Software Security

User Generated

Zhngu2000

Computer Science

Description

Critical Thinking: Software Security

Assignment Details:

In an essay, review the following statements based on the readings from this week’s module (Attached):

  • Once your operating system is secure, you can focus on securing the software that runs in the operating system.
  • Evaluate some of the most popular Microsoft applications and analyze how to make one more secure to protect your organization’s data. Describe at least three (3) techniques used to secure an application.

Provide information from your readings to support your statements.

Deliverables:

Your well-written essay should be two or three pages in length, incorporating at least two academic resources from the Library in addition to the assigned readings. Cite all sources using academic writing standards and APA style guidelines, citing references as appropriate.

Unformatted Attachment Preview

CHAPTER Microsoft Application Security 12 O nce your operating system is secure, you can focus on securing the software that runs in the operating system. Operating system software is different from application software. Regardless of how secure your operating system is, one vulnerable application can put your organization’s data at risk. This chapter will teach you about the most popular Microsoft applications. You will also find out how to make each one more secure to protect your organization’s data. Chapter 12 Topics This chapter covers the following topics and concepts: • What the principles of Microsoft application security are • How to secure key Microsoft client applications • How to secure key Microsoft server applications • What you can learn from case studies in Microsoft application security • What best practices for securing Microsoft Windows applications are Chapter 12 Goals When you complete this chapter, you will be able to: • Describe the principles of Microsoft application security • Secure Microsoft client applications • Secure Microsoft server applications • Apply lessons learned from application security case studies 279 280    PART 3 | Microsoft Windows OS and Application Security Trends and Directions Principles of Microsoft Application Security Application security covers all activities related to securing application software throughout its lifetime. Application software is any computer software that allows users to perform specific tasks. Examples of these tasks are sending and receiving e-mail, browsing the Web, creating a document or spreadsheet, or entering orders for materials. Ensuring application software security includes ensuring security during design, development, testing, deployment, maintenance, and retirement. All too often, organizations view application security as a deployment issue. Security must begin earlier in the design and development process. In this chapter, you’ll study how to harden software after it has been completed or acquired by your organization. A secure application is one that protects each of the three C-I-A properties of data security at all times. The three C-I-A properties are confidentiality, integrity, and availability. Check that your software, whether developed in-house or licensed, makes the data it manages available to authorized users on demand while denying access to unauthorized users. This chapter applies to any application software running on a server or client computer. Your applications provide access to data. They must also make certain that only authorized users can view or modify data based on your organization’s specific security restrictions. In short, application security is all about ensuring that your applications add at least one more layer of controls between users and your data. Common Application Software Attacks Understanding the basic principles of securing applications starts with understanding how attackers damage applications. Hackers have many ways to harm applications. Several approaches are more common and deserve the most attention. The more common types of attacks include: • Malformed input—This is one of the most common types of attack. Computer criminals provide input to an application that is designed to cause results the developers did not intend. They use malformed input to crash programs, disclose or modify data, or hijack connections. • Privilege escalation—Privilege escalation adds more authority to the current session than the process should possess. There are several methods to escalate privileges, and all compromise the access control lists (ACLs) you have in place to limit data and resource access. • DoS—Denial of service attacks focus on either making the application or network slow enough that it can’t respond to user requests in a timely manner or crashing the application. Either way, users can’t get to the data they need. • Identity spoofing—This means assuming the identity of another user. Spoofing means masquerading as another person or process. In most cases, the other user is one who possesses more privileges, and this greater access allows an attacker to get into more data and resources. In some cases, hackers use identity spoofing just to hide their own identities—not to escalate privileges. CHAPTER 12 | Microsoft Application Security Many options are available to harden applications. One resource is the Open Web Application Security Project (OWASP). OWASP is a not-for-profit organization that focuses on improving application security. OWASP offers many valuable resources related to application security. You can find many informational videos and the latest Top 10 Web Application Security Risks list. Although primarily focused on Web applications, information on this site applies to all application security topics. The OWASP Web page is located at http://www.owasp.org. • Extra-application data access—This means accessing your application’s data outside the application. This could be from the operating system or from another program, or by just taking or copying backup media. Each of these attacks is preventable. Some of the controls to stop attacks, such as processing malformed input, for example, depend on the application’s design. You can implement controls to stop other attacks. Put extra-application data access into operation outside your application. Just as operating systems need to be hardened to be as secure as possible, follow steps to harden each application you run on any computer. Hardening Applications Hardening applications generally follows several steps. The specific actions differ from application to application, but the overall strategy remains the same. Here are the general steps to hardening applications: • Install the application using only the options and features you plan to use. • After installing the application, remove any default user accounts and sample data, along with any unneeded files and features. • Configure the application according to the principle of least privilege. • Ensure your application has all of the latest available security patches applied. • Monitor application performance to verify that your application adheres to security policy. Keep general guidelines in mind and follow the recommendations for each type of application software. You’ll end up with a far more secure environment than when you started. 12 Microsoft Application Security • Direct file or resource access—This refers to exploiting holes in access controls that allow a user to directly access files or other resources. If your application allows direct object access, users may be able to bypass normal access controls. 