What is the best practice to pass sensitive information like password/secret from angular to Webapi?
Should we need to hash/encrypt them at the client before sending to webapi?
Having https:// protocol would be enough to pass the sensitive information over the wire without encrypting?
Let me know your thoughts.
using https is encrypting
SSL is secure socket layer and uses various encryption algorithms (configured on the web server) in order to encrypt any communication and it is the best means of protecting information. Any data sent to the client is compromised and so encryption in the browser (JS not native) is typically considered not worth while.
Suggest going to letsencrypt and setting up certbot to get/renew your certificates, it also helps with server configuration. You may also want to look into general "server hardening guides" on linux I also use a program called lynis on the server side to help audit/lock things down. There are also companies that will evaluate the hash algorithms your server is allowing in order to verify it isn't using any algorithms that are known to have exploits (like heartbleed), typically the companies are advertised as "PCI certification" companies but the tests are basically all automated. (PCI is payment card industry or visa/mastercard secruity best practices, if not followed and data is lost you may be considered more liable if you are not following PCI rules/suggestions)
Following general security best practices and writing code that is not subject to SQL injection will put you ahead of most unfortunately but there are no silver bullets to security (same as performance):
https://www.intellectual-tech.com/blog/web-security-ch-1
Related
So, I've been reading about security in relation to desktop applications and database servers. Previously when I've built applications that are linked to a database, I've taken the easy route and simply stored the connection string hard coded in the source code directly. This has worked since the binaries were not distributed to third parties. However, now I'm working on a project whose binaries are bound for third party use, and in this case the communication with the server becomes a security issue that I need to deal with.
Since it is a priority that there be no direct connection to the remote database from the client machine, I understand that a server/client database service is a good choice. In this case, the client machine sends requests using TCP to a server, which then processes the request using stored procedures and responds accordingly to the client.
My questions in relation to this are:
i. Would this setup be an advisable one, or are other setups of which I am unaware more advisable for the kind of project I am working on?
ii. How does one go about securing such a connection? I can easily set up an SSL connection to the server using a security certificate generated by OpenSSL, however I'm not sure whether this is the correct way of securing the connection for a desktop application, or whether this method is primarily used for HTTPS. And WHEN should one in general secure the connection (are there instances where this wouldn't matter, for instance if all I do is send booleans back and forth?)? Any good resources that discuss these issues? For instance, I have a lot of application installed on my Windows PC that are networked, but I don't see many of them installing a security certificate on my PC. What gives?
Full disclosure: I'm a C++ (hobbyist) programmer using Boost libraries for my network programming needs and OpenSSL for my SSL cryptography. However, I hope this can be answered without paying too much attention to these facts :)
Answers:
i. Having your application talk to a web service that then talks to the database is a better setup. This abstracts the database away from the clients (and therefore direct access from the internet).
ii. This depends on what the threats to your system are. If the data you are vending from the web service mentioned above is data that is not sensitive, and is not user specific (say an app that allows searching of public photo galleries, so your web service simply returns a result set with URLs) then you might be able to get by with simply using SSL. Other apps get around installing their own cert in a myriad of ways. They can either get a cert from a CA like verisign, so your computer already trusts it. Or they can deploy the public cert with the binary of their app, and handle it inside of their app (this is a form of certificate pinning).
ii part 2. If you need the clients to authenticate, for reasons of either wanting to make sure that not just anyone can use your web service, or to support a more advanced authorization model, then you would need to implement some sort of authentication. That would be a much bigger question to address.
Make sure you use CA-signed certificates, and not self-signed. You might also want to consider mutual authentication between your service and the database.
I have thought a long time about decentralized applications and their advantages, especially the fact that they tend to be more reliable and cheap when there are a lot of traffic involved, something that is not true with centralized applications (best example is facebook or google, those servers burn a lot of energy).
My question is this:
Can Kademlia be used for a chat protocol, and how secure would it be ? If I enable packet encryption, would privacy be guaranteed ? Are other kinds of messaging applications possible with kademlia (forums/usenet, email, IRC) if I adapt the protocols ?
I'm sure I'll need to add a lot of code to make it privacy effective so that anyone can eavesdrop or exploit the Sybil attack (described on wikipedia).
What do you think ? Do you think this project is worthwhile ?
(sorry for my bad english)
Can Kademlia be used for a chat protocol, and how secure would it be ?
If I enable packet encryption, would privacy be guaranteed ? Are other
kinds of messaging applications possible with kademlia (forums/usenet,
email, IRC) if I adapt the protocols ?
