CS4241: Webware Class 25: A Few Short Topics Web Security 1 Copyright 2004-2010, Michael J. Ciaraldi.

Slides:



Advertisements
Similar presentations
Public Key Infrastructure and Applications
Advertisements

Virtual Private Networks
Network Security.
Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.
Security S Wireless Personal, Local, Metropolitan, and Wide Area Networks1 Contents Security requirements Public key cryptography Key agreement/transport.
CHAPTER 8: SECURITY IN COMPUTER NETWORKS Encryption Encryption Authentication Authentication Security Security Secure Sockets Layer Secure.
Grid Computing Basics From the perspective of security or An Introduction to Certificates.
1.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 1: Introducing Windows Server.
Web Security CS-431. HTTP Authentication Protect web content from those who don’t have a “need to know” Require users to authenticate using a userid/password.
1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:
1 Configuring Virtual Private Networks for Remote Clients and Networks.
Encryption and Firewalls Chapter 7. Learning Objectives Understand the role encryption plays in firewall architecture Know how digital certificates work.
Lesson 12 Cryptography for E-Commerce. Approaches to Network Security Separate Security Protocol--SSL Application-Specific Security--SHTTP Security with.
Network Security Chapter 8. Cryptography Introduction to Cryptography Substitution Ciphers Transposition Ciphers One-Time Pads Two Fundamental Cryptographic.
Guide to Network Defense and Countermeasures Second Edition
6/3/2015topic1 Web Security Qiang Yang Simon Fraser University Thanks: Francis Lau (HKU)
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
Core Web Service Security Patterns
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
Business Data Communications, Fourth Edition Chapter 10: Network Security.
Chapter Extension 23 SSL/TLS and //https © 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke.
Chapter 8 Network Security 4/17/2017
03 December 2003 Public Key Infrastructure and Authentication Mark Norman DCOCE Oxford University Computing Services.
Chapter 19 Security.
INTRODUCTION Why Signatures? A uthenticates who created a document Adds formality and finality In many cases, required by law or rule Digital Signatures.
CSCI 6962: Server-side Design and Programming
1 Chapter 8 Securing Information Systems. Outline Security Threats (External: malware, spoofing/phishing, sniffing, & data theft: Internal: unauthorized.
Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions.
Computer Networks NYUS FCSIT Spring 2008 Milos STOLIC, Bs.C. Teaching Assistant
Network Security. An Introduction to Cryptography The encryption model (for a symmetric-key cipher).
SYSTEM ADMINISTRATION Chapter 13 Security Protocols.
CHAPTER 2 PCs on the Internet Suraya Alias. The TCP/IP Suite of Protocols Internet applications – client/server applications The client requested data.
Secure connections.
Securing Data at the Application Layer Planning Authenticity and Integrity of Transmitted Data Planning Encryption of Transmitted Data.
32.1 Chapter 32 Security in the Internet: IPSec, SSL/TLS, PGP, VPN, and Firewalls Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction.
Network Security. Information secrecy-only specified parties know the information exchanged. Provided by criptography. Information integrity-the information.
Implementing ISA Server Publishing. Introduction What Are Web Publishing Rules? ISA Server uses Web publishing rules to make Web sites on protected networks.
Linux Networking and Security Chapter 8 Making Data Secure.
Chapter 37 Network Security. Aspects of Security data integrity – data received should be same as data sent data availability – data should be accessible.
Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.
Protecting Internet Communications: Encryption  Encryption: Process of transforming plain text or data into cipher text that cannot be read by anyone.
Security Protocols and E-commerce University of Palestine Eng. Wisam Zaqoot April 2010 ITSS 4201 Internet Insurance and Information Hiding.
Virtual Private Network (VPN) Topics Discussion What is a VPN? What is a VPN?  Types of VPN  Why we use VPN?  Disadvantage of VPN  Types of.
Chapter 23 Internet Authentication Applications Kerberos Overview Initially developed at MIT Software utility available in both the public domain and.
CHAPTER 2 PCs on the Internet Suraya Alias. The TCP/IP Suite of Protocols Internet applications – client/server applications ◦The client requested data.
Module 9: Fundamentals of Securing Network Communication.
Digital Envelopes, Secure Socket Layer and Digital Certificates By: Anthony and James.
1 Securing Data and Communication. 2 Module - Securing Data and Communication ♦ Overview Data and communication over public networks like Internet can.
Internet Security. 2 PGP is a security technology which allows us to send that is authenticated and/or encrypted. Authentication confirms the identity.
1 Security Protocols in the Internet Source: Chapter 31 Data Communications & Networking Forouzan Third Edition.
Public Key Encryption.
Security Many secure IT systems are like a house with a locked front door but with a side window open -somebody.
1 CMPT 471 Networking II Authentication and Encryption © Janice Regan,
Network Security Chapter 8 12/13/ Cryptography Introduction to Cryptography Substitution Ciphers Transposition Ciphers One-Time Pads Two Fundamental.
Security fundamentals Topic 5 Using a Public Key Infrastructure.
INFORMATION SECURITY MANAGEMENT P ROTECTION M ECHANISMS - C RYPTOGRAPHY.
Understand Internet Security LESSON Security Fundamentals.
© Copyright 2009 SSLPost 01. © Copyright 2009 SSLPost 02 a recipient is sent an encrypted that contains data specific to that recipient the data.
 authenticated transmission  secure tunnel over insecure public channel  host to host transmission is typical  service independent WHAT IS NEEDED?
4.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 12: Implementing Security.
INFORMATION SECURITY MANAGEMENT P ROTECTION M ECHANISMS - C RYPTOGRAPHY.
This courseware is copyrighted © 2016 gtslearning. No part of this courseware or any training material supplied by gtslearning International Limited to.
Encryption and Security Tools for IA Management Nick Hornick COSC 481 Spring 2007.
Lecture 10 Page 1 CS 236 Online SSL and TLS SSL – Secure Socket Layer TLS – Transport Layer Security The common standards for securing network applications.
Network Security Chapter 8 Institute of Information Science and Technology. Chengdu University YiYong 2008 年 2 月 25 日.
Virtual Private Network (VPN)
Public-Key, Digital Signatures, Management, Security
Unit 8 Network Security.
Presentation transcript:

