Presentation is loading. Please wait.

Presentation is loading. Please wait.

CS4241: Webware Class 25: A Few Short Topics Web Security 1 Copyright 2004-2010, Michael J. Ciaraldi.

Published byArnold Spencer Modified over 8 years ago

Similar presentations

Presentation on theme: "CS4241: Webware Class 25: A Few Short Topics Web Security 1 Copyright 2004-2010, Michael J. Ciaraldi."— Presentation transcript:

1 CS4241: Webware Class 25: A Few Short Topics Web Security 1 Copyright 2004-2010, Michael J. Ciaraldi

2 2 Favicon

3 3  An icon for a Web site, displayed o On the address bar. o With the bookmark.  Supported by many browsers. o Internet Explorer o Mozilla / Firefox o Opera o Not Lynx  For an intro: o http://www.thesitewizard.com/archive/favicon.shtml http://www.thesitewizard.com/archive/favicon.shtml

4 4 Using Favicon  Browser looks for image file favicon.ico o First in same directory as Web page. o Next in site’s home directory.  Can also request a specific icon. o Put this tag in the of the page: 

5 5 Making a Favicon  Must be an icon (.ico) file. o 16 x 16 pixels for menu. o 32 x 32 pixels for “large icon” view.  Will be scaled if necessary. o Both can be in the same file.  Many free icon editors. o http://www.thefreecountry.com/programming/ resourceeditors.shtml http://www.thefreecountry.com/programming/ resourceeditors.shtml o I used IconSuite.

6 6 Opening Other Pages & Passing Data to Them

7 7 Opening Other Pages  Tutorial: o http://www.htmlgoodies.com/beyond/ja vascript/article.php/3471221/So-You- Want-To-Open-A-Window-Huh.htm http://www.htmlgoodies.com/beyond/ja vascript/article.php/3471221/So-You- Want-To-Open-A-Window-Huh.htm o Use window.open(…) o You can create objects and functions, then pass them to the JavaScript in the other window.

8 8 Passing Data to Other Pages  An interesting example: o http://www.mattkruse.com/javascript/c alendarpopup http://www.mattkruse.com/javascript/c alendarpopup o Pops up a calendar in a new window. o Selected date returned to original window. var cal1 = new CalendarPopup(); cal1.select(inputObject, anchorname, dateformat);

9 9 Security

10 10 Security  Need for Security  Where security is implemented  Encryption  Network security  Virtual Private Networks

11 11 Need for Security  Isn’t it obvious?  Deliberate and accidental threats.  Consequences: o Lost or altered information. o Revealed information. o Financial loss. o Embarrassment.

12 12 Where is Security Implemented?  Within servers o Standard stuff  LAN / Wireless o Access control o Encryption  Along the Internet o Encryption

13 13 Network Security  Encryption (communications)  Authentication.  Access control.

14 14 Access Control  LAN o MAC address registration o User authentication  Wireless o As above o WEP / WPA

15 15 Encryption  Encryption algorithms o DES, Triple-DES o RSA o AES  Key length  Key systems

16 16 Key Systems  Public vs. Private  Symmetric vs. Asymmetric  Shared vs. Public  Public

17 17 Shared Key  One key shared between sender and receiver.  How to share it securely?  How to store it securely?  How to manage multiple communication partners?

18 18 Public / Private Key  Every entity has two keys, public and private.  Both needed to encrypt / decrypt.  Neither can be derived from the other.  PKI = Public Key Infrastructure

19 19 Using Public Key System  To send: o Encrypt with the recipient’s public key. o Recipient decrypts with his private key.  Alternative: o Encrypt with sender’s private key. o Recipient decrypts with sender’s public key.  Or both!  Which one guarantees what?

20 20 Authentication  Shared key  Public / private  Message digest / digital signature o Faster than complete encryption.  Are you sure public keys are valid?  Digital certificates o Hold public keys. o Can you trust them? o Can be revoked.

