Get the full ebook with Bonus Features for a Better Reading Experience on ebookgate.

com

Java Security Solutions 1st Edition Helton

https://ebookgate.com/product/java-security-solutions-1st-
edition-helton/

OR CLICK HERE

DOWLOAD NOW

Download more ebook instantly today at https://ebookgate.com

Instant digital products (PDF, ePub, MOBI) available
Download now and explore formats that suit you...

Java Software Solutions Global Edition John Lewis

https://ebookgate.com/product/java-software-solutions-global-edition-
john-lewis/

ebookgate.com

Hacking Exposed Network Security Secrets Solutions 3rd

Edition Stuart Mcclure

https://ebookgate.com/product/hacking-exposed-network-security-
secrets-solutions-3rd-edition-stuart-mcclure/

ebookgate.com

Canine Ergonomics The Science of Working Dogs 1st Edition

William S. Helton

https://ebookgate.com/product/canine-ergonomics-the-science-of-
working-dogs-1st-edition-william-s-helton/

ebookgate.com

Hacking exposed 6 network security secrets solutions 6th

ed Edition Stuart Mcclure

https://ebookgate.com/product/hacking-exposed-6-network-security-
secrets-solutions-6th-ed-edition-stuart-mcclure/

ebookgate.com
Cyber Security and Global Information Assurance Threat
Analysis and Response Solutions Advances in Information
Security and Privacy 1st Edition Kenneth J. Knapp
https://ebookgate.com/product/cyber-security-and-global-information-
assurance-threat-analysis-and-response-solutions-advances-in-
information-security-and-privacy-1st-edition-kenneth-j-knapp/
ebookgate.com

ISSE 2011 Securing Electronic Business Processes

Highlights of the Information Security Solutions Europe
2011 Conference 1st ed. Edition Norbert Pohlmann
https://ebookgate.com/product/isse-2011-securing-electronic-business-
processes-highlights-of-the-information-security-solutions-
europe-2011-conference-1st-ed-edition-norbert-pohlmann/
ebookgate.com

Java 2 micro edition Java in small things James White

https://ebookgate.com/product/java-2-micro-edition-java-in-small-
things-james-white/

ebookgate.com

Mobility Security and Web Services Technologies and

Service oriented Architectures for a New Era of IT
Solutions 1st Edition Gerhard Wiehler
https://ebookgate.com/product/mobility-security-and-web-services-
technologies-and-service-oriented-architectures-for-a-new-era-of-it-
solutions-1st-edition-gerhard-wiehler/
ebookgate.com

Java Rules 1st Edition Douglas Dunn

https://ebookgate.com/product/java-rules-1st-edition-douglas-dunn/

ebookgate.com
Java Security Solutions
Rich Helton and Johennie Helton

Published by
Wiley Publishing, Inc.
10475 Crosspoint Boulevard
Indianapolis, IN 46256
www.wiley.com

Copyright © 2002 by Wiley Publishing, Inc., Indianapolis, Indiana

Published simultaneously in Canada

Library of Congress Control Number: 2002107908

ISBN: 0-7645-4928-6

Manufactured in the United States of America

10 9 8 7 6 5 4 3 2 1

1B/RV/QY/QS/IN

No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any
means, electronic, mechanical, photocopying, recording, scanning or otherwise, except as permitted under
Sections 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the
Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center,
222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 750-4744. Requests to the Publisher for
permission should be addressed to the Legal Department, Wiley Publishing, Inc., 10475 Crosspoint Blvd.,
Indianapolis, IN 46256, (317) 572-3447, fax (317) 572-4447, E-Mail: [email protected].

Limit of Liability/Disclaimer of Warranty: While the publisher and author have used their best efforts in
preparing this book, they make no representations or warranties with respect to the accuracy or completeness
of the contents of this book and specifically disclaim any implied warranties of merchantability or fitness for a
particular purpose. No warranty may be created or extended by sales representatives or written sales
materials. The advice and strategies contained herein may not be suitable for your situation. You should
consult with a professional where appropriate. Neither the publisher nor author shall be liable for any loss of
profit or any other commercial damages, including but not limited to special, incidental, consequential, or other
damages.

For general information on our other products and services or to obtain technical support, please contact our
Customer Care Department within the U.S. at (800) 762-2974, outside the U.S. at (317) 572-3993 or fax (317)
572-4002.

Wiley also publishes its books in a variety of electronic formats. Some content that appears in print may not be
available in electronic books.

Trademarks: Wiley, the Wiley Publishing logo and related trade dress are trademarks or registered trademarks
of Wiley Publishing, Inc., in the United States and other countries, and may not be used without written
permission. Java is a trademark or registered trademark of Sun Microsystems, Inc. All other trademarks are the
property of their respective owners. Wiley Publishing, Inc., is not associated with any product or vendor
mentioned in this book.

About the Authors

Rich and Johennie Helton are a husband and wife team whose collective experience in the computer industry
spans over 30 years. Together their work history covers most of the facets of the software development life
cycle. Their focus has been security as it applies to networks, applications, and enterprise solutions. The
Heltons operate a consulting firm known as RichWare, LLC (www.richware.com).

Rich Helton's career in computers and security spans over 20 years. His early interest was in amateur radio.
During the 80s he joined the Air Force, and he spent most of the decade in Frankfurt, Germany, working with
computers and secured communications. After serving in the Air Force, Rich was offered a consulting position
at OmniPoint Data Corp, where he helped the inventors of wireless PCS communications. He finished his
MSCS in computer communications at the University of Colorado. He has enjoyed many consulting positions
over the past 12 years, specializing in network security, protocols, and architecture for many companies. His
experience includes building Secure NFS, secure Internet and Intranets, building monitoring software for
enterprise communications and many distributed products. He has served as lead Java architect specializing in
security in such industries as brokerage, financial, telecommunications, and logistics. He is a Sun Certified
Java Programmer and Developer. He is also BEA WebLogic 6.0 Developer Certified. Rich is a co-author of
BEA WebLogic Server Bible [Wiley Technology Publishing, 2002].

Johennie Helton is a systems architect specializing in J2EE technologies. Her professional life has included
design, development, and software consulting in numerous n-tier distributed solutions for the automobile,
financial, healthcare, retail, and coupon industries. During her career she has focused on leading-edge
technologies. She has a strong background in object-oriented analysis, design and implementation, databases,
application modeling, and hypermedia systems. She has helped companies move to Java and has
experienced firsthand the needs and realities of providing a secure solution to the enterprise. She has a MSCS
from the University of Colorado, and she is a contributing author to Java Data Access: JDBC, JNDI, and JAXP
[Wiley Technology Publishing, 2002].

Credits

Executive Editor
Chris Webb

Senior Acquisitions Editor

Grace Buechlein

Project Editor
Sharon Nash

Technical Editors
Ashutosh Bhonsle

David Wall
Greg Wilcox

Copy Editor
Kim Cofer

Editorial Manager
Mary Beth Wakefield

Vice President & Executive Group Publisher

Richard Swadley

Vice President and Executive Publisher

Bob Ipsen

Vice President and Publisher

Joseph B. Wikert

Executive Editorial Director

Mary Bednarek

Project Coordinator
Maridee Ennis

Proofreading
Kim Cofer

Indexing
Johnna VanHoose Dinse

For Ashley and Courtney

Table of Contents

Java Security Solutions

Preface
Part I - Introduction to Security

Chapter 1 - Security Basics

Chapter 2 - Hackers and Their Tools
Chapter 3 - Java Security Components
Part II - Identity and Authentication

Chapter 4 - Key Management Algorithms

Chapter 5 - Elliptic Curve Cryptography
Chapter 6 - Key Management Through the Internet Protocol
Chapter 7 - Implementing Keys with Java
Chapter 8 - Java Implementation of Key Management
Part III - Data Integrity

Chapter 9 - Ensuring Data Integrity

Chapter 10 - Ensuring Message Authentication
Chapter 11 - Signature Integrity
Part IV - Data Hiding

Chapter 12 - Understanding Ciphers

Chapter 13 - Extending New Ciphers with the JDK
Chapter 14 - Applying Ciphers
Part V - Resource Access Using Java

Chapter 15 - Securing Enterprise Resources

Chapter 16 - Java Authentication and Authorization Through Kerberos
Chapter 17 - Securing Messages with the Java GSS-API
Chapter 18 - Java Access: The Security Manager
Chapter 19 - Java Authentication and Authorization Service
Part VI - Enterprise Data Security

Chapter 20 - Working with Database Security

Part VII - Network Access

Chapter 21 - Network Security Architecture

Chapter 22 - SSL and TLS
Chapter 23 - Java Secure Socket Extension
Part VIII - Public Key Management

Chapter 24 - Java Digital Certificates

Chapter 25 - PKI Management
Part IX - Enterprise Access

Chapter 26 - Java Enterprise Security and Web Services Security

Chapter 27 - Securing Client-Side Components
Chapter 28 - Securing Server-Side Components
Chapter 29 - Application Security with Java
Index
List of Figures
List of Tables
List of Listings
Preface
Welcome to Java Security Solutions, a book that explains security in general and Java security in particular.
This book includes cryptography, algorithms, and architecture. It provides practical solutions to security
problems and not only describes the different security technologies, but explains why the different technologies
exist and why you should use them. The source code is done in Java and illustrates how security in Java
works. This book also shows how to extend Java to provide a more secure organization. In this book, we
wanted to show more than just how to use Java components. We also wanted to show how to extend them,
explain the reasons why algorithms like RSA are important, and inform readers about the basic protocols. In
short, we wanted to answer the what, when, how, and why of the Java components used in security solutions.

Why This Book?

Some of the specifications that we address in this book include J2EE, WebServices, CORBA, JAAS, RMI,
JSSE, SKIP, SASL, GSS-API, IPSec, X.509 certificates, cryptography, RSA, Elliptical Curve Cryptography,
DSS, DSA, Kerberos, LDAP, TLS, WTLS, message digests, key agreements, key management, java access,
ciphers, firewalls, network security, PKI, and much more. This book helps you:

Think as a hacker so that you can avoid the security pitfalls that hackers exploit

Understand the building blocks of security so that you can take full advantage of security
features

Learn how to apply Java security features effectively and efficiently

Get hands-on experience with security algorithms and their implementation

Understand procedures for ensuring secure communications within the enterprise

Learn how to add security to enterprise applications

Understand ciphers

Ensure message authentication and data integrity

Understand network security architecture

View your solution from beginning to end and look for vulnerable points along the way
 Why Java?
These days, Java is the language of choice for the development of Web applications and enterprise solutions.
Typically, these are distributed systems requiring distributed communication among the components. This
distributed communication is supported by CORBA, RMI, or RMI over IIOP, and the combination of these
technologies along with Java provide a tool set that allows the development of secure solutions. Security has
been a major design goal for Java ever since the creation of the language. Java provides a language, runtime
environment, APIs, and tools that are ideal for the development of secure systems. The Java Development Kit
(JDK) 1.4 comes standard with many cryptography components in its distribution and technologies that allow
the support and development of secure solutions. Some of these technologies include X.509 certificates, key
agreement, a way to specify security policies, authentication, authorization, code signing, and cryptographic
support.

