Computer security: certification Frans Kaashoek 6.033 Spring 2007.

Slides:

Advertisements

Similar presentations

Enabling Secure Internet Access with ISA Server

Advertisements

DEV034 -Web Applications, Introduction

State of Connecticut Department of Information Technology Single Sign On and The Identity Vault Presented by Edward Wilson.

School of Computer and Security Science Edith Cowan University Hooray for Reading The Kindle and You Peter Hannay

Introduction to the Internet September 7, 2005 Lecture 1.

Skills: none Concepts: protocol, hypertext transfer protocol, standard This work is licensed under a Creative Commons Attribution-Noncommercial-Share Alike.

The Information School of the University of Washington Oct university of washington1 Networking INFO/CSE 100, Fall 2006 Fluency in Information.

Embracing the chaos mark lorenc

Lecture 7, : The Internet, Summer : The Internet Lecture 7: Web Services I David O’Hallaron School of Computer Science and Department.

1 HTTP and some other odds and ends Nelson Padua-Perez Bill Pugh Department of Computer Science University of Maryland, College Park.

1 HTTP – HyperText Transfer Protocol Part 1. 2 Common Protocols In order for two remote machines to “ understand ” each other they should –‘‘ speak the.

CS320 Web and Internet Programming Handling HTTP Requests Chengyu Sun California State University, Los Angeles.

CSE 190: Internet Commerce Lecture 4: Web Servers.

Programming Project #3CS-4513, D-Term Programming Project #3 Simple Web Server CS-4513 D-Term 2007 (Slides include materials from Operating System.

The Information School of the University of Washington Oct university of washington1 Hypertext Markup Language INFO/CSE 100, Fall 2006 Fluency.

HTTP over SSL RFC 2818 RFC 2817.

1 Web Search Interfaces. 2 Web Search Interface Web search engines of course need a web-based interface. Search page must accept a query string and submit.

Outcomes Know what are CGI Environment Variables Know how to use environment variables How to process A simple Query Form Able to use URL Encoding rules.

CS 142 Lecture Notes: HTTPSlide 1 HTTP Request GET /index.html HTTP/1.1 Host: User-Agent: Mozilla/5.0 Accept: text/html, */* Accept-Language:

CSC 2720 Building Web Applications Servlet – Getting and Setting HTTP Headers.

Lecture 4: stateful inspection, advanced protocols Roei Ben-Harush 2015.

1 Advanced Application and Web Filtering. 2 Common security attacks Finding a way into the network Exploiting software bugs, buffer overflows Denial of.

Copyright (c) 2011, FireEye, Inc. All rights reserved. | CONFIDENTIAL 1 Stopping Next-Gen Threats Dan Walters – Sr. Systems Engineer Mgr.

How to Detect a Client’s Browser Senior Seminar CS498.

ECE Prof. John A. Copeland Office: Klaus or call.

Web technologies and programming cse hypermedia and multimedia technology Fanis Tsandilas April 3, 2007.

Presenter, Sai Krishna.  Introduction to session management  Ways of doing session management  Creating and Handling cookies  Problems with User sessions.

What are Web Services? Definition of web service A web service is a distributed unit of business logic that can be accessed over Internet standard web.

COMP3016 Web Technologies Introduction and Discussion What is the Web?

Basic Network Services IMT 546 – Lab 4 December 4, 2004 Agueda Sánchez Shannon Layden Peyman Tajbakhsh.

HTTP Reading: Section and COS 461: Computer Networks Spring

CS 190 Lecture Notes: Tweeter ProjectSlide 1 Uniform Resource Locators (URLs) Scheme Host.

WebServer A Web server is a program that, using the client/server model and the World Wide Web's Hypertext Transfer Protocol (HTTP), serves the files that.

Chapter 5 HTTP Request Headers. Content 1.Request headers 2.Reading Request Headers 3.Making a Table of All Request Headers 4.Sending Compressed Web Pages.

COMP 655: Distributed/Operating Systems Summer 2011 Dr. Chunbo Chu Week 10: Web 10/6/20151Distributed Systems - COMP 655.

CS320 Web and Internet Programming Handling HTTP Requests Chengyu Sun California State University, Los Angeles.

Dyalog’09. Overview of MildServer Morten Kromberg Dyalog’09 – Princeton, NJ.

SOAP & WSDL Aug’10 – Dec ’10. Introduction  SOAP - Simple Object Access protocol Protocol specification for exchanging structured information in the.

1 Introductory material. This module illustrates the interactions of the protocols of the TCP/IP protocol suite with the help of an example. The example.

Web Spiders Dan Reeves Bill Walsh HDIW EECS February 2000.

1 CS 4396 Computer Networks Lab TCP/IP Networking An Example.

HTTP1 Hypertext Transfer Protocol (HTTP) After this lecture, you should be able to:  Know how Web Browsers and Web Servers communicate via HTTP Protocol.

Lecture 16: Security CDK4: Chapter 7 CDK5: Chapter 11 TvS: Chapter 9.

Covert Tunnels in your Network Next Generation Network Warfare David Gordon Gabriel Girard Universite de Sherbrooke.

