Internet security design sword and shield

Foreword

Internet is the survival of software vendors, the natural danger. To ensure the survival and development of enterprises, security software itself is the most important, to be able to protect the available safety data, hardware and software.

Internet attack (sword)

Currently common Internet attacks as follows:

• XSS attack
  XSS attack stands for cross-site scripting attacks (Cross Site Scripting), not to be confused with the abbreviation for Cascading Style Sheets (Cascading Style Sheets, CSS), so cross-site scripting attacks abbreviated as XSS
• CSRF attacks
  CSRF stands for CSRF (cross site request forgery), CSRF camouflage trusted user sends a request to a malicious third-party platform
• SQL injection attacks
  so-called SQL injection attacks is to execute malicious SQL commands disguised as a parameter to the SQL DBMS, and then perform malicious attacks
• DDos attack
  DDos (Distributed Denial of Service), ie distributed denial of service attacks, DDos attack is based on the development of Dos come. Dos What is it? First, a brief Dos, Dos is to use a trusted client sends a request to the server frequently, so as to achieve server to handle, however, request a timeout. So Dos is actually one of the mail facility situation is not very good and effective for the excellent performance of the server are they not work, so there will be a DDos, distributed denial of service attack.
• 0day
  so-called "0Day loophole" refers to those vulnerabilities have not been disclosed, and therefore there is no patch, which is commonly referred to as "undisclosed vulnerability."
• Other
  means of attack should be said that only you think, no can not do that.

Manufacturers are defense (Shield)

First, network attacks are illegal, if they have substantial evidence or cause large losses is the need to be investigated in the end. With the attack, naturally, as manufacturers we need to defend. Which is divided into two parts, there are some that require systems, middleware or third-party bug fixes, such as a 0day system, DDos need our services hosting provider. Another part of the time we can consider in the design of the system and to guard against. That safety precautions we can or should consider, what does, here come some of the approaches and concepts will be explained.

HTTPS

We sometimes see some upgrades is to say "https upgrade to a full stop service", https specifically what this means.

HTTPS (full name: Hyper Text Transfer Protocol over Secure Socket Layer, or Hypertext Transfer Protocol Secure, https), is safe for the target HTTP channel, simply, is a safe version of HTTP. Netscape created the HTTPS in 1994.

Talked about HTTPS must say to SSL, HTTPS fact, the above description is HTTP + SSL.
HTTP (HyperText Transfer Protocol) protocol is TCP-based application layer protocol, it does not care about the details of data transmission, mainly used to specify the client and server data transfer format was originally used to deliver content to the client HTML page. The default port is 80. The latest version of HTTP 2.0, but more common is 1.1 ¹ .

The main role of HTTPS 2:00:

• Establish a secure channel, to ensure security of data transmission
• Confirm the authenticity of the site

The reason why HTTPS is the most basic (and reliable) security measures, because from a Certificate Authority (CA, Certificate Authority) to provide security certificate, the certificate level is also divided into several categories such as SSL DV, OV SSL, EV SSL ² .
HTTPS solves the HTTP information transmission process of plaintext transmission problems, while the use of symmetric encryption process information transmitted. So the first step in safety, turn on HTTPS site-wide .
And in turn on the HTTPS site, the default browser is not allowed to access the contents of the HTTP protocol.

encrypt and decode

It stands to reason that we have opened the HTTPS, it should not have been encrypted state what, why we went on to discuss the issue encrypted?
In fact HTTPS encryption process is based on the underlying TCP transport, the client and server actually was able to catch unencrypted content, we have to solve this problem completely, the interaction of some important information still need to introduce the concept of encryption.
Encryption algorithm is divided into two types:

• Symmetric encryption algorithms: only a key, use the same encryption key.
• Asymmetric encryption algorithms: divided into public and private key encryption using the public key decryption using the private key, or vice versa

Some people may ask MD5 encryption algorithm or Base64 count?
Not, the encryption algorithm is expressly required to generate different formats by some calculations, other people can not be restored, but the recipient can be restored. MD5 irreversible, Base64 is a binary encoding text, it is text uses 4 bytes 3 bytes to represent raw binary data, the algorithm is in fact disclosed, anyone can get a solution.
At first glance security asymmetric encryption algorithm higher ah, why do we choose it directly Jiuhaola. Indeed security asymmetric encryption algorithm higher, but the efficiency is relatively poor. To what extent it can be the difference? There are test data, AES CBC mode using the RSA 256 and length of 160 bytes to encrypt plaintext 10,000, AES takes 130ms, RSA Processed 193000ms (3.2 minutes), so we have the actual production, not blind selection, and according to their actual situation choose the right algorithm.

