Presentation is loading. Please wait.

Presentation is loading. Please wait.

Deployment & Distribution

Published byAlicia Pitts Modified over 6 years ago

Similar presentations

Presentation on theme: "Deployment & Distribution"— Presentation transcript:

1 Deployment & Distribution
Engineering Secure Software Deployment & Distribution

2 SE Doesn’t End at Release
Deployment counts too Despite our best efforts to produce secure software Vulnerabilities can exist only when deployed in a production environment Users expect “secure by default” Your organization needs to be ready Incident response plan Version control practices Your installation & config scripts count Recommended firewall configuration Security manager configuration

3 Recent PostgreSQL Incident
PostgreSQL reported a show-stopping vulnerability found on April 4th, 2013 “Argument injection vulnerability in PostgreSQL [9.2.x ..] allows remote attackers to cause a denial of service (file corruption), and allows remote authenticated users to modify configuration settings and execute arbitrary code, via a connection request using a database name that begins with a "-" (hyphen).” “The vulnerability allows users to use a command-line switch for a PostgreSQL connection intended for single-user recovery mode while PostgreSQL is running in normal, multiuser mode. This can be used to harm the server.”

4 How PostgreSQL Responded
Embargo on the bug: March 13th – April 4th Removed the public version control repositories during the embargo Announced on the mailing lists to expect an immediate upgrade soon, without much detail Contacted vendors especially affected (e.g. Heroku) Core PosgreSQL developers assisted the vendors directly Tested patches on vendor’s environments Heroku already had a history of working directly with developers on experimental features

5 Incident Response Plan
Incident definition How do you know that this behavior is bad? Use high-level risks & indicators from your initial risk assessment Establish who is involved Monitoring duties Contacts for an issue Security response team Chain of escalation Know who to contact to fix the problem Who sees the bugs (e.g. Cisco CEO gets daily escalation reports)

6 Incident Response Plan (2)
Establish Procedures Writing the patch Testing the patch Security expert review of a patch Reacting to specific exploits Establish working relationships with key vendors Establish criteria for notifying the world Too late? Active exploits make you look behind Too early? Unnecessary panic Invites exploits

7 Version Control Practices
Releases are treated as branches Most current version: trunk branch aka upstream Continuously-updated to the latest version Maintenance: release branch Diverges from the main truck New change to an old release? Backport Upstreams and backports can differ if the code has since changed a lot Configuration management coordinator Keeps track of all the branches and releases New devs often work on backports Keeps track of “testing gotchas” from one release to another (e.g. environment change, or non-change)

8 Upstream & Backport Sometimes… … Upstream commit Upstream /trunk
Vulnerabilities were introduced by a backport (regression) Vulnerabilities only affect 1.0, not upstream Vulnerabilities affect some branches, but not others Upstream commit r45547 1.0 Release /branches/1.0 r45546 r45545 1.1 Patch Configuration coordinator Security Response Team Vulnerability backport

9 Releasing Patched Versions
You will need to release patched versions of your product “Patch it yourself” approach (e.g. Adobe Flash, Acrobat) Software contacts the vendor periodically and downloads software Benefit: simple, easy, you control how it works Drawback: Non-root installations mean malware can spoof the update site, or disable it Reverting a bad release is not usually supported Package manager approach (e.g. apt-get, yum, Mac App Store) Benefits OS support means packages are handled all in one place Harder to compromise: uses hash digests to verify Drawback: can annoy users “package X.1.2 isn’t in the system?!?!?”

10 Firewalls Designed to be the gatekeeper for networks
Allow|Block IP addresses & Ports Forward traffic to different ports Network Address Translation (NAT) Installation scripts often need to configure the firewalls IPTables, the Linux firewall Create “tables of chains of rules” Table: group of chains for a given action (e.g., NAT, Filter, etc.) Chain: an ordered group of rules (e.g., INPUT, OUTPIT, etc.) Rule: specific definition of what’s in and what’s out e.g. view your Filter table: iptables -t filter –list Detailed flow:

11 e.g. IPTables Rules Command line
-A  append to chain, -j  jump target (ACCEPT, DROP, etc.) -s  source of the packet, -d  destination of the packet -dport  destination port on local machine, --sport  source port -i  input network interface (e.g. network card driver), -o  output interface --state  packet states to match (e.g. NEW, ESTABLISHED), -p  protocol Drop all packets coming from a specific IP address iptables -A INPUT –s j DROP Allow SSH packets in and out iptables -A INPUT -i eth0 -p tcp --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT iptables -A OUTPUT -o eth0 -p tcp --sport 22 -m state --state NEW,ESTABLISHED -j ACCEPT

12 e.g. More IPTables rules Forward port on IP address from 422 to 22 iptables -t nat -A PREROUTING -p tcp -d dport 422 -j DNAT --to :22 DoS mitigation: When we see a burst of 100 connections/min, limit to 25 connections/min on port 80 iptables -A INPUT -p tcp --dport 80 -m limit --limit 25/minute --limit-burst 100 -j ACCEPT Create a new chain for logging, turn it on iptables -N LOGGING iptables -A LOGGING -m limit --limit 2/min -j LOG --log-prefix "IPTables Packet Dropped: " --log-level 7 iptables -A INPUT -j LOGGING

13 Security Managers Often a programming language feature
Required for untrusted API situations Prevents sensitive API calls e.g. System.exit(1) in Java e.g. System properties (read and write) Highly customizable Turned off by default Many languages have them, or community provides them Java: Java Security Manager Python: e.g. RestrictedPython Perl: Safe.pm Ruby: Safe C/C++: None – use OS mechanisms

