International Journal of Computer Information Systems, Vol. 2, No. 2, 2011
A holistic framework for security risk assessment of Distributed GIS application K.Ram Mohan Rao
Durgesh Pant
Scientist Geoinformatics Division, IIRS (NRSC) Dehradun, India
[email protected]
Professor Dept. of Computer Science, Kumaun University Nainital, India
[email protected]
Abstract—Security is one of the latest developments in the distributed Geographic Information System (GIS) application domain. More and more companies are relying on distributed GIS applications, to provide online geospatial services to support e-commerce sales, and to leverage portals, online discussion boards that help for better communication. However, as the number and complexity of distributed GIS applications have grown up, the associated security risk also growing simultaneously. As a result, web servers are becoming popular attack targets. The need is evident for security of a distributed GIS application. In this study, a holistic framework is addressed to study the security and risk assessment of distributed GIS application. The framework addresses the security across the three interrelated layers (network layer, host layer, and application). The study brings forth, a comprehensive study for vulnerability assessment, risk rating for management of Geographical Weather Information System (GWIS).
Keywords- GIS; seucrity;risk; vulnerability.
I.
INTRODUCTION
The advent of network technology has significantly altered the way of Geographical Information Systems (GIS) research, development, and education by providing distributed environment. In fact, it affected all aspects of data sharing, computing, and GIS is no exception [1]. GIS has now graduated from single use, project-based system to distributed enterprise information systems. A distributed GIS is a network centric tool that uses the internet or wireless network as a primary means of providing access to distributed data and (other) information disseminating spatial information, and conducting GIS analysis [2]. Distributed GIS (DGIS) application include the technology of web, web server, centralized geospatial database, GIS application, object framework, network protocol communication strategies, metadata scheme and agent based communication mechanism [3]. Traditional GIS systems are closed, standalone systems that holds GUI, business logic, and data logic altogether. These systems called as desktop systems with no information exchange between computers or network programs in which desktop programs share data, applications, and other resources within Local Area Networks (LANs). Each desktop system is
February 2011
platform dependent, and application specific. Now GIS is graduated from traditional desktop systems to distributed GIS. Distributed GIS is defined as a GIS with its geospatial data and computing resources distributed across a computer network [4]. Figure 1 show the Geospatial Weather Information System (GWIS) is a tool for capturing, storing, retrieving, and visualization of weather data for handling spatial and nonspatial. The GWIS contains historical climatic data for nearly hundreds of land stations country wide. The tool is powered with open source technologies such as UMN MapServer, PostgreSQL, and PHP. The origin of DGIS can be traced back to the early stage of computing when users interacted with a mainframe or minicomputer though “dump” analog terminals. In that setting, multiple users could access the geospatial computing power of a workstation or mainframe from terminals. Today, DGIS exists in the forms of Internet GIS, Web GIS, Network GIS and Wireless GIS. The function range from the delivery of static maps to full suite of ondemand GIS services [5]. There are many computing challenges faced by DGIS application, which may be classified into six major categories: system performance, user interface, interoperability, data integrity, spatial data mining, and system security [6]. Amongst, security is the crucial part in DGIS. The heterogeneous nature of data resources and their security policies make security schemes complicated in any distributed or Grid computing environment [7]. As with any new technology, there is a delay from the time it is introduced to the market to the time it is really understood by the industry. The speed at which web technologies were adopted has widened the technology gap between the application and security measures. The security industry as a whole has not kept equal pace with these changes and has not developed the necessary skills and thought processes to tackle the issues. Given the increasing level of attack from the Web environment, the protection of Web servers, Web applications, back-end systems and databases is becoming a greater challenge for many organizations. About 75% of cyber attacks and Internet security violations are generated through Internet applications [8]. Many of the research institutes and IT industry responded to the increased Web attacks with solution at gateway level by introducing firewall concept [9]. Netscape
Page 13 of 93
ISSN 2229 5208
also developed Secure Socket Layer (SSL) protocol in 1996 for securing data transmission across the internet.
International Journal of Computer Information Systems, Vol. 2, No. 2, 2011 services, act as a buffer between the presentation and the data. In three-tier architecture, all user access to the data occurs through presentation services, which communicate with the process services. Typical process services, then, include customer search, product update, archiving, and complex business rule checks. This tier would also include services that were not necessarily tied to the presentation layer, such as scheduled batch processes or automatic event handling. Finally, data services provide the data on which the process services work. Because of the distributed nature of web applications, these are becoming popular attack targets. Web Application Security Consortium [10] gave report on web hacking statistics as the hacking statistics are increasing year by year even with improved technologies. B.
Figure 1. Geospatial Weatehr Information System
The objective of the paper is to investigate various threats a distributed GIS application faces and to develop effective countermeasures at all interrelated layers, resulting to framing secure guidelines both at design and implementation levels. Five investigations are performed to fulfill the objectives of this research. The first investigation is primarily conducted for finding out the various threats faced by the distributed GIS application with a threat risk modeling approach. The second and third investigations are for examining ideal security configurations across three layers of distributed GIS application (Network, Host, and Application) by identifying general threats, vulnerabilities and corresponding countermeasures, to make the application hack resilient. The fourth investigations is about analyzing the security gaps between applications, keeping security assessment approach at the forefront. The fifth is for application security. It addresses application testing framework, risk assessment methodology and finally security accuracy assessment of GWIS application. II. A.