Digital envelope
how to integrate the advantages of these two algorithms?
#. 7 the PKCS ^{. 3} in the digital envelope as the terms are defined, and performs in the text are explained below: a digital envelope containing the encrypted content and the content key used to encrypt encrypted.
After the digital envelope, the information sender encrypts a symmetric content key, and this symmetric key with the public key of the recipient to encrypt (part of which said digital envelope), and sends it together with the encrypted information to the receiver, the receiver opens the first digital envelope with the corresponding private key to obtain the symmetric key, and then uses the symmetric key to unlock encrypted information.
Symmetric encryption algorithms: AES, DES, TripleDES, RC2 , RC4, RC5 and Blowfish and other
asymmetric encryption algorithms: RSA, Elgamal, knapsack algorithms, Rabin, DH, ECC, etc.
The most popular solution is to AES + RSA, first generates a public and private key , announced the public key, to generate the key each time AES initiation request, and then attached to the request with an RSA private key encryption. When acquisition request to the other, with the first public key to decrypt the AES key, and then use the content key to decrypt the transmission. vice versa.

Endorsement / inspection sign

Endorsement in fact, add a signature means, and examination of the meaning of the sign is to verify the signature, and encryption / decryption between, like you, is there any relevance?
The answer is not the same, and in fact the purpose of adding the signature of our real life, in order to ensure the authenticity of the request (not fake). For example a scene: I was online shopping mall to buy a price of 100 yuan clothing, but malicious programs intercepted my request and will be submitted instead of the number 100. From the point of view of the server data completely without any problem, so it is written this order. But the data is actually submitted was tampered with! To avoid a similar situation, we will request generation, while using a special algorithm to generate a string of all arguments submitted by an algorithm as it was signed, the server requests to obtain calculated for all parameters using the same algorithm, and whether the signature to determine whether to submit the same parameters have been tampered comparison.
Signature parameters commonly used name for the signatrue or sign.
Our signature algorithm paid micro letter as an example:

The first step, provided to send or receive all the data set M, the argument is not null values ​​within the set of parameter name of the parameter M according to the ASCII code in ascending order (lexicographic), using the format of the URL of the key (i.e., key1 = value1 & key2 = value2 ...) assembled into a string stringA

We do not know the encryption algorithm so during packet interception, even tampered with the request to the server will be grounds signature verification fails rejected. (If you know the encryption algorithm do not like direct construction request blocked).
Endorsement / inspection check may be used in all interfaces visit, so we hope that this algorithm is very efficient, minimize the impact on efficiency in the premise of ensuring safety.
Common digital signature algorithms are mainly RSA, DSA, ECDSA three kinds

1. RSA Digital Signature Algorithm

• MD2, MD4, MD5 algorithm
• SHA-1 algorithm (at February 23, 2017 Google announced the realization of a collision of SHA-1 algorithm to crack, and released two different pdf documents that have the same hash value)
• SHA-2 algorithm (SHA-224, SHA-256, SHA-384 sum SHA-512 并称 currency and SHA-2)
• SHA-3

1. DSA Digital Signature Algorithm
2. ECDSA Elliptic Curve Digital Signature Algorithm

Crack signature algorithm
we now basically have heard MD5 and SHA-1 thing to crack, but we may not necessarily have to understand the specific process and meaning.

California, Santa Barbara International Congress of password August 17, 2004 of (Crypto'2004), Professor Wang Xiaoyun from China's Shandong University, made decipher MD5, report HAVAL-128, MD4 and RIPEMD algorithms, announced MD the results break series algorithm. (Note: not a real break, but accelerated the hash collision) In February 2005, Professor Wang Xiaoyun has cracked the password of another international SHA-1. Wang Xiaoyun research results show that the theory of electronic signature can be forged.

