Module 6: Securing File System Data

Chia sẻ: Mai Phuong | Ngày: | Loại File: PDF | Số trang:54

Thêm vào BST

Báo xấu

118
lượt xem 12
download

Download Vui lòng tải xuống để xem tài liệu đầy đủ

This module provides students with an explanation of how to manage user input in a secure way. The methods for checking user input, and a discussion of the consequences of not performing those checks, are the focus of this module. After completing this module, students will be able to secure their Web applications by validating user input.

Chủ đề:

Bình luận(0) Đăng nhập để gửi bình luận!

Lưu

Nội dung Text: Module 6: Securing File System Data

Module 6: Securing File System Data Contents Overview 1 Lesson: Overview of Securing Files 2 Lesson: Windows Access Control 6 Lesson: Creating ACLs Programmatically 19 Lesson: Protecting ASP.NET Web Application Files 27 Review 38 Lab 6: Securing Files with ACLs 39
Information in this document, including URL and other Internet Web site references, is subject to change without notice. Unless otherwise noted, the example companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious, and no association with any real company, organization, product, domain name, e-mail address, logo, person, place or event is intended or should be inferred. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation. Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property.  2001 Microsoft Corporation. All rights reserved. Microsoft, MS-DOS, Windows, Windows NT, ActiveX, Active Directory, Authenticode, Hotmail, JScript, Microsoft Press, MSDN, PowerPoint, Visual Basic, Visual C++, Visual Studio, and Windows Media are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. The names of actual companies and products mentioned herein may be the trademarks of their respective owners.
Module 6: Securing File System Data iii Instructor Notes Presentation: This module provides students with an explanation of how to manage user input 90 minutes in a secure way. The methods for checking user input, and a discussion of the consequences of not performing those checks, are the focus of this module. Lab: After completing this module, students will be able to secure their Web 30 minutes applications by validating user input. After completing this module, students will be able to: ! Identify the reasons for securing the Web application implementation files. ! Describe how Microsoft® Windows® access control mechanisms are used to protect file system data. ! Set ACLs on files and folders by using a script. ! Use Microsoft ASP.NET Web.config files to restrict access to files in an ASP.NET Web application. Required materials To teach this module, you need the following materials: ! Microsoft® PowerPoint® file 2300A_06.ppt ! HTML and Flash animation files: 2300A_06_A05_1664.htm, 2300A_06_A05_1664.swf Preparation tasks To prepare for this module: ! Read all of the materials for this module. ! Complete the lab. ! Practice the steps for the demonstrations. ! Read Chapter 3, “Windows 2000 Security Overview,” in Designing Secure Web-Based Applications for Microsoft Windows 2000 by Michael Howard (Redmond, Microsoft Press®), 2000. ! Read the article, “Access Control Model,” which is available at http://www.microsoft.com/windows2000/techinfo/reskit/en/distrib/ dsce_ctl_mfxc.htm. ! Read the Microsoft MSDN® article, “HOWTO: Control Access to a Windows NT, Windows 2000, and Windows XP Service,” which is available at http://support.microsoft.com/directory/ article.asp?ID=KB;EN-US;Q180116&. ! Read the MSDN article, “Setting User Security,” which is available at http://msdn.microsoft.com/library/default.asp?url=/library/en-us/ wmisdk/us_sec_8ozd.asp. ! Read the TechNet article, “Default Access Control Settings in Windows 2000,” which is available at http://www.microsoft.com/technet/treeview/ default.asp?url=/TechNet/prodtechnol/windows2000serv/maintain/security/ secdefs.asp. ! Read the TechNet article, “Working with Access Control Lists,” which is available at http://www.microsoft.com/technet/treeview/default.asp?url=/ TechNet/prodtechnol/winxppro/reskit/prdd_sec_jynl.asp.
iv Module 6: Securing File System Data How to Teach This Module This section contains information that will help you to teach this module. Lesson: Overview of Securing Files This section describes the instructional methods for teaching each topic in this lesson. Why Are Web Discuss the weaknesses in a system that lead to attacks on Web application Application implementation files. Implementation Files Attacked? How to Protect Web This topic briefly covers security settings that are configured in the Microsoft Application Windows® operating system, in Internet Information Services (IIS), and within Implementation Files a Web application in the Web.config file. Do not go into the details of security settings with this topic. Lesson: Windows Access Control This section describes the instructional methods for teaching each topic in this lesson. Overview of a Security While explaining the elements of security descriptors, such as security Descriptor identifiers (SIDs) and Access Control Entries (ACEs), tell students that each element has a structure and Application Programming Interfaces (APIs) associated with it. Open Microsoft Visual Studio® .NET Help and look