Topics Network topology Virtual LAN Port scanners and utilities Packet sniffers Weak protocols Practical exercise.

Pertemuan #10 Secure HTTP (HTTPS) Kuliah Pengaman Jaringan.

HTTP How the Internet servers and clients communicate.

HTTP Here, we examine the hypertext transfer protocol (http) – originally introduced around 1990 but not standardized until 1997 (version 1.0) – protocol.

1 10/19/05CS360 Windows Programming ASP.NET. 2 10/19/05CS360 Windows Programming ASP.NET  ASP.NET works on top of the HTTP protocol  Takes advantage.

Overview of Servlets and JSP

PHP Security Ryan Dunn Jason Pack. Outline PHP Overview PHP Overview Common Security Issues Common Security Issues Advanced Security Issues Advanced Security.

SESSION AND COOKIE MANAGEMENT IN.NET. Topics Covered Introduction to session management Ways of doing session management Creating and Handling cookies.

LURP Details. LURP Lab Details  1.Given a GET … call a proxy CGI script in the same way you would for a normal CGI request  2.This UDP perl.

Computer security: authentication of principals and cryptographic protocols Frans Kaashoek Spring 2007.

1 Introductory material. This module illustrates the interactions of the protocols of the TCP/IP protocol suite with the help of an example. The example.

表單 (Form). … Ex. … method  method="get"  URL:  HTTP message entity: none  不可超過 256 個字元  method="post"

DEV336. demo HTTP Packet Trace GET / HTTP/1.1 Accept: text/html, application/xhtml+xml, */* Accept-Language: en-US User-Agent: Mozilla/5.0 (compatible;

Unit 2 Personal Cyber Security and Social Engineering Part 2.

Fiddler and Your Website Robert Boedigheimer. About Me Web developer since 1995 Columnist for aspalliance.com Pluralsight Author 3 rd Degree Black Belt,

Lecture 4: Stateful Inspection, Advanced Protocols.

Lecture 10 Page 1 CS 236 Online Encryption and Network Security Cryptography is widely used to protect networks Relies on encryption algorithms and protocols.

“My Company's Intellectual Property Went to China and All I Got Was This Lousy Pink Slip” Defending Against Data-Exfiltrating Malware Joe Stewart, GCIH.

6.033 Lecture 24 Protocols and Authorization Nickolai Zeldovich Spring 2009.

HTTP – An overview.

Module 8: Securing Network Traffic by Using IPSec and Certificates

Computer security: certification

Module 8: Securing Network Traffic by Using IPSec and Certificates

Presentation transcript:

Computer security: certification Frans Kaashoek Spring 2007

How confidential is traffic in this lecture room? sudo tcpdump -s 0 -Ai en1 –Complete trace of all packets on wirelessc3d4 c3d4 a1b –You shouldn’t do this Example: 13:57: IP mdns > mdns: 0 [4a] [4q] SRV? Ben’s music._daap._tcp.local. TXT? Ben’s music._daap._tcp.local. A? ben-powerbook-g4- 15.local. AAAA? ben-powerbook-g4-15.local. (367)

Example Data inside packet GET /tracking/tracking.cgi?tracknum=1Z HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shock wave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application /msword, */* Accept-Language: en-us Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1;.NET CLR ; InfoPath.1) Host: wwwapps.ups.com Connection: Keep-Alive

URLs are visible in Referer and in the GET command

Auxiliary Material for Lecture

Research into Video Streaming for DP2?

GMail is not encrypted by default Passed in the clear: –Contacts lists –GCalendar events GZipped text –Inbox entries –Mail messages ["112677a23fed4887",0,0,"12:58 pm","\u003cspan gnu.org\"\>Richard Stallman\u003c/span\>"," ","[csail- related] Thwart big brother--trade charlie cards. 13:45 Tuesday at rm 381","I have a charlie card with zero value currently stored on on it which I used for a couple of …",[],"","112677a23fed4887",0,"Mon May _12:58 PM",0,"",0,0,1] Hint: Change the GMail URL to !

IChat is Plaintext strings log.dump | grep ichatballoon | cut -d\> -f 4- A: it's just better not to reveal personal information B: why? A: I dunno, identity theft and stuff B: oh, okay A: maybe I just won't worry about it

Authentication logic (p 11-83) 1. Delegation of authority: –If A says (B speaks for A)  B speaks for A 2. Use of delegated authority: –If B speaks for A and B says (A says X)  A says X 3. Chaining of delegation –If B speaks for A and A speaks for C  B speaks for C

Example 0. {A: M} KApriv if verify(..., K Apub ) accepts then: 1.K Apriv says A says M if K Apriv speaks for K Apub, apply rule 3: 2.K Apub says A says M if K Apub speaks for A, apply rule 2: 3.A says M does K Apub speak for A?

1. {K Apub speaks for A} KMITpriv if verifies with K MITpub 2. K MITpriv says K Apub speaks for A if K MITpriv speaks for K MITpub 3. K MITpub says K Apub speaks for A if K MITpub speaks for MIT 4. MIT says K Apub speaks for A if MIT speaks for A 5. K Apub speaks for A