Previous Table of Contents Next


Chapter 72
Applets and Network Security: A Management Overview

Al Berg

Applets, network-based programs that run on client systems, are one of the newest security concerns of network managers. This chapter describes how applets work, the threats they present, and what security precautions network managers can take to minimize the security exposures presented by applets.

INTRODUCTION

Applets are small programs that reside on a host computer and are downloaded to a client computer to be executed. This model makes it very easy to distribute and update software. Because the new version of an application only needs to be placed on the server, clients automatically receive and run the updated version the next time they access the application.

The use of applets is possible because of the increasing bandwidth available to Internet and intranet users. The time required to download the programs has been decreasing even as program complexity has been increasing. The development of cross-platform languages such as Sun Microsystems, Inc.’s Java, Microsoft Corp.’s ActiveX, and Netscape Communications Corp.’s JavaScript has made writing applets for many different computers simple — the same exact Java or JavaScript code can be run on a Windows-based PC, a Macintosh, or a UNIX-based system without any porting or recompiling of code. Microsoft is working to port ActiveX to UNIX and Macintosh platforms.

APPLETS AND THE WEB

The World Wide Web is the place that users are most likely to encounter applets today. Java (and to a lesser degree, JavaScript) have become webmasters’ tools of choice to add interesting effects to their Web sites or to deliver applications to end users. Most of the scrolling banners and other special effects found on today’s Web pages depend on applets to work. Some Web pages use applets for more substantial applications. For example, MapQuest(http://www.mapquest.com) uses Java and ActiveX to deliver an interactive street atlas of the entire U.S. Wired magazine offers a Java-based chat site that, when accessed over the Web, allows users to download an applet that lets them participate in real-time conferencing.

The Security Issue

Every silver lining has a cloud, and applets are no exception. Applets can present a real security hazard for users and network managers. When Web pages use applets, the commands that tell the client’s browser to download and execute the applets are embedded in the pages themselves. Users have no way of knowing whether or not the next page that they download will contain an applet, and most of the time, they do not care. The Internet offers an almost limitless source of applets for users to run, however, no one knows who wrote them, whether they were written with malicious intent, or whether they contain bugs that might cause them to crash a user’s computer.

Applets and computer viruses have a lot in common. Both applets and viruses are self-replicating code that executes on the user’s computer without the user’s consent. Some security experts have gone as far as to say that the corporate network manager should prohibit users from running applets at all. However, applets are becoming an increasingly common part of how users interact with the Internet and corporate intranets, so learning to live safely with applets is important for network managers.

What Are the Risks?

According to Princeton University’s Safe Internet Programming (SIP) research team, there have been no publicly reported, confirmed cases of security breaches involving Java, though there have been some suspicious events that may have involved Java security problems. The lack of reported cases is no guarantee that there have not been breaches that either were not discovered or were not reported. But it does indicate that breaches are rare.

As Web surfing increasingly becomes a way to spend money, and applets become the vehicle for shopping, attacks on applets will become more and more profitable, increasing the risk. Sun, Netscape, and Microsoft all designed their applet languages with security in mind.

JAVA: SECURE APPLETS

Java programs are developed in a language similar to C++ and stored as source code on a server. When a client, such as a Web browser, requests a page that references a Java program, the source code is retrieved from the server and sent to the browser, where an integrated interpreter translates the source code statements into machine-independent bytecodes, which are executed by a virtual machine implemented in software on the client. This virtual machine is designed to be incapable of operations that might be detrimental to security, thus providing a secure sandbox in which programs can execute without fear of crashing the client system. Java applets loaded over a network are not allowed to:

  Read from files on the client system.
  Write to files on the client system.
  Make any network connections, except to the server from which they were downloaded.
  Start any client-based programs.
  Define native method calls, which would allow an applet to directly access the underlying computer.

Java was designed to make applets inherently secure. Following are some of the underlying language security features offered by Java:

  All of an applet’s array references are checked to make sure that programs will not crash because of a reference to an element that does not exist.
  Complex and troublesome pointer variables (found in some vendors’ products) that provide direct access to memory locations in the computer do not exist in Java, removing another cause of crashes and potentially malicious code.
  Variables can be declared as unchangeable at runtime to prevent important program parameters from being modified accidentally or intentionally.

Java: Holes and Bugs

Although Sun has made every effort to make the Java virtual machine unable to run code that will negatively impact the underlying computer, researchers have already found bugs and design flaws that could open the door to malicious applets.

The fact that Sun has licensed Java to various browser vendors adds another level of complexity to the security picture. Not only can security be compromised by a flaw in the Java specification, but the vendor’s implementation of the specification may contain its own flaws and bugs.

Denial-of-Service Threats. Denial-of-service attacks involve causing the client’s Web browser to run with degraded performance or crash. Java does not protect the client system from these types of attacks, which can be accomplished simply by putting the client system into a loop to consume processor cycles, creating new process threads until system memory is consumed, or placing locks on critical processes needed by the browser.


Previous Table of Contents Next

Copyright © CRC Press LLC