18-jan-962. ETH-W4 (ra)1 security on the Web l security l authentication l privacy.

Slides:

Advertisements

Similar presentations

Encrypting Wireless Data with VPN Techniques

Advertisements

Module 5: TLS and SSL 1. Overview Transport Layer Security Overview Secure Socket Layer Overview SSL Termination SSL in the Hosted Environment Load Balanced.

Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.

Lori Fitterling LI843 SSL Secured Sockets Layer. What is Secure Sockets Layer (SSL)? It is protection of data transferred over the Internet using encryption.

BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.

CHAPTER 8: SECURITY IN COMPUTER NETWORKS Encryption Encryption Authentication Authentication Security Security Secure Sockets Layer Secure.

SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.

18-jan-962. ETH-W4 (ra)1 feedback from the 4th WWW conference in boston dec reto ambühler.

1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:

19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.

Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.

Chapter 12 Network Security.

 Key exchange o Kerberos o Digital certificates  Certificate authority structure o PGP, hierarchical model  Recovery from exposed keys o Revocation.

Electronic Transaction Security (E-Commerce)

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

Intro to SSL/TLS Network Security Gene Itkis. 6/14/2015 Gene Itkis: CS558 Network Security 2 Origins Internet Engineering Task Force (IETF) –

Information Networking Security and Assurance Lab National Chung Cheng University Guidelines on Electronic Mail Security

Intro to SSL/TLS Network Security Gene Itkis. 6/23/2015 cs Network Security (Gene Itkis) 2 Origins Internet Engineering Task Force (IETF) –

Using Internet Information Server And Microsoft ® Internet Explorer To Implement Security On The Intranet HTTP.

Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Privacy - not readable Permanent - not alterable (can't edit, delete) Reliable - (changes detectable) But the data must be accessible to persons authorized.

Introduction To Windows NT ® Server And Internet Information Server.

Web server security Dr Jim Briggs WEBP security1.

Chapter 5 Managing a Server. Overview  Server management  Examine networking models  Learn how users are authenticated  Manage users and groups 

Access Control in IIS 6.0 Windows 2003 Server Prepared by- Shamima Rahman School of Science and Computer Engineering University of Houston - Clear Lake.

SSL (Secure Socket Layer) and Secure Web Pages Rob Sodders, University of Florida CIS4930 “Advanced Web Design” Spring 2004

APACHE SERVER By Innovationframes.com »

1 Authentication Protocols Celia Li Computer Science and Engineering York University.

 ENGR 1110 Introduction to Engineering – Cyber Security Allison Holt, Adam Brown Auburn University.

11 SECURING INTERNET MESSAGING Chapter 9. Chapter 9: SECURING INTERNET MESSAGING2 CHAPTER OBJECTIVES  Explain basic concepts of Internet messaging. 

FORESEC Academy FORESEC Academy Security Essentials (II)

Securing Data at the Application Layer Planning Authenticity and Integrity of Transmitted Data Planning Encryption of Transmitted Data.

E-Commerce Security Technologies : Theft of credit card numbers Denial of service attacks (System not availability ) Consumer privacy (Confidentiality.

Copyright 2000 eMation SECURITY - Controlling Data Access with

Electronic Payments E-payment methods –Credit cards –Electronic funds transfer (EFT) –E-payments Smart cards Digital cash and script Digital checks E-billing.

Protecting Internet Communications: Encryption  Encryption: Process of transforming plain text or data into cipher text that cannot be read by anyone.

E-Commerce Security Professor: Morteza Anvari Student: Xiaoli Li Student ID: March 10, 2001.

Security Protocols and E-commerce University of Palestine Eng. Wisam Zaqoot April 2010 ITSS 4201 Internet Insurance and Information Hiding.

Internet Security. 2 PGP is a security technology which allows us to send that is authenticated and/or encrypted. Authentication confirms the identity.

A Distributive Server Alberto Pareja-Lecaros. Introduction Uses of distributive computing - High powered applications - Ever-expanding server so there’s.

Security Many secure IT systems are like a house with a locked front door but with a side window open -somebody.

COSC 513 Operating Systems Project Presentation: Internet Security Instructor: Dr. Anvari Student: Ying Zhou Spring 2003.