for the “Access Control” topic. Step through each element and show the structure and APIs associated with each element. Multimedia: Security This multimedia presentation describes the elements of security descriptor. Descriptors Setting File ACLs Windows operating system protects securable resources from unauthorized access by employing discretionary access control, which is implemented through discretionary access control lists (DACLs). Tell students that the terms DACLs and access control lists (ACLs) are usually used interchangeably. Best Practices This topic covers the best practices that can be used for securing Web application files. Instructor-Led Practice: Some parts of this practice are performed only by the instructor, and some parts Viewing and Setting are performed by students along with the instructor. Make sure that your pace is ACLs on a File slow when students are performing the steps along with you so that they are able to understand the procedure and perform the steps.
Module 6: Securing File System Data v Lesson: Creating ACLs Programmatically This section describes the instructional methods for teaching each topic in this lesson. This lesson can be introduced by asking students how to move an ACL-secured Web application from one computer (for example, from a development computer to a test or production computer). Try to move the discussion toward using automated methods for setting ACLs. Using Cacls.exe to Set When explaining the syntax of calcs.exe, open the command prompt window, ACLs type the command c:\Cacls ManualAcl.htm, and show the output to the class. Overview of WMI Windows Management Instrumentation (WMI) is a management infrastructure in Microsoft Windows 2000 that supports monitoring and controlling system resources through a common set of interfaces. WMI provides a logically organized, consistent model of Windows operation, configuration, and status. WMI is a common programmatic interface that can be used for managing the configuration of and the querying of computers, devices, and subsystems. WMI can also be used to configure many different software components, including IIS settings, file system settings and attributes, security settings, and the Active Directory® directory service. Using WMI to Set ACLs Open Visual Studio .NET Help. Search for “Win32_Account” and show the students the WMI structures for all of the relevant security descriptor elements. Read Chapter 3, “Windows 2000 Security Overview,” in Designing Secure Web-Based Applications for Microsoft Windows 2000 by Michael Howard (Redmond, Microsoft Press®), 2000. For more information about WMI, read Chapter 5, “WMI Security,” in Windows Management Instrumentation by Matthew Levy and Ashley Meggitt (Indianapolis, New Riders press), 2002. Demonstration: Setting Use this demonstration to show the students how to create a Microsoft ACLs Using WMI Visual Basic®, Scripting Edition (VBScript) file that can be used to add ACLs to a file. Lesson: Protecting ASP.NET Web Application Files This section describes the instructional methods for teaching each topic in this lesson. Overview of the .config Use Windows Explorer and browse to the Machine.config file to show students Files where the file is located. Also, open Visual Studio .NET Help and show the students the Help information available for the System.Configuration namespace. ASP.NET Request Open the Machine.config file and step through the entries in the HttpHandlers Processing and HttpModules sections. The Open the Machine.config file and step through the HttpForbiddenHandler HttpForbiddenHandler entries. Using Microsoft .NET Framework IL Disassembler (ILDASM), show Class the students the implementation for the HttpForbiddenHandler class. Perform the steps for IIS configuration for the students.
vi Module 6: Securing File System Data Demonstration: Use this demonstration to show students how to create a VBScript file that can Using the be used to add ACLs to a file. HttpForbiddenHandler Class Lab 6: Securing Files with ACLs In this lab, students will secure ASP Web application files by using ACLs. Students will also configure and secure Microsoft ASP.NET Web applications by using the configuration element in a Web.config file. Customization Information This section identifies the lab setup requirements for a module and the configuration changes that occur on student computers during the labs. This information is provided to assist you in replicating or customizing Microsoft Official Curriculum (MOC) courseware. Lab Setup To complete this lab, students can either continue working in the Tailspin Toys Visual Studio .NET projects that they have already created, or they can start with new files. Students must also create a local Windows 2000 user account named WebUser. ! Create the Web applications for the ASP exercises 1. Copy all of the contents of the ASP starter folder install_folder\Labfiles\ Lab06\ASP\Starter\TailspinToys to the TailspinToys IIS virtual directory at C:\Inetpub\wwwroot\TailspinToys. 2. Copy all of the contents of the ASP starter folder install_folder\Labfiles\ Lab06\ASP\Starter\TailspinToysAdmin to the TailspinToysAdmin IIS virtual directory at C:\Inetpub\wwwroot\TailspinToysAdmin. ! Create the Web applications for the ASP.NET exercises 1. Copy all of the contents of the ASP.NET folder install_folder\Labfiles\ Lab06\ASPXVB\Starter\TailspinToys.NET to the TailspinToys.NET IIS virtual directory at C:\Inetpub\wwwroot\TailspinToys.NET. 2. Copy all of the contents of the ASP.NET folder, install_folder\Labfiles\ Lab06\ASPXVB\Starter\TailspinToysAdmin.NET, to the TailspinToysAdmin.NET IIS virtual directory at C:\Inetpub\wwwroot\ TailspinToysAdmin.NET.