281 282    PART 3 | Microsoft Windows OS and Application Security Trends and Directions Securing Key Microsoft Client Applications Many applications tend to run as either client or server components. Clients generally initiate connections and request services from servers. Servers generally listen for incoming connection and service requests. Your approach to securing each type of application software will be different. Client applications are often targets because many workstations, laptops, and mobile devices are not aggressively hardened. With so many personal computers that are insecure and contain client applications, common applications are attractive to attackers who want to compromise an organization’s data. If an attacker can compromise a client application that an organization uses to access a server application, that hacker is one step closer to your data. In this section, you’ll learn about how to secure, or harden, several of the most popular Microsoft client applications. Web Browser Arguably, the most popular and frequently used client application is the Web browser. A Web browser allows a user to access content from Web servers across a network. In most cases, users access resources and applications using the Internet. Web browsers are attractive targets because they are the primary client of Web applications. A compromised Web browser can make it easy for an attacker to access stored server connections by means of stored credentials. Hackers can even compromise your organization’s data without attacking the Web browser directory but by intercepting the information your Web browser sends to the Web server. Web browsers are attractive targets for several types of attacks, including: • Infect with malware—Several default Web browser settings allow Web browsers to run helper programs, such as ActiveX controls or Java applets, to enhance the user experience. Although many helper programs are useful, attackers can provide substitute programs that are actually malware. • Intercept communication—Authorized users can access sensitive organizational data, often using a Web browser. Any device or computer that sits between the client and the server sees all traffic passing back and forth between the two. An attacker who places a proxy server between a Web browser and a Web server can see and collect all of the traffic, including sensitive data that is intended only for the authorized user. This type of attack is often called a man-in-the-middle attack. • Harvest stored data—Some versions of Web browsers have vulnerabilities that allow Web pages to collect information stored on the client computer. This information includes usernames, passwords, account numbers, and local copies of sensitive data. This stored information can appear in cookies, application files, and settings. Criminals can look for this type of information and tell your Web browser to send it to any location. CHAPTER 12 | Microsoft Application Security 283 Table 12-1 Securing a Web browser. Description Set the security level of the Internet zone to High from the Security tab. Setting the security zone to High in Internet Explorer (IE) automatically enables many features that block most known vulnerabilities. Setting the security zone to High will also likely reduce the Web browser’s functionality. Add specific sites you trust as Trusted Sites from the Security tab. When you are visiting sites defined as trusted, Internet Explorer relaxes the restrictions placed on general Internet sites. This setting allows ActiveX and Java application components to run. Change the cookie settings from the Privacy tab. On the Advanced dialog box, select to prompt for first-party and third-party cookies. This setting will alert you any time a Web site attempts to access any cookies. This requires user interaction each time a Web site wants to access a cookie. It gives you the chance to deny cookie access. You can also add any sites from which you want to accept all cookies to the list of allowed sites. You won’t be prompted for cookie access from the listed sites. You can also select the Delete Browsing History on Exit check box on the General tab to have IE delete all cookies and other browsing history each time you exit IE. Uncheck Enable Third-Party Browser Extensions from the Advanced tab. This setting limits the potential of browser helpers from disclosing private data. Check Always Show Encoded Addresses from the Advanced tab. This setting makes it harder to spoof Internet addresses. Uncheck Play Sounds in Web Pages from the Advanced tab. This setting prevents an attacker from infecting your computer using a sound file. These are just a few of the many types of Web browser attacks. You can, however, harden each Web browser to resist attacks. Some of the hardening suggestions may reduce the Web browser’s flexibility and functionality, but it will be more secure. Change settings in any Web browser by opening the settings or options page. Most of the following suggestions apply to all Web browsers, but the actions in the following table are specifically oriented toward Internet Explorer. Table 12-1 lists steps to secure a Web browser. Figure 12-1 shows the Internet Options dialog box for Internet Explorer. 12 Microsoft Application Security Action 284    PART 3 | Microsoft Windows OS and Application Security Trends and Directions Access the Internet Options dialog box by using either of these procedures: 1. Inside Internet Explorer, select Tools > Internet Options. 2. From Windows, launch Control Panel, and then select Network and Internet > Internet Options. Figure 12-1 Internet Options dialog box in Internet Explorer 8. Many more settings are available, but the settings in Table 12-1 will harden your Web browser and will limit the damage an attacker can do using your Web browser. E-mail Client E-mail clients are another popular type of client software. Most of today’s e-mail clients connect to a mail server and either display or download e-mail messages. One of the most popular e-mail clients is Microsoft Office Outlook. As with Web browsers, there are other popular e-mail clients. CHAPTER 12 | Microsoft Application Security Some attacks on your computer are intended to turn your computer into a zombie. A zombie may also be called a bot. It is a computer that follows the instructions sent from another computer. Attackers often use zombies to send spam or malware to all the e-mail addresses in a zombie’s address book. Outbound malware scanning will catch many of these attacks. 12 Microsoft Application Security Generally, the key to hardening e-mail clients is to limit any malicious code that may be attached to e-mail messages. Next, take steps to ensure e-mail message privacy. The first step requires additional software. You should already have anti-malware software installed on each computer. Select anti-malware software that integrates with your e-mail client. Many current anti-malware software packages work with e-mail clients to scan all incoming and outgoing messages for malware. It is important to scan incoming messages to detect any malware before it infects your computer. It is also important to scan outgoing messages to ensure your computer is not sending malware to other destinations. The enterprise solution from Microsoft is Microsoft Forefront. This product fully integrates with existing Microsoft application software. The second step to securing an e-mail client is to safeguard message privacy. Require the use of Secure Sockets Layer/Transport Layer Security (SSL/TLS) when connecting to your mail server to make certain that all message exchanges are encrypted. This option will work only if your mail server supports it and is properly configured to handle encrypted connections. The main drawback is that once your message reaches your mail server, the message is decrypted and sent on its way. Alternatively, you can encrypt each message to guarantee your message stays encrypted all the way from your e-mail client to the recipient’s e-mail client. Unfortunately, there is no automatic method to encrypt e-mail messages for generic recipients. Microsoft Office Outlook includes Secure/Multipurpose Internet Mail Extensions (S/MIME) encryption as long as the recipient has your public key. Several add-on products work with most e-mail clients to encrypt messages as well. For example, OpenPGP, GPG, and S/MIME are all examples of e-mail message encryption methods. Before using any of the methods or software, confirm that the recipient of your e-mail message uses the same method. Additionally, his or her e-mail client must be capable of receiving and decrypting the message. Since you have to take special steps for each recipient to whom you send e-mail, encrypting e-mail messages is not used extensively for sending messages to large groups of people. It does work very well in situations where you know you’ll be sending several private messages to the same person or persons. Most general hardening recommendations are appropriate for other e-mail clients. The following specific recommendations apply directly to Microsoft Office Outlook 2007 and newer versions. Table 12-2 lists steps to make your e-mail client more secure. 