SECURITY CHALLENGES
Web application concerns Today's client/server technology has progressed beyond the traditional two tiered concept to three tier architectures. Application architectures have three logical tiers: presentation services, process services, and data services. Presentation services provide the user interface to the system. Presentation can be achieved through traditional graphical interfaces (such as a Windows PC) and terminals, or through other technologies such as Web browsers, interactive TV, kiosks, ATMs, and interactive voice response (IVR). Process services, also known as application services or business
February 2011
Security assessment Traditionally, security assessment has been considered a sub-function of network management, and has been identified as one of the five functional areas of the open system interconnection, management framework. As defined in the OSI management framework, security assessment is concerned not with the actual provision and use of encryption or authentication techniques themselves but rather with their management, including reports concerning attempts to breach system security. Two important aspects are identified: (i) managing the security environment of a network including detection of security violations and maintaining security audits, and (ii) performing the network management task in a secure way [11]. Sloman et al, 1994 defines security assessment as the support for specification of authorization policy, translation of this policy into information which can be used by security mechanisms to control access, management of key distribution, monitoring and logging of security activities [12]. Meier et al, 2004 defines security assessment involves holistic approach, applying security at three layers: the network layer, host layer, and the application layer [13]. Additionally, applications must be designed and built using secure design and development guidelines following good security principles. Russ et. al., 2007 concludes security assessment is an organizational-level process that focuses on the nontechnical security functions within an organization [14]. In the assessment, it examines the security policies, procedures, architectures, and organizational structure that are in place to support the organization. Although there is no hands-on testing (such as scans) in an assessment, it is a very hands-on process, with the customer working to gain an understanding of critical information, critical systems, and how the organization wants to focus the future of security.
III.
METHODOLOGY
Most of the organizations deploy their web sites/applications with firewalls, Secure Socket Layer (SSL), host security and network security. But majority of the applications are prone to being hacked and these mentioned technologies are not preventing the hacks. A study suggests that almost 75% of the web attacks were done through port 80,
Page 14 of 93
ISSN 2229 5208
the default TCP/IP port used for HTTP traffic and 443[15]. This is because of the fact that for most of the organizations it is not possible to close these ports, and hackers are well aware with the general open port policies of firewall. Many hackers know how to make http request look benign at the network level, but data within them is harmful. This is because in the Open System Interconnection (OSI) reference model, every message travels through seven layers. The top layer of the OSI reference model, the application layer includes http and other protocols that transports message with content including HTML, XML, Simple Object Access Protocol (SOAP) and Web services. By applying security hot fixes in a timely fashion, there is always room for improving the web server security. But there is always a chance of getting hacked through a newly discovered vulnerability before it can be identified and patched. Considering the Computer Emergency Response Team (CERT) received 42,586 incidents in the first quarter of 2003, compared with 21,756 for all 2000 [16]. These exploited vulnerabilities reside in operating system bugs, flawed network designs, defected business applications, desktop e-mail clients, web browsers, media players and even security softwares, which are deployed to protect the applications [17]. Therefore, random security is not enough to make distributed GIS application hackresilient. One needs to follow a holistic and systematic approach (figure 2) to secure network, host, and application. Distributed GIS application security must be addressed across the tiers and at multiple layers [18]. A weakness in any tier or layer makes distributed GIS application vulnerable to attack. For this reason, the study suggests measures which could be taken to secure the distributed GIS application across all interrelated layers.
International Journal of Computer Information Systems, Vol. 2, No. 2, 2011 auditing & logging, intrusion detection will ultimately block the insecure TCP/IP protocols. The other core element of the network is firewall to provide security at the gateway which is mainly good at blocking ports. Additional policies and scripting can block malicious communications, insecure ports. The network switches are generally overlooked in terms of security. But these switches should be monitored regularly in and out every communication packet to monitor the regular traffic of the application. Vulnerability assessment is conducted by integrating router, firewall, and switch security assessment for GWIS environment by identifying weaknesses and recommendations for short and long term security improvements. Now, the risk associated with the network layer is calculated by using simple straight forward formula given by Manzuik et al [19]. Risk = Vulnerability x Attacks x Threat x Exposure Where V = Vulnerability, A measure of issues that are considered vulnerabilities. This measure is usually is function of vulnerability assessment. A = Attacks, A measure of actual attacks and dangers, which is typically a function of host/ network based intrusion detection / prevention tool. T = Threat, A measure of lurking or impending danger. This is known as the threat climate, which comprises such factors as availability and ease of exploit. E = Exposure, An accounting of organization‟s vulnerability to attack, or how much periphery must be protected and how poorly it is being protected. Rao, 2010 provides insightful and more reflective information regarding the true security assessment of network at GWIS site. Risk = 4 x 2 x 4 x 2[20]. Risk = 64. As per CVE 20054560, the maximum risk will always be 625 and minimum will always be 1. The total risk associated with the network layer is 64; therefore overall risk level is LOW. The risk is obtained by integrating the associated network equipment (gateway, router, and switch), and the total risk of the network layer is 64. Hence, the overall severity level is LOW.
