SSL (Secure Socket Layer) and Secure Web Pages Rob Sodders, University of Florida CIS4930 “Advanced Web Design” Spring 2004

Slides:



Advertisements
Similar presentations
SECURE SITES. A SECURE CONNECTION TERMS Secure Sockets Layer (SSL) An older Internet protocol that allows for data transmission between server and client.
Advertisements

Cryptography and Network Security
By: Hassan Waqar.  A PROTOCOL for securely transmitting data via the internet.  NETWORK LAYER application.  Developed by NETSCAPE.
SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.
By: Mr Hashem Alaidaros MIS 326 Lecture 6 Title: E-Business Security.
SSL & SharePoint IT:Network:Applications. Agenda Secure Socket Layer Encryption 101 SharePoint Customization SharePoint Integration.
1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.
1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:
Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.
6/3/2015topic1 Web Security Qiang Yang Simon Fraser University Thanks: Francis Lau (HKU)
Electronic Transaction Security (E-Commerce)
CSI 400/500 Operating Systems Spring 2009 Lecture #20 – Security Measures Wednesday, April 29 th.
Business Data Communications, Fourth Edition Chapter 10: Network Security.
EECC694 - Shaaban #1 lec #16 Spring Properties of Secure Network Communication Secrecy: Only the sender and intended receiver should be able.
Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Chapter Extension 23 SSL/TLS and //https © 2008 Pearson Prentice Hall, Experiencing MIS, David Kroenke.
How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.
Access Control in IIS 6.0 Windows 2003 Server Prepared by- Shamima Rahman School of Science and Computer Engineering University of Houston - Clear Lake.
 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.
Apache Security with SSL Using FreeBSD SANOG VI IP Services Workshop July 18, 2005 Hervey Allen Network Startup Resource Center.
How It Applies In A Virtual World
11 SUPPORTING INTERNET EXPLORER IN WINDOWS XP Chapter 11.
Alpha Five User Group, Bill Parker, SSL Security and WAS, July 2007 SSL Security with Alpha Five App Server Protecting sensitive or personal data.
CSCI 6962: Server-side Design and Programming
The World-Wide Web. Why we care? How much of your personal info was released to the Internet each time you view a Web page? How much of your personal.
SYSTEM ADMINISTRATION Chapter 13 Security Protocols.
Session 11: Security with ASP.NET
Masud Hasan Secue VS Hushmail Project 2.
Implementing ISA Server Publishing. Introduction What Are Web Publishing Rules? ISA Server uses Web publishing rules to make Web sites on protected networks.
E-Commerce Security Technologies : Theft of credit card numbers Denial of service attacks (System not availability ) Consumer privacy (Confidentiality.
© FPT SOFTWARE – TRAINING MATERIAL – Internal use 04e-BM/NS/HDCV/FSOFT v2/3 Securing a Microsoft ASP.NET Web Application.
Apache and... Virtual Hosts ---- aliases mod_rewrite ---- htaccess AFNOG 11 Kigali, Rwanda May 2010 Dorcas Muthoni Courtesy: Hervey Allen.
Protecting Internet Communications: Encryption  Encryption: Process of transforming plain text or data into cipher text that cannot be read by anyone.
E-Commerce Security Professor: Morteza Anvari Student: Xiaoli Li Student ID: March 10, 2001.
Types of Electronic Infection
Hands On Networking Network Applications Ram P Rustagi, ISE Dept Kundan Kumar, MCA Dept Manini Sahoor, MCA Dept Ravi Teja, MCA Dept Sourav.
Digital Envelopes, Secure Socket Layer and Digital Certificates By: Anthony and James.
SE-2840 Dr. Mark L. Hornick1 Web Application Security.
1 SSL - Secure Sockets Layer The Internet Engineering Task Force (IETF) standard called Transport Layer Security (TLS) is based on SSL.
Data Encryption using SSL Topic 5, Chapter 15 Network Programming Kansas State University at Salina.
System Security: Cryptography Technologies CPE Operating Systems
McLean HIGHER COMPUTER NETWORKING Lesson 8 E-Commerce Explanation of ISP Description of E-commerce Description of E-sales.
TCP/IP (Transmission Control Protocol / Internet Protocol)
PHP Secure Communications Web Technologies Computing Science Thompson Rivers University.
Security fundamentals Topic 5 Using a Public Key Infrastructure.
Chapter 12: How Private are Web Interactions?. Why we care? How much of your personal info was released to the Internet each time you view a Web page?
Web Technology – Web Server Setup : Chris Uriarte Meeting 4: Advanced Topics, Continued: Securing the Apache Server and Apache Performance Tuning Rutgers.
© Copyright 2009 SSLPost 01. © Copyright 2009 SSLPost 02 a recipient is sent an encrypted that contains data specific to that recipient the data.
 authenticated transmission  secure tunnel over insecure public channel  host to host transmission is typical  service independent WHAT IS NEEDED?
Secure Transactions Chapter 17. The user's machine No control over security of user's machine –Might be in very insecure: library, school, &c. Users disable.
SSH. 2 SSH – Secure Shell SSH is a cryptographic protocol – Implemented in software originally for remote login applications – One most popular software.
Secure Socket Layer Protocol Dr. John P. Abraham Professor, UTRGV.
Electronic Banking & Security Electronic Banking & Security.
SSL: Secure Socket Layer By: Mike Weissert. Overview Definition History & Background SSL Assurances SSL Session Problems Attacks & Defenses.
Authentication & Authorisation Is the user allowed to access the site?
TOPIC: HTTPS (Security protocol)
Setting and Upload Products
SSL Certificates for Secure Websites
Authentication & .htaccess
PAYMENT GATEWAY Presented by SHUJA ASHRAF SHAH ENROLL: 4471
Chapter 8 Building the Transaction Database
How to Check if a site's connection is secure ?
Using SSL – Secure Socket Layer
Security in Web Applications
Created by : Ashish Shah, J.M. PATEL COLLEGE OF COMMERCE
Created by : Ashish Shah, J.M. PATEL COLLEGE OF COMMERCE
Designing IIS Security (IIS – Internet Information Service)
Electronic Payment Security Technologies
Presentation transcript:

SSL (Secure Socket Layer) and Secure Web Pages Rob Sodders, University of Florida CIS4930 “Advanced Web Design” Spring 2004

What is SSL? SSL = Secure Socket Layer SSL transmits information over the internet in encrypted form. The SSL protocol ensures that a transmission is sent only from client to server. SSL was originally developed by Netscape to provide secure transmission between a web browser and web server.

What is SSL? The SSL protocol provides 40-bit 1 and 128-bit encryption. The usage of the SSL protocol is commonly denoted by a URL beginning with ‘https’ (though this is not always the case and likewise ‘https’ does not always imply the use of SSL). (1) – 40 bit encryption = 1,099,511,627,776 possible key combinations

Why use SSL? Data is usually sent across the internet in plain text. Unscrupulous individuals often use applications, commonly called “Sniffers” that search for patterns that represent potentially valuable information, including but not limited to Credit Card Numbers, Social Security Numbers, User Names/Passwords, etc.

How does SSL Work?

Three parts to the SSL protocol:  SSL Server authentication and/or  SSL Client authentication,  as well as an encrypted SSL connection.

How does SSL Work? Client-Side Authentication Allows user to check that server’s certificate and public ID are valid. The user’s identity with this information can be verified with this information Checks that certificate is issued by a trusted certificate authority (i.e. VeriSign). These can be expensive. Commonly used in online sales. Server-Side Authentication  Allows user to check that server’s certificate and public ID are valid. The user’s identity with this information can be verified with this information  Checks that a certificate is issued by trusted certificate authority (in this case it is often the provided to the client by “the Server” (not in a physical sense)  Not as frequently used. Useful when a server needs to validate the identity of the user (i.e. a bank sending confidential information to a customer).

How Does SSL Work? An encrypted SSL connection - ensures all information sent between a client and a server to be encrypted by the sending software and decrypted by the receiving software, thus providing a high degree of confidentiality. All data sent over an encrypted SSL connection is protected with a mechanism for detecting tampering--that is, for automatically determining whether the data has been altered in transit.

Implementing SSL on your site. First some limitations:  You’re unlikely to have purchased a certificate from a trusted provide (the cost of a VeriSign certificate begins at $350 year!!).  SSL toolkit/protocol must be installed on your server. Most servers will have this installed. If not you may wish to point your System Administrator to OpenSSL (  Open SSL is installed on most “LAMP” setups.

Implementing SSL on your site. This example is not on my CIS4930 page, but on my CISE homepage. We don’t have a certificate so in actuality this will “basic authentication”. Hopefully this will make the demo a bit more useful for everyone (it may be particulary useful for anyone taking CEN3031 or CIS4301 in the future when attempting the project(s).)

Implementing SSL on your site In the various directories of your web page you need to have a htaccess file (on most servers though it is.htaccess file). We’ll do an example using basic authentication first and the go about how you would implement SSL. SIDENOTE: You can do many things with your htaccess including setting a different default homepage (other than index.html), blocking and/or allowing only certain IP addresses and domains, allowing only certain browsers and OS.

Your htaccess file If you don’t have a htaccess file visit CISE Web Help to help in creating one for your CISE account.CISE Web Help Your htaccess file should have something like this: AuthUserFile /cise/homes/rsodders/public_html/cis4930/private/htpasswd AuthName Test AuthType Basic require user test

Creating user file on CISE To create password for the user test at the command prompt: htpasswd -c /cise/homes/rsodders/public_html/cis4930/private/htpasswd test

Creating user file on CISE You’ll be prompted to enter the password for the user (I’ve used ‘cis4930’). Ex. New password: Re-type new password: Adding password for user test

Creating user file on CISE private/ is now using basic encryption. private/

If we had a SSL certificate.. In the “htaccess” fille: Replace AuthUserFile with the address of your installed/purchased certificate. Replace AuthType with ‘SSL’. Replace/add require with the certificate that the client must have.

Sources Netscape SSL Info: curity/sslin/contents.htm curity/sslin/contents.htm CISE SSL Certificate: CISE htaccess:

Download these Slides…

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.