The JDK 1.4 now integrates into its distribution the Java Cryptography Extension (JCE) as cryptography
components and Java Authentication and Authorization Services (JAAS). Java also provides the Java Secure
Socket Extension (JSSE). Although you can create solutions without these technologies, these solutions will
probably be less portable and more expensive than if you use the JDK 1.4. It is definitely worth it to take your
time and learn what Java has to offer. In order for you to understand how these technologies can be used
successfully, however, you need to understand the why, when, how, and what behind the different Java
components. That is where this book comes in.
 What You Need to Know
This book is for anyone who wants to understand security issues and how to prevent security violations. If you
want to understand how to address security concerns and how to implement many of the standards and
protocols in Java, this book is for you. The typical reader of this book is the intermediate to advanced Java
developer, Java architect, and systems architect. Basic Java programming knowledge is assumed, and
therefore, concepts such as EJB deployment, Java language constructs, HTML, Web server and application
server technologies are not covered in detail. We address these concepts from the security perspective and not
at an introductory level.
 How This Book Is Organized
This book provides a discussion on all aspects of security. We begin by introducing security and its
requirements. Then we introduce the Java components that address these requirements, including the reasons
why and how these components are to be used. Then we move on to resource, enterprise, and network
security.

This book is divided into nine parts.

Part I: Introduction to Security

This part covers the basics of security, explains the need for security, and introduces you to the way hackers
think, the tools that are available to hackers, and the most common attacks. In addition, this part categorizes
security elements and the different Java components available for security. If you cannot wait to start with Java
security, its components, and implementation, we suggest you skip to Chapter 3, "Java Security Components."

Part II: Identity and Authentication

This part provides an overview of key management algorithms, Elliptic Curve Cryptography (ECC), and Java
implementation to keys and key management. It includes key pair examples, a discussion of the mathematics,
Diffie-Hellman, key generation, man-in-the-middle attack, RSA key exchange, ECC, secure random, and DES
examples.

Part III: Data Integrity

This part covers data integrity, hash functions, message digest algorithms, message authentication, and digital
signatures. This discussion includes RSA, ECC, MAC, SHA-1, and others. It includes an MD5 implementation,
a SHA-1 algorithm, a MAC algorithm, and DSA signature examples.

Part IV: Data Hiding

This part presents ciphers, and how to implement ciphers including how to use CipherSpi. Also, it presents a
discussion on PBE, Blowfish, and Java Smart Cards. This part includes examples on RSA and an example
implementation, Stream Ciphers, PBE, and Blowfish.

Part V: Resource Access Using Java

This part provides an overview of the common criteria for security. It also helps you understand the need for
security in your applications and how to satisfy those requirements using Java. It presents JAAS, Kerberos,
GSS-API, and the Security Manager. It includes examples on security context, policies, configurations, guarded
objects, signed objects, and JAAS.

Part VI: Enterprise Data Security

This part covers the needs to secure your enterprise data. This is mainly a discussion of why and how you can
secure your database, and the communication between your application and the data repository. It contains
container-managed and application sign-on, and a discussion on the connector API.

Part VII: Network Access

This part focuses on network security and architecture. It discusses the OSI model, DMZs, firewalls, HTTP
tunneling, Java Sockets, SSL, TLS, and JSSE. It includes socket examples (including the server, client, and
channel), routing tables, and X509 examples.

Part VIII: Public Key Management

This part discusses Java digital certificates such as X500, and X.509. Also, this part describes PKI
management with certificate chaining, X.500, LDAP, and the need for non-repudiation, including how to import
certificates, CRL, CertPath, and LDAP examples.

Part IX: Enterprise Access

This part covers the need for security of enterprise solutions. It describes, including programming examples,
the Java security model, Java permissions, Web-tier security, Web Services, JNDI, RMI, IIOP, and EJB
security. Finally, it presents a discussion of how BEA's WebLogic, IBM's WebSphere, and Borland's Enterprise
Server handle security.
 Conventions Used in this Book
This book uses special fonts to highlight code listings and commands and other terms used in code. For
example:
This is what a code listing looks like.

In regular text, monospace font is used to indicate items that would normally appear in code.

This book also uses the following icons to highlight important points:

Note Note icons, like this one, provide information about the subject being discussed. They generally contain
relevant information or elaborate on a detailed technical point.

Tip Tip icons provide a more efficient way of doing something, and suggest or give pointers on the subject
being discussed.

Caution Caution icons provide a warning of a potential missuse, misconception, or the requirement of a
defensive approach.

Cross-Reference Cross-reference icons provide you with a guide to other chapters that discuss
a particular subject in more detail.
 Companion Web Site

This book provides a companion Web site. The Web site provides you with all the source code found in this
book. The code listings are organized by chapters, or you can download all the examples at once. Simply go to
www.wiley.com/extras .

There is a companion Web site (www.richware.com/JavaSecuritySolutions) that contains a list of links, which
takes you to the relevant RFCs, documentation, and sites associated with different topics covered in the book.

What Resources You Need

The source code has been tested with the Java 2 Platform Standard Edition JDK 1.4, and the Java 2 Software
Development Kit, Enterprise Edition, on Windows 2000.

The http://java.sun.com/java2/ provides links to the Java 2 technologies that are needed
(http://java.sun.com/j2ee/download.html, http://java.sun.com/j2se/1.4/download.html).

The book's Web site provides all source code in the book along with test scripts (run.bat) for each chapter.
Some sample code requires a Sun Certificate, which is also provided for you along with the source code. Links
to other important resources are provided in the relevant chapter.
 Contacting the Authors
We are interested in hearing from you, your impressions (either good or bad) of this book, the chapters, and
contents. Please, do contact us if you find anything that you think needs a better explanation or that can be
improved in any way.

You can contact the authors directly at [email protected].

 Acknowledgments

This book would not be possible without the inspiration, encouragement, and assistance of our friends and
family, and especially the following people:

Big thanks to Grace Buechlein, a Sr. Acquisitions Editor at Wiley Publishing, Inc., who trusted in us at every
step of the way and provided guidance and moral support so that we could do this book. She also kept us on
track with the deadlines and guided us through the process.

Also, thanks to Sharon Nash, our Project Editor at Wiley Publishing, Inc., for helping us through this project and
helping this book become a reality.

Thanks to Ashutosh Bhonsle, David Wall, and Greg Wilcox who provided technical feedback, and Kimberly
Cofer, who helped us make this a more readable book. Your attention to detail drove us crazy at times, but
without it this book would not be of the quality it is.

Thanks to our friend Glen Wilcox who provided invaluable insight early on in the adventure that became this
book.

- Rich and Johennie Helton

Part I: Introduction to Security

Chapter List

Chapter 1: Security Basics

Chapter 2: Hackers and Their Tools

Chapter 3: Java Security Components

Chapter 1: Security Basics

In This Chapter
This chapter is intended to provide a basic introduction to security concepts that I call the pillars of security:
authentication, authorization, confidentiality, and integrity. These concepts are used throughout the book. I do
not intend to present a complete discussion on all the details of security in this chapter; instead, my intention is
to establish the basic terminology to be built on and to be addressed in detail later. Security is a complicated
topic and having a common understanding of the terminology and concepts is a good starting point. If you are
already familiar with authentication, authorization, confidentiality, and integrity, you can skip this chapter
entirely.
 Introduction
Most people practice some form of security every day, such as locking their houses and putting their keys and
wallets in their pockets or purses. Similarly, organizations need to use security techniques to protect their
resources and information. No company gives away its assets unless it no longer wishes to stay in business,
and information is one of the most important and strongest assets a company has. This chapter explores the
basic security concepts of authentication, authorization, confidentiality, and integrity and discusses why these
concepts are relevant to an enterprise solution. It also presents some basic examples of security techniques
that will be expanded upon in later chapters.
 Protecting Your Information in Today's World
The old adage "Information is power" is more true than ever for the corporate world. Even the release of very
general information about a company (for example, an upcoming merger between company A and company B)
can have a profound impact on a company. For example, in the case of a corporate merger, if confidential
information about a proposed merger is leaked to the press or other companies, the merger could be in
jeopardy. In today's corporate environment, these basic principles can have a dramatic impact on the security
of the organization. Developers who implement security measures must be mindful of not only the complex
security techniques that are discussed throughout this book, but also the basic, commonsense concepts that
apply to any discussion of confidentiality and security.

Protecting resources from the hacker

In today's corporate world, what we are protecting and from whom we are protecting it is important. The
corporate world no longer revolves around written information as the medium of documentation; it revolves
around digital information. Spies no longer wear trench coats and exchange information in dark alleys.
Nowadays, spies are more often than not sitting in front of a computer screen. This new type of spy is called a
hacker. He is trained in technology and willing to use it for a price. The hacker personality takes many forms
and spans a wide range. Today's hacker profiles include:

A disgruntled employee who releases viruses into the system before he quits his job.

A teenager who uses the high school's computer to hack into an organization that somebody
told him about in church.

Hackers no longer belong to a club that meets in the basement of a home. They are people who belong to
newsgroups. The hacker has evolved over time from the computer amateur to the computer professional. The
hacker now practices social engineering.

Note Social engineering is the ability to gain access to systems by social interaction, which may be formal or
informal. Social interaction is discussed in depth in Chapter 2.

To the hacker, the goal is an organization's Information Technology (IT) department. The IT department should
be ready and expecting such attacks.

Hack attacks: different scenarios

Many company resources need protection from hack attacks, including e-mail messages, network addresses,
lists of employees, and confidential documents describing technology. Any of these items may lead to other
items that a hacker can use for intrusion. For example, a person's e-mail could contain a personal note along
with the user's name. This personal information can be re-used to try to break a person's password. For
instance, the password may be a pet's name, a favorite sports team, and the like. In another example, the user
(or hacker that knows the username) may go to a site that gives the option 'send me my password' when the
user has forgotten the password. If the attacker can impersonate an SMTP server and the user's e-mail
address, the attacker can receive e-mails addressed to the user. E-mails receiving passwords are sometimes
not password protected and can be sniffed.

Note If an attacker knows an e-commerce site that requires a username and password, he may monitor the site
in order to detect the transmission of the data.

Another means of attack is when the hacker sends an e-mail posing as the IT department and requests that the
person install a new software patch in his computer. Once the person installs the patch, the computer is no
longer secure - the attacker owns it.
Like spies, the best hackers are those who are never caught and never heard of. They don't have a "hacker"
license plate or an "I hack for a living" t-shirt. Appearance-wise, they blend in with their targets. The best
hackers look like the people working in the IT department of an organization. They may even walk into the
company carrying a fake badge and wearing a company shirt, and use a conference room just as if they
worked there.

A common attack employed by hackers is the call-in approach: A hacker may impersonate an IT technician
calling a salesperson, especially one offsite, and say that he needs to remotely install some software. If the
salesperson believes the hacker, then the hacker can easily install any harmful software he wants. Another
type of call-in is the hacker impersonating a salesperson to the IT technician, where the hacker tells the IT
technician that his or her password is no longer working and the IT technician walks the hacker through logging
on to the salesperson's machine.

Weapons against attack

The two most important weapons a company has against hackers, spies, and attacks are:

Adequate security training for staff

A secure infrastructure in place that allows the organization to adequately meet potential
threats

The better IT professionals understand hackers, security measures, and potential attacks, the better the IT
professionals are prepared to handle threats. Even a simple attack can do great damage if the IT professional
is not prepared to handle it.

There have been many instances where organizations were hacked but were never aware of it until it was too
late. An organization should work hard to ensure that its information and resources are protected because it is
the resources and information that make the organization. A recurrent problem I have observed through the
years across companies and organizations is confidential information received by one person (director, vice
president, and so on) not being secured. In order for information to be secure, each individual within the
organization needs to understand how and what needs protection.