Figure 2. Holistic approach to security of distributed GIS application
A. Securing network The three important elements of a network are the router, firewall and a network switch. Router is to route the packets and protocols configured to work with the GIS application which is very first line of defense. Robust router configuration with updated patches, protocols, administrative access,
February 2011
B. Securing host Host generally includes the Operating System (OS) and a distributive environment with several web services viz., web servers, enterprise services, a geospatial database module etc. Web servers are popular attack targets which are accessible through firewalls. Attacks that exploit web servers or server extensions (e.g., programs invoked through the common gateway interface) represent substantial portion of the total number of vulnerabilities. So countermeasures should include configuring web server to prevent URL path traversal, locking down system commands, and utilities with restrictive access control lists (ACLs). It is very important while installing new patch and updating.
Page 15 of 93
ISSN 2229 5208
The importance of the host security problem comes into prominence by the growth of internet, since the host means an entry point of application to the intruders [21]. Since, everything is computerized the systems need an operating system, which can act as a suitable interface between machine and user. It should also act as a strong platform to enable successful execution of different application on it. There are various security policies associated with operating system, but it is being seen that the operating systems present in the market, even the best ones, have some serious vulnerabilities present in them. Web applications are becoming popular attack targets. The applications will always contain exploitable bugs that may lead to successful attack. To improve the computer security, the general practice is stacking different security mechanisms on top of each other in the hope that one of them will be able to defend a malicious attack. These layers may include firewall to restrict network access, operating system primitives like non-executable stacks or application level protection and secure application procedures for application security [22]. Each and every component has its own importance in making the application more secure. But the host system typically requires security management because the middleware applications are deployed on the operating system. Assessment of host consists of three areas; vulnerability analysis, hardening guidelines, and control analysis. The vulnerability assessment is conducted by using commercial / open source vulnerability scanners such as Nessus, Microsoft Base Vulnerability Scanner and NMap. Each scanner electronically probes the host for security holes that may allow a hacker or malware to compromise GWIS application. Nessus and Microsoft Base Security Analyzer are used to reduce the false positives in scanning the windows 2003, since scanners vary widely in vulnerability detection, since their probing techniques are different than each other. During the hardening guideline phase, the configurations are analyzed and corrective measures are followed to rectify the vulnerability issue. The output reports are analyzed critically to make corrective measures on the system. Automated scanning tools (Nessus, MBVS, Nmap) are the primary vehicle for this type of assessment. For vulnerability testing, Microsoft Server 2003 Enterprise Edition is subjected to Nessus, MBVS and Nmap scans. Server 2003 enables the network device shortly after the first dialog boxes are configured during setup. Nmap identified the system only as a Windows operating system but was unable to isolate an exact fingerprint match. Nessus further identified that port 137 listened for UDP packets to the default NetBIOS-NS service and identified one remote vulnerability. In addition to Nessus tool, Microsoft Baseline Security Analyzer (MBSA) tool also deployed on GWIS host for extra perfection. In addition to these vulnerability scanner analysis, Microsoft framework on host security categories are also implemented on GWIS host for providing extra security at the host level [23]. Microsoft provides interesting framework for securing host at the general application deployment cases. It talks about the importance of regular patches and updates. If a new vulnerability is reported after the successful attack, the appropriate patch is
February 2011
International Journal of Computer Information Systems, Vol. 2, No. 2, 2011 immediately posted to the server within hours of time, if the server is able to get the regular updates in time. 90% of the host vulnerabilities are automatically addressed if the host is receiving the proper patches in regular intervals of time. Unwanted protocols, services, accounts are disabled to deny the access for external environment. Risk associated with the host layer is calculates using the formula. Risk = Vulnerability x Attacks x Threat x Exposure In this case, vulnerability receives a score of 6 because its impact on the affected systems, attack would receive a score of 2 based on the nature of attack. Threat would receive 4 because of the popularity of the company, exposure in this case receive a 2 because the service is not much affected, in this case, Risk = 6 x 2 x 4 x 2 Risk = 96 Therefore the overall risk associated with host layer is 96, and the overall host risk level is LOW. C.
Securing application
Application security is the use of software, hardware, and procedural methods to protect applications from external / internal threats. Security measures built in to applications and sound application security procedures minimize the likelihood that hackers will be able to manipulate application. Actions taken to ensure application security are sometimes called as countermeasures. These include firewall, router, encryption/decryption, anti-virus programs, spyware detection/removal programs, and biometric authentication systems. Application security can be enhanced by rigorously defining enterprise assets, identifying what each application does with respect to these assets, creating a security profile for application, identifying and prioritizing potential threats, and documenting adverse events and the action taken in each case. There are many risk assessment models for the web application risk modeling. They are OWASP, CENZIC, CVSS, DREAD, OCTAVE, NIST, NISA, ISO 1799 or 27001 for addressing the risk they are dealing with [24]. All these models based on a uniform algorithm and quantify the risk of the application in its own metric. Some models rate the risk in the scale of 1-10, and some other models quantify the risk under low, medium or high levels. However, the algorithm starts with the identification of organizational assets and their vulnerabilities. These vulnerabilities are found by a test of automated tools that are available in the industry. The next process is assigning the weightages to the individual vulnerability based on the model description for quantifying the risk. The outcome of the risk model prioritizes with the list of vulnerabilities that could harm the application. This priority list is useful for the developers and administrators to secure the application with remedial procedures. The outcome of risk model is a detailed document for making the application hackresilient one both at design level and implementation level.