14 Security Managers in Practice
In a server situation Limits access to underlying OS e.g. file access, logging Limits OS-sensitive functions e.g. opening a socket In a desktop situation Used to mitigate extensibility concerns Mitigates the “malicious plug-in” problem Not usually for license key situations (user can just remove the policy)

15 e.g. catalina.policy From Apache Tomcat, Java servlet container
A web application is untrusted code running in the same VM DoS & access to underlying OS are concerns too Server startup JAR is given full permissions Grant read permissions to some system-wide properties // These permissions apply to the server startup code grant codeBase "file:${catalina.home}/bin/bootstrap.jar" { permission java.security.AllPermission; }; permission java.util.PropertyPermission "java.home", "read"; permission java.util.PropertyPermission "java.naming.*", "read"; permission java.util.PropertyPermission "javax.sql.*", "read";

16 e.g. catalina.policy (2) Grant application-specific logging file permissions Grant read API permissions for web applications for a given package permission java.util.logging.LoggingPermission "control"; permission java.io.FilePermission "${java.home}${file.separator}conf${file.separator}logging.properties", "read"; // All JSPs need to be able to read this package permission java.lang.RuntimePermission "accessClassInPackage.org.apache.tomcat";

Download ppt "Deployment & Distribution"

Similar presentations

IUT– Network Security Course 1 Network Security Firewalls.

IUT– Network Security Course 1 Network Security Firewalls.
Ipchains and Iptables Linux operating system natively supports packet-filtering rules: Kernel versions 2.2 and earlier support the ipchains command. Kernel.

Ipchains and Iptables Linux operating system natively supports packet-filtering rules: Kernel versions 2.2 and earlier support the ipchains command. Kernel.
Traffic Management - OpenFlow Switch on the NetFPGA platform Chun-Jen Chung(1203584897) Sriram Gopinath(1203800749)

Traffic Management - OpenFlow Switch on the NetFPGA platform Chun-Jen Chung( ) Sriram Gopinath( )
Securing Network using Linux. Lesson Outline Setting up a secure system TCP Wrapper configuration Firewalls in Linux Authentication Systems –NIS –Kerberos.

Securing Network using Linux. Lesson Outline Setting up a secure system TCP Wrapper configuration Firewalls in Linux Authentication Systems –NIS –Kerberos.
Network Security Testing Techniques Presented By:- Sachin Vador.

Network Security Testing Techniques Presented By:- Sachin Vador.
Web server security Dr Jim Briggs WEBP security1.

Web server security Dr Jim Briggs WEBP security1.
COEN 252: Computer Forensics Router Investigation.

COEN 252: Computer Forensics Router Investigation.
Network Security1 – Chapter 3 – Device Security (B) Security of major devices: How to protect the device against attacks aimed at compromising the device.

Network Security1 – Chapter 3 – Device Security (B) Security of major devices: How to protect the device against attacks aimed at compromising the device.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 14: Problem Recovery.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 14: Problem Recovery.
Incident Response Updated 03/20/2015

Incident Response Updated 03/20/2015
PacNOG 6: Nadi, Fiji Dealing with DDoS Attacks Hervey Allen Network Startup Resource Center.

PacNOG 6: Nadi, Fiji Dealing with DDoS Attacks Hervey Allen Network Startup Resource Center.
Firewalls CS432. Overview  What are firewalls?  Types of firewalls Packet filtering firewalls Packet filtering firewalls Sateful firewalls Sateful firewalls.

Firewalls CS432. Overview  What are firewalls?  Types of firewalls Packet filtering firewalls Packet filtering firewalls Sateful firewalls Sateful firewalls.
Module 1: Web Application Security Overview 1. Overview How Data is stored in a Web Application Types of Data that need to be secured Overview of common.

Module 1: Web Application Security Overview 1. Overview How Data is stored in a Web Application Types of Data that need to be secured Overview of common.
APA of Isfahan University of Technology In the name of God.

APA of Isfahan University of Technology In the name of God.
Apache Tomcat Web Server SNU OOPSLA Lab. October 2005.

Apache Tomcat Web Server SNU OOPSLA Lab. October 2005.
Engineering Secure Software. SE Doesn’t End at Release  Deployment counts too Despite our best efforts to produce secure software Vulnerabilities can.

Engineering Secure Software. SE Doesn’t End at Release  Deployment counts too Despite our best efforts to produce secure software Vulnerabilities can.
NetFilter – IPtables Firewall –Series of rules to govern what Kind of access to allow on your system –Packet filtering –Drop or Accept packets NAT –Network.

NetFilter – IPtables Firewall –Series of rules to govern what Kind of access to allow on your system –Packet filtering –Drop or Accept packets NAT –Network.
07/11/2012 www.eej.ulst.ac.uk/~ian/modules/COM342/COM342_L10.ppt L10/1/63 COM342 Networks and Data Communications Ian McCrumRoom 5B18 Tel: 90 366364 voice.

07/11/ L10/1/63 COM342 Networks and Data Communications Ian McCrumRoom 5B18 Tel: voice.
Karlstad University Introduction to Vulnerability Assessment Labs Ge Zhang Dvg-C03.

Karlstad University Introduction to Vulnerability Assessment Labs Ge Zhang Dvg-C03.
1 © 2003, Cisco Systems, Inc. All rights reserved. CCNA 3 v3.0 Module 6 Switch Configuration.

1 © 2003, Cisco Systems, Inc. All rights reserved. CCNA 3 v3.0 Module 6 Switch Configuration.

Similar presentations

Ads by Google