To understand how information can be secured, you need to understand the security principles that form the
foundation (or "pillars") of security. The next section describes the pillars of security.
 The Four Pillars of Security

There are four basic principles that apply for most security systems: authentication, authorization,
confidentiality, and integrity. Figure 1-1 gives an overview of these four principles. These pillars of security are
discussed in the next few sections.

Figure 1-1: The four basic pillars of security

Authentication: proving identity with credentials

Authentication is the process of proving the identity of a user of a system by means of a set of credentials.
Credentials are the required proof needed by the system to validate the identity of the user. The user can be
the actual customer, a process, or even another system. A person is validated through a credential. The
identity is who the person is. If a person has been validated through a credential, such as attaching a name to a
face, the name becomes a principal.

In this case the principal is associated with the username. The principal represents the identity of the user for a
given service. Since a user may access many different services that have different usernames, we need to
introduce the concept of a subject. A subject represents a collection of principals.

Cross-Reference Chapter 19 gives more details on principals, subjects, and related concepts
(such as credentials, permissions, and policies).

The credential set is highly dependent on the requirements of the organization's system for proving the identity,
but is most likely a set of user attributes such as passwords, certificates, or smart cards. People in everyday life
apply authentication at different levels. One level could be locking the front door to the house. Another could be
verbally asking an employer to verify information that is circulating as a rumor.

Every day we meet people and introduce ourselves. This is a form of authentication. The person we meet may
give a form of credential by describing his role or his work. Other forms of credentials are required when writing
checks or using credit cards. If a cashier requires further validation from a person, he or she may ask for a
driver's license. The driver's license also represents a form of credential to the cashier. The cashier is
authenticating the person to allow a transaction, the purchase of an item, to take place in a store. E-commerce
systems require a similar, digital form of authentication and credentials to access an online store.

Credentials allow one party to recognize another. Recognition can occur through various means. For example,
people might use physical appearance or some other characteristic in order to identify someone. Using
physical characteristics for authentication is known as biometrics. Biometric controls use the following
characteristics to identify individuals:

Fingerprints

Voice

Handwritten signature dynamics

Retina and iris scans

Palm scans and hand geometry

Biometric access control devices are considered physical access security control devices. In this book, I do not
address physical security specifically. There are many ways you can physically secure your systems, such as
using employee badges, multiple doors, and video surveillance.

Authorization: providing access to system resources

Once a user's identity has been validated, the user can be checked for access to a system resource. The
process by which a user is given access to a system resource is known as authorization. For example, after a
user logs in to a commerce system, which validates his or her identity, the user needs access to his or her
account history; that is, the user needs authorization to retrieve the user's records. The user's records are the
system resources needed by the user. The authorization process is the check by the organization's system to
see whether the user should be granted access to the user's record. The user has logged in to the system, but
he still may not have the permission necessary from the system to access the records.

You probably practice authorization every day by giving others access to your resources. Examples of
authorization include inviting someone into your home, giving an administrator access to your computer, storing
your money in a bank, or giving someone your credit card number so that the person can access your funds. In
all these cases, it is important to be aware of the person's identity (by applying authentication) to make sure the
person can be trusted with your resources.

Note When you give out your credit card number, you are authorizing the charge to your account, and your
funds are the resource you are authorizing access to. Cognitively speaking, people may apply more
authentication rules when giving a credit card number than a system can apply when giving access to a
resource such as a database. An organization giving access to a system resource usually does a lookup,
and based on the proven identity of a user match to the permission of the resource, it gives the user
access to the resource. The authorization checks the permission and simply allows or denies access to
the resource.

When deploying a system, access to system resources should also be mapped out. Security documents that
detail the rights of individuals to specific resources must be developed. These documents must distinguish
between the owners and the users of resources as well as read, write, delete, and execute privileges.

Cross-Reference Chapter 15 describes common criteria that can be used as a guide to define
the security needs.

There might be property files that are used to configure servers. Sometimes these property files contain
usernames and passwords so anyone who has read access to these files can potentially break into the server.
Files such as these should be given a high level of security.

Tip A common approach when deploying a system is giving a level of 1 to 5 to each file, 5 being the highest,
and mapping out the permissions allowed to access the files based on the level of security. Allow only
system administrative people to access level 5 files. This notion of categorizing files is a first step toward
implementing an access control model. An access control model allows the operating system and other
applications (such as SiteMinder) to enforce a company's security policy. For example, the military uses a
classification scheme that has unclassified, confidential, secret, and top secret.
Mapping the level of security allowed for each file in a deployment of the system is an example of establishing
an authorization rules set. An organization needs to have a plan for the rules for authorization. Who is allowed
to access what? When developing such a plan, a question set is important. The question set addresses issues
such as how important the file is, whether it contains sensitive material, and how this resource should be
accessed and by whom. Examples of sensitive material include passwords and files that have settings that
change the system, such as configuration files.

Confidentiality: protecting information from unauthorized readers

To protect data from being accessed by unauthorized readers, the data is changed to keep it confidential. This
process is known as obfuscation (which literally means to "darken" - that is, to make obscure or to confuse).
Confidentiality is the means of keeping information secret, not by blocking the access, but by making the
information unreadable by the public. Only people allowed to read the information can unlock the secret file for
the original message (usually with a key). Such techniques have been dated to 1900 B.C. in Egypt. Throughout
history, there has always been a process, or an organization, that is responsible for encrypting and decrypting
messages. Before keys were used, anyone who understood the algorithm could decrypt the message. So the
knowledge of how the algorithms worked was kept secret, and there was a person educated in the algorithm
who needed to understand both the encryption and how to reverse the process (for decryption). Today, besides
having the technique done in a digital form, the algorithms have also been modified to protect the algorithm
itself by providing an extra variable called a key.

An organization should be concerned about confidentiality techniques whenever it wants to protect information
that is being transmitted to another system. When the information is in its original form, it is called plaintext.
When the information is in a protected form, it is called ciphertext. Ciphertext uses a cipher, which changes the
plaintext into ciphertext. The cipher requires keys to change the information from one form to the other.

Cross-Reference For more detailed information on ciphers and how to implement them, refer to
Chapters 12 through 14.

Two types of cryptographic systems are in use today for commercial applications. They are either symmetric or
asymmetric systems. The symmetric systems use a shared secret key, whereas asymmetric systems use a
key pair.

Cross-Reference Keys are discussed more fully in Chapters 3 through 8.

Many techniques for security have evolved over time, but are based on algorithms that are decades old. A
modern variation of passing a public key and checking the key's integrity is the X.509 certificate. The X.509 is a
called a public certificate. The X.509 is guaranteed to be unforgeable by having an issuing authority encrypt a
digital signature and using a public key for validating the digital signature. The X.509 comprises several older
algorithms that make up the X.509 certificate. The RSA algorithm created decades ago makes up the cipher
algorithm for using the key pair. The X.509 uses a private key from an issuing authority (those agencies that
create the certificate) and a public key accessed by the user to verify that public certificate has not been
modified. X.509 is a more recent technique, but makes use of signatures in a digital form that has been around
for a long time.

Cross-Reference Chapter 24 describes X.509 certificates in detail.

Integrity: validating your data

During the transmission or storage of data, information can be corrupted or changed, maliciously or otherwise,
by a user. Validation is the process of ensuring data integrity. When data has integrity, it means that the data
has not been modified or corrupted.

One technique for ensuring data integrity is called data hashing. Under this process, the computer system
hashes information and stores the hash result at a later time. A hash is an algorithm that is applied to
information and produces a unique result. If the hash is applied to different information, changed by even one
character, it produces a different result.
 Cross-Reference Chapter 9 provides more information on hashing and data integrity.

When the integrity of the information needs to be checked, the process will hash the information to be checked
and compare it with the stored hash. If both hash results match, the data hasn't changed. The integrity process
may also be used during the transmission of data to ensure that the data did not get corrupted from one system
to the next, and that the original information is still valid.

Note As with other basic security principles, it is easy to find processes for ensuring data in the non-digital
world. For example, when you balance your checkbook, you are checking data integrity. If the balance is
incorrect, especially in favor of the bank, you may call the bank to correct the error. By calling the bank,
you are correcting the data that failed the bank's validation process.
 Mapping Security Features to the Digital World
The physical world and the digital world have many similarities when it comes to security processes. The need
for authentication, authorization, confidentiality, and integrity do not change from the physical world to the
digital one. They do, however, change in execution through digital means and medium. For instance, the
authentication of a person cannot always be done through physical recognition since the person could be
across the world sitting in front of a computer. In such a case, the authentication process must be through
digital means. Instead of identification cards and drivers' licenses, certificates with the user's information must
be used. The certificate is a form of credential, a digital form similar to a driver's license. Another form of
credential is the password used when a person logs in to a Web site.

Once the identity has been matched with a credential and accepted by an organization's system, authentication
is achieved. The authorization process requires a lookup of the permission set and digital identification to see if
the user has access to a resource.

In order to achieve confidentiality, the system can use the user's key for encryption and decryption. A secret
key is a single key that can be used for both encryption and decryption. A key acts as a digital token for
allowing data to be read by users who only have access to the secret key. To check the integrity of the
information, the system hashes the information into a new hashed information block. The hashed information
block is a smaller block of information that uniquely represents the original information. When the information
must be checked, the hash block is created again and the two blocks are compared. If the blocks match, the
system concludes that the information has not been modified.

Caution When authorization is performed digitally, an organization is susceptible to digital attacks.Chapter 2

provides examples of common attacks to an organization, and Part V provides detailed information on
authorization.

The digital processes are merely personal security techniques applied to the digital world. The physical world
simply does not apply anymore, except in the case of isolation, which is the process of physically isolating the
systems from digital access to protect the systems.

Security is ever-evolving and dynamic; therefore, an enterprise's security architecture must be flexible and agile
enough to change as the times and security requirements change. There is one concept that is constant in
computer science: It is ever-evolving. At one time in my life, I was writing x86 assembler, and now I write JSPs
and EJBs. Some of the concepts have remained the same; however, technology has changed. An
organization's architecture must be designed so that one year it can use Kerberos and the next X.509
certificates with minimal change.

Cross-Reference Chapter 16 describes Kerberos andChapter 24 describes X.509.

The endpoints of the organization must be constantly monitored to support security. It doesn't do much good if
the Web site has a lot of security on a server sitting on a Windows NT machine accessed across the Internet
(and open to the world). The network engineers should always be aware of which machines are open and
which machines are not and make sure that the only way to pass into secure information is through proper
security mechanisms.

The organization that wants to establish security needs to define security requirements, such as identifying
which resources are sensitive. For example, the needs of a government and a non-profit organization could be
very different. Therefore, the requirements are based on the type of organization, and a security policy is
established to define how to enforce these requirements. The security policy governs and dictates the
standards, procedures, and practices for the organization. The practices will elicit security rule sets for any
resource that should be secure. It is best to assign a security advisor to keep a running list of administrative
usernames and passwords so that, if access is lost to the system, it can be recovered by logging in as the
administrator. A plan needs to be devised that regulates, tests, maintains, and updates the security system at
regular intervals. All these points will be developed in more detail as we progress through the book.
 Summary
Security is the process of allowing or disallowing others access to information and resources. This chapter
introduced the basic concepts of security: authentication, authorization, confidentiality, and integrity. These
concepts have evolved through the years in the physical world and have now been applied to the digital world.