Page 16 of 93
ISSN 2229 5208
The OWASP model provides the open framework for security accuracy assessment of web application security. In order to experiment with OWASP open source model, the study has been chosen GWIS application to implement security assessment. During the assessment phase, the application flaws are completely assessed with variety of tools for finding out vulnerabilities of the application. The found vulnerabilities are billed with threat agent factors, vulnerability factors to find out the likelihood and impact levels on technical and business functions. Now it is combined them together to get final severity risk rating for the GWIS. Final severity risk levels are obtained from overall risk severity matrix (table 6.34) by inputting likelihood and impact levels of GWIS [26]. The integrated OWASP model gives an innovative approach for the study of security assessment of GWIS application. The study has produced excellent results in assessing the security of GWIS application by rating the risk factor associated with GWIS. It has produced two main factors, one is the likelihood and other is impact factor. It is clearly noted that, the likelihood and impact factors are not static ones and will change from time to time depending on the application design principles and business rules. That is why; technical factors and business factors are completely different. But understanding the business context of the vulnerabilities is crucial in assessing the risk of GWIS. Considering threat agent factors, vulnerability factors, technical impact factors, and business impact factors of GWIS application the scores are varying between 0-9 depending on the values of threat agent capability, vulnerabilities of GWIS, technical impact, and business impact on the GWIS. The objective of deploying OWASP model is to quantify the risk face by the GWIS. The vulnerability score helps the GWIS to better understand application severity, measure progress towards security goals such as protecting assets, rectifying the risk levels. To explain the different categories of risk generating factors of GWIS application, blind SQL injection and login page SQL injection are causing major risk to the GWIS. The final outcome of overall risk also because of the severity levels of these two vulnerabilities against both likelihood and impact factors of GWIS. Since, the vulnerabilities can be exploited remotely, the ease of exploit is relatively high, and hence it has been given the high rating for the ease of exploit with corresponding severity levels. Also the vulnerabilities can be exploited using multiple methods with different outcomes scores are generated accordingly for each vulnerability factor. To execute the high risk value vulnerabilities such as, blind SQL injection and login page SQL injections, to alter the database content, technical and business impact factors are set to HIGH. Similarly, to exploit the rest of the vulnerabilities the likelihood and impact factors are given. The Common Vulnerability Scoring System (CVSS) risk rating model also used for calculating and rating the risk of the GWIS application. Therefore, the risk posed by these vulnerabilities is calculated under base, temporal and
February 2011
International Journal of Computer Information Systems, Vol. 2, No. 2, 2011 environmental factors. The overall security of the application always depends on the total security of the system. The base score of GWIS is 7.7 in the scale of 1-10[26. Therefore the severity of the application is medium to high. Temporal score of GWIS is 6.6 which represent the urgency of introduction of mitigating factors to reduce the vulnerability scores. The environmental score is 10.0 which is a final score with the base and temporal inputs. Since environmental score is high, GWIS will use this input to immediately prioritize the responses in the deployment environment. To minimize the risk levels of the GWIS, it is crucial to fix the most sever risk generating vulnerabilities first such as, blind SQL injection and login page SQL injection vulnerabilities in GWIS. DREAD methodology is also used to calculate the risk. For each threat the risk rating is calculated by assessing damage potential, reproducibility of attack, exploitability of hte vulnerability, discoverbility of vulnerability and finally total risk points of the application. The risk can be calculated from a simple formula [28]. Risk = Probability x Damage potential Where risk posed by a particular threat is equal to probability of threat occurring multiplied by the damage potential. According to DREAD scores, probability of occurring the threat in GWIS is MEDIUM, and the damage potential is MEDIUM and hence severity level is medium. SQL injection attracts high sever scores, unencrypted login request carries medium severity scores. Rest of the vulnerabilities are of low sever levels. So from pure business point of view, the risk factor is LOW. But on the whole, probability and damage potential levels of GWIS are MEDIUM and MEDIUM respectively. Therefore the overall severity of the risk is MEDIUM [29]. To minimize the risk levels of the GWIS, it is crucial to fix the most sever risk generating vulnerabilities first such as, blind SQL injection and login page SQL injection vulnerabilities in the GWIS. Similarly the other vulnerabilities also should be fixed to further reduce the risk of GWIS. IV.
RESULTS AND DISCUSSIONS
Identifying vulnerabilities across the layers is a major endeavor. Today‟s enterprise consists of several system servers, application servers, database servers via several networking circuits with varying speeds. The point is, it is not possible to simply install network / system scanners and scan the total application. This is because; it is not possible to get the required coverage with in the desired time frame with a single scanner. For this reason we cannot simply stop the assessment, knowing that the site consists of 70 percent network vulnerabilities that have not been remediated. Enterprise level assessments are still required. Instead of simply dropping scanners onto network, the process should leverage organizations vulnerability management, its investment in security, patch, and configuration management technologies. Vulnerability scanners are responsible for detecting network hosts, discovering available applications, and ascertaining vulnerabilities. Vulnerability softwares
Page 17 of 93
ISSN 2229 5208
International Journal of Computer Information Systems, Vol. 2, No. 2, 2011 generally run on network devices or on a company own application assets. Various proprietary / open source assessment tools are used to assess the security accuracy of the application (Table 1). Selecting the operating platforms to use during scanning process depends on the type of network. The complete application development and deployment is done with in Microsoft environment (Windows 2003/ Xp). TABLE I.
