Presentation is loading. Please wait.

Presentation is loading. Please wait.

18-jan-962. ETH-W4 (ra)1 security on the Web l security l authentication l privacy.

Published byMeagan Newman Modified over 9 years ago

Similar presentations

Presentation on theme: "18-jan-962. ETH-W4 (ra)1 security on the Web l security l authentication l privacy."— Presentation transcript:

1 18-jan-962. ETH-W4 (ra)1 security on the Web l security l authentication l privacy

2 18-jan-962. ETH-W4 (ra)2 security on the Web 1. prevent attacks against Web clients and Web servers 2. guarantee private data exchange two “types” of security:

3 18-jan-962. ETH-W4 (ra)3 security on the Web l can you trust your browser ? l does your browser allow execution of scripts ? (i’m not talking about Java) l can you trust your helper applications ? threats to your Web client:

4 18-jan-962. ETH-W4 (ra)4 security on the Web l do not run the httpd as root ! l make sure the script directory is well protected ! l scripts must not allow uncontrolled execution of shell commands ! threats to your Web server:

5 18-jan-962. ETH-W4 (ra)5 security on the Web l turn off server side includes ! l beware security holes in httpd ! threats to your Web server (cont.):

6 18-jan-962. ETH-W4 (ra)6 security on the Web l use a bad helper application ! l enter sensitive data ! “non technical” threats: a malicious server may attract your attention and make you

7 18-jan-962. ETH-W4 (ra)7 authentication on the Web l identify a Web server or Web client l authenticate a buyer who submits an order l identify the author of an important document might be useful to:

8 18-jan-962. ETH-W4 (ra)8 privacy on the Web l sensitive data is transferred (e.g. a credit card number or a password) might be required, if:

9 18-jan-962. ETH-W4 (ra)9 more security on the Web l basic authentication l IP based access control l combination of the above simple means to improve security on the Web:

10 18-jan-962. ETH-W4 (ra)10 more security on the Web l data encryption (U.S. export restrictions apply !) l Pretty Good Privacy (PGP) l secure network layer (SSL, PCT) more sophisticated means to improve security on the Web:

11 18-jan-962. ETH-W4 (ra)11 more security on the Web l Kerberos based encryption l message digest (public domain !) l smart tokens (PCMCIA cards) more sophisticated means to improve security on the Web (cont.):

12 18-jan-962. ETH-W4 (ra)12 more security on the Web l U.S export restrictions on encryption algorithms with large keys ! l different approaches (applications with security features vs secure network layer) l reliable key distribution (e.g. PGP) open problems:

13 18-jan-962. ETH-W4 (ra)13 more security on the Web l there WILL be more security on the Web (commercialization !) l various implementations (e.g. NetScape’s SSL, Microsoft’s PCT) l we might end up with the same problems as with HTML (chaos !) what i expect:

14 18-jan-962. ETH-W4 (ra)14 security on the Web for more information, see trip report: http://www.ra.ethz.ch/WWW/WWW4/ tutorial_H.html can be found via “ETHZ Web related information” on ezInfo homepage.

Download ppt "18-jan-962. ETH-W4 (ra)1 security on the Web l security l authentication l privacy."

Similar presentations

Encrypting Wireless Data with VPN Techniques