Enterprises and organizations that need secure systems need to be knowledgeable about how these concepts
are used and applied correctly in a secure system. The best secure solution is to have a flexible enough
architecture to move forward with the technology, yet follow strict security rules with a plan that regulates, tests,
and maintains the security system.
Chapter 2: Hackers and Their Tools

In This Chapter
Information assets are very important to today's business; and malicious attackers and hackers, including
industry espionage, present a danger. This chapter is intended to provide information on security concerns and
weaknesses that attackers have historically explored to gain access to your valuable resources. The
presentation is informal and anecdotal (including my personal experience) because I believe that some
knowledge, even if it is rudimentary, will help you understand where security issues may arise. It may help you
realize where the technologies discussed later in the book aid in your organization's security; however, feel free
to skip this chapter if you cannot wait to start with Java security, its components, and implementation.
 Introduction
A hacker is a person who infiltrates an organization's system through unauthorized means, or someone who
harms the organization's systems. To define a hacker is not necessarily to define a specific person, but rather a
culture of individuals. A hacker could be a person with a malicious intent or simply a person trying to prove his
or her technical prowess. Some attackers are disgruntled employees and others are people who do it for
personal gain, seeking fame or money.

Many hackers have achieved fame, and some have become computer consultants for security systems. The
hacker is simply someone who attacks systems, sometimes for illegal gain. The hacker personality differs, and
attacks are made on systems for different reasons. The purpose of some attacks is to shut down a competitor's
Web site. Attacks that are seen at government Web sites are often similar to graffiti on a wall, where hackers
might write "This page has been hacked" across the screen. Just as there are many different personalities that
make up the hacker, there are many types of hacks.
 Looking for the Hack

Anytime information is cached in memory, transmitted through a network, or stored in a computer, that
information is susceptible to being read, written, or redirected. The same hacking principles apply just as much
to redirecting keyboard input as to data being transmitted through the Internet since a common hacker attack is
to sniff communication lines for usernames and passwords.

Grabbing and transmitting keys

A program that I was asked to write a long time ago needed to capture the keys being typed on the keyboard
locally. Once these were captured, it needed to transmit the keystrokes through a telephone connection to a
remote server for video streaming. Being a young engineer, I wasn't sure how to approach this issue. I
proceeded to capture keyboard entries through an interrupt table and sent the keystrokes through the serial
communications. After further observation, I noticed a getSystemKey( ) function in an operating system kernel
library that was callable by the "C" language. I wrote a thread that just called the undocumented function and
sent the keys that were typed. It turned out the undocumented function in the operating system saved a lot of
time for capturing keys. After I found the undocumented function, it took me about an hour to write and test the
program to send the keys across the phone line.

A hacker can use the preceding approach. If the attacker wants to capture the keystrokes from a computer, he
simply needs to store the keystrokes in a log file and transmit them when the computer connects to the
Internet. Any password or username, credit card number, or company information typed into the computer
could have been saved to a log. The unnamed operating system that I used was one from ten years ago, but
the concept applies today. A hacker could use the same technique to read keyboard entries and send the
entries to a log file on a temporary machine. The hacker can use a temporary machine to avoid being traced
and pick up the keystroke file when the access seems safe. The log can contain everything that a user entered
on the keyboard, including passwords.

Caution A possible attack is to monitor your keystrokes. The attacker needs an access point to the target
machine through the network.

Keyboard sniffers

A keyboard sniffer is a common hacking routine. Some commercial products even use similar routines to keep
tabs on employees or children to check their activities. The keyboard sniffer could masquerade as a driver or
library. All a hacker needs is a chance to install the program on the computer.

Tip See http://directory.google.com/Top/ Computers/Security/ Products_and_Tools/ Keyloggers_and_Spyware/ for a list

of keyboard sniffers or loggers.

There are several things that a hacker has to do to read the keyboard entries from a computer. First, a program
has to be installed on the local machine with privileges to read the keyboard; and second, the program must
transmit the information to the hacker's location. If the key log is transmitted to the hacker's site, the log can be
used by the hacker for a replay attack.

Note A replay attack is typing the keystrokes that the user typed in order to re-create what the user has done.
An attacker saves the keystrokes in a repository (a key log) and makes sure that he (the attacker) is not
tracked.

The privilege to read from the keyboard has changed over the years in most operating systems. To read a
keyboard, the process or program needs the same access that a device driver would have, which is the
system-level privilege. A system-level privilege is the access that a "root" administrator is granted when logging
in to the computer. The program would have to be installed by an administrator user. So the attacker would
also have to have administrator privileges to install such a program. The hacker would normally need a key
logging utility to get the administrator password in the first place.

Caution A possible attack is a replay attack; for example, the hacker may accomplish it through network sniffing.
 Different Types of Hacks and How They Work
Most hacks seek an entry point to the system. The entry point could be reading the network packets or social
engineering the person who has a password. The entry point is important because of its potential to expose the
security leak.

In this section I address social engineering, cracks in the system, and passive and active hacks. A passive
hack attack is one in which nothing is changed or harmed on the system. Both of the previous examples,
keystroke monitoring and replay attacks, are examples of passive attacks. The other type of hack is an active
hack attack. During an active hack programs are changed and corrupted. An example of an active hack is
changing the organization's Web pages.

Social engineering

Social engineering is the ability to gain access to systems by social interaction. The interaction may be formal
or informal in nature. A renowned tactic is to call in as a senior officer's wife or secretary to the IT department
and complain that a password isn't working. The next step is to convince the IT department to perform the reset
password process. IT departments and customer service centers could be a weak link unless they strengthen
their authentication process. Some centers have employed techniques like requesting a mother's maiden name
and other weak passwords before they regenerate a password. Once this is done, they will only send the
password by e-mail, which further weakens the process.

Some of the biggest cracks into computers stem from people acquiring information in a social environment.
Understanding an organization's systems can best be gained by being good friends with the people who install
or maintain them.

Caution Social engineering is a very real threat that should not be ignored.

A crack in the system

Monitoring a secure system might not do much good unless there is a crack in the security of the system. A
crack is a way to break a system. Just like someone who wants to rob a house and not get caught, the hacker
must establish a plan for entering the system, grabbing assets, and covering his or her tracks. The difference
between robbing a house and grabbing resources from an organization is that a hacker can leave digital
fingerprints that can be erased after the crime. There is still the risk of getting caught, so the hacker usually has
a motivation worth getting into trouble for if he is ever caught. For example, if an organization advertises the
distribution of new software that will make a lot of money, a hacker is likely to go after that resource. A hacker
will case the place or, in other words, monitor the traffic going in and out of the organization for security
vulnerabilities.

The hacker might even attach a program to act as a listener, or sniffer, to discover security vulnerabilities. The
sniffer can save the information to a log and send the information to the hacker's secure system. After the place
looks safe and the hacker has sufficient knowledge to accomplish the hack, the hacker will perform the hack.
The hack may involve further penetration into the system such as creating a backdoor (a login that bypasses
security mechanisms), or grabbing a new program, or placing an e-mail monitoring device on a CIO's computer
system. When the break in occurs, like any other professional, the hacker is going to have tools (in this case
software tools) that are used to thwart security defenses.

Some attacks are not planned. For example, a hacker may FTP into a company site and accidentally find the
company's source code open to the world and take it. Granted, the company source should be protected, but if
it is not someone is bound to take it.

Other hackers may be a little more physical, such as stealing a laptop from the organization so that they can
scan the hard disk; there are tools that can be used to scan the physical hard disk without login. They could
then use the information found on the laptop. These resources could be bank account numbers, credit card
numbers, passwords, computer programs, or anything else of value.

Caution Cracks in the system are explored to gain access to resources.

The passive hack attack

As I mentioned earlier, hacks are broken down into two modes of operation: the passive hack attack and the
active hack attack. These hacks do not have to be done together or in any order. The passive hack is merely
observing information without corrupting or changing the information. The passive hack includes:

Sniffing the network

Probing the programs that are running

Scanning the memory of the computer

Scanning the files of the system

Nothing may come of the information found in these scans. The hacker could be doing a scan to understand
the organization's systems. Figure 2-1 shows how a passive hack may work.

Figure 2-1: Passive hack attacks

Caution Even though passive hack attacks do not modify your organization's information or infrastructure, they
are a real threat and can affect your company's bottom line. Think of a passive attack as espionage.

The active hack attack

The purpose of the active hack attack is inherently different than the passive one; the active hack not only
infiltrates but also corrupts the organization's systems for the hacker's use. The active hack may involve
viruses, worms, backdoors, impersonators, and redirectors. An example of an active hack is a corrupted site or
Web page. Another active attack is the denial of service attack.

The denial of service attack prevents users from accessing system resources. For example, some servers will
not allow users to fail a login more than a specified number of times, so a hacker will try to log in until a user's
account is disabled and the user no longer has access to the server.
Figure 2-2 demonstrates the active hack attack.

Figure 2-2: Active hack attacks

Caution Active hack attacks damage your organization's information and infrastructure.

The motivation behind active and passive attacks is different. The passive attack is similar to spying to retrieve
information. The active attack is motivated by the need to destroy the organization's computer. A disgruntled
employee or a competing company could motivate the active attack. The passive attack hides the attack by not
showing signs that anyone has been on the system. The active attack hides the attack by destroying enough of
the system so that no digital fingerprints are left on the system. The active and passive attack can be used in
combination to both read information and cover the tracks of the hacker. The passive attack, while not
destroying the systems, can also do harm to the overall organization. The hacker who gets information from the
passive attack can use it for insider trading, to publish derogatory information about the organization, or to
publish the organization's trade secrets.

Note Attacks are not only described as active and passive, but can be organized by the system or subsystem
that is attacked and the style in which it is attacked. The type of the attack could be a worm, virus,
impersonator, redirector, or sniffer. The systems that can be attacked are networks, the computer system,
or the enterprise system.
 Understanding Network Attacks
Any computer that is on the Internet is susceptible to a computer attack. The attack may not be successful, but
it is an attack nevertheless. Attackers may constantly test the system for vulnerabilities and keep track of
possible weaknesses. It is up to the organization and individual to diligently keep track of the attacker to judge
where these attacks have occurred and where they are headed.

If an organization does not monitor its networks and systems, it is susceptible to being attacked and not even
knowing it. When a company is attacked and doesn't know it, the company may find that its private information
has become public after it is too late. Any anomaly on a network should be investigated to ensure that security
has not been breached. Many companies spend a lot of money to check the integrity of their networks. Some
companies have rooms full of network engineers monitoring the packets of the networks.

Network monitoring terms

Network monitoring software is easy to get, and any network that is open to the Internet can easily be sniffed.
Sniffing the network is when the protocol packets are being observed. Anyone who understands the socket
Application Programming Interface (API) can write specialized sniffers and redirectors. By sniffing the packets,
the hacker can understand the frame data. The frame may potentially include plaintext passwords. After the
packets are understood on the network, they can be used for impersonation or redirection. Figure 2-3
demonstrates the sniffer technique.

Figure 2-3: Network sniffing

Note The Socket API is supported on multiple systems and languages and is used to support network
programming. However, it can also be misused for attacks.

Sniffing the network for a host

Many network programs and applications are described as sniffers. A simple query on a search engine can
provide a list. One site is www.sniffer.com . The purpose of a sniffer application is to provide packet and statistics
information for the protocol packets being transmitted on a network. Some sniffers may be programs that are
run on a remote host, and others may involve hardware that is plugged into the network. An example of a
sniffer that doesn't require a host computer is the Fluke LanMeter, which I helped develop. If the packet being
sniffed is Ethernet, the packet will contain the destination address, source address, connection
synchronization, data packet, protocol type, and cyclic redundancy check. If there is any plaintext information in
the packet, such as a password, it can be observed. Firewalls use the source and destination of addresses as
well as the connection synchronization to secure and filter the packets on the network. Once the hacker
understands this information, the hacker can simulate the information to fake the firewall into believing that it
came from a secure location.

