Services | p. 348 |
Step 1 Identify the Parties Involved | p. 349 |
Who Are the Clients? | p. 350 |
How Will Clients Access the Service? | p. 350 |
How Will Clients Discover the Service? | p. 350 |
What Intermediaries Are Involved in the Transaction? | p. 351 |
Does the Web Service use Other Services? | p. 351 |
Step 2 Identify Relevant Domain Infrastructure and Capabilities | p. 351 |
How Many Security Domains are Involved in Supporting the Service? | p. 352 |
What Security Services are Provided in the Domains Involved? | p. 352 |
What Token Services are Involved in Providing those Services? | p. 352 |
What Supporting Services are Provided in the Domains Involved? | p. 353 |
Step 3 Identify Necessary Security Services Based on Local Policies | p. 353 |
Are Authentication Services Needed? | p. 353 |
What Resource or Information Needs To Be Protected? | p. 354 |
Are Authorization and Access Control Services Needed? | p. 354 |
Are Confidentiality Services Needed? | p. 355 |
Are Integrity Services Needed? | p. 356 |
Step 4 Identify Gaps and Project a Virtual Trust Domain | p. 356 |
Missing Services | p. 358 |
Differences in Services | p. 359 |
Security-Relevant Differences in Levels | p. 360 |
New Boundaries and Boundary Services | p. 362 |
Step 5 Allocate New Infrastructure Services across Physical and Logical Domains | p. 362 |
Security Services | p. 364 |
Support Services | p. 364 |
Service Distribution Strategy | p. 364 |
Step 6 Allocate Security Services across Actors | p. 364 |
J2EE Environment | p. 365 |
.NET Environment | p. 367 |
Crossing a Technology Boundary | p. 368 |
Step 7 Create and Distribute Discovery and Policy Artifacts | p. 371 |
Summary | p. 371 |
16 FutureScape | p. 373 |
Going Mobile | p. 374 |
What Is Self-Protecting Data? | p. 374 |
Protecting Data In Transit | p. 375 |
Protecting Data At Rest | p. 377 |
Protecting Data In Use | p. 378 |
Digital Rights Management | p. 379 |
Rights Expression Languages | p. 380 |
Web Services' Role | p. 381 |
Summary | p. 381 |
References | p. 381 |
Appendix A The Security Policy Document | p. 383 |
Introduction | p. 384 |
Responsible Organizations | p. 385 |
Physical Security | p. 385 |
Personnel Security | p. 386 |
Security Standards | p. 386 |
Defending the Computing Environment | p. 387 |
Workstation Security | p. 388 |
Server Security | p. 388 |
HTTP Services | p. 389 |
Database Management System (DBMS) Services | p. 389 |
Applications Services | p. 390 |
Network Security | p. 390 |
Secure Messaging | p. 390 |
Mobile Code | p. 390 |
Defending the Enclave Boundary | p. 391 |
Firewalls | p. 391 |
Virtual Private Networks (VPNs) | p. 392 |
Remote Access | p. 392 |
Guards | p. 393 |
Content Filtering | p. 393 |
Virus Protection | p. 393 |
Gateway Spam Filtering and Virus Protection | p. 393 |
Defending the Network and Infrastructure | p. 394 |
Supporting Infrastructure | p. 394 |
Key Management | p. 394 |
Intrusion Protection | p. 395 |
Audit | p. 396 |
Backups and Retention | p. 396 |
Disaster Recovery | p. 396 |
Web Services | p. 397 |
Security Incident Handling and Response | p. 398 |
Notification | p. 398 |
Points of Contact | p. 398 |
Containment | p. 399 |
Assess Damage, Perform Triage | p. 399 |
Recovery | p. 399 |
References | p. 399 |
Appendix B About the CD-ROM | p. 401 |
System Requirements | p. 401 |
CD-ROM Contents | p. 402 |
Web Site | p. 402 |
Index | p. 403 |