This gives the administrator plenty of time to discover the attack, initiate countermeasures and limit or even avoid any damage. It takes special tools and expert knowledge to carry out such a decompilation. However, the effort involved is not comparable to reading a script. Here, too, there is of course the possibility of decompiling the program and, if not the original source code, at least reading and analysing the CPU instructions (Assembler). This creates the greatest possible hurdles to make life difficult for an attacker. To increase further the security the program can be configured so that it can only be started under certain conditions.įor example, only when no one is logged in, or at certain times. Since the key is in the compiled program, it is much more difficult for an attacker to obtain a key than with scripts. The external program now has its own encrypted data store in which the administrator can store user names and passwords. In addition, with compiled program there are further possibilities to disguise the reading from the original code. It is a compiled program, and therefore cannot be read by an attacker without great effort. I have developed a concept for this, which is based on an external programm encrypting the data. Because there is no simple, tangible solution.Įven if the security department complains about this, the admin can then argue that the script must have the data available, and encryption doesn't help because it must be decrypted again by the script at run time.Ĭonsequently, the admin cannot do otherwise with scripts. In fact it is common practice, even if a policy exists, to store keys in plain text in the script. This is then again readable in plain text, and public for anyone who gains access to the server. For this, the key for decryption must be accessible to the script. The script must then be able to decrypt such an encrypted file at run time. It is of no use at all to store the password, for example in an encrypted file. If the script can read it, an attacker can also read it. The problem is that the script itself must be able to read this data. It is technically impossible to avoid disclosing sensitive keys in the script. For the scripts are indeed very well suited for administrative tasks. For example, many scripts are written with Linux Shell, Windows Powershell, Python or other scripting languages. The advantage of scripts is that they are very well suited for admins or DevOps. Therefore, the source code remains visible, readable and usually also writable for everyone at all times. The essential difference to compiled applications is that the source code is not first compiled into a binary file, but interpreted directly. Like C, C++, Rust, Golang and other compiler languages.įor daily work with servers in the IT infrastructure, however, scripts are usually used. It is much better if a real compiler language is used, which can only be decompiled again with greater effort. With an application that is compiled, it is already considerably more secure.Įven if the bytecode in Java can be decompiled relatively easily and therefore offers little additional protection, it is still a hurdle that an attacker must first overcome. Now, however, a technical problem comes into light. Therefore, many companies have a policy that keys such as SSH keys or user names / passwords must not be present in plain text in applications or scripts. If it were possible to make it more difficult for the attacker, the damage could be limited if the attacker is discovered relatively soon. If an attack is discovered by a system administrator after several hours or a day, the attacker has already gained access to all sensitive data. The time until the attack is discovered is no longer sufficient to limit the damage. If an attacker gains access to such a server, he can directly connect to the database for which there is a backup script on the server, or even several servers with access keys, for example, to carry out regular status monitoring tasks, without having to make any further effort.Ī hacker then only needs access to a single server to get a springboard into the entire network.Įven if the server itself has no sensitive data, scripts can be used to gain immediate access to other servers. Now the security problem with this is obvious. This is because the login information is freely accessible on the server.Įither the SSH key or the user name and password must be accessible to the script and readable at run time in order to log on to the remote servers. Whether this is done via SSH or via a username and password login is only important for the network traffic.įor the server itself, however, the question of SSH or username/password authentication is irrelevant as far as security is concerned.
0 Comments
Leave a Reply. |