Some operating systems support some of the protocol utilities that will be mentioned for sniffing the network.
These protocol utilities can be pulled down by separate packages online for those operating systems that do
not support them. The starting point for scanning services and ports can be found on your local machine.
Common files that are searched for information are the etc/services, etc/hosts, etc/networks, and etc/protocols
files. The etc/services file contains entries that have information about port numbers, the protocol type, and the
protocol service. Listing 2-1 demonstrates the entries for File Transfer Protocol (FTP).

Tip Because hackers are familiar with and explore the weaknesses of the Request for Comments (RFCs), you
should be at least familiar with the RFCs too. The site www.ietf.org provides network protocol information
and specifications.

Listing 2-1: FTP entries

ftp-data 20/tcp #FTP, data

ftp 21/tcp #FTP. control

Listing 2-1 shows the FTP entry for the data for the TCP protocol at port 20 and shows that the FTP control is
at port 21. This is valuable information for a hacker because it details available port services.

Caution Some applications use host and service files to establish their connectivity, and overriding these files
may redirect the service to different ports and allow hackers to impersonate services.

For Java sockets, the Java InetAddress class has the getByName() method which first looks in the etc/hosts file. If
the host is not found in the etc/hosts file, it does a DNS lookup based on how the DNS is set up. Changing the
hosts file affects an application using this method.

Tip Java sockets do not support thegetservbyname() functionality for retrieving information from the services file.

The hacker's arsenal of utilities

Some of the hacker's arsenal includes the whois utility, the ping utility, and the traceroute utility. The whois utility
lists the hosts of an organization that are publicly listed through the Domain Name Service (DNS). The ping
utility is used to see if a computer is active on the network. The ping utility gives the time to the target host and
back. The traceroute utility does one better and gives hop information, which is IP information on the devices in
between the source and the target host. These utilities are common network protocols that can be picked up
almost anywhere and that are used to find the target computer and the computers surrounding it. Finding a
nearby host with less security helps hackers in launching their attacks. Hackers can launch their attacks from
the nearby machine and check it occasionally when they think that it is safe.

Cross-Reference See Chapter 21 for more information on ping and network security.

The uninvited "guest"

Other utilities used by hackers include telnet and FTP. A typical example of what a hacker can do is log in to
firewalls and routers using the telnet protocol with a "guest" account if one is enabled. The process of logging in
often generates a screen output that is useful to the hacker. The screen output may contain essential
information such as the type of device and the software version. The hacker can try a password cracker to
guess the username and password.

FTP provides a means to copy files to and from the network devices. The FTP server utility and file system on
the device must be compromised in order to be susceptible to an attack, but sometimes the hacker gets lucky
and the system wasn't set up correctly. Firewalls and routers are complicated network devices to set up.
Network administrators require years of training and experience to set them up correctly. The hacker's only
advantage is that he could be more experienced with the device and the holes found in the devices. Holes for
the network devices are published on hacker sites and in books. Many other network devices require routing
tables and firewall access, so some of the tables allow read access to all the members in the organization. By
reading the routing table, an understanding can be gained on how the networks are configured in the
organization. Figure 2-4 demonstrates an attack on a target machine from a nearby machine.

Figure 2-4: Attacks from a nearby local machine

Note The closer physical access that a hacker has to a machine, the more he can focus an attack to that
particular machine. For instance, if the hacker has access to a machine in the same subnet as the target
machine, it is easier for the hacker to try an attack because he bypasses the security measures
established to protect the subnet.

Password crackers

If the password and other vital information are not displayed in packets from the network traffic, a hacker may
use password crackers. Password crackers use dictionary attacks. Dictionary attacks use a dictionary for
passwords and try every word in it.

Many systems that fear this attack will disable a user's account if many incorrect passwords are used to try to
log in. If the user's account is disabled, the user can no longer log in. This is the nature of a denial of service
attack. If the entire user set, including the administrator users, are denied login, the system can never be
accessed again unless there is backdoor. The backdoor is a login that bypasses most of the enforced security
mechanisms.

Note In a dictionary attack, the attacker performs guesses for the password, such as all possible combinations
of six letters. Because passwords are small (by crytographic standards), they can be determined in a very
short periods of time (days, hours, or even seconds) depending on the skill of the attacker, the system,
and the password itself.

Another useful utility in the hacker's arsenal is the port scanner. The port scanner will scan all of the ports on a
remote machine to see which are active. If port 20 and port 21 are active, the hacker can review the file in
Listing 2-1 and know that the remote computer is supporting the FTP protocol. The etc/services file lists the ports
that the services must use. Any service that uses port 20 and port 21 that is not an FTP service will have
problems because FTP services will try to log in to those ports from the Internet. Once access is granted on a
machine, even as a guest, files can be read, what processes are running can be determined, and users who
are locally logged on can be observed. The netstat utility can be used to determine the current ports that are
being used by services. The ps utility can be used to determine other processes running on the machine. Even
a guest has access to many of these utilities.

Other information about access can be found at Web sites, such as e-mail addresses for contacts, information
about the founders of the organization, and where the organization is located. Social engineering can be used
in conjunction with some of this information. For example, if the IT department is listed on the Web site, the
hacker can call and complain about not being able to log in to his account. If the hacker is believable, the IT
department may be helpful.

IT impersonations

Another method is for the hacker to contact a salesperson and act as if he is from the IT department. This
works best when the salesperson is telecommuting. The hacker tells the salesperson that there is an upgrade
in software or new software that the salesperson must install and provides an FTP address for the salesperson
to download the file. The file can be tainted for the hacker's use. Or, the hacker can say there is an issue with
the salesperson's computer and say he (the hacker) needs to log in to fix it. Once a hacker accesses a system,
he can access FTP or e-mail to transfer files to the hacker's machine. If the files are write accessible, the
hacker can transfer them to the machine to overwrite key files.

Using sniffing tools provides packet information. Some of the first sniffers were hardware sniffers from
companies such as Network General. Now sniffers can easily be run on remote machines. Listing 2-2 gives a
fragment of a sniffer example of a telnet packet.

Note The following screen dump was made by the "analyzer" product, a public domain sniffer found at
http://analyzer.polito.it/. Another public domain version ishttp://www.ethereal.com/. I recommend to anyone
who wants more powerful port sniffers and protocol to visit http://www.tigertools.net.

Listing 2-2: Sniffer output example

----- General -----

Item number 1, position in logfile 1%
Timestamp: 14h:23m:00s:367000us
----- Description -----
Item type: Partial frame, 62 bytes available
Frame size is 62 (3E hex) bytes
----- MAC Header ----- [0-13]
Destination = Computer 004854-0133F7 (Universal; Vendor: ???) - [0-5]
Source = Computer 004854-013412 (Universal; Vendor: ???) - [6-11]
Ethertype = 0800h (DOD IP) - [12-13]
----- IP v4 Header ----- [14-33]
Version = 4 - {14-14}
Header length = 5 bytes - {14-14}
Type of service = 00h - [15-15]
000. .... = priority 0 - {15-15}
...0 .... = normal delay - {15-15}
.... 0... = normal throughput - {15-15}
.... .0.. = normal reliability - {15-15}
Total length = 48 bytes - [16-17]
Identification = 8193 - [18-19]
Flags = 4h - {20-20}
0... .... = must be 0 - {20-20}
.1.. .... = do not fragment - {20-20}
..0. .... = last fragment - {20-20}
Fragment offset = 0 bytes - {20-20}
Time to live = 128 seconds/hops - [22-22]
Protocol = 6 (TCP [Transmission Control Protocol]) - [23-23]
Header checksum = C6C4h - [24-25]
Source address = [10.0.0.2] - [26-29]
Destination address = [10.0.0.1] - [30-33]
No IP options
----- TCP Header ----- - [34-61]
Source port = 1037 (???) - [34-35]
Destination port = 23 (telnet) - [36-37]
Sequence number = 742731 - [38-41]
Acknowledgement number = 0 - [42-45]
Header length = 28 bytes - {46-46}
Flags = 02h - [47-47]
..0. .... = No urgent pointer - {47-47}
...0 .... = No acknowledgement - {47-47}
.... 0... = No push - {47-47}
.... .0.. = No reset - {47-47}
.... ..1. = SYN - {47-47}
.... ...0 = No FIN - {47-47}
Window = 8192 - [48-49]
Checksum = F5A2h - [50-51]
Urgent pointer = 0 - [52-53]
Options = 8 bytes - [54-61]
Code = 204 (MSS)
Required MSS: 1029
Other Options
Next Protocol: Unsupported (s:1037,d:23) - [34-37]
----- Telnet -----
[0 byte(s) of data]
==========================================================================
* 00 48 54 01 | 33 F7 00 48 | 54 01 34 12 | 08 00 45 00 [.HT.3..HT.4...E.]
* 00 30 20 01 | 40 00 80 06 | C6 C4 0A 00 | 00 02 0A 00 [.0 .@...........]
* 00 01 04 0D | 00 17 00 0B | 55 4B 00 00 | 00 00 70 02 [........UK....p.]
* 20 00 F5 A2 | 00 00 02 04 | 05 B4 01 01 | 04 02 [ .............]

Listing 2-2 shows an extraction for a telnet packet. The output shows the computer MAC Header and the TCP
Header. As you can see, the destination port is port 23 for telnet, and the packet information and data is also
displayed. Knowing what is being transmitted into and out of the computer is useful for gaining access into the
computer.

The information in the packet is a telnet session. If a secure shell or encryption is not used to shield the
password, the plaintext password can be seen going across the session. A hacker could reuse the information
and log in at a later time. The hacker could also use a port sniffer instead of a packet sniffer to see which
protocols are being supported. If a telnet server is not available on the host machine, a hacker could
impersonate a telnet session.

A hacker has to establish a reason for people logging in to the telnet session, such as broadcasting that there
is a new machine to deliver source code. Just knowing that a telnet server is available will give reason to look
for telnet packets being transported on the network. Some telnet servers may have the "guest" or "anonymous"
user active, giving some access to start with to the telnet servers. Some telnet servers have known bugs and
issues that can be used, such as backdoors, for hackers to gain access.

Once inside the computer, it is important to understand the operating system. Just as it is important to
understand the network for reaching and impersonating a connection, it is important to understand the
operating system to impersonate processes.

Sniffing the system computer

Understanding the security of the operating system is important for impersonating secure processes or
embedding a process into the operating system. Also, it is important to understand the security that is used for
accessing file systems and device drivers. The file system is a type of device driver for accessing files. To have
access to everything on the computer, the current user must be set to the system or administrator user.

Device drivers and system daemons normally have to be installed and managed by the system administrator.
Even though a user might have minimal access on a computer, some of the daemon services and device
drivers that are running in the background are running as the system user at all times. The daemon services
and device drivers have to run as a system user to access some of the operating system resources. For this
reason, anyone who has administration privileges on a machine may take over the machine because he has
write permission to all system files on that machine. Other users may have access to read the system and the
files but are very limited on write access.

A gold mine for hackers

In the Microsoft Windows operating systems, one gold mine for the hackers is the registry entries. The registry
describes the operation and setup to the devices and many of the processes. The registry database can be
protected from read and write access. Sometimes administrators may not set this up correctly, or the hacker
might have somehow cracked the registry. If the hacker accesses the registry, the computer can be mapped
out for further hacks. If write access is granted to the hacker, the hacker can replace device drivers and system
services with his own.

