IT practitioners need to know security knowledge (1)

Recently, CSDNs and other websites are taken off, and they are boiling. As a programmer, I think the strength of the software developer’s own safety awareness and

The multi-widow of safety knowledge directly affects the safety of the developed system. From this perspective, there are three reasons for the unsafe of the system:

A. I don’t know if there is security hazard.

B. Using inappropriate security measures

C. Know that there is a security hidden danger, but for simple (or possibly other reasons), it is ignored.

Which one do you belong to?

If you belong to the first two cases, please continue to look down. This article is written from the perspective of software engineers, but I think some of them,

It is also beneficial to other IT practitioners. So named “Safety Knowledge I need to know”.

00 – System Architecture

We first start from the system’s architecture to see and closely relevant features. The following figure is the most common system architecture mode now.

Fig.1

– Multi-User System)

Now the application system, most of which allows multiple different users to log in to the system, and their respective operations do not affect each other. For multi-user systems

There must be several functions of access control:

A. Identification of user identity, that is, authentication.

B. Different users granted different permissions.

C. A access control according to the user’s permissions.

– remote access

Whether it is C / S or a system of the B / S architecture, users have access to the system over a network connection. Application system provides services to legitimate users

At the same time, it also exposes yourself in front of a variety of threats.

A. Most systems do not make any restrictions on the host used by the client. Therefore, the security of the client host is uncontrollable. If the user

Sensitive information such as unsafe hosts, certification documents is easy to leak.

B. Internet is an open, unsafe network, and even a lot of internal network security conditions are also worrying. Data is in these unsafe

It may be eavesdropped and tampered at the time of transmission.

C. Because the server is provided through the Internet, the server is directly exposed in an unsafe network environment. Therefore, attackers can directly access the service

The attack of the server, the network level (TCP / IP) is easy.

– Relationship database system

The data of the application system is usually stored in the relational database. The database itself has a self-contained system, which reduces the application of the application system in many ways.

Airtight. However, some security hazards have also been introduced.

A. Because the application server connection database is automated, you need to configure authentication credentials such as username and password to the application.

This will cause a certain amount of trouble to password management.

B. Due to the different data models, it is difficult to put user permissions in the application and user permissions in the database. In many circumstances,

Users of multiple application systems share a user of a database system to access data in the database. This is a number of illegal access to malicious users.

It provides a possibility.

01 – Data security

As the core of the application, it is usually necessary to transmit and store between users and servers, so they face threats in many links.

– Client potential threats and countermeasures

As mentioned earlier, usually, users can use any computer access system, which is uncontrollable.

Threat 1: The information stored by the client is stolen, such as: http cookie, page cache, etc.

Countermeasure:

A. Applications with high security levels to access a dedicated client device.

B. Do not store unnecessary information on the client machine. Once I have encountered, the programmer stores the password in the cookie of HTTP.

C. Empty the client’s cache and cookie information.

D. Encryption Storage sensitive information.

Threat 2: Keyboard Enter Record (Keystroke_Logging)

Keystroke logging is not only used by hackers, and it is often used to do audit and user behavior analysis. For example, many input method software

Record the user’s input content and send it to the server side to do user behavior analysis. This has a high business value. Not light is lost

In the case, now some Android and iOS free applications, on the surface, on the surface, make money on the surface, actually more profitable to sell users.

Countermeasure: Virtual Keyboard

Malicious molecules often use this method to steal users’ ID and password, as well as private information such as bank card number. We can

Use a virtual keyboard in the system to complete the input of sensitive information by mouse. As shown below:

Fig.2 (from wikipedia)

– Potential threats and countermeasures for network transmission

Threat: Sniffeng

Erotting is a very common network threat. Data is easily eavesdropped during transmission of the network.

Countermeasure 1: Secure Channel

The easiest way is to establish a secure channel, and all data in the application system is transmitted in the secure channel.

A. The system of HTTPSB / S architecture can create a secure channel through HTTPS. Simply configuring on the web accessor, do not need to make modifications to applications.

B. SSL / TLS

The C / S architecture system can establish SSL Socket through the SSL / TLS API provided by OpenSSL.

C. VPN (Virtual Private Network)

And software development is not big.

Use a secure channel to encrypt all data and resist multiple attacks. However, it will significantly reduce the performance of the system.

Countermeasure 2: Encryption

If only some of the data needs to be encrypted, you can encrypt the application layer.

– Server-end threats and countermeasures

Threat 1: Legal users leak secret

There are superusers in a lot of application systems. Once the malware has a super user, the entire system is controlled.

Countermeasure: Separation and minimum authority principle

Introduction to the subsequent authorization section.