Module 6: Securing File System Data vii ! Configure IIS authentication 1. Run the IIS administrative tool. 2. Expand the computer node and the Default Web Site node in the tree. 3. Right-click the TailspinToysAdmin virtual directory, and click Properties. 4. Click Directory Security. 5. In the Anonymous access and authentication control group, click Edit. 6. Clear the Anonymous access check box. 7. Click OK twice to save your changes. 8. Right-click the TailspinToysAdmin.NET virtual directory, and click Properties. 9. Click Directory Security. 10. In the Anonymous access and authentication control group, click Edit. 11. Clear the Anonymous access check box. 12. Click OK twice to save your changes. Lab Results Performing the lab in this module introduces the following configuration changes: ! Adds a new local system user named WebUser ! Modifies the DACL on the TailspinToysAdmin\Private folder ! Adds a section to the TailspinToysAdmin.NET project
Module 6: Securing File System Data 1 Overview ! Overview of Securing Files ! Windows Access Control ! Creating ACLs Programmatically ! Protecting ASP.NET Web Application Files *****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction A Web application consists of files and folders that contain two types of data: Web application data and data that is related to the implementation details of the Web application. The Web application data includes files and folders that are used to display information to users and to process user requests. The implementation files and folders contain source code and other configuration details about the Web application. It is important to secure both the Web application data and the implementation data. In this module, you will learn how to protect file system data that is a part of a Web application. The two important security mechanisms that are covered in this module are using access control lists (ACLs) and using configuration files. After completing this module, you will be able to: ! Identify the reasons for securing the Web application implementation files. ! Describe how Microsoft® Windows® access control mechanisms are used to protect file system data. ! Set ACLs on files and folders by using a script. ! Use Microsoft ASP.NET Web.config files to restrict access to files in an ASP.NET Web application.
2 Module 6: Securing File System Data Lesson: Overview of Securing Files ! Why Are Web Application Implementation Files Attacked? ! How to Protect Web Application Implementation Files *****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction Web application implementation files contain useful information about the Web application, and therefore, it is important to secure these files from any type of attack. One of the techniques that can be used for securing these implementation files is to restrict access to them. In this lesson, you will learn about the types of attacks that can occur on implementation files. Lesson objectives After completing this lesson, you will be able to: ! Describe the types of attacks that occur on Web application implementation files. ! Describe the types of file security that are available for Web application implementation files.
Module 6: Securing File System Data 3 Why Are Web Application Implementation Files Attacked? ! Reasons for an attack on implementation files " Server scripts contain implementation code " Source code contains information about database structure and contains connection strings, trusted user names, and passwords ! Weaknesses that might lead to attack " IIS server is not current with patches " Implementation files can be accessed through alternate route " Configuration files are unprotected *****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction Web application implementation files contain useful information for attackers. Server script files, such as .asp and .aspx files, contain implementation source code that can be useful for determining a Web site’s architecture. This implementation source code may also describe database structures. Source code may also contain database connection strings, trusted user names and passwords, and other configuration data that can be useful to an attacker.