The difference in the UNIX operating system is that there are system environment configurations, and the
UNIX operating system has a hierarchical file structure for where files should be placed, such as /dev for device
drivers. The hacker can apply the same rules in that he can modify the startup shells for the user and redirect
to his own processes and device drivers. The difference in the UNIX operating system is that the startup shells
normally live under the user's home directory and they run with the user's privileges.

The file system is a common place for most hacks. The file system is a device driver such as NTFS, meaning
the Window's NT File System, and is tightly integrated with the operating system. If the device driver is
interrupted or overwritten, it is possible to read and write all files on a device; however, that hack is very
complicated and requires complete administration access. A more passive hack is just to read any files that are
accessible for information-gathering purposes.

Cracks to common encryption

Many users will now encrypt their files using Microsoft Word or other applications, but many cracks exist on
hacker sites for some of these applications. When gathering information, users might have passwords for
databases stored in files or even their e-mail files saved to hard disk. Many users do not have private read
access on these files, and if others can read the files, hackers may copy these files and move them to a
different location to be cracked at a later time. A waiting hacker might also pick up any log files that an
application might leave around. Log files usually give detailed information on how the application is behaving
and sometimes information on how it is connecting to other applications.

Some of the files that are susceptible in the J2EE applications are setup files that contain database
identification and deployment descriptors that describe the security of the application components. If there is
any file that has read access to a less secure user than an administrator, the hacker will probably target that
user for file access. Once the hacker retrieves a database username and password and has access to a
database, he can gain control of the database and implement backdoor passwords. Then the chase for the
hacker will start to move from the system administrator to a database administrator.

JSP cookies

Other files from the J2EE that are used for information are the Java Server Pages (JSP) cookies. Cookies are
files saved to a machine to retain session state information for a Web site. Some cookies are used to store
usernames and passwords that can be sniffed from the cookie file. Other cookies retain personal information
used when logging onto the Web site. Cookies keep information based on the Web site visited. If a hacker who
understands cookies can gain access to the cookies in a system's machine, he can at a minimum gather the
Web sites that a user has visited. By understanding the Web sites that a user has visited, the hacker can start
with a hack at a Web site to try to impersonate the user.

A more active hack is to replace application setup files and deployment descriptors with the hacker's own
version. The objective is to change the behavior of the application server. A hacker could only replace these
files if he were granted write access to them. If the files were overwritten with the hacker's own files, he could
create an identical server which would forward the credit card numbers to the hacker's private account. A hack
like this would require a lot of skill and patience, but it can happen if requirements for the proper security on the
files and file systems are not mapped out and enforced. Simply put, changing files on the system can change
the behavior of the system.

Caution As you may already know, some of the most pervasive viruses live in the boot sectors of the file
system, and these viruses are capable of infecting the files that the given file system manages.

Unsafe memory

The file system is not the only part of the operating system that is susceptible to hackers. Memory, either
cached or shared, is also a possible target in the operating system.

Note The concept of shared memory refers to a read and write block of data directly to memory. Many operating
systems support the concept of shared memory using the system's native language, such as C.

A hacker who has detailed knowledge of the memory system can peruse the memory allocation blocks and try
to determine what is being loaded into memory. A person who has detailed knowledge of the operating system
and its devices, such as NTFS, could use shared memory routines to try to rewrite a section of memory. Very
few people can accomplish a hack like this one, and the operating system is prone to crash when something is
written to its protected memory location.

Protected memory is used because the memory section is protected by the operating system, and if writes do
occur without system access permissions, an operating system exception occurs. In Windows NT, the term for
a system exception is a BSOD, or Blue Screen of Death. Other programs that use memory are not part of the
operating system and are not loaded into protected memory. These programs could be changed, but a detailed
knowledge of the operating system and assembly code is required.

Note Java doesn't use shared memory as an interprocess communication and so doesn't have some these
security holes that can be programmatically used.

Debugging past and present

Because understanding the file system and operating system usually requires great skill, some hackers will try
to change a system process by using the registry and debug commands that are part of the operating system
or application. When MS-DOS was prevalent, many users would simply use the DEBUG command to change
how a process operated. Many operating systems still support the DEBUG command for debugging an
executable. By using available debug commands, the hacker can interrupt the normal operation of an
executable. Java applications are not immune to the DEBUG command.

Java uses the jdb utility for its debugging. Debug commands can attach themselves to a process that is already
running or to an address space of a running application. Some of the most pervasive hacks that I have
witnessed in my career are accomplished when a person who is knowledgeable about machine or assembly
language has gone in an application and changed the byte or assembly code. In older versions of operating
systems, a person could use the DEBUG utility to change the behavior of running applications. These
techniques require detailed knowledge of the operating system. A simpler method would be to impersonate a
server to get information about a company.

Impersonating hosts

When I want to log in to a Web site, I put in a Uniform Resource Locator (URL) on a browser page, such as
"www.somesite.com". The local machine will do a DNS lookup on the name servers specified from the local
machine. Domain name servers (DNS) provide the logical mapping of names to IP addresses. The DNS
servers use the etc/hosts file to map the information. The etc/resolv.conf file stores the name servers to do further
lookups if the DNS could not resolve the host name. DNS spoofing is easier than IP spoofing in that the logical
mapping is redirected to a different server.

Tip RFC 1033 and RFC 1034 describe the DNS system.

These domain name servers will search their etc/hosts file and may also do a name server lookup on the DNS
servers that are specified. If the name is really obscure, it might do a lookup all the way to a master INTERNIC
DNS server. The site host name will resolve to an IP address where an etc/hosts file will eventually have an
entry with "www.somesite.com" if the host is valid.

The idea behind DNS spoofing is to resolve the host's name to the hacker's address for a set of users. When
the user or set of users log in to the hacker's Web site or server, they are to believe that they are logging into a
valid Web site. When the user logs into the hacker's Web site, the hacker is capturing the keystrokes for the
username and password. The hacker now has access to one of the user's Web sites. The idea could apply to
other network protocols such as FTP and telnet. In order to accomplish this task, the hacker will have to
change either the DNS that the user will use or the hosts table that the DNS will use. Figure 2-5 demonstrates
host impersonation.

Figure 2-5: Host impersonation

IP spoofing attacks

Many firewalls and other network security mechanisms give access to the host if the source of the connection
comes from a trusted network or host. For example, the application server may only accept connections
coming from the Web server at www.richware.com. The application server will look for the source address in the
TCP/IP packet to verify that connection originated at the Web server. IP spoofing is the ability to fake the
trusted network source.

In order to perform the operation of providing a fake IP source address, it cannot conflict with an active host on
the network. The first step is to down or block the host that is being impersonated. The hacker will have to
disconnect or interrupt the trusted Web server for a small period of time and access the application as if it came
from the Web server. The Web server could even be down for a scheduled maintenance without the application
server being aware of it, so the hacker, in this case, wouldn't have to ensure a disconnect from the valid Web
server.

The concept of IP spoofing is to impersonate the trusted source of the connection for a trusted connection.
After sniffing the packets across the network and knowing what the application server is expecting, the hacker
duplicates the packets for the application server. Figure 2-6 demonstrates IP spoofing.

Figure 2-6: IP spoofing

Cross-Reference See Chapter 21 for more information on firewalls and network security.

Operating system active attacks

The passive attacks for operating systems have been discussed, but there are many more ways to corrupt an
operating system. The attacks against operating systems to bring them down are active attacks against the
operating system. These attacks may not be totally malicious, but rather a way for a hacker to get recognition
by painting a message on your screen similar to "You have been hacked." These hacks may not even be
geared toward any one organization. They might be geared toward any consumer that buys a specific software
product. The attack could be directed to anyone, for instance someone who answers through a specific
newsgroup or answers certain e-mail. I have seen hacks like these geared toward people who copy specific
software packages onto other software packages in their systems. These hacks might not be done by
someone just learning a system but by a competitor of a software package or done for some other business
reason.

Backing up: the best defense

The first active hack that I was a victim of occurred when I pulled down a compiler off a Bulletin Board System
(BBS) using a modem and a local number. The result was that my screen looked like it was raining and system
files started deleting themselves. For those very reasons, I kept a backup of everything, but it was lot easier to
reload a 128-megabyte hard drive. The amount of damage that active hacks can cause can be in the millions
and can bring down an organization for days.
The jarsigner utility: a defense up to a point

One of the most significant additions to Java is the use of the jarsigner utility. The jarsigner allows the Java
Archive (JAR) to be signed by principals who are located in the local keystore database of certificates. The
jarsigner utility prohibits users from changing a JAR file. The JAR file can contain Java applications or Java
components. The limitation of JARs and Java components is that many still use the operating system's native
libraries, file system, and network system. The operating system, file system, and network system are still
susceptible to hackers.

Even though Java provides a lot of security functionality as part of its basic foundation, the limitations of the
operating system, file system, and network system still can affect Java applications. If the operating system
could enforce Java security down to the device driver and operating system levels, I believe many of the hack
attacks could be avoided by using the jarsigner utility. However, at this point there is no Java operating system.
A Java operating system, with Java libraries and device drivers, could fully use the jarsigner utility and take
advantage of the jarsigner utility security features right down to the device level. A possible way this could work
is to have the entire operating system signed in a JAR file, which could not be overwritten unless one has the
keystore to match the JAR. Therefore, the operating system would be as secure as how the keystore is
protected.

Tip Because the operating system, at this point, does not support Java security, if you are a victim of an attack
and suspect the operating system, you can easily verify your suspicion by moving the JAR to another
operating system and verifying the attack.

Virus attacks

The most common active attack on an operating system is the virus. There are more than 69,000 known
computer viruses. The purpose of a digital virus is to infect a host and replicate. Digital viruses, very much like
the biological forms, will attack their hosts, disrupting the normal operation of the host. Just as a person slows
down and becomes disrupted when they catch a virus, so does the host computer.

Biological and digital viruses: a frightening similarity

Biological viruses infect human cells by replicating thousands of the viruses and infecting the system. The
digital virus replicates itself as well on the Internet or through the host computer systems. The virus may try to
hide itself in the disk format or operating system of a specific system, surfacing occasionally to infect other
systems. The biological virus takes on the same form by hiding itself in the human subsystem.

Like the biological virus, the computer virus can usually replicate itself to spread to other systems that it comes
into contact with through a connection. The virus incubates in a particular system or set of systems and once it
believes it can spread, it tries. When a virus lays waiting for a chance to spread, it is in its dormant phase. After
the virus has the nutrients to spread, it will enter a replication phase where it reproduces. The digital virus will
replicate itself in programs and disk sectors, as the biological form replicates through a bloodstream.

When a computer program contains a virus, it usually contains an exact clone of the virus. After the virus has
significantly reproduced or realizes it is about to be caught, it may believe itself strong enough to attack the host
system. An attack on the computer host system can take many forms, from changing the screen to deleting
files. If the computer host contains the correct anti-virus software, like antibodies for biological virus, the virus
can be fought and destroyed. If the computer host does not contain the correct anti-virus software, the
computer host can be destroyed.

Types of viruses

The virus is meant to hide in the host's operating system through a variety of means. There are boot sector
viruses that go live when the operating system boots up in hopes of being started before any anti-virus
software. The objective here is to destroy the anti-virus software when it starts. There are stealth viruses that
are built specifically to hide from anti-virus software. Parasitic viruses attach themselves to programs in the
hopes that destroying them will also destroy the program. There are macro viruses that can only be executed
by Microsoft Word or Microsoft Outlook that are started when these programs are started. There are also
polymorphic viruses that change every time they reproduce to create a mutant virus, so that the anti-virus
software doesn't recognize them. There are many more types of viruses. Studying them all, and their variations,
is just as complex and overwhelming as studying biological viruses.