CS4241: Webware Class 25: A Few Short Topics Web Security 1 Copyright , Michael J. Ciaraldi

2 Favicon

3  An icon for a Web site, displayed o On the address bar. o With the bookmark.  Supported by many browsers. o Internet Explorer o Mozilla / Firefox o Opera o Not Lynx  For an intro: o

4 Using Favicon  Browser looks for image file favicon.ico o First in same directory as Web page. o Next in site’s home directory.  Can also request a specific icon. o Put this tag in the of the page: 

5 Making a Favicon  Must be an icon (.ico) file. o 16 x 16 pixels for menu. o 32 x 32 pixels for “large icon” view.  Will be scaled if necessary. o Both can be in the same file.  Many free icon editors. o resourceeditors.shtml resourceeditors.shtml o I used IconSuite.

6 Opening Other Pages & Passing Data to Them

7 Opening Other Pages  Tutorial: o vascript/article.php/ /So-You- Want-To-Open-A-Window-Huh.htm vascript/article.php/ /So-You- Want-To-Open-A-Window-Huh.htm o Use window.open(…) o You can create objects and functions, then pass them to the JavaScript in the other window.

8 Passing Data to Other Pages  An interesting example: o alendarpopup alendarpopup o Pops up a calendar in a new window. o Selected date returned to original window. var cal1 = new CalendarPopup(); cal1.select(inputObject, anchorname, dateformat);

9 Security

10 Security  Need for Security  Where security is implemented  Encryption  Network security  Virtual Private Networks

11 Need for Security  Isn’t it obvious?  Deliberate and accidental threats.  Consequences: o Lost or altered information. o Revealed information. o Financial loss. o Embarrassment.

12 Where is Security Implemented?  Within servers o Standard stuff  LAN / Wireless o Access control o Encryption  Along the Internet o Encryption

13 Network Security  Encryption (communications)  Authentication.  Access control.

14 Access Control  LAN o MAC address registration o User authentication  Wireless o As above o WEP / WPA

15 Encryption  Encryption algorithms o DES, Triple-DES o RSA o AES  Key length  Key systems

16 Key Systems  Public vs. Private  Symmetric vs. Asymmetric  Shared vs. Public  Public

17 Shared Key  One key shared between sender and receiver.  How to share it securely?  How to store it securely?  How to manage multiple communication partners?

18 Public / Private Key  Every entity has two keys, public and private.  Both needed to encrypt / decrypt.  Neither can be derived from the other.  PKI = Public Key Infrastructure

19 Using Public Key System  To send: o Encrypt with the recipient’s public key. o Recipient decrypts with his private key.  Alternative: o Encrypt with sender’s private key. o Recipient decrypts with sender’s public key.  Or both!  Which one guarantees what?

20 Authentication  Shared key  Public / private  Message digest / digital signature o Faster than complete encryption.  Are you sure public keys are valid?  Digital certificates o Hold public keys. o Can you trust them? o Can be revoked.

21 Network Communications Security  Physical  IPSEC  SSL

22 Physical Security  Pretty hard to be absolutely sure. o Wiretap o Hubs vs. Switches o Fiber optic  Extreme measures.

23 IPSEC  Based on PKI.  Must be in the kernel.  Standard in IPv6.  Optional in IPv4.  Adds headers, wraps packets.  Provides encryption and authentication.  Can disrupt traffic shaping.

24 IPSEC  Based on PKI.  Must be in the kernel.  Standard in IPv6.  Optional in IPv4.  Adds headers, wraps packets.  Provides encryption and authentication.  Can disrupt traffic shaping.

25 SSL  Secure Socket Layer  Based on PKI / Certificates  Operates above the OS. Why? o In the Web server o In the client

26 VPN  Virtual Private Network  Can be based on public or private keys.  Intercepts and tunnels packets based on address.  Can extend the LAN.

And Then There’s Cyberwar  Easiest: o DOS & DDOS.  Domain server hijacking.  Hijacking traffic by changing routing tables. 27

Next Times  Tuesday: Final Exam  Thursday: Future of the Web 28

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.