This report is referenced in the Chinese team theoretically it proved that the signature algorithm is collision, meaning that the presence of two different pieces of content can be calculated the same MD5 or SHA-1 digest value.
This is deadly for some scenarios, such as passwords and some applications is stored after MD5 calculation, that means someone knows your password MD5 after a collision and you can totally different piece of text password login to your account.
However, in some scenarios might affect not the same, such as Git is the algorithm SHA-1 is used. Linus issued at the SHA-1 that Google breached views are as follows:

git using SHA-1 is mainly to do error detection, ensure data integrity, trust in question, he said that their trust is based on people, he would not go to a specific hash value for a trusted set of data. Of course, he also admitted that, to a certain extent, git also benefit from SHA-1 as the "trust instrument" benefit, so break the SHA-1 does have an adverse effect on git.

We look back on our signature algorithm to crack requests do affect how parameters of the signature algorithm does, in fact, I think the impact is very small. Actually means to break the collision signature algorithm, we actually have the data structure is a clear meaning digest algorithm, if only the result of a signature to the same string of meaningless same server will refuse, will not result in business any impact. But I also have to explain a higher level of security for our signature algorithm is a positive sense.

Salt value
if you can not switch the signature algorithm, there is another way to improve security, and that is salt value (SALT). When the MD5 calculation, using a special string added to the calculation process, the result of this calculation is not a standard product algorithm. There are some password cracking are aligned by a look-up table MD5 passwords, which can almost avoid the possibility of being cracked.

Replay

Replay attacks (Replay Attacks), also known as a replay attack, replay attack, when an attacker sends a destination host has received over the packet to achieve the purpose of deceiving the system, mainly used for identity authentication process, undermine the validity of certification. Replay attack by the initiator may be, may try to intercept the data is sent to the enemy. Attacker using network monitoring or other means to steal authentication credentials, and then after it re-sent to the authentication server. Replay attacks can occur at any network communication process, it is one of the world's computers used by hackers attack.

Playback sometimes may not necessarily be to attack and exploit code of (repeated submission), but losses may be very serious. The more popular approach is to timestamp + unique random characters .
We will ask the client comes with two parameters at the time of submission of the request: timestamp and nonce,

• timestamp: We all know that is a unique Long type number that represents January 1, 1970 00 hours 00 minutes 00 seconds (Beijing time on January 1, 1970 08 hours 00 minutes 00 seconds) until the total number of seconds now, we compare the received requests and server current time stamp, time over a certain range (e.g., within 60s) directly rejected.
• nonce: Nonce is the abbreviation Number once or in Nonce is a cryptography is used only once in any non-repeating random number value. This random value we cached on the server side (such as Redis), each needs to initiate a nonce request to the server before the request, the server will save the nonce. Service termination will verify receipt of the request nonce exists, if there is deleted and the release of the request, if there is no direct denial.

With these two parameters can avoid the possibility of a request packet of the recording and playback.

CDN safety

We will now basic documents, pictures, videos, etc. CDN hosting to improve access speed, so we add the CDN safety. CDN side of the main speakers or access control requirements are generally divided into two categories:

• Hotlink Protection
• Complex authentication

Hotlink Protection

Hotlinking of the more common situation, CDN manufacturers are paid in accordance with the flow. I will upload a picture or video to CDN, address access any flow provided by CDN consumed all I have to pay. Direct reference to a competitor's URL address my CDN, resulting in the loss of my expenses I did not have any income.
Therefore, manufacturers generally provide CDN measures security chain, generally there are two:

• Timestamp anti-hotlinking
• Referer anti-hotlinking

Timestamp is to generate a temporary link, valid for a period of time. Every time you want to get the latest need to address through the interface when you view the corresponding file.
Referer through Http request header field among Referer, whether the domain name specified range.
Once these two anomalies are directly reject the request.

Complex authentication

The business side may have special requirements to determine authentication for files, such as playing video can be played at any time, but once I'm going to copy the link to the outside refused to play in my APP.
CDN also provides general scene called "back to the source authentication" approach

Of course, also consider exceptions request timeout.
This method combines nonce our custom, we can achieve our desired effects.

to sum up

The basic architecture is more than you can think of the design process involved for the safety point of attention, but it certainly is not fixed, according to the actual situation and the development of technology that we have more and more solid shield the job.