PRIMARY TECHNOLOGIES USED IN GWIS DEPLOYMENT
Area Network Firewall Router Switch Host Windows 2003 Application Microsoft.NET
IIS
SQL Server
Assessment tool Nessus CISCO Nessus Microsoft Base Security Analyser (MBSA) B. Watchfire‟s Appscan, Spydynamic‟s Webinspect, AccoutnixWeb vulnerability scanner Watchfire‟s Appscan, Spydynamic‟s Webinspect, AccoutnixWeb vulnerability scanner Watchfire‟s Appscan, Spydynamic‟s Webinspect, AccoutnixWeb vulnerability scanner
Appscan, Webinspect, and Web vulnerability scanner software‟s are security software that automates the complex, manual task of auditing web applications. A.
GWIS network assessment
For this type of application assessment, single type of vulnerability scanner is sufficient for scanning the application. However, larger sites may require multiple vulnerability scanners to support the assessment needs. Now, the point is what is next after fixing the vulnerabilities of the site. The major issue in the security management is finding out the vulnerabilities and fixing them to reduce the security risk posed by these vulnerabilities. Every organization should concern with managing remediation to address the discovered vulnerabilities. Most often traditional vulnerability methodologies and its IT security policy suggest some methodology, but the organization should have a mechanism to validate vulnerabilities exposed to a remote entity. Vulnerability assessment reports produce lot of insightful information as listed in figure 3.
February 2011
Figure 3. Vulnerability analysis using Nessus
GWIS host assessment
The Operating System (OS) is the most critical component that needs to be prevented from attack. Access to an OS, allows to the removal of anything on the device. Even if data is encrypted, it's removal and the potential for offsite analysis requires appropriate OS controls. Unfortunately there are countless ways of accessing the operating system. The vulnerability audit is the most important step in the vulnerability management process. It entails checking operating systems, vulnerabilities, system misconfigarations, and policy infractions. In the past, manual network audits, usually performed by an external consultant, could take days or even weeks for large networks. Automated scanning tools automate the auditing process and reduce the time it takes to scan from weeks to hours. By deploying multiple scanning engines to strategic network locations, users can reduce the time it takes to scan for the vulnerabilities. GWIS host is scanned using multiple tools such as Nessus 3.2.1, Microsoft Base Vulnerabilitiy scanner to find out the vulnerabilities and patch gaps present in the host. In figure 4 vulnerabilities are presented in GWIS host, which is hosting the GWIS application, 11 of which are considered as high risk. In figure 5 vulnerabilities are further broken down by risk and percentage.
Page 18 of 93
ISSN 2229 5208
Figure 4. Vulnerability analysis using Nessus
Figure 5. Host Vulnerability Breakout Analyzing vulnerability assessment report further, the top vulnerabilities are reflected in table 2. TABLE II.
33% of the URLs had test results that included security issues. Figure 7.8 shows the vulnerable URLs of GWIS. Vulnerable URLs (33%) Not vulnerable URLs (67%)
VULNERABILITY SEVERITY FACTOR
Vulnerability SMTP Server detection Port netbios- ns Netbios name service reply information leakage TCP time stamps Users in the admin group Local user information: user has never logged on Local user information: Password never expires Local user information:disabled accounts Local user information:never changed password
International Journal of Computer Information Systems, Vol. 2, No. 2, 2011 Following are the security risks that appeared most often in the application: It is possible to gather sensitive information about the web application such as usernames, passwords, machine name and/or sensitive file locations. It is possible to view, modify or delete database entries and tables. It may be possible to steal user login information such as usernames and passwords that are sent unencrypted. It is possible to gather sensitive debugging information. It is possible to steal or manipulate customer session and cookies, which may be used to impersonate a legitimate user, allowing the hacker to view or alter user records, and to perform transactions as that user.
Risk factor None None Medium None None Medium Medium None Medium
Figure 6. Vulnerable URLs of GWIS
By using this information risk calculation is done regarding the true security of the GWIS. By evaluating each vulnerability against its applicability, it is discerned whether the vulnerabilities reported represent a false or true threat to GWIS. It is then decided whether organization is operating at an elevated level of risk. As discussed in section 3. Risk = Vulnerability x Attacks x Threat x Exposure So, in this case, Risk = 6 x 2 x 4 x 2 Risk = 96 Therefore the overall risk associated with host layer is 96 and the severity level is LOW.
39 URLs are scanned. It is also identified 9 vulnerability patterns, including 20 instances of vulnerabilities related to GWIS application. These results present a certain level of business risk to the GWIS application. Understanding these vulnerabilities will not help GWIS development. But conducting remediation activities help to reduce the security risk level. In figure 7 the total number vulnerabilities found in GWIS are depicted severity wise.