285 286    PART 3 | Microsoft Windows OS and Application Security Trends and Directions Table 12-2 Securing an e-mail client. Action Description Install anti-malware software that integrates with your e-mail client. Integrated anti-malware software should scan each incoming and outgoing message. Have a plan to keep all anti-malware software and data up to date. Enable the junk filter function. Configure your e-mail client to filter suspicious messages and put them in a junk messages folder. Keep them separate from your regular messages. If your mail server supports secure connections, force your e-mail client to use only secure connections when retrieving or sending e-mail. Although this setting will encrypt all e-mail messages between your e-mail client and the mail server, messages that travel beyond your mail server will be transmitted in the clear. Do not preview messages. Many attackers embed malicious code in images or other e-mail content. Train users to never open an e-mail message from an unknown source. Since many types of malware send e-mail messages using the sender’s address book, users shouldn’t open any attachment they aren’t expecting. Change the default mail format to plaintext. Plaintext does not contain embedded commands that could result in malware infections. HTML messages are much more visually appealing but more dangerous as well. Use an Encrypting File System (EFS) or BitLocker to encrypt the folder or drive that contains your e-mail data files and attachments. Keeping your e-mail messages and attachment folders encrypted makes it harder for attackers to access the contents of your e-mail messages without encountering operating system access controls. If you need to exchange private e-mail messages with a number of recipients, either use Microsoft’s e-mail encryption or acquire additional software to use another solution. Ensure both sides of the e-mail exchange use the same encryption method. Also, each recipient must have the sender’s public key. In most cases, this is accomplished by first sending a digitally signed message to the recipient. The recipient receives the message and adds the public key to the address book. The recipient can now receive and decrypt encrypted messages from the sender. CHAPTER 12 | Microsoft Application Security 287 Productivity Software Most workstation computers and even mobile devices have some type of productivity software installed. Productivity software is any software enabling users to accomplish general work more efficiently. Productivity software may be installed as several separate programs or as a collection, or suite, of software. Common productivity software programs include the following, along with Microsoft’s product for each solution: Word processing—Microsoft Word Spreadsheet—Microsoft Excel Lightweight database—Microsoft Access Presentation—Microsoft PowerPoint Project scheduling/management—Microsoft Project Publishing—Microsoft Publisher Productivity software packages are also targets for attackers, especially the more popular programs. The main goals for compromising productivity software are malware infection and private data disclosure. Many types of malware infect computers when users open infected files. Infected documents, spreadsheets, presentations, and databases can exploit vulnerabilities in your productivity software and launch malware that infects your computer. Many successful attacks still introduce malware to computers using productivity software document types that appear to be harmless. Table 12-3 Securing productivity software. Action Description Install anti-malware software that integrates with your productivity software. Integrated anti-malware software should scan each file before opening it. Make sure you have a plan to keep all anti-malware software and data up to date. Use EFS or BitLocker to encrypt the folder or drive that contains your productivity software documents and databases. Keeping your document folders encrypted makes it harder for attackers to access the contents of your documents without encountering operating system access controls. Never open a file unless you trust the source. Many malware infections depend on a user opening an infected file. Ensure your productivity software has the latest security patches installed. New vulnerabilities are discovered daily. Unpatched software is at risk. 12 Microsoft Application Security • • • • • • 288    PART 3 | Microsoft Windows OS and Application Security Trends and Directions The standard file extensions also identify potential content types to attackers. If a criminal is looking for private data that is likely stored in an Access database, any files with the extension .accdb are good candidates. Table 12-3 lists the general steps to help secure your productivity software. File Transfer Software One of the earliest uses of networks was to transfer files from one computer to another. Users still transfer files routinely between computers, sometimes over large distances. Every file download or upload is a file transfer. Unfortunately, the protocols most commonly used to transfer files send the contents of each file in the clear, which means unencrypted. The reason for sending data in the clear is that it is much faster than encrypting the data first. However, security is a greater concern than efficiency for private data. Do not use standard file transfer methods for any files that contain private data. Use a secure transfer method. The most common method of transferring files across a network is the File Transfer Protocol (FTP). FTP uses the Transmission Control Protocol/Internet Protocol (TCP/IP) suite to decompose a file into small messages and send the file to a recipient where the file is reassembled. The process is solid but insecure. As security has become more and more important, additional methods have been introduced, including FTP over a Secure Shell (SSH) and Secure FTP (SFTP). Virtual private networks (VPNs) are also a good choice for transferring files. Use unencrypted FTP within a secure VPN to achieve very good privacy. Regardless of the specific choice you use, both ends of the network connection must agree on the methods. The main point of securing file transfer software is to ensure all files that contain private data are transferred using some type of encryption. AppLocker Microsoft introduced a new feature in Windows that allows you to restrict program execution using Group Policy. This new feature, called AppLocker, is included with Windows Server 2008 R2, Windows Server 2012, Windows 7 (Ultimate and Enterprise editions), and Windows 8 (Professional and Enterprise editions). Prior to AppLocker, Microsoft provided basic software restriction capabilities through the Software Restriction Policies (SRP) in previous Windows versions. SRP is still in newer Windows versions but is harder to use in a larger enterprise than AppLocker. Define rules using Group Policy to restrict which applications workstation computers can run using these types of rules: • Path rules—SRP and AppLocker allow you to define specific paths from which users can execute applications. Any application located in paths not approved by these Windows features cannot run. Unless you carefully restrict users from common installation folders, they can just copy new applications into a common folder and essentially bypass the path rule restriction. CHAPTER 12 | Microsoft Application Security 289 Access AppLocker settings in the Group Policy Management Console (GPMC) on Windows Server 2008 R2 by following these steps: 1. Choose Start > Administrative Tools > Group Policy Management. 