There are so many types of viruses now that knowing a programming language is not even required. Viral kits
can be used from different hacking sites to create different types of viruses. The viral kit normally asks the
creator a set of questions about how they would like their virus to behave. One of the questions might be
"Should it delete system files?"

One thing that all digital viruses have in common is that they need a way to enter the system and they need a
process to start them. The process could be an operating system call, a device driver call, or even the startup
of a system service by the operating system. Just as easily as a network can be sniffed by hackers to find
useful information, the user of the host computer can see what information is traveling to his system. The user
of the host machine can monitor the operating system of the host machine just as easily as a hacker can. The
best defense against a virus is to know your host machine and network. Something as simple as setting the
security to its highest for Microsoft Outlook and not clicking on an attachment until the user knows what it is for
can go a long way in the prevention of the macro virus alone. Equal steps must be taken for other viruses.

The cost of combatting a virus

One of the most difficult viruses that I had to track down happened almost ten years ago when I was installing a
network operating system. The virus would infect the boot sector of the normal operating system, and it would
occasionally spread itself to other operating systems. It turned out that the virus was on a floppy that a person
copied the setup to from original disks for installation. The virus hid itself in the File Allocation Table (FAT)
partition of the floppy. Copying new files to the floppy disk did not get rid of the virus. I eventually just bought a
new box of floppies and went back to the original disks. Time and money was spent to destroy the virus.

The difficulty in finding this virus was that any virus protection software was always installed after the network
operating system installation; and when the virus protection software was installed, the virus would prevent the
virus protection software from looking for the virus. This scenario is an example of the complexities of finding
viruses. The prevention was simply not to use copied disks. Constantly monitoring the processes and
transmissions goes a long way in preventing viruses. There are many anti-virus programs that can help check
for viruses whenever new software is brought into the machine.

Backdoors and logic bombs

Many programs have backdoors or even Easter eggs that never try to do anything malicious. With Easter
eggs, when a certain combination of keys is pressed you get a surprise. For example, with the new Space
Invaders games if certain keys are pressed, the old Space Invaders game can be played. Many games have
Easter eggs and so do many programs. Most of the Easter eggs in some of my applications simply list the
authors and contributors to the programs. Easter eggs are fun, but they can produce bugs just like any other
program. If the Easter egg is not part of the test plan, which it usually is not, it might not be fully tested and
bugs can arise, which hackers take advantage of. For instance, if the authors of the program come up when
pushing a key combination, using a similar combination can cause a security breach.

A developer or tester usually leaves a backdoor in order to bypass the main security to test or recover the
system. Developers and testers use the backdoor to perform quick tests or debug the programs without having
to go through the normal security in order to save time in their testing. The developer may also want to have a
backdoor in case the normal security authentication breaks so there is an alternative way to enter the system to
fix the issues. There have been incidents in some older operating systems, such as Multics, where backdoors
were not planned at all but were a side effect of a bug. A tiger team, which is an offsite team that tests the
system like a hacker would by using the same tools and techniques, later found the bug.

A logic bomb is a more malicious program. A logic bomb is code embedded in the application, and is set to
"explode" when certain conditions are met. The bomb could be set up to go off on a certain date or when
certain keys are pressed in sequence. Once it explodes, it damages the system by deleting data, forcing the
machine to crash, or by some other damaging action. The software could also be set to go off if the system
doesn't receive a certain combination of keys every week. Disgruntled employees or contractors may
implement logic bombs that have to be updated with a key sequence into the organization's system at certain
intervals. If they don't get paid or if they get laid off, they no longer enter the sequence. When the sequence is
not entered, the bomb explodes and damages the system.

Trojan horses and worms

A Trojan horse is a seemingly useful program or utility that can be downloaded off a Web site, but when started
on the machine it damages the system. The damage that it does may not be apparent at first, such as
changing the access to files on the local machine. The program may even work and appear useful, but the idea
is for the user to download it and install it so the hacker can get entry into the user's computer. Another
example is downloading an FTP client that, when it is used, it keeps a running log of the keystrokes and passes
them to the hacker. It is difficult to detect Trojan horses because they act as normal programs, and they usually
give no warning that something malicious is taking place. The idea of the Trojan horse is to masquerade a
hacker utility as a legitimate program and to attack when the user is executing the program. Backdoors would
be considered a Trojan horse if the purpose of distributing the application is to apply a backdoor into the user's
system.

Worms are viruses or Trojan horses that crawl from system to system. Unlike viruses, the worm depends on a
network connection to spread. A worm will search for weaknesses in protocols in order to spread. Worms may
be created to infect a particular protocol, such as e-mail, or a list of protocols, such as e-mail, FTP, TELNET,
and RLOGIN. After a worm gets through a network protocol, it will replicate itself on the remote machine, and
continue to spread in the same manner. The Internet worm attack of 1988 is the most famous example of a
worm attack. Sending new code to the finger daemon created the spreading of the Internet worm. The Internet
worm spread because there were logic errors in the finger daemon when retrieving data. The Internet worm of
1988 clogged the networks and brought down many machines that it encountered on the network. This worm
brought a lot of organizations' systems down until they deleted the worm.
 Protecting Against Hackers
Some reports state that someone on the inside, such as a disgruntled employee, performs 85% of all hacks
suffered by organizations. Unlike a hacker who is entering through the outside system, the hacker for an
internal attack knows the systems. The employee is familiar with the resources that are available and may have
a set of passwords to start hacking. There may be internal systems that he is familiar with, and the employee
could have applied logic bombs or backdoors to assist in any attacks.

Keeping tabs in the workplace

There are applications that can be purchased to keep tabs on what employees are doing on their workstation.
Managers who are aware of what the software engineer or system administrator is doing on a daily basis can
keep that person from becoming a hacker. An employee who knows he is being watched would likely be
hesitant to do something he shouldn't do. It is the employee who works weekends and until midnight without
the manager watching who has the time to establish a hack.

Always be aware of what is being loaded onto the system's machine. Keep a running inventory of the programs
that were installed. Check the list with some of the security sites for potential security risks. Be a minimalist
when it comes to installing new programs. Only install programs that are by trusted and well-known vendors.
Sometimes, I need to install programs to use for a month and then not re-use them for several more months.
The program can be un-installed and re-installed when I need it several months later. Also monitor and be
aware of what is running on the system computer. If the CPU usage of a machine is maxed out and there
should be nothing running on the machine, obviously something harmful could be running in the background of
the machine.

Isolating your suspects

If a hacker is suspected, set up a machine and account just for the hacker. Isolate the hacker into a machine
that can be monitored and controlled with almost no utilities and access on it. Have the keystrokes and
commands captured to log files. Isolating, monitoring, and controlling the hacker in a remote site can lead to
the search and capture of the hacker. In many cases, the hacker will not know that he has been isolated, but
may think that he has accessed an organization's system. Think like the hacker. Give the hacker a Trojan
horse to download and find him. Because the hacker uses viral kits, sniffers, and other toolboxes where very
little programming and computer knowledge is involved, the hacker may not be aware of the total damage that
he may cause to a system.

Many hackers are tracked by organizations to give the estimate of the damage done to the organization so they
can fix the damage. It might be that the hacker cannot give detailed information but can only point to a hack kit
that he got on the Internet. The organization should always be aware of the hacking products and security Web
sites. Several hacking sites that I visited last year no longer exist, and I am sure that any information on their
tools is hard to come by. Organizations should know their systems well enough that, if they are hacked, they
can assess the damage themselves and not depend on any other information.

Understanding your security system

The biggest effort that can help in securing systems is to be security aware. Many companies are aware of the
latest and greatest technologies, but when asked about security, their typical response is "We have a firewall."
A firewall does help if properly configured, but I have seen people answering this question and then pulling
down hundreds of software packages the next time they're attacked.

There were so many programs on this person's desktop that a hard drive was added and when asked about
the origin of some of the files, the response was "Just things collected over the years. I don't know where most
of it came from." Even if the person was very technology aware, security should also be a big consideration.
Some of the programs could be malicious without the person knowing. The suggestion was to compress and
backup all of the files to a CD-ROM and later retrieve the files only when necessary. When considering
security, be a minimalist with downloading and using programs of unknown origin. There may or may not have
been malicious programs on this person's desktop. Usually, the only time that a hack is found is when it affects
a system and it starts to cost money.

Hiring an expert

The biggest advantage that an organization could have is having security requirements established by a
security expert. Many organizations give the security requirements to a business analysis person who lacks the
background to understand security issues. The security expert will always ensure that chances of a security risk
are avoided. Security consciousness is, in many ways, just a frame of mind. Just as a person is motivated to
learn new technology, so there is a frame of mind for someone who wants to learn new security techniques. In
the security plan, have tiger teams test the organization's systems and plan to revisit the security needs of the
organization at regular intervals. Have a designated security administrator visit the advisories of applications
and operating systems found at www.cert.org/advisories.

Cross-Reference Chapter 21 discusses how to protect your system and unused ports against
hackers.
 Summary
Hackers are a diverse group that could have many reasons for hacking into a system. Their tools and
techniques are as diverse as the hackers themselves. Even though they have diverse methods, the only way
through a computer system is through a network. A hacked application can be pulled down by a user, e-mailed
as a virus, or put on the computer by the hacker. The hacker can sniff the network to understand the packets
that are being sent. The organization can sniff the network just as well to protect their networks.

The hacker, through a strong understanding of the operating system and applications, can control the computer
once he gains access to it. The user, having access to the computer, can apply his knowledge of operating
systems to contain the hacker. The hacker can be mapped to an isolated system to be contained and
identified. The hacker is feared among the organizations of the world, but the hacker has more to lose, and
there is always the chance that he is hacking into an organization that knows more about hacking than he
does.
Chapter 3: Java Security Components

Introduction
The purpose of this chapter is to introduce some of the many Java components for security. The difference
between the Java components lies in the purpose of the component, the supporting algorithm, and the
supporting protocol. In Chapter 1, the operations for security are defined as authentication, authorization, data
confidentiality, and data integrity. All Java security components do have similarities based on how they are
constructed. To access the security interface to use in Java applications, the Sun JDK 1.4 provides the
Application Programming Interface (API).

Java APIs are provided for the security operations defined in Chapter 1. The security operation, in turn, calls a
Service Provider Interface (SPI) to allow other security mechanisms to be plugged in. By using an API and SPI
methodology, security mechanisms can be updated or modified without modifying code. The SPI interface
allows different security mechanisms to be plugged by adding entries to configuration files and adding Java
engines for more algorithms. The SPI interface allows the Java security components to grow in supporting
algorithms and security mechanisms. Figure 3-1 shows the association of the API and SPI. Implementations
are discussed in more detail in subsequent chapters.

Figure 3-1: The association of the API and SPI

 Categorizing Security Elements
Each security operation requires security elements. The security elements change depending on the security
operation and algorithms that the security operation uses. Each security operation has a Java API and
underlying security mechanism that implements the operation. The security elements define the security
operation; for example, if the security operation uses keys, the security operation is confidentiality.

The principal, credential, key, and hash are all security elements that require management and storage. The
management and storage are required for archival and retrieval of security elements. The security elements
that are stored are considered trusted and will be used by the security operation. Most security operations will
simply check incoming security elements with the trusted security element to ensure that they are valid. When
a security element is created and used for a security operation, there must be a mechanism to support the
security element creation, management, and storage.

Tip The trusted security elements must be stored in a secure store to avoid tampering.