C. GWIS application assessment Web application assessment is crucial part in assessment of the overall risk of application. Because of the multiple technologies involved with the design of the application, technology gaps between them, most of the applications are becoming vulnerable to attack. Figure 7. Issue severity gauze for GWIS application
February 2011
Page 19 of 93
ISSN 2229 5208
The remediation task is designed to address the vulnerabilities present in the GWIS application. The remediation tasks generally address the weakness of application that are found during the assessment of application. There are different types of vulnerabilities, some requires immediate remediation and some may require some software / hardware resource to rectify the same. Existing code should be checked for these vulnerabilities, as these flaws are being actively targeted by attackers. Development projects should address these vulnerabilities in their requirements documents and design, build and test their applications to ensure that they have not been introduced. Project managers should include time and budget for application security activities including developer training, application security policy development, security mechanism design and development, penetration testing, and security code review. But all vulnerabilities pose some risk to the application that could result in a loss of system control by compromising the valuable database. Twenty unique issues are detected in GWIS, across 10 sections of the regulations. D. Final risk assessment with holistic approach Risk assessment is a critical step in vulnerability management process. It helps to secure applications before the system is compromised, by understanding the risk associated with the application. Just like network devices, operating systems and other enterprise applications, distributed GIS application need continual scanning to ensure new exposures those haven‟t been introduced even by the software vendors. The overall process of risk assessment identifies vulnerabilities throughout the entire application, scanning the browser and server-side components such as databases, host application, network devices and other third party installed applications. It entails checking operating system, hardware vulnerabilities, application vulnerabilities, system misconfigurations, and policy infractions to calculate the final risk. In the process, the risk posed by these vulnerabilities is calculated. Table 3 shows the risk associated with the GWIS environment across network, host, and application layer, by using holistic approach. TABLE III.
SNo 1 2 3
OVERALL RISK SEVERITY OF GWIS APPLICATION
Layer Name Network Host Application
Severity Low Low Medium
Severity levels of network, host, and application are LOW, LOW, and MEDIUM respectively. The overall security of any application will always depends on the total security of the system. As mentioned in the methodology, for developing secure distributed GIS application, holistic approach is required and security must be applied at all three inter related layers. That is why each layer is important in security contribution to the GWIS application. Therefore, the severity of application is MEDIUM, the severity of host is LOW and the severity of network is also LOW. From the technical point
February 2011
International Journal of Computer Information Systems, Vol. 2, No. 2, 2011 of view the severity of overall application is almost LOW. But from pure business point of view the risk factor is MEDIUM. Hence the overall severity of the risk is MEDIUM. To minimize the risk levels of the GWIS, it is crucial to fix the most sever vulnerabilities, first by prioritizing the criticality of the vulnerability. Remediation priority should be based on the criticality of the vulnerability, which takes into account the likelihood and difficulty of exploitation and the business use and importance of the GWIS asset. The research framework entails that, there are various types of threats a distributed GIS application faces. These covers information disclosure, infrastructure vulnerabilities, session management flaws , insecure configuration management, authorization flaws, authentication flaws, encryption flaws, unvalidated input, including, SQL injection, cross-site scripting, HTTP response splitting, LDAP injection, and crosssite request forgery web services vulnerabilities, including, XPATH injection. The ideal security configuration approach to make the web application is the holistic approach as mentioned in section 3. The holistic approach covers the process of securing network, securing host, and securing application. It entails checking network vulnerabilities, operating system, hardware vulnerabilities, application vulnerabilities, system misconfigurations, and policy infractions to calculate the final risk. As more and more applications are web based, web application security exploits are becoming the attack patterns for hackers. Exploits embedded in http or https packets sail past perimeter security systems and potentially attack an organization's critical databases. Given the complexity of today‟s web applications, these exploits are difficult to uncover and protect against. Using black box testing methodology is a refined process based on the OWASP top 10 model. Countermeasures using a combination of open-source tools, automated scanners, and manual testing enumerate vulnerabilities across all the threat class domains. Threat modeling helps companies proactively deal with security by providing structure and rationale for the security of distributed GIS application. Threat models help capture security flaws at an early stage, thereby reducing the cost of fixing the flaws after the application has been deployed. On the positive side, three-tier techniques are an absolute requirement for web applications. Performing all application development in three tiers now makes it that much easier to support internet, intranet, and extranet later. In fact, specifying individual process services simplify the differences amongst internal intranet/extranet users and external internet users. Despite these advantages, a number of security challenges to implementing three-tier architecture exist, including:
Page 20 of 93
A full 3-tier implementation would have a server running a web server that connects to a mid-tier server or other servlet engines and database connectors. This arrangement will have a access to all the layers of application.
ISSN 2229 5208
Business logic and database are running on one/or more server(s) while the web server is running separately. This provides the minimum of 'Defense in Depth' and keeps the business logic and data away from servers that may be compromised by Internet or Intranet users.
Enterprise assets reside on servers: servers that provide access to the network (routers, firewalls, and intrusion prevention systems), servers to detect intrusion (intrusion detection system), and servers to provide access to company information (role-based access control and fine grain authorization, file servers, email servers, etc.), servers to store critical data (database servers), and so on.
A potential problem in designing three tier architectures is that separation of user interface logic, process management logic, and data logic is not always obvious. Some process management logic may appear on all three tiers.
Security is key risk to achieving service oriented architecture benefits.