4 Module 6: Securing File System Data Accessing Web application implementation files can become available to an attacker implementation files through a variety of mechanisms. Some of these mechanisms are the results of a weakness in the system. You can prevent most of the attacks on the Web application implementation files by eliminating certain weaknesses that are described in the following table. Weakness Use Internet Information Staying current with IIS patches helps to ensure a secure Services (IIS) server not server. Historically, there have been IIS holes that permit current with patches access to implementation file source. For example, appending ::$DATA to an .asp file Uniform Resource Locator (URL) allows an attacker to access the .asp file source code. Alternate routes to the file Running more applications on the Web server than required makes the Web application vulnerable to attack. Running more applications provides alternate routes to attackers to access the Web application data. For example, Web application implementation files can also be accessed through applications, such as File Transfer Protocol (FTP) and Web Distributed Authoring and Versioning (WebDAV). If a Web server is running these applications and the applications have a weakness or security hole, Web application implementation files can be accessed by external users. You should disable all of the applications that are not required on the server. Unprotected configuration File types that are not explicitly disallowed are files accessible through IIS by default. If you add any new file types (for example, .inc files) to your Web application, you must ensure that those file types are configured to be secured in IIS.
Module 6: Securing File System Data 5 How to Protect Web Application Implementation Files ! File and folder ACLs " Use Windows file security to set ACLs on the pages and folders within a Web application ! IIS security " IIS contains general permission settings that apply to all users of the Web application ! Web.config in ASP.NET " In an ASP.NET Web application, authentication and authorization settings can be configured within the Web.config configuration file *****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction You can secure the Web application implementation files from attacks by restricting user access on these files. Implementation files are the files that are within a Web application. Restrict user access You can restrict user access to the implementation files by using the following file security measures: ! File and folder ACLs Windows file security is used to set ACLs on files and folders, thereby controlling which users and groups can access the files and folders. IIS uses the ACL settings when fulfilling a user request. Files and folders within a Web application can be secured by using Windows operating system features. ! IIS security IIS contains security settings for the files and folders that are located within a Web application. These are general permission settings that apply to all of the users of the Web application. ! Web.config in ASP.NET In an ASP.NET Web application, authentication and authorization settings can be configured within the Web.config configuration file to secure folders and individual pages.
6 Module 6: Securing File System Data Lesson: Windows Access Control ! Overview of a Security Descriptor ! Multimedia: Security Descriptors ! Setting File ACLs ! Best Practices ! Instructor-Led Practice: Viewing and Setting ACLs on a File *****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction Microsoft Windows NT®, Microsoft Windows 2000, and Microsoft Windows XP provide security features for controlling and monitoring who can access resources that are in the operating system. An important security feature that is provided by Windows is access control. Windows access control is used to control access to Windows resources, including files and folders. The security features that are covered in this lesson apply only to disk partitions that are formatted with the NTFS file system. Other disk formats, including file allocation table (FAT)16 and FAT32, do not support the security features that are covered in this lesson. Lesson objectives After completing this lesson, you will be able to: ! Describe the Windows access control mechanism. ! Set ACLs on a file. ! Define best practices for the security settings for common Web application file types.
Module 6: Securing File System Data 7 Overview of a Security Descriptor Securable Object Security Descriptor Domain Domain Controller Controller Owner SID Group SID DACL SACL ACE – ACCESS_DENIED_ACE ACE – ACCESS_DENIED_ACE ACE – SYSTEM_AUDIT_ACE ACE – SYSTEM_AUDIT_ACE ACE – ACCESS_ALLOWED_ACE ACE – ACCESS_ALLOWED_ACE *****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction Windows 2000 protects securable resources from unauthorized access by using ACLs. An ACL is an access control structure that determines access rights to secured resources. ACLs are a series of Access Control Entries (ACEs). Each ACE lists a principal and contains the corresponding information about that principal. An ACE also defines the operations that the principal can perform on the secured resource. For example, some users might be granted read access, while other users might be granted full access. Securable objects A securable object is a Windows object that has a security descriptor. A security descriptor contains the security information for that securable object. Securable objects include all of the named Windows objects. Some unnamed Windows objects, such as processes and threads, can also have security descriptors, and therefore, these objects also qualify as securable objects. Securable objects include the following Windows objects: ! Files and folders ! Processes and threads ! Registry keys ! Windows services ! Local or remote printers ! Network shares ! Directory service objects ! Named pipes ! Interprocess synchronization objects (events, mutexes, semaphores, and waitable timers)