Defining authentication with principal and credential elements

At least one security element is needed for each security operation. Authentication requires a user principal
with its associated credential information. Authorization is similar in that it requires at least one principal. The
principal for authorization could be a principal or a principal that represents all principals.

Note The difference between the authentication and authorization information is that the authentication
validates the principal with a credential, and authorization checks the access permissions of the principal
on a system resource.

Many principals, like groups and domains, may not have credentials associated with them. These principals
cannot be authenticated without at least one credential. The user always has a credential and thus the term
user principal. A system could also be a user principal as long as it has at least one credential associated with
it. Once a principal is authenticated, most protocols will create a subject. The subject is the new set of
principals and credentials retrieved by the authentication mechanism for further authentication and
authorization throughout the organization's system. Further authentications and authorizations may be required
to enter other organizations and their systems. A user logging in to a Web site could place an order that could
interact with several other companies to see the order through. Figure 3-2 shows the user principal and
credential association.

Figure 3-2: Authentication principal and credential mapping

Discovering Diverse Content Through
Random Scribd Documents
 No. C D D 150a. The “Silchester” Easy
Chair, in Morocco leather. £11 2 6

No. C D D 149a. Grandfather Easy Chair,

stuffed all hair, and covered best Morocco.
£6 15 0
No. C D D 148a. Easy Chair, in Morocco.
£9 15 0

No. C D D 152a. Luxurious deep-seated

Morocco Easy Chair, covered in best
Morocco Leather. £12 15 0
 THOSE ABOUT
TO FURNISH OR
REPLENISH
SHOULD WRITE
FOR HARRODS’
—COMPLETE—
FURNITURE
CATALOGUE,
POST FREE
— UPON —
APPLICATION.

No. C D D 154a. The “Dorian” Easy Chair,

in Morocco. £8 5 0

No. C D D 153a. Chesterfield Settee, 6 ft. long, well stuffed, and

covered in Morocco. £16 10 0
Ditto best quality covered in best Morocco. £18 10 0. Larger sizes
kept in stock.
 No. C D D 151a. Easy Chair in best
Morocco Leather. £8 18 6
[694]

BOX OTTOMAN COUCHES AND LOUNGES.

 Illustrated Furniture Catalogue
post free on application.

No. C D D 155a. Luxurious Chaise Lounge, stuffed Hair

throughout, spring edge all round, £6 15 0. In Cretonne or
Taffeta.
Cheaper quality, without spring edge, £4 18 6

No. C D D 156a. Comfortable Lounge, stuffed with Hair

throughout, covered in Cretonne or Taffeta (at 1/2 per yard),
£4 2 6.
Cheaper quality, covered in Cretonne at 10d. per yard, £2 18 6
No. C D D 157a. The “Dorothy” Box Ottoman Lounge, covered
in Art Cretonne, £2 5 0

No. C D D 158a. Superior Box Ottoman Lounge, covered in Art

Cretonne or Linen, adjustable head and reversible hinges,
£4 5 0
 No. C D D 159a. Luxurious Box Ottoman Couch, covered in
superior Cretonne. Adjustable Head. Stuffed Hair, Best Quality.
£6 3 6

No. C D D 160a. Box Ottoman Lounge, covered Cretonne,

adjustable Head. £3 17 6

The above are delivered Carriage Free, subject

to the Conditions set forth on pages 3 and 4.
[695]

EASY CHAIRS AND SETTEES.

 No. C D D 161a.
6 ft. Chesterfield Settee, stuffed with Hair throughout, and covered in
Cretonne or Taffeta at 1/- per yard £5 18 6
6 ft. 6 in. ditto, covered in Cretonne or Taffeta at 1/4 per yard 7 15 0
6 ft. Deep Spring Chesterfield, stuffed Hair throughout, best quality,
covered in Cretonne or Taffeta at 1/6 per yard 10 7 6
6 ft. 6 in. do. do. do. do. 10 18 6
7 ft. do. do. do. do. 11 15 0
 No. C D D 163a.
Luxurious Adjustable Head Lounge, stuffed Hair throughout, covered
in Cretonne at 1/4 per yard £5 18 6
Smaller size do. 4 17 6
Cheaper Quality do. 2 18 6

No. C D D 165a. Inexpensive Adjustable End Settee, part Hair stuffed,

covered in Cretonne at 1/2 per yard £4 17 6
No. C D D 162a. Bedroom Easy Chair, part
Hair stuffed, covered in Cretonne at 1/0
per yard £2 7 6

No. C D D 164a. Cosy Easy Chair, part

Hair stuffed, covered in Cretonne at 1/-
per yard £2 12 6
 No. C D D 166a. Very comfortable Easy
Chair, part Hair stuffed, covered in
Cretonne at 1/- per yard £2 15 0

The above are delivered Carriage Free, subject

to the Conditions set forth on pages 3 and 4.
[696]

EASY CHAIRS AND SETTEES.

No. C D D 167a. Comfortable Easy
Chair. All Hair Stuffed, covered in
Linen or Cretonne. £2 18 6

No. C D D 168a. Comfortable

Settee, with Adjustable Arms. All No. C D D 169a. Harrods’
Hair Stuffed, covered in Linen or Divan Easy Chair. Hair
Cretonne. £5 12 6 Stuffed, covered in
Cretonne. £3 5 0
 No. C D D 170a. Roomy and
Comfortable Easy Chair, covered in
green Moquette. £3 15 0

No. C D D 171a. Comfortable Easy

Chair. Hair Stuffed, with Feather
Cushion in seat. £3 7 6
No. C D D 172a. Large Wing Easy Chair.
Stuffed all Hair, covered in Linen or
Cretonne. Feather and Down Seat
Cushion. £4 12 6

No. C D D 173a. Very Comfortable Easy

Chair, covered in Linen or Cretonne.
£2 18 6
No. C D D 174a. Well-made Easy
Chair. Stuffed all Hair, covered in
Linen or Cretonne. £3 5 0

No. C D D 175a. Comfortable Wing Easy

Chair, upholstered in Tapestry. £3 15 0
 No. C D D 176a. Antique Colour Oak
Settee, with Caned Seat and Back. Seat
Cushions covered in Tapestry. £4 15 0

No. C D D 177a. Large Easy Chair, with

Feather Seat Cushion, upholstered in
Tapestry. £3 18 6
No. C D D 178a. Easy Chair in pink,
green, or blue Velours. £2 12 6

No. C D D 179a. Gentlemen’s Easy Chair,

with Cushion in Seat, upholstered in
tapestry. £3 10 0
No. C D D 180a. Ladies’ Easy Chair.
Hair Stuffed, covered in Cretonne
or Taffeta. £2 12 6

No. C D D 181a. Comfortable Easy Chair,

with Loose Feather Cushion in Seat.
Upholstered in Striped Tapestry. £2 18 6
[697]
COMFORTABLE EASY CHAIRS.

Estimates and Designs

for Furnishing
Submitted Free.

No. C D D 182a. Wing Easy Chair,

hair stuffed, covered Linen or
Cretonne. £3 12 6
 No. C D D 183a. The “Harbord” Easy
Chair. All Hair Stuffed. Covered in Artistic
Linen or Cretonne. A roomy, comfortable
Chair,
£3 19 6
 No. C D D 184a. Oak Adjustable Easy
Chair, with Foot Rest to pull out.
Upholstered in Cotton Velvet, in Green or
Pink Colourings. An exceptionally
Comfortable Chair, £1 17 6
Without Foot-rest. £1 3 6

No. C D D 185a. Mahogany Bergère Chair,

polished antique colour, with stuffed
cushioned seat. £2 17 6
No. C D D 186a. Comfortable Easy
Chair, with loose seat cushion filled
with feathers and down. Covered
in Taffeta or Cretonne. £3 15 0

No. C D D 187a. Very comfortable Oak

Adjustable Easy Chair, with two loose
cushions in Rose, Blue, or Green
Velveteen, finished Gold Braid. £2 6 6
Cheaper quality, £1 19 6
No. C D D 188a. The “Apsley” Easy Chair,
in Velours, various colours, £1 19 6

No. C D D 189a. The “Rodney” Easy Chair,

in Handsome Frieze Velvet, £3 3 0
No. C D D 190a. The “Greville” Easy Chair,
in Striped Brocade, £2 18 6
[698]

MUSIC STOOLS AND OCCASIONAL CHAIRS.

EVERY VARIETY OF MUSIC STOOLS IN STOCK AT LOWEST PRICES.
No. C D D 191a. Inlaid Mahogany Music
Stool, covered in Brocade, 18/6

No. C D D 192a. Inlaid Mahogany

“Hamlet” Music Seat, covered in Silk
Tapestry, 28/6

No. C D D 193a. Mahogany Music Seat,

covered in Brocade, 21/0
No. C D D 194a. Inlaid Mahogany Music
Stool, with box, 25/6

No. C D D 195a. Oak Stool

with cane top and twisted
rails under. Size, 20 × 15 ×
18 in. high, 13/9
No. C D D 196a. Inlaid Mahogany Music
Seat, with Drawer, covered Brocade.
Size, 20 × 13 in. 50/0
Plain Mahogany ditto 47/6

No. C D D 197a. Music Seat,

stained as Mahogany, 21/0
No. C D D 198a. Rising Top Music
Stool, covered in Tapestry, 18/6
Cheaper quality in Tapestry, 15/6

No. C D D 199a. Inlaid Mahogany

Occasional Chair, with seat covered
in Tapestry, 22/6
No. C D D 200a. Inlaid Mahogany Corner
Chair, covered in Tapestry, 22/6

No. C D D 201a. Inlaid No. C D D 202a. Inlaid

Mahogany Elbow Chair, in Mahogany Occasional Chair,
Brocade, 31/6 in Brocade, 16/9

WRITE FOR HARRODS’ CATALOGUE OF FURNITURE; A

USEFUL AND COMPREHENSIVE VOLUME. POST FREE TO
ANY ADDRESS.

The above are delivered Carriage Free, subject

to the Conditions set forth on pages 3 and 4.
[699]
SPECIALITIES IN WELL-MADE CARD AND
BRIDGE TABLES.

No. C D D 203a. “Harrods’” Universal Oak

Folding Card Table. Top Lined Green
Baize. Size, 30 in. by 25 in. 7/11
Do. do. 30 in. by 30 in. 10/9

No. C D D 204a. The “Twyford” Oak Card

Table with Lined Top, fitted with Ash Tray
and Glass Holder. Size, 30 in. by 30 in.
19/6
Do. do. in Mahogany, 24/6
No. C D D 205a. Strongly-made Mahogany
Folding Bridge Table. 31 in. by 31 in., with
Lined and Padded Top, 27/6
Inlaid do. do. 35/6

No. C D D 206a. Oak Folding Card Table.

Size of top, 30 in. by 30 in. 14/9
Welcome to Our Bookstore - The Ultimate Destination for Book Lovers
Are you passionate about books and eager to explore new worlds of
knowledge? At our website, we offer a vast collection of books that
cater to every interest and age group. From classic literature to
specialized publications, self-help books, and children’s stories, we
have it all! Each book is a gateway to new adventures, helping you
expand your knowledge and nourish your soul
Experience Convenient and Enjoyable Book Shopping Our website is more
than just an online bookstore—it’s a bridge connecting readers to the
timeless values of culture and wisdom. With a sleek and user-friendly
interface and a smart search system, you can find your favorite books
quickly and easily. Enjoy special promotions, fast home delivery, and
a seamless shopping experience that saves you time and enhances your
love for reading.
Let us accompany you on the journey of exploring knowledge and
personal growth!

ebookgate.com