2. Select a Group Policy Object (GPO) or create a new GPO. 3. Open the context menu for the selected GPO and select Edit. • Hash rules—SRP and AppLocker allow you to create a cryptographic hash for each executable to distribute to workstation computers. Windows validates that the executable program matches the approved hash value each time you run a program. This type of rule is more secure than a path rule, but it requires that you update the hash value each time you distribute a program update. • Publisher rules—AppLocker makes application security easier than SRP by introducing a new type of rule. Publisher rules use digital signatures provided by application publishers. Use these signatures with additional criteria, such as minimum version to define allowable applications. For example, you could allow Microsoft Word to run on a workstation only if it has a valid publisher certificate and is at least version 12.0. Although AppLocker publisher rules are slightly similar to SRP certificate rules, AppLocker has added a lot of features and made defining rules much easier. In addition to the additional features AppLocker provides with Publisher Rules, AppLocker makes it easy to define rules for any number of users employing Group Policy. Securing Key Microsoft Server Applications Server applications are designed to listen for requests and provide some service. They commonly run in the background on server computers, listen to one or more defined ports, and process requests on behalf of clients. Server applications often interact with centralized data and will likely have access to private data. All three properties in the C-I-A triad are of concern in server applications. A secure application is available to respond to client requests, and enforces the integrity and confidentiality of the data it manages. Several types of server applications are common in organizations and each has its own specific security concerns. One of the most useful features of both Windows Server 2008 R2 and Windows Server 2012 is the definition of server roles. When you select a server role, Windows installs only the services you’ll likely need to fill that role. The first step in securing any server software is to secure the server computer. One of the best ways to secure a server computer is to limit the roles you install. Install only roles that are necessary for each server to fulfill its purpose. 12 Microsoft Application Security 4. Expand Computer Configuration\Policies\Windows Settings\Security Settings\ Application Control Policies\AppLocker. 290    PART 3 | Microsoft Windows OS and Application Security Trends and Directions Table 12-4 Individual parts of a URL. Description Value Protocol http—The protocol the Web server will use for this exchange Separator ://—Standards separator between the protocol and the host name or address Host name or address www.MicrosoftApplicationSecurityChapter12.com—The name or IP address where the Web server is running Web server command Scripts/wsisa.dll/WService=catlookup?isbn=076372677X— The rest of the URL contains information the Web server uses to interpret the client’s request. In this case, the Web server would attempt to execute wsisa.dll in the scripts folder. Web Server A Web server is a software program that monitors a specific port, normally port 80 or 443, for Web requests and provides content for a Web client. Web servers support many types of requests and apply various protocols to respond to requests. The two most common protocols that Web servers use for normal Web traffic are the Hypertext Transfer Protocol (HTTP) and Hypertext Transfer Protocol Secure (HTTPS). The Web server receives a message from the inbound port in the form of a request that includes a uniform resource locator (URL). The URL contains information for the Web server to know how to handle the request. For example, suppose you are running a Web server at the address www.MicrosoftApplicationSecurityChapter12.com. Your Web server may receive a URL that looks like this: http://www. MicrosoftApplicationSecurityChapter12.com/scripts/wsisa.dll/ WService=catlookup?isbn=076372677X Table 12-4 describes the individual parts of a URL. The Web server receives the message and evaluates the Web server command. The Web server command tells the Web server what to do. If your Web server executes a command without taking any precautions, any anonymous user can tell it to do many malicious things, such as return private data, delete files, or shut down the server. Any of these actions would violate the server’s security. Since you don’t want any Web server blindly executing commands, you need to restrict what the Web server accepts and what it can do. Make a Web server more secure by following a few simple strategies. Table 12-5 lists some of the main strategies for securing any Web server. The strategies in Table 12-5 represent a few of the tasks necessary to fully secure a Web server. Since Web servers are often exposed to the Internet and provide an interface into your network, they are attractive targets. Make sure you spend the time securing each Web server you deploy. CHAPTER 12 | Microsoft Application Security 291 Table 12-5 Strategies to secure a Web server. Description Disable unused protocols/services. Web servers can support many more protocols than HTTP and HTTPS. Each protocol gives attackers additional methods to compromise a server. If you don’t need a particular protocol, such as File Transfer Protocol (FTP), disable it in the Web server configuration and ensure the corresponding service is disabled as well. Remove samples, help, and administration scripts. Some Web servers install additional components you don’t need on a production server and may be vulnerable to attacks. Disable scripts for types you don’t need. Web servers recognize many different types of file extensions and will attempt to interpret scripts and programs it receives. Hackers use this knowledge to send attack scripts to exploit vulnerabilities. Deny directory traversal and listing. Stop Web clients from sending paths or commands that access resources outside the Web server path. Also, don’t let anyone see a directory listing of directories on your server. Criminals use information to plan more attacks. Enable auditing of failed logon attempts and failed resource requests. Auditing can provide information to identify attacks or reconnaissance on your Web server. Put all Web content on a disk drive that is separate from the operating system or any private data. Separating Web server files from system files and private data reduces the damage an attacker can do if your Web server is compromised. Require secure connections for any private data exchange. SSL/TLS connections encrypt traffic between the Web server and the Web browser, keeping messages private. Use operating system access controls to limit access for Web users. Operating system access controls can limit the objects any user can access, including Web users. Disable any Web server authentication methods your application does not need. Some Web server authentication methods, such as digest authentication, are vulnerable and should not be used. Remove any unused encryption ciphers. Many Web servers install several encryption ciphers to support as many types of encryption as possible. Remove any ciphers that are weaker than your minimum requirements. This stops clients from negotiating a weaker encryption algorithm with the Web server. 12 Microsoft Application Security Strategy 292    PART 3 | Microsoft Windows OS and Application Security Trends and Directions You can add a role to a Windows Server 2008 R2 server from the Server Manager window. Follow these steps to add a new role to a server: 1. From the Windows desktop, choose Start > Administrative Tools > Server Manager. 