Accuracy assessment is one of the crucial processes to make the application hackresilient one. The study has a component of implementing security accuracy assessment model of distributed GIS application which is called as Risk Rating methodology to assess the security assessment (section 6.5), and finally resulting in guidelines at both design and implementation levels.
V.
CONCLUSIONS
The study, puts forward a comprehensive study of security, vulnerability management, risk management, of a distributed GIS application, and acknowledged the need for the security of application. The study proposed the holistic approach for the overall security of distributed GIS application. In the process, we have presented standard vulnerability management by calculating the risk associated with each layer with remediation initiatives. The research work generates the vulnerability reports by using different open source / commercial tools based on predefined or custom templates that cover everything from low level remediation information to high level compliance reports. The study brings forth a comprehensive picture of vulnerabilities in the device / code but also presents how to find it, what tools are available to assist in discovering and testing. It gives detailed explanation on how to manage and handle the vulnerabilities of different severity levels, calculating the risk associated with the total application and remediation and reconstitution of the system.
International Journal of Computer Information Systems, Vol. 2, No. 2, 2011 network layer, host layer and application layer. The research addressed the vulnerability assessment process of all networking devices (router, gateway, and switching devices) with various assessment tools. This also demonstrated a constructive approach for strengthening the host layer by assessing the health of OS security and its vulnerabilities. Finally the research has given more emphasis on the application security aspects. It provides comprehensive scanning of database, web server, GUI, server side code and associated scripting parts for vulnerabilities that affect the total application aspects. It provides the simple and straight forward way for vulnerability assessment and risk management for the overall security strategy. The application security covers the auditing of application components for security, configuration and operational vulnerabilities. The study generated detailed security reports and remediation guidelines for quickly resolving the issues as per the severity levels. The study also addressed the process called Threat Modeling, which provides a structure and rationale for the security of GWIS. The most interesting point in this research is the methodology and risk calculation process using OWASP risk rating methodology. Carlos Lyons, 2003, corporate security, Microsoft [30] concludes, “A vulnerability in a network will allow a malicious user to exploit a host or an application. Vulnerability in a host will allow a malicious user to exploit a network or an application. Vulnerability in an application will allow a malicious user to exploit a network or a host.” Random security is not enough to make the application secure, but a holistic approach to application security is required and security must be applied at all the three layers. Hence the research has been focused on three domains of holistic approach, which are network security, host security and application security. Each and every domain is assessed individually and calculated the risk associated with a simple straight forward approach. Network and Host layers are discussed with associated general vulnerabilities and why they are important. Much emphasis has been given to application security as it is the main research area of the topic. Total GWIS application has been assessed with individual components addressed the vulnerabilities to determine the risk associated with the application. REFERENCES [1]
[2]
[3]
[4]
The highlight of this research is the process of risk calculation of GWIS application by using holistic approach. It covers the vulnerability assessment, risk calculation of 3 layers, such as
February 2011
M.David, „Distributed GIS computing in the internet age‟. Proc. 12th Int. Conf. on Geoinformatics - Geospatial Information Research: Bridging the Pacific and Atlantic University of Gavle, Sweden, June,79,2004. M.H.Tsou, B.P. Butenfield, „Client / Server components and Meta data objects for Distributed Geographic Inforamtion services‟. In the proceedings of GIS/LIS, fort Worth, Texas. pp.590-599,1998. W.Xueming, „Distributed Geographical Information Systems : An architecture and implantation overview‟ , John Wiley and sons Inc.USA. 2003. C.Yang, „A Forward to Distributed Geographic Information System, Distributed GIS: A graduate level course‟ . Accessed from http://129.174.58.144/course/digis/forward.html. Accessed on 25.04.2006.