Threat 2: Data is stolen

Countermeasure 1: Blocking data stolen measures

These measures are independent of the app itself.

Countermeasure 2: Encryption

Once the data is stolen, the encryption is the last line of defense.

02 – Cryptographic small knowledge

– Cryptographic misunderstanding

As can be seen from the previous section, cryptography is critical to the security of data. However, due to the lack of cryptographics knowledge,

Software development is often easy to appear:

A. Use homemade password algorithm

Many developers will think that it is difficult to crack if the algorithm is not open. But most of the self-made algorithms are simply replaced,

Shift or logical operations are implemented, and there is no verification using a professional approach, so it is not reliable.

“All Secrets in Password” is a basic point of view of modern cryptography. Therefore, the disclosure algorithm does not affect its security.

B. More more, in order to avoid the storage key, use the disclosed non-density code algorithm to use the password algorithm.

I used to use a programmer to use the base64 as an encryption algorithm. The data is encoded 3 times with Base64.

C. Using an outdime password algorithm

Over time, some password algorithms have proven to be no longer safe. But it is still widely used, such as: DES, RC4, etc.

D. Documentation directly using the asymmetric algorithm

There is no security problem, just the low efficiency.

– Symmetrical password algorithm

There is only one key, which is used for encryption and is also used to decrypt.

A. AES, key lengths 128, 192, 256bits. (Recommended)

B. 3DES, valid key length 168bits

C. Blowfish, key length 32-448BITS

D. Idea, key length 128bits

The implementation of various password correlation algorithms is provided in the OpenSSL library.

– Summary Algorithm (Digest Algorithm)

Also known as the encrypted hash algorithm is used to generate a HASH value.

A. SHA1, Summary Length 160Bits (Recommended)

B. MD5, summary length 128bits

– Summary algorithm characteristics:

A. One-way

The summary algorithm is a one-way function, and a summary can be calculated from a clear text. But it is not possible to derive a clear text from a summary.

B. Uniqueness

Different plaintext, the calculated summary is also different

The same plaintext, the calculated summary is always the same.

C. The plaintext can be any length, and the length of the summary is always fixed.

When we mention encryption and ciphertext, we means that we can decrypt clear text from ciphertext. And mentioning the summary algorithm and summary means me

There is no way to get a clear text data. The encryption algorithm and summary algorithm in the cryptography have a very different use.

– asymmetric cryptographic algorithm

There is a pair of keys, with one of the key encrypted data, you must use another key to decrypt data.

A. RSA, key length, recommend> 2048bits

B. DSA, key length, recommended> 2048BITS BITS / SPAN>

C. Adding secret speed is very slow

The implementation of various password correlation algorithms is provided in the OpenSSL library.

Whether it is a symmetrical or asymmetric cryptographic algorithm, the longer the key length, the more difficult to crack.

– Public key (certificate) system foundation

Since the performance of the non-symmetric algorithm is very low, the public key system simultaneously uses a symmetric key algorithm, asymmetric key algorithm and

Abstract algorithm. Take advantage of their own advantages to achieve safety and efficient purposes.

A. Symmetric algorithm is used to do data encryption.

B. Summary algorithm is used to do data summary.

C. The non-symmetric algorithm is used to perform the key encryption of the symmetric algorithm, and the signature of the data summary.

D. Private key and public key

In a pair of keys, the user retains one of them, and does not let anyone know, call the private key. in addition

A key is public to everyone. This key is called public key.

E. The process of encrypted decryption is shown in the following figure: Fig.3 (image from http://218.108.81.184/wljr/wljrdzja/zy/new_page_09a.htm)

Suppose Alice is sent to private data to BOB. Alice first encrypts data with a symmetrical algorithm, the key is a random string. Then use BOB

The public key encrypts the key encryption of the symmetric algorithm, and finally transmits the ciphertext data to Bob. Bob After receiving secret text, decrypt it with your own private key

The key of the symmetric algorithm, then decrypt data with key of the symmetric algorithm. Because only bob has a private key, only Bob can decrypt data.

F. Digital signature and authentication process are shown below:

Fig. 4 (picture from http://218.108.81.184/wljr/wljrdzja/zy/new_page_09a.htm)

Suppose the Alice sends data to bob, how Bob knows that the data is indeed ALICE sent? Alice first uses a summary

The law is summarized, then encrypts the abstract with your own private key. Finally, the ciphertext to the data and summary is sent to BOB. Bob receives

After the data and summary of the ciphertext, use Alice’s public key to decrypt the abstract, and then use the data to calculate a summary. If 2 copies are the same, then

It can be confirmed that the data is indeed sent by the ALICE.