Kademlia is a mean to locate and exchange distributed information on peers. It is not related to security. You can implement security on top of it for sure. The best option is a public key encryption system with certificate authority. You would have to encrypt the data.
Anything is possible on top of Kademlia.
As other answers have noted, the role of the DHT does not include security, but instead integrity. For example, most DHTs use SHA1 as their key. This means you look up data by someone giving you the SHA1 hash of it (this is how torrents work) and when you get it from the DHT you can check to ensure it's not some other data from the untrusted sources.
As JVerstry mentions you could create a cryptographic system, and possibly a certificate authority. This would be outside the DHT, but you could use the system securely still. For example, if you encrypt a file and take the SHA1 of that, you can still use that as a key for the DHT, although you will probably want to provide some kind of nonce/salt.
I am trying to devise a security scheme for encrypting the application level data between a silverlight client, and a php webservice that I created. Since I am dealing with a public website the information I am pulling from the service is public, but the information I'm submitting to the webservice is not public. There is also a back end to the website for administration, so naturally all application data being pushed and pulled from the webservice to the silverlight administration back end must also be encrypted.
Silverlight does not support asymmetric encryption, which would work for the public website. Symmetric encryption would only work on the back end because users do not log in to the public website, so no password based keys could be derived. Still symmetric encryption would be great, but I cannot securely save the private key in the silverlight client. Because it would either have to be hardcoded or read from some kind of config file. None of that is considered secure. So... plan B.
My final alternative would be then to implement the Diffie-Hellman algorithm, which supports symmetric encryption by means of key agreement. However Diffie-Hellman is vulnerable to man-in-the-middle attacks. In other words, there is no guarantee that either side is sure of each others identity, making it possible for communication to be intercepted and altered without the receiving party knowing about it. It is thus recommended to use a private shared key to encrypt the key agreement handshaking, so that the identity of either party is confirmed.
This brings me back to my initial problem that resulted in me needing to use Diffie-Hellman, how can I use a private key in a silverlight client without hardcoding it either in the code or an xml file.
I'm all out of love on this one... is there any answer to this?
EDIT:
Remember that this is about a custom PHP web service that I rolled out on my own.
I found an RSA implementation i can use in Silverlight. It seems pretty safe to use this to encrypt the handshake for the DiffieHellman key agreement between the Silverlight client and PHP web service, and subsequently also use it to encrypt the symmetric key that was agreed upon (which is itself generated from the result of the key exchange by hashing it).
After this I'm pretty much guaranteed that all communication going to the web service has not been intercepted, modified and then retransmitted (MITM). However I believe it is still possible; technically, for an attacker to impersonate the silverlight client and send messages to the webservice (assuming they discover the url).
Security from unauthorized access is provided since the attacker does not know the "secret api" of my custom webservice, hence they are unable to communicate with it.
The only way to break this would be to brute force the webservice with whatever strings an attacker may suspect to be valid to try and get a response from the web service. I don't think you can brute force a variable length string. It sounds impractical.
Does anyone see a problem with this approach?
SSL/TLS suffers from the same problem that any Diffie-Hellman-based implementation you come up with would have, in that it can still be broken by a man-in-the-middle attack.
The reason TLS is secure and trusted is because the client, when receiving the server's certificate, authenticates it by checking that it is signed with another certificate from a known trusted identity - say, VeriSign. Thus far, this makes it impossible to enact a man-in-the-middle attack without having VeriSign's private key - when the interloper sends a fake certificate proclaiming to be the server, the client would easily detect that this certificate is not signed using the trusted identity's certificate, and bails out of the connection, displaying a warning to the user.
For your purposes, it's likely easiest to use TLS. To make it secure, you would generate a certificate for your server, and then embed in your client the public key for that certificate. The client can then verify that it is talking to your server, without having to expose the private key, which you don't have to distribute.
EDIT: In response to your comment on Jerry's answer, if your hosting provider doesn't allow SSL/TLS connections at all, preventing a man-in-the-middle attack will be tricky. If this is your only reason for avoiding TLS, I would suggest getting your provider to turn it on, or finding a provider that allows for it.
EDIT: In response to your edited question: even if you're now using RSA in your Silverlight client to send data to your web service, you cannot guarantee that the client itself has not been modified. It's quite possible for an attacker to dig into your client, determine the algorithm you're using to perform the encryption/handshake, and then write code to impersonate your client (or indeed, modify the client to include their code). Once they've done that, they can start analyzing your API and use it to make calls to your web service.