2. Select Roles > Add Roles. 3. Select Next to see the roles you can add to the current server. 4. Check the Web Server (IIS) box and choose Next. Microsoft’s Web server, Internet Information Services (IIS), has long been a familiar component in Windows environments. The latest version of IIS that ships with Windows Server 2008 R2 or Windows Server 2012 represents Microsoft’s most secure Web server to date. Microsoft learned many lessons from previous versions of IIS and made the latest version secure from the beginning. If you take the time to install IIS with only the options you need, it doesn’t require much additional work to create a secure Web server. Figure 12-2 Add Roles Wizard for adding Web Server (IIS) role to Windows Server 2008 R2. CHAPTER 12 | Microsoft Application Security 293 12 Microsoft Application Security Figure 12-3 Select Role Services for adding Web Server (IIS) role to Windows Server 2008 R2. The starting point for installing IIS is a Windows Server 2008 R2 or Windows Server 2012 server. Install IIS to a standard Windows server or a Windows Core Server installation. You’ll learn about adding IIS to a standard server in this chapter. You install IIS by adding an additional role to the server. Figure 12-2 shows the Add Roles Wizard windows for adding the Web Server (IIS) role to Windows Server 2008 R2. Notice in Figure 12-2 that Windows provides several resources to help you add IIS to your server. Read through an overview of the new role services Microsoft introduced in IIS starting with version 7.5. These services allow you to pick and choose just the services your Web server needs to run your Web sites and applications. This saves you the time and effort of having to disable unneeded services after installation. Microsoft also provides detailed checklists to help you install IIS with the features and security you want. After reviewing the help and documentation, proceed to the role services selection window. Figure 12-3 shows the Select Role Services window for adding the Web Server (IIS) role to Windows Server 2008 R2. 294    PART 3 | Microsoft Windows OS and Application Security Trends and Directions Windows lets you select the services your Web server will need before it installs anything. This is the step that can make your Web server lean and secure. Carefully review each selection before checking any box. Once you have all of the desired services selected, continue installing IIS. Although IIS installs in a fairly secure state, you should still review the server and the Web server software to ensure the highest level of security possible. E-mail Server Another common server you’ll find in many organizations is an e-mail server. Microsoft’s e-mail server is Microsoft Exchange Server. An e-mail server provides e-mail services to clients. Clients connect to the e-mail server and either receive e-mail messages from the server or send e-mail messages to the server. One connection could include both operations. Clients can either download messages to read locally or read messages directly from the e-mail server. If you allow it, each client can choose between remote or local message storage. When considering e-mail server security, cover all three properties of the C-I-A triad. Your e-mail server must be available. One of the most frustrating situations for users to encounter is an e-mail server that is unavailable. E-mail is such an integral part of daily tasks that access to it is expected. Your e-mail server must also ensure private messages are private and no message changes in transit. While the confidentiality and integrity properties are important for some messages, the overhead generally doesn’t warrant securing all messages. It is important to secure all e-mail that is stored on your e-mail server. Your e-mail server may store messages for very short periods of time or for months, or even years. Double-check that both your e-mail server software and the operating system protect e-mail message data using file, folder, or drive encryption. Since many people rely on the practice of storing e-mail messages on the e-mail server, have a solid disaster recovery plan (DRP) and business continuity plan (BCP). These plans protect your e-mail in case of data loss. Unlike IIS, Exchange Server is a separate commercial product. Once you purchase a license, you can acquire and install Exchange Server on your Windows Server computer. During installation, you specify many of the characteristics to secure your e-mail server. Exchange Server 2010 allows you to select from several roles that define whether the server will store messages, provide client access to messages, transport messages to other e-mail servers, or even perform a combination of roles. The specific role your e-mail server plays tells the installation process how to configure the software for the most functionality and highest security. An e-mail server must deal with several vulnerabilities to support secure e-mail exchange. When securing an e-mail server, address these issues: CHAPTER 12 | Microsoft Application Security E-mail servers are frequent participants in spreading malware. Good anti-malware software, along with strong access controls, can reduce the potential for your e-mail server spreading malware. Requiring encryption of all connections will greatly increase the overall security of messages exchanged within your organization. Remember that messages that travel outside your organization are not encrypted by default. It is the responsibility of the e-mail clients to agree and encrypt messages. Microsoft Exchange Server goes a long way toward ensuring your e-mail messages are as secure as possible. Database Server Nearly every application needs some type of stored data on which to operate. Some applications use their own internal data storage techniques. The majority of applications use separate database management products to store data. Application developers write application software that interfaces with one or more databases to maintain the data each application needs. Today’s databases are getting larger. It is not uncommon to see database sizes in excess of many terabytes. As applications rely on database management systems more and more to provide access to data, organizations are isolating databases on separate servers. These specially configured database servers are efficient platforms for applications and attractive targets for attackers. Database management systems routinely store application data for rapid and secure retrieval on demand. Databases can store private and public data. They handle each type of data differently. Separating all of an organization’s data to a database server gives the organization greater control over how to secure that data. Securing a database, like securing any other server software, depends on a secure operating system first. After the basic security needs of the underlying platform have been addressed, databases can help ensure the confidentiality, integrity, and availability of stored data. 12 Microsoft Application Security • Limit operating system logons and administrator rights—Only a limited number of user accounts should have administrator access to the e-mail server computers. • Enforce strong e-mail user authentication—Require strong authentication for all e-mail clients. • Use encrypted connections for all communication between Exchange servers— This is the default behavior. • Enable only the protocols your e-mail clients require—Post Office Protocol version 3 (POP3) and Internet Message Access Protocol 4 (IMAP4) are older protocols and are disabled by default. Enable them if necessary, but Exchange allows these connections only if they are encrypted. • Patch all Exchange Server instances—Frequently check for security updates and install them to all your Exchange servers. • Use anti-malware software on each server—Microsoft Forefront is one enterprise solution. • Encrypt folders or drives that store e-mail messages—Use Encrypting File System (EFS) or BitLocker. • Plan for high availability—Develop a solid BCP and DRP that ensure maximum uptime. 