Executive Summary
Distributed architecture is one of main characteristics of many modern application. Remote communication between separate modules (clients and servers) is required in order to allow basic functionality of the product. In most cases, Information is being transferred through communication channels using Web Services technology based on TCP/IP and HTTP transport protocols which are not secure by definition. TCP/IP and HTTP do not have built in ability to protect data and authenticate communicating peers which may compromise confidentiality, integrity and authenticity of sensitive application data. Even though currently there is no requirement in PCI DSS/PA-DSS or other security standards to use secure protocols on non-public networks such as corporate LAN/WAN, it is highly recommended to protect network data traffic and enable authentication of communicating clients in order to improve security of the applications. When product is deployed in environments connected to public networks such as Internet or wireless, securing communication becomes a strong requirement. Implementing SSL (Secure Socket Layer) will enable secure communication and protect the system from security threats caused by nature vulnerabilities of TCP/IP and HTTP protocols.
Introduction
Vulnerabilities Due To Insecure Communication
Confidentiality of the data can be compromised as transmission of sensitive data - such as credit card numbers which are sent to payment processor during credit authorization session, or customer PII (Personally identifiable Information), or user credentials (login and password) - can be sniffed (eavesdropping attack) using protocol analyzer (network sniffer) installed on external computer connected to the local network or Trojan horse application installed on internal computer.Stolen credit card data can be used for fraudulent transactions, PII – for “identity theft”, and user credentials – for unauthorized access to the system and privilege escalation.
Integrity of the data can be compromised as data traffic can be intercepted using “man-in-the middle” attack, so original data sent by client (such as transaction report) can be altered during transmission – for example, in order to enable manipulations with cash collected at the store registers by reporting wrong transaction types and amounts.
Authenticity of the data can be compromised as the server is unable to authenticate the client so malicious application installed on any computer connected to the local network can call server in the name of the legitimate client and update server database with forged information (for example, modified transaction data in order to enable manipulations described above) if it knows just basic information about the system: service interface and server address. The same threat is valid for communication in opposite direction: as client is unable to authenticate the server (i.e. determine whether the server is “real” ), the actual server can be replaced with fake application (using DNS poisoning attack, for example) so the application data can be manipulated by malicious software acting in the name of the actual server.
In order to avoid threats listed above, application should use SSL.
Read more: Codeproject