DCOM Explained
by Rosemary Rock-Evans
Digital Press
ISBN: 1555582168   Pub Date: 09/01/98

Previous Table of Contents Next


Chapter 16
Security

  Currently Windows NT specific service
  No end-to-end security across operating systems
  CryptoAPI can link with third-party services—BBN, Cylink, Spyrus, RSA
  Accessible from Windows NT and Internet Explorer

One of the more difficult aspects associated with designing and implementing distributed applications is ensuring the resulting application is secure against theft or malicious damage. Distributed applications are particularly vulnerable to attack, as by their very nature they provide a means of navigating the network—getting into the nooks and crannies of every machine connected to it. With the increasing use of the Internet as a means of gaining access to systems, the threat becomes even greater. At least 47% of U.S.-based companies using the Internet have suffered attack; 75% of them suffered financial loss.

So, security is a big issue and a service we would expect our middleware supplier to take very seriously. In fact, it is only the middleware supplier that can provide an integrated security mechanism as only middleware works across heterogeneous networks and machines—no other software is capable of providing “end to end” security.

What Are the Risks?

We can’t take any action to protect ourselves from theft or malicious damage unless we first understand the risks associated with distributed applications.


Figure 16.1  Security services

Whenever we build a distributed application we are not only vulnerable to the normal risks associated with functions and data resident on machines, but to these a new set of risks is added—those associated with data passing over the network. We can thus classify the threats under two main headings:

Risks associated with the data going across the network

  Removal of the message en route (theft or malicious damage)
  Corruption of the data en route (accidental damage)
  Tampering of the data en route (malicious damage or theft)
  Loss of the data en route (accidental damage)
  Diversion of the message en route (theft or simply malicious tampering)

Risks associated with data and functions on machines

  Unauthorized access of data on a machine to look, copy, add, delete, remove, or amend it (theft or malicious damage)
  Unauthorized use of applications on a machine (theft or malicious damage)
  Unauthorized removal of applications from a machine (theft or malicious damage)
  Unauthorized copying of applications on a machine (theft)
  Unauthorized addition of applications on a machine (theft or malicious damage)
  Unauthorized change to an application on a machine (theft or malicious damage)

These threats/risks actually apply to whatever the type of distributed application you are using.

If you are using an e-mail application as opposed to building a distributed application, for example, the removal of your e-mail message is still at risk from theft (say you had spilled out all the company secrets in a message) or tampering (a competitor changes the information you had provided on financial results to make them look worse than they actually were), loss (your invoice to a customer gets lost), or diversion (a competitor diverts the message destined for you from a potential customer so that he can compete for the business). However, when you want to build a distributed application these risks apply to the data you have stored in the databases and files you use, in the programs and components you have built in the application, and in the messages you send across the network.

Why the fuss?

In the first place, it is the nature of distributed applications of whatever sort that they are that much more vulnerable to attack than, for example, postal services, the telephone, or even fax, simply because computers can be used to automate the process of message interception. Nobody is going to intercept the thousands of letters a company sends every day, open them all, and then sift through them in the hope that in there is some nugget of useful information. (Although it has been done).

The process is generally too time consuming, too difficult to do without being spotted, and too labor intensive. It is also not very cost effective—you’d probably need hundreds of people to do it who would all cost money—probably more money than you would ever make from the exercise. The committed thief or malicious prankster, however, can set a computer to monitor the output from machines, intercepting messages from key users (remember that no one knows who a letter is from until they open it, but everyone knows who an e-mail message or application message is from).

One of the ways of doing this is by using packet sniffing. Ethernet LANs work by sending packet information to all the hosts on the same circuit. Only the machine with a matching address is meant to accept the packet; however, a machine in “promiscuous mode” will accept all packets, no matter what the packet header says.

By using automation ourselves, we have opened up the possibility of automation in attack.

In the second place, the “rewards” of computer crime are potentially much greater than the rewards of conventional crime. Criminals can gain access to not one credit card (the reward of conventional theft of a wallet) but thousands of credit card numbers (the reward of computer-based crime). If you find this difficult to believe it is worth mentioning that in 1997, FBI Agents arrested a man at San Francisco Airport who had a diskette with 100,000 credit card numbers he was attempting to sell. A Visa International database with 300,000 credit card numbers has also been stolen (ref. Risks Forum).

In the third place, by storing data on machines connected by a network, we have provided a totally different route to get to the assets of the company. In effect, all the tedious work of the criminal—the long distance journeys to the victim, the break-ins, the safe cracking, the hitting of the security guard over the head—are all now unnecessary as we have provided our criminal with an electronic route to the assets instead.

We can, of course, feel pleased for the security guard, but the company is at great risk. It is as if every locked door, security guard, closed filing cabinet, safe, and secure store had suddenly been opened to anyone with the wherewithal to take advantage of the fact. From the comfort of his own home the criminal can now send down unauthorized applications which do all the work—transferring money between bank accounts, for example, or corrupting key application data in a database (for example, your customer database).


Previous Table of Contents Next