295 296    PART 3 | Microsoft Windows OS and Application Security Trends and Directions Current database management systems have several options and strategies to provide maximum availability. Take frequent backups, archive transactions logs, or implement data replication. Most current database products also provide configuration options that are specific to high availability. One configuration option is using failover clustering to protect from hardware failure. Regardless of the options you choose, research your database management system’s capabilities and deploy the configuration that fits your budget and provides the greatest availability. The ability of a database management system to provide confidentiality and integrity depends on the quality of the authentication, access controls, and query preprocessing. First, use strong authentication for all database queries. In the database world, a query is any statement that accesses data. A query can read, write, create, or delete data. Each query requests access to data on behalf of a specific user or process. Enforce unique user accounts and strong ! WARNING authentication. Legacy database applications often allowed If your organization deploys generic user accounts that multiple users shared. While this a distributed application, make practice is acceptable for public data, it is not acceptable for sure all connections from the client databases that contain sensitive data. Do not allow this practice to the database are encrypted. for databases that contain sensitive data. Each user should have Many applications force secure a unique account. Unique user accounts make it possible to connections just from the client to grant access privileges to specific users and audit activity more the Web server. While this strategy precisely. Just as with hardening the operating system, require protects data transmitted across the strongest authentication method your clients support. the Internet, data is decrypted The next security property is confidentiality. Database and transmitted in the clear from management systems use encryption to support confidentiality. the Web server to the application To make database access as secure as possible, enforce encrypted servers and database servers. connections any time you transfer private data. You can enforce Encrypt all connections. this using VPNs or individual connection encryption. Make sure no private data is transmitting in the clear. Databases also use encryption to store data. Data at rest has several different encryption options. This list of options includes: • EFS or BitLocker—While encrypting a file, folder, or volume does store data encrypted, most database administrators prefer more control over what gets encrypted. Encrypting data at the operating system level may lead to far more data being encrypted than what an organization needs. • Transparent Data Encryption (TDE)—Current database management systems generally offer an option to encrypt either selected database objects or even an entire database. Transparent Data Encryption (TDE) encrypts all data without requiring any user or application action. • Application encryption—The most fine-grained control is for the application to decide what data to store encrypted and carry out the encryption process directly. This last option provides the most control over encrypted data but at the cost of substantial software development effort. CHAPTER 12 | Microsoft Application Security • Secure the operating system—Always start with a secure operating platform. • Install the latest patches—Check that you have the latest security patches and develop a plan to acquire and install all released patches. • Require strong authentication—Require authentication of all users before processing a query and force the strongest authentication method your clients can support. 12 Microsoft Application Security The last major security property that database management systems protect is data integrity. Although database vendors go to great lengths to ensure internal data integrity, integrity in a security context has a slightly different meaning. To support both confidentiality and integrity, database management systems make certain that no unauthorized user can view or modify data. To enforce these two properties, the database management system must know the identity of the user who submitted the query. Positive identification and authentication provide a trusted user account. The next step is to authorize a user to carry out a data operation. Most of the commercial database management systems support the Structured Query Language (SQL) to access data in a database. SQL defines a security model that grants or revokes access privileges to specific pieces of data. The database management system evaluates each field, or column of data, based on the permissions defined for the current user. SQL security is quite good. The problem is that it can be cumbersome to manage. SQL security is based on users, and granting data access to anonymous users can allow anyone to access your data. As long as you have unique user accounts, you can secure data in your database at a very detailed level. Doing so requires substantial effort in verifying that all permissions are current and accurate. One common problem arises with storing secure data in a database. Most database products interpret SQL queries at run time. In other words, the query statement isn’t evaluated until it is time to execute the statement. Many attackers have learned how to trick the database query processor into doing more than intended. It is possible to add SQL statements to input data, and if an attacker is crafty and careful, he or she can make a database server respond to nearly any command. Adding SQL statements to data for the purpose of sending commands to a database management system is called SQL injection. The best defense against an SQL injection attack is to validate all input before sending it to the SQL query processor. Have your client application validate each input field to ensure it meets your input standards, but make your server validate input as well. Recall that man-in-the-middle attacks sometimes use proxy servers. They also use these servers in injection attacks. If an attacker can intercept network traffic, he or she can also modify the traffic. That means a computer criminal can modify any data that already passed validation on the client. For that reason, never trust data from a client—always validate all input on the server. By validating all input, your database server can detect and remove illegal input such as injected SQL statements. Keeping all these points in mind, here are the general steps to securing a database server: 297 298    PART 3 | Microsoft Windows OS and Application Security Trends and Directions Let Microsoft Handle Your Database Microsoft offers another option for organizations that use Microsoft SQL Server. Microsoft SQL Azure provides SQL Server database services as a subscription. Your database no longer resides in your environment but resides and is managed in Microsoft’s cloud environment. The advantages to this approach are that Microsoft handles all of the patching, high availability, and basic security tasks for you. You can find more information on Microsoft SQL Azure at http://www.windowsazure.com/en-us/home/ features/data-management/. • Use separate user accounts for database administration—These are separate system administrators, database administrators, and database user accounts. • Install only necessary components—Do not install database services or components you don’t need. Review the installation process and remove unneeded components. • Remove or disable default users—Most database management systems install default user accounts. Attackers know which default users exist in most databases. Remove or disable