---

1. http版本演进
   1.HTTP 0.9版本　　1991年
   这个版本就是最初用来向客户端传输HTML页面的，所以只有一个GET命令，然后服务器返回客户端一个HTML页面，不能是其他格式。利用这个版本完全可以构建一个简单的静态网站了。
   2.HTTP 1.0版本　　1996年
   1.0版本是改变比较大的，奠定了现在HTTP协议的基础。这个版本的协议不仅可以传输HTML的文本页面，还可以传输其他二进制文件，例如图片、视频。而且还增加了现在常用的POST和HEAD命令。请求消息和响应消息也不是单一的了，规定了一些元数据字段。例如字符集、编码、状态响应码等。
   3.HTTP 1.1版本　　1997年
   实际上是在1.0版本之后半年时间又发布了一个版本，这个版本在1.0版本的基础上更加完善了。这个版本增加了持久连接，就是说之前版本的协议一次请求就是一次TCP连接，请求完成后这个连接就关闭掉了。众所周知TCP协议是可靠的，建立连接需要3次握手，断开连接需要4次挥手，并且TCP有流量控制和拥塞控制，有慢开始机制，刚建立连接时传输比较慢，这是比较耗费资源的。一个丰富的页面会有许多图片、表单和超链接。这样的话就会有多次的HTTP请求，所以在这个版本上默认不关闭TCP连接也不用声明Connection: keep-alive字段。如果确实要关闭可以指定Connection: close字段。还引入了管道机制，就是说在一个TCP连接里可以同时发送多个HTTP请求，而不必等待上一个请求响应成功再发送。还增加了PUT、PATCH、HEAD、 OPTIONS、DELETE等命令，丰富了客户端和服务端交互动作。还增加了Host字段。
   4.HTTP 2版本　　2015年
   这个版本也是随着互联网的发展，有了新的需求制定了新的功能还有对上一个版本的完善。1.1版本有了管道机制，但是正在服务端还是要对请求进行排队处理。这个版本可以多工的处理。还有了头信息压缩和服务器的主动推送。↩

2. 证书类型
   阿里云现提供4家主流的国际认证机构，其实通过阿里云进行证书的申请，可以理解为由阿里云代理，帮你申请证书。对于证书有单一域名和通配符域名证书，顾名思义，单一域名的证书，获取的证书只能验证指定的一个域名的安全性，但通配符域名（如.aa.com）所有的以.aa.com开始的域名都可以识别，当然这里面涉及到DV SSL 、 OV SSL 、EV SSL的概念，因为在买之前一定要知道这个概念的意义，否则钱花的会不知所然。

   • DV SSL
     DV SSL证书是只验证网站域名所有权的简易型（Class 1级）SSL证书，可10分钟快速颁发，能起到加密传输的作用，但无法向用户证明网站的真实身份。
     目前市面上的免费证书都是这个类型的，只是提供了对数据的加密，但是对提供证书的个人和机构的身份不做验证。
   • OV SSL
     OV SSL,提供加密功能,对申请者做严格的身份审核验证,提供可信×××明。
     和DV SSL的区别在于，OV SSL 提供了对个人或者机构的审核，能确认对方的身份，安全性更高。
     所以这部分的证书申请是收费的~
   • EV SSL
     超安=EV=最安全、最严格 超安EV SSL证书遵循全球统一的严格身份验证标准，是目前业界安全级别最高的顶级 (Class 4级)SSL证书。
     金融证券、银行、第三方支付、网上商城等，重点强调网站安全、企业可信形象的网站，涉及交易支付、客户隐私信息和账号密码的传输。
     这部分的验证要求最高，申请费用也是最贵的。
   ↩