It's the same with SSL/TLS - the client can validate the identity of the host using the host's certificate, and as long as the host's server is secured, the client can trust the output from the host; however, there is no mechanism in which the host can 100% validate that the client is who they say they are, as the client will be run on a machine which does not have a controlled execution environment.
However - despite the above being true, and that it's possible that an attacker can compromise your system in this way, it's likely not probable -- unless you're working on a public-facing system that attracts a lot of attention/use, or a system that deals directly with money in some form, the attacker needs to make some effort before being able to send their own input to your web service.
Your best bet is to validate the input received by your web service thoroughly, and don't leave dangling APIs accessible that your regular client would never use.
The obvious solution would be to use WCF to establish an SSL or TLS connection instead of attempting to build that into the application.
I recommend starting with this JavaScript+PHP DH key Exchange protocol:
http://enanocms.org/News:Article/2008/02/20/Diffie_Hellman_key_exchange_implemented
You can then re-write the javascript in silverlight. I recommend using Wireshark to dump packets then you can use Meld or whatever to diff the packets to see where your implementation is differs from the original.
Good Luck!
(Disclaimer: I totally agree with the Enano dev team, this is not a full replacement of SSL and SSL should be used whenever possible.)
From my last question, I have new idea for database protection. The following ports will be connected via SSL only. Is it possible to hack this database server?
Http Port for sending & receiving data via WCF Services or Web Services.
Ftp Port for updating above services.
PS. This question is not include SQL injection problem.
Thanks,
In practice, you can never make your server hacker-proof. As long as hackers have some means to send data to the server, they can potentially exploit security vulnerabilities to do bad things. Limiting the server's surface area, using encryption, and so on all help and make it less likely you'll get hacked, but you're never 100% safe.
It's possible to hack just about anything. Your HTTP or (especially) your FTP server could have security bugs in it which open a backdoor. These could be anything from arbitrary code execution under root/Administrator or full filesystem access.
I assume also that your database server is also not bug-free, and could expose all your data.
Obviously, though, having as few ports as possible open is better.
Everything is possible, but sure this decrease the possibilities.
you can still guess/predict/keylog the username/password and get in
I always tell people the only hack-proof server is the one that is unplugged and powered down in the closet.
It is important, when presenting a security solution, do identify what kind of intrusion you are attempting to guard against. Even with only three ports open, even with one for that matter, a successful dictionary attack against accounts accessing the server via FTP port could do some damage.
As a general rule, we do not expose our databases directly outside the network/firewall. Only web or user application servers have exposed ports but nothing that isn't behind the firewall can directly touch the database servers.
This is still vulnerable several ways:
Man in the middle attack against SSL if you don't have proper certs set up
Input handling exploits in your httpd, ftpd and operating system
Social engineering
That doesn't mean it's not a good idea to do things this way, but it's dangerous to think this, or anything really, is "hack proof". I'll spare you the typical wisecrack about windows security.
I would like to set up some WMV Video Streaming, using Windows 2003's Streaming Media Server and Silverlight.
Now, unfortunately Silverlight only supports HTTP, which means that people can just download the videos. While that in itself is not a problem, I wonder what options there are to prevent them being playable outside of the network.
Of course, DRM comes into mind. Is there an easy way to get it and set it up? I do not want to have some complicated User-Scheme, it essentially boils down to "If you can reach the server (which is only in the internal network), you get a license, otherwise not".
Any experience with WMV DRM or Content Protection in that area?
What would I need on top of Windows 2003 Server and Silverlight 2?
DRM is a negative sum game. You lose money and time in implementing it that you could have spent on something useful to your users, and your content becomes less valuable to your users. It is also impossible to implement effectively. I'm not going to address any specific DRM scheme, but the core of the argument is that in order to show content to the user, the user's computer must be able to decrypt it. Therefore, the decryption code, and the decryption keys, must be present on the user's computer. Encryption can only protect data from interception and tampering between two secure endpoints. If one of the endpoints is compromised (and you are assuming this in your distrust of the user), then cryptographic techniques are useless.
Michael: you could do a few things. You could use IIS7 and create a web playlist which can be protected by SSL certificates to secure the stream. Additionally Silverlight does support a no-touch (from the end user's perspective) DRM scheme we call PlayReady. It does involve having a server to issue the license so that may violate your desire for a no/low cost solution (but DRM solutions rarely are). These are two options though.
In this session the baseball guy talked about making the URL's usable only once. I assume it's not a 100% solution but it could prevent users from copypasting url's.
An alternative to in house DRM is hosted DRM.
We "EZDRM.com" offer a great low cost solution, and still provide you all the features of DRM.