Page 21 of 93
ISSN 2229 5208
International Journal of Computer Information Systems, Vol. 2, No. 2, 2011 [5] [6] [7] [8] [9]
[10] [11] [12] [13]
[14] [15] [16] [17] [18] [19]
[20]
[21] [22] [23] [24]
[25] [26]
[27]
L.Anselin, Y.W.Kim, I.Syabri, „Web-based analytical tools for exploration of spatial data‟. Journal of Geographical Systems, 6, pp.197223, 2004. X.M.Chen, C.Yang, S.Chen, Evolution and Computing Challenges of Distributed GIS. Journal of Geographic Information Sciences, Vol 11, No1, pp.61-70, 2005. J.Joseph, C. Fellenstein, „Grid computing‟. New York: Prentice Hall PIR.2005. Gartner, , Are we vulnerable to cyber attacks? 2003.Pressrelease. www.gartner.com. Accessed on 20.02.2004. Hewlett-Packard, „Security at next level: Are your web application vulnerable? „HP Whitepaper, 2007. Accessed from https://h10078.www1.hp.com/cda/hpms/display/main. Accessed on 13.02.2007. WASC, Web Application Security Consortium, Web Hacking Statistics. Accessed from www.webappsec.org /projects/whid/statistics. shtml. Accessed on 14.06.2007. A. Langsford, OSI Management Model and Standards. Chapter 4 in Network and Distributed Systems Management (Sloman, 1994ed), pp. 69-93. 1994. M.S.Sloman. „Policy Driven Management for Distributed Systems‟. Journal of Network and Systems Management, vol. 2(4), pp. 333-360, December 1994. J.D.Meier, A. Mackman, S.Vasireddy, M.Dunner, S.Escamilla, A.Murukan, „Improving web application security : Threats and Countermeasures‟. Microsoft Corporation, pp.4.2003. R.Russ, D.Ted, Greg Miles, Ed Fuller Greg, , Security Assessment: Case studies for implementing the NSA IAM, Syngress, Syngress Media, Inc. 2007. Cenzic, , „Enabling Security in the Software Development Lifecycle‟, Whitepaper. Accessed from http://www.Cenzic.com Accessed on 12.07. 2007. CERT, „Vulnerability Remediation Statistics‟, Whitepaper, Accessed from http://www.cert.org/stats/fullstats.html. Accessed on 9.04.2008. Greg Shipley, , „Are you Vulnerable?‟ Whitepaper, CMP Media LLC, 2003. Accessed from http://www.neohapsis.com/research/articles.php. Accessed on 16.06.2007. J.D.Meier, A. Mackman, S.Vasireddy, M.Dunner, S.Escamilla, A.Murukan, „Improving web application security : Threats and Countermeasures‟. Microsoft Corporation, pp.6-7.2003. SANS Security essentials, „Understanding the IIS vulnerabilities: fix them‟, SANS Institute,2001. Whitepaper. Accessed from http://www.sans.org/training/category.php?c=SEC, Accessed on 06.20.2005. K. Ram Mohan Rao, „Security risk assessment framework for network layer‟. Cyber Journals: Multidisciplinary Journals in Science and Technology, Journal of Selected Areas in Telecommunications (JSAT), ISSN: 1925-2676. December Edition 2010. pp 7-12. E.Magnus, P.Staffan, „Comparative Study of Containment Strategies in Solaris and Security Enhanced Linux‟, PhD thesis, Report No: LITHIDA-EX-ING--07/004—SE. 2007. P.Niels, „Preventing Privilege Escalation‟. Technical Report CITI 02-2, University of Michigan, MN, USA.2002. Vnutz, „Operating System vulnerability summary‟, Omnierd Whitepaper,2007.http://www.omninerd.com/articles/2006 Operating_System_ Vulnerability_Summary. Accessed on 23.08. 2007. M.Curphey, D.Endler, W.Hau, S.Taylor, T.Smith, A.Russel, M.McKenna, R.Parke, K.McLaughlin, N.Tranter, A. Klien, D.Groves ,I. By-Gad, S.Huseby, M.Eizner, R.Mcnamara, „A guide to building secure web applications‟, The open security web application project, V.1.1.1. 2002.Whitepaper, Available from http://www.first.org/cvss/cvssguide.html Accessed on 12.04.2007. J.D.Meier, A. Mackman, S.Vasireddy, M.Dunner, S.Escamilla, A.Murukan, „Improving web application security : Threats and Countermeasures‟. Microsoft Corporation, pp.3.2003. K. Ram Mohan Rao, Durgesh Pant, Security risk assessment of Geospatial Weather Information System (GWIS): An OWASP based approach. International Journal of Computer Science and Information Security, Vol.8 No.5 pp. 208-218. 2010. K. Ram Mohan Rao, Security risk assessment of Geospatial Weather Information System (GWIS) using integrated CVSS approach.
February 2011
International Journal of Computer Information Systems, Volume 1, Number 3 October 2010. pp 24-32. 2010. [28] A.Danny, Managing a growing threat : an execurive‟s guide to Web application security. Web application security Executtive brief, Rational Software,2008.Whitepaper. Accessed from http://www306.ibm.com/software/rational/ Acessed on 2.07.2007. [29] K. Ram Mohan Rao, Durgesh Pant., Security risk assessment of Geospatial Weather Information System (GWIS): a DREAD based approach. International Journal of Advanced Computer Science and Applications, Vol.1 No.3 pp. 15-19. 2010. [30] J.D.Meier, A. Mackman, S.Vasireddy, M.Dunner, S.Escamilla, A.Murukan, „Improving web application security : Threats and Countermeasures‟. Microsoft Corporation, pp.6-7.2003.
Page 22 of 93
AUTHORS PROFILE Dr. K. Ram Mohan Rao holds Post Graduate and Doctoral degree in Computer Science. Presently, he is working as Scientist in Geoinformatics Division, Indian Institute of Remote Sensing (NRSC), Dehradun. He has research expertise in the fields of Spatial Databases, GIS Customization and dissemination including programming languages, Location Based Services, Distributed GIS and Risk modeling. His interests include Open source technologies in the field of Geoinformatics. He is a member of Indian Society of Geomatics and Indian Society of Remote Sensing.
Prof. Durgesh Pant holds Post Graduate and Doctoral degree in Computer Science from BIT, Mesra, India. He is now working as Head, Computer Science, Kumaun University, Nainital, India. He has published more than 50 National and International papers in peer reviewed journals, and 3 books of his credit. 11 students have been completed their Ph.D degree under his supervision. He has served as Director, directorate of Counseling & Placement of Kumaun University. He is also the coordinator for Indira Gandhi National Open University, Kumaun University. He is the member of various National and International academic, social and cultural assosociaitons and bodies.
ISSN 2229 5208