all of these default accounts. • Use auditing—Enable auditing for failed logon attempts and possibly access to critical data. Be aware that auditing any data access can create a large number of log entries. • Change default ports—Never use the default ports to access database services. Attackers know these default ports. Select alternate ports for all database accesses. • Revoke any developer access to production environments—Developers should have access only to development and testing environments. • Encrypt private data—Select an encryption method that secures private data. • Develop and maintain plans for business continuity and disaster recovery— Plan for disruptions and know how to minimize your downtime. • Validate all input—Never evaluate a database query without validating the query first to ensure that no extra data is in the query. • Monitor performance—Monitor how well the database is executing queries and be prepared to respond if performance degrades. These steps will help you create a database environment that supports your data’s security. CHAPTER 12 | Microsoft Application Security 299 ERP Software • Create unique user accounts—Securing shared data depends on uniquely identifying users. Don’t allow users to share accounts. • Enforce strong authentication—Since data security depends on user- or group-based authorization, choose the strongest authentication type your application allows. • Restrict access to application components—Use application security options to restrict function access by user or group. • Develop ERP acceptable use policy (AUP)—Develop acceptable use policies for the ERP software. Train all users on current AUPs. • Secure workstations—Follow recommendations for securing any workstation that accesses your ERP application. • Require encrypted connections—Require secure VPN or other encrypted connection to access the ERP application. Line of Business Software ERP applications address mostly generic business needs. Some organizations have specific business processes that are unique to their market or organization. Many organizations either develop or acquire specialized application software to help them conduct business. Software applications that are specific to a particular process in an organization are called line of business (LOB) software. For example, line of business software can include any of these applications: • Enterprise project management • Workflow control • Service technician tracking and scheduling LOB software isn’t necessarily unique to an organization, but it isn’t needed by all organizations. The security concerns are the same ones as with ERP applications. The workforce depends on the application’s operation and the data’s security. The application must be available, responsive, and dependable. Follow the same recommendations as in the ERP application section, and you’ll have a secure LOB application. 12 Microsoft Application Security Enterprise Resource Planning (ERP) software is an integrated collection of software programs. It manages many aspects of a business, including finances, human resources, assets, and business processes. ERP software generally serves to unite different users and organizational units by sharing and combining data. ERP software provides centralized data storage and functional software capabilities that streamline business processes. The security concern of ERP software is that a large portion of an organization’s data is centralized. Most, if not all, of the users in the organization access the ERP software as part of their normal business function. That means many users have access to the application and the database. Each software vendor provides specific recommendations for its product, but many strategies to secure ERP software are common among vendors. Follow these guidelines to secure any ERP software application: 300    PART 3 | Microsoft Windows OS and Application Security Trends and Directions Case Studies in Microsoft Application Security When learning new concepts, it often helps to see examples. The best examples are real-life examples. In this section, you’ll learn about three real-life organizations that encountered IT security issues and solved them in a Microsoft Windows environment. These examples show that few problems have quick fixes and are often related to other issues. All security problems take time and effort to resolve. Here is how three organizations resolved their challenges. Sporton International Sporton International is based in Taiwan. It certifies hardware devices that use electromagnetic current, including computers and mobile phones. Sporton provides certification and testing services for IT leaders such as Apple, HP, and Nokia. The company has access to its customers’ sensitive trade secrets and product prototypes and must ensure that these remain secure. To safeguard customers’ data, Sporton worked toward more complete documentation and control of its security infrastructure. It deployed Microsoft Forefront security products, which work with the Microsoft products Sporton was already using, to manage risk and empower people across the enterprise. Using a product that integrated with Microsoft applications already in use lowered software licensing costs by at least US$15,000 a year. The company now automatically enforces security compliance, proactively blocks noncompliant e-mail messages before an attacker can compromise data, and uses reporting and documentation features to more easily meet security regulations. Sporton demonstrated that changing software isn’t always the best answer. In its case, Sporton was able to add an additional layer of software, Microsoft Forefront, which maintained the company’s existing integration and provided the documentation it required. One of the features of Microsoft Forefront is advanced anti-malware protection for an enterprise. This feature protects all application software from potential infection. Monroe College Monroe College is a private college with its main campus in New York City. It has two additional campuses in New Rochelle, New York, and St. Lucia. The college offers degrees in a variety of professional career-oriented areas of study. It has an IT staff of 30 full-time professionals who are responsible for maintaining and protecting more than 1,800 computers, 70 physical servers, and 100 virtual servers. They are also in charge of providing secure college network access for students, who bring their own laptops and mobile devices to the campuses. The IT staff tried two previous solutions to manage the security of their computers. The first attempt didn’t properly secure the desktop and laptop computers and left them vulnerable to Internet viruses and spyware. These infections resulted in multiple outages and much downtime. The second product reduced the number of outages but was difficult to maintain. The Monroe IT group had to struggle to keep security updates current. On the third attempt, Monroe College turned to Microsoft Forefront Client Security. CHAPTER 12 | Microsoft Application Security 301 Since installing Microsoft Forefront Client Security, Monroe College has experienced no disruptions resulting from a virus or malicious software. The IT staff also has Microsoft Forefront at its disposal to simplify system administration to make software updates easy to deploy. Dow Corning Best Practices for Securing Microsoft Windows Applications A little research on securing applications will yield many resources. You can find tutorials, how-to guides, and complete reference works with detailed instructions to follow. While there are many details necessary to make your applications as secure as possible, several general guidelines will address the most important security needs. Although each application and each organization is different, they all share common strategies to establish good security controls and foil attackers. The following recommendations come from practical experience with many organizations and applications. They are the strategies that produce the best results. These best practices will help you establish a solid foundation for securing your applications: • • • • • • • Harden the operating system first. Install only the services necessary. Use server roles when possible. Use SCW to apply least privilege principle to applications. Remove or disable unneeded services. Remove or disable unused user accounts. Remove extra application components. 