8 Module 6: Securing File System Data Overview of a Security Descriptor (continued) ! Security Identifier (SID) " Is a unique identifier that identifies a trustee " Each account has a SID, issued by a Windows domain controller or computer ! Access Control Entry (ACE) " Controls or monitors access to a securable object ! Access Control List (ACL) " Is a list of ACEs associated with a securable object ! Security Descriptor " Contains the security information for securable objects *****************************ILLEGAL FOR NON-TRAINER USE****************************** Security identifier A security identifier (SID) is a unique identifier that identifies a trustee. A trustee is a user account, a group account, or a logon session. Every user account has a SID that is issued by a Windows domain controller. Each time a user logs on to a domain, a logon session is created. A logon session contains an access token. An access token is assigned a user’s SID at logon time. The user’s access token is then used to identify the user for Windows security. Access Control Entry An ACE controls or monitors access to a securable object. An ACE consists of a SID that is used to identify a trustee, the access rights of the ACE, the type of ACE, and inheritance flags. ACEs can be inherited from parent objects to child objects, such as from a folder to a subfolder. How or even whether an ACE is inherited is controlled with the inheritance flags. An access right is a bit flag that controls a particular set of operations that can be performed on a securable object. Access rights are specific for each securable object type. For example, a generic access right is GENERIC_READ and a registry key has a specific KEY_SET_VALUE access right. There are three types of ACEs, as described in the following table. Type Purpose Access-denied Denies access to the object for a trustee. Access-allowed Allows access to the object for a trustee. System-audit Generates an audit record when the object is accessed by the trustee. ACEs can be inherited from parent objects to child objects. For example, a registry key can inherit ACEs from its parent key, and a file can inherit ACEs from its parent folder.
Module 6: Securing File System Data 9 An ACE’s inheritance flags control how the ACE should be propagated to child objects. ACE inheritance can be configured to propagate an ACE, but only to child objects, only to child containers, to both child objects and containers, or to not propagate at all. Access control list An ACL is a list of ACEs that are associated with a securable object. There are two types of ACLs: a discretionary ACL (DACL) and a system ACL (SACL). A DACL contains ACEs that are used for allowing and denying a trustee access, and DACLs may contain only access-allowed and access-denied ACEs. A SACL contains ACEs that can be used for auditing object access by trustees, and SACLs may contain only system-audit ACEs. Security descriptor All securable objects have a security descriptor that contains the security information for that object. A security descriptor consists of an owner SID, a primary group SID, at most one DACL, and at most one SACL. The owner SID is a user or group that has permission to read and control the DACL for the security descriptor. The primary group SID is a requirement for Portable Operating System Interface for computing environments (POSIX) compatibility, and it has no relevance for Windows security.
10 Module 6: Securing File System Data Multimedia: Security Descriptors Windows Domain SID Domain Controller Access Token Logon *****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction This multimedia presentation describes the elements of security descriptor.
Module 6: Securing File System Data 11 Setting File ACLs ! Properties dialog box for files and folders ! Security tab DACL DACL " Is always displayed and illustrates the security descriptor for the object Access rights for Access rights for " Top portion displays the DACL selected ACE selected ACE for the object and permits adding and removing ACEs " Bottom portion displays an abbreviated list of the access rights for the currently selected ACE *****************************ILLEGAL FOR NON-TRAINER USE****************************** Introduction To view or modify the ACL for a file or folder, you can use the Properties dialog box. The Properties dialog box displays a basic and an advanced version of the ACL. The basic information of the ACL displays just the DACL. The Properties dialog box for a file or folder is accessed from the shortcut menu for the object, from within Windows Explorer. The Properties dialog box displays the different property tabs based on the file type. The Security tab is always displayed, and it illustrates the security descriptor for the selected object.
12 Module 6: Securing File System Data The Security tab The top portion of the Security tab displays the DACL for the selected object. You can add and remove ACEs from the DACL by clicking on the Add or Remove buttons. The bottom of the Security tab displays an abbreviated list of the access rights for the currently selected ACE. For example, in the following illustration, Everyone has Read and Execute permissions on the Module06.htm file.