Traditional Security Issues Confidentiality –Prevent unauthorized access or reading of information Integrity –Insure that writing or operations are allowed.

Security fundamentals Topic 9 Securing internet messaging.

Active Directory. Computers in organizations Computers are linked together for communication and sharing of resources There is always a need to administer.

Secure Transactions Chapter 17. The user's machine No control over security of user's machine –Might be in very insecure: library, school, &c. Users disable.

Chapter 7 : Web Security Lecture #1-Week 12 Dr.Khalid Dr. Mohannad Information Security CIT 460 Information Security Dr.Khalid Dr. Mohannad 1.

@Yuan Xue CS 285 Network Security Fall 2012 Yuan Xue.

Encryption and Security Tools for IA Management Nick Hornick COSC 481 Spring 2007.

1 Example security systems n Kerberos n Secure shell.

APACHE Apache is generally recognized as the world's most popular Web server (HTTP server). Originally designed for Unix servers, the Apache Web server.

SSL: Secure Socket Layer By: Mike Weissert. Overview Definition History & Background SSL Assurances SSL Session Problems Attacks & Defenses.

TOPIC: HTTPS (Security protocol)

Network Security Gene Itkis

SUBMITTED BY: NAIMISHYA ATRI(7TH SEM) IT BRANCH

Security in Web Applications

CLIENT/SERVER COMPUTING ENVIRONMENT

Web Servers / Deployment

APACHE WEB SERVER.

Unit 8 Network Security.

Operating System Concepts

Designing IIS Security (IIS – Internet Information Service)

Module 4 System and Application Security

Presentation transcript:

18-jan-962. ETH-W4 (ra)1 security on the Web l security l authentication l privacy

18-jan-962. ETH-W4 (ra)2 security on the Web 1. prevent attacks against Web clients and Web servers 2. guarantee private data exchange two “types” of security:

18-jan-962. ETH-W4 (ra)3 security on the Web l can you trust your browser ? l does your browser allow execution of scripts ? (i’m not talking about Java) l can you trust your helper applications ? threats to your Web client:

18-jan-962. ETH-W4 (ra)4 security on the Web l do not run the httpd as root ! l make sure the script directory is well protected ! l scripts must not allow uncontrolled execution of shell commands ! threats to your Web server:

18-jan-962. ETH-W4 (ra)5 security on the Web l turn off server side includes ! l beware security holes in httpd ! threats to your Web server (cont.):

18-jan-962. ETH-W4 (ra)6 security on the Web l use a bad helper application ! l enter sensitive data ! “non technical” threats: a malicious server may attract your attention and make you

18-jan-962. ETH-W4 (ra)7 authentication on the Web l identify a Web server or Web client l authenticate a buyer who submits an order l identify the author of an important document might be useful to:

18-jan-962. ETH-W4 (ra)8 privacy on the Web l sensitive data is transferred (e.g. a credit card number or a password) might be required, if:

18-jan-962. ETH-W4 (ra)9 more security on the Web l basic authentication l IP based access control l combination of the above simple means to improve security on the Web:

18-jan-962. ETH-W4 (ra)10 more security on the Web l data encryption (U.S. export restrictions apply !) l Pretty Good Privacy (PGP) l secure network layer (SSL, PCT) more sophisticated means to improve security on the Web:

18-jan-962. ETH-W4 (ra)11 more security on the Web l Kerberos based encryption l message digest (public domain !) l smart tokens (PCMCIA cards) more sophisticated means to improve security on the Web (cont.):

18-jan-962. ETH-W4 (ra)12 more security on the Web l U.S export restrictions on encryption algorithms with large keys ! l different approaches (applications with security features vs secure network layer) l reliable key distribution (e.g. PGP) open problems:

18-jan-962. ETH-W4 (ra)13 more security on the Web l there WILL be more security on the Web (commercialization !) l various implementations (e.g. NetScape’s SSL, Microsoft’s PCT) l we might end up with the same problems as with HTML (chaos !) what i expect:

18-jan-962. ETH-W4 (ra)14 security on the Web for more information, see trip report: tutorial_H.html can be found via “ETHZ Web related information” on ezInfo homepage.