21 21 Network Communications Security  Physical  IPSEC  SSL

22 22 Physical Security  Pretty hard to be absolutely sure. o Wiretap o Hubs vs. Switches o Fiber optic  Extreme measures.

23 23 IPSEC  Based on PKI.  Must be in the kernel.  Standard in IPv6.  Optional in IPv4.  Adds headers, wraps packets.  Provides encryption and authentication.  Can disrupt traffic shaping.

24 24 IPSEC  Based on PKI.  Must be in the kernel.  Standard in IPv6.  Optional in IPv4.  Adds headers, wraps packets.  Provides encryption and authentication.  Can disrupt traffic shaping.

25 25 SSL  Secure Socket Layer  Based on PKI / Certificates  Operates above the OS. Why? o In the Web server o In the client

26 26 VPN  Virtual Private Network  Can be based on public or private keys.  Intercepts and tunnels packets based on address.  Can extend the LAN.

27 And Then There’s Cyberwar  Easiest: o DOS & DDOS.  Domain server hijacking.  Hijacking traffic by changing routing tables. 27

28 Next Times  Tuesday: Final Exam  Thursday: Future of the Web 28

Download ppt "CS4241: Webware Class 25: A Few Short Topics Web Security 1 Copyright 2004-2010, Michael J. Ciaraldi."

Similar presentations

Public Key Infrastructure and Applications

Public Key Infrastructure and Applications
Virtual Private Networks

Virtual Private Networks
Network Security.

Network Security.
Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.

Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.
Security S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks1 Contents Security requirements Public key cryptography Key agreement/transport.

Security S Wireless Personal, Local, Metropolitan, and Wide Area Networks1 Contents Security requirements Public key cryptography Key agreement/transport.
CHAPTER 8: SECURITY IN COMPUTER NETWORKS Encryption Encryption Authentication Authentication E-Mail Security E-Mail Security Secure Sockets Layer Secure.

CHAPTER 8: SECURITY IN COMPUTER NETWORKS Encryption Encryption Authentication Authentication Security Security Secure Sockets Layer Secure.
Grid Computing Basics From the perspective of security or An Introduction to Certificates.

Grid Computing Basics From the perspective of security or An Introduction to Certificates.
1.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 1: Introducing Windows Server.

1.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 1: Introducing Windows Server.
Web Security CS-431. HTTP Authentication Protect web content from those who don’t have a “need to know” Require users to authenticate using a userid/password.

Web Security CS-431. HTTP Authentication Protect web content from those who don’t have a “need to know” Require users to authenticate using a userid/password.
1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:

1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:
1 Configuring Virtual Private Networks for Remote Clients and Networks.

1 Configuring Virtual Private Networks for Remote Clients and Networks.
Encryption and Firewalls Chapter 7. Learning Objectives Understand the role encryption plays in firewall architecture Know how digital certificates work.

Encryption and Firewalls Chapter 7. Learning Objectives Understand the role encryption plays in firewall architecture Know how digital certificates work.
Lesson 12 Cryptography for E-Commerce. Approaches to Network Security Separate Security Protocol--SSL Application-Specific Security--SHTTP Security with.

Lesson 12 Cryptography for E-Commerce. Approaches to Network Security Separate Security Protocol--SSL Application-Specific Security--SHTTP Security with.
Network Security Chapter 8. Cryptography Introduction to Cryptography Substitution Ciphers Transposition Ciphers One-Time Pads Two Fundamental Cryptographic.

Network Security Chapter 8. Cryptography Introduction to Cryptography Substitution Ciphers Transposition Ciphers One-Time Pads Two Fundamental Cryptographic.
Guide to Network Defense and Countermeasures Second Edition

Guide to Network Defense and Countermeasures Second Edition
6/3/2015topic1 Web Security Qiang Yang Simon Fraser University Thanks: Francis Lau (HKU)

6/3/2015topic1 Web Security Qiang Yang Simon Fraser University Thanks: Francis Lau (HKU)
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
Core Web Service Security Patterns

Core Web Service Security Patterns
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

Similar presentations

Ads by Google