3. PKCS标准 Public-Key Cryptography Standards
   RSA主导标准，RSA信息安全公司旗下的RSA实验室为了发扬公开密钥技术的使用，1990年开始便发展了一系列的公开密钥密码编译标准。只不过，虽然该标准具有相当大的象征性，也被信息界的产业所认同；但是，若RSA公司认为有必要，这些标准的内容仍然可能会更动。所幸，这些变动并不大；此外，这几年RSA公司也与其他组织（比较知名的有IETF、PKIX）将标准的制定通过standards track程序来达成。
   PKCS#1：RSA加密标准。PKCS#1定义了RSA公钥函数的基本格式标准，特别是数字签名。它定义了数字签名如何计算，包括待签名数据和签名本身的格式；它也定义了PSA公/私钥的语法
   PKCS#2：涉及了RSA的消息摘要加密，这已被并入PKCS#1中。
   PKCS#3：Diffie-Hellman密钥协议标准。PKCS#3描述了一种实现Diffie- Hellman密钥协议的方法。
   PKCS#4：最初是规定RSA密钥语法的，现已经被包含进PKCS#1中。
   PKCS#5：基于口令的加密标准。PKCS#5描述了使用由口令生成的密钥来加密8位位组串并产生一个加密的8位位组串的方法。PKCS#5可以用于加密私钥，以便于密钥的安全传输（这在PKCS#8中描述）。
   PKCS#6：扩展证书语法标准。PKCS#6定义了提供附加实体信息的X.509证书属性扩展的语法（当PKCS#6第一次发布时，X.509还不支持扩展。这些扩展因此被包括在X.509中）。
   PKCS#7：密码消息语法标准。PKCS#7为使用密码算法的数据规定了通用语法，比如数字签名和数字信封。PKCS#7提供了许多格式选项，包括未加密或签名的格式化消息、已封装（加密）消息、已签名消息和既经过签名又经过加密的消息。
   PKCS#8：私钥信息语法标准。PKCS#8定义了私钥信息语法和加密私钥语法，其中私钥加密使用了PKCS#5标准。
   PKCS#9：可选属性类型。PKCS#9定义了PKCS#6扩展证书、PKCS#7数字签名消息、PKCS#8私钥信息和PKCS#10证书签名请求中要用到的可选属性类型。已定义的证书属性包括E-mail地址、无格式姓名、内容类型、消息摘要、签名时间、签名副本（counter signature）、质询口令字和扩展证书属性。
   PKCS#10：证书请求语法标准。PKCS#10定义了证书请求的语法。证书请求包含了一个唯一识别名、公钥和可选的一组属性，它们一起被请求证书的实体签名（证书管理协议中的PKIX证书请求消息就是一个PKCS#10）。
   PKCS#11：密码令牌接口标准。PKCS#11或“Cryptoki”为拥有密码信息（如加密密钥和证书）和执行密码学函数的单用户设备定义了一个应用程序接口（API）。智能卡就是实现Cryptoki的典型设备。注意：Cryptoki定义了密码函数接口，但并未指明设备具体如何实现这些函数。而且Cryptoki只说明了密码接口，并未定义对设备来说可能有用的其他接口，如访问设备的文件系统接口。
   PKCS#12：个人信息交换语法标准。PKCS#12定义了个人身份信息（包括私钥、证书、各种秘密和扩展字段）的格式。PKCS#12有助于传输证书及对应的私钥，于是用户可以在不同设备间移动他们的个人身份信息。
   PDCS # 13: Elliptic Curve Cryptography Standards. PKCS # 13 standard is currently being perfected. It includes generating and verifying elliptic curve parameters, and verification key generation, digital signatures and public key encryption, and key agreement, ASN.1 syntax and parameters, the key and the program identification.
   PKCS # 14: pseudorandom number generation standards. PKCS # 14 standard is currently being perfected. Why random number generation also need to establish their own standards? Many basic cryptographic functions used in PKI, such as the Diffie-Hellman key generation and key agreement to share, you need to use a random number. However, if the "random number" is not random, but predictable from a set of values, then the cryptographic function is no longer absolutely safe, because its value is limited to a reduced value range. Therefore, the pseudo-random number generation security is crucial for the security of PKI.
   PKCS # 15: cryptographic token syntax standards. PKCS # 15 token password to enhance interoperability of the universal format defined objects stored token password. In the data storage device to achieve PKCS # 15 is used for all applications for the device are the same, different formats may be used although actually implemented internally. Implement PKCS # 15 played the role of translators, it converts between formats and applications within the card supported data formats. ↩