12 Microsoft Application Security Dow Corning is a global chemical manufacturer that is jointly owned by the Dow Chemical Company and Corning. Dow Corning provides more than 7,000 silicone-based products and serves more than 25,000 customers worldwide. More than half of the company’s annual sales are outside the United States. Dow Corning’s goals were to consolidate and extend identity management workflows. The company also needed to move toward a more secure, well-managed, and dynamic core IT infrastructure capable of protecting their sensitive data as it moved through e-mail and collaboration systems. Dow Corning planned to migrate its e-mail infrastructure to Microsoft Exchange Server 2007 but was unable due to restrictions in its existing provisioning scripts. Dow Corning decided to deploy Microsoft Forefront Identity Manager 2010 to replace custom user provisioning scripts that could not support the upcoming migration to Microsoft Exchange Server 2007 or additional Active Directory domains. With Forefront Identity Manager 2010, the company should increase efficiency through password synchronization and reduce work for the help desk staff. As of this writing, Dow Corning also plans to extend messaging and collaboration beyond the enterprise to business partners, who will also be supported by the Microsoft identity-based access solution. 302    PART 3 | Microsoft Windows OS and Application Security Trends and Directions • • • • • • • • • • • • Open only the minimum required ports at the firewall. Define unique user accounts. Use strong authentication. Use encrypted connections for all communication. Encrypt files, folders, or volumes that contain private data. Develop and maintain a BCP and DRP. Disable any unneeded server features. Ensure every computer has up-to-date anti-malware software and data. Never open any content or files from untrusted sources. Validate all input received at the server. Audit failed logon and access attempts. Conduct penetration tests to discover vulnerabilities. These best practices apply to most server applications and ensure you are protecting your data at the server level. CHAPTER SUMMARY Securing applications is an integral part of an overall security plan. The most secure environment is not very secure if the servers aren’t hardened as well. Attackers know that servers store an organization’s valuable data and the programs that manipulate that data. Your servers will be targets. Your clients will be targets, too. In many cases, attackers will attempt to compromise clients to get to your servers. Have a plan for foiling assaults at both the client and server levels. That plan should start with hardening your applications to make them as secure as possible. In this chapter, you learned how to secure several types of application software. You found out how to secure both client and server applications and why each one is important. You also reviewed best practices that will provide a solid foundation for a secure application environment. CHAPTER 12 | Microsoft Application Security 303 Key Concepts and Terms Privilege escalation Query Spoofing SQL injection Structured Query Language (SQL) Transparent Data Encryption (TDE) Uniform resource locator (URL) Zombie Chapter 12 Assessment 1. The main focus when securing application software is confidentiality. A. True B. False 2. Which type of application attack attempts to add more authority to the current process? A. Privilege spoofing B. Identity escalation C. Privilege escalation D. Identity spoofing 3. Which of the following is the best first step in securing application software? A. Install all of the latest patches. B. Harden the operating system. C. Configure application software using least privilege. D. Perform penetration tests to evaluate vulnerabilities. 4. A ________ is an attractive target because it is the primary client of Web applications. 5. Why are ActiveX controls potential security risks? A. ActiveX controls can contain malware and run on the client. B. ActiveX controls can contain malware and run on the server. C. ActiveX controls require that you divulge sensitive authentication details. D. ActiveX controls are outdated and generally used by older Web applications. 12 Microsoft Application Security Application software Enterprise Resource Planning (ERP) File Transfer Protocol (FTP) Hypertext Transfer Protocol Secure (HTTPS) Man-in-the-middle attack 6. Enabling secure connections ensures e-mail messages are encrypted between sender and recipient. A. True B. False 7. Which of the following is a simple step to make e-mail clients more secure? A. Use EFS/BitLocker to store e-mail messages on the server. B. Install third-party message encryption. C. Turn off message preview. D. Remove e-mail clients and use server-based e-mail access. 8. Which of the following steps can increase the security of all application software? A. Install anti-malware software. B. Use whole disk encryption on client workstations. C. Run SCW on workstations. D. Require SSL/TLS for connections to a Web server. 9. You use Windows server roles to configure each Windows server computer to perform only one task. A. True B. False 304    PART 3 | Microsoft Windows OS and Application Security Trends and Directions 10. A URL can contain commands the Web server will execute. A. True B. False 11. How do you install IIS on a Windows Server 2008 R2 computer? A. B. C. D. Purchase IIS and install it. Download IIS for free and install it. Add the Web Server (IIS) role to a server. Install IIS from the Windows install DVD. 12. A ________ is any statement that accesses data in a database. 13. ________ encrypts all data in a database without requiring user or application action. 14. SQL injection attacks are possible only against popular Microsoft SQL Server databases. A. True B. False 15. Is requiring secure connections between your Web server and your application server worth the overhead and administrative effort? A. No, because both the Web server and application server are inside your secure network. B. Yes, because your Web server is in the DMZ and is Internet-facing. C. No, because secure connections between high-volume servers can dramatically slow down both servers. D. Yes, because your application server is in the DMZ and is Internet-facing.
Purchase answer to see full attachment
User generated content is uploaded by users for the purposes of learning and should be used following Studypool's honor code & terms of service.

Explanation & Answer

Please find attached. Thank you.

Running Head: CRITICAL THINKING

1

Critical Thinking
Name
Professor
Institution
Course
Date

CRITICAL THINKING

2
Critical Thinking

When a company has a secure operating system implies that it becomes possible to secure
the operating software. In this case, the operating system software differs from the application
software, and there is the need to focus on how to secure the software. The operating system
determines the success of the activities performed in different ways. The application security
assists in securing the application software and ensuring that operations take place without
delays.
The operation software assists in ensuring that all the activities performed through the
operating system becomes successful without failure of any of the functions. On the other hand,
securing the operating system implies that there is the creation of a stable environment where
there is the control on the access of the resources required in making the operating systems
succ...


Anonymous
Great study resource, helped me a lot.

Studypool
4.7
Trustpilot
4.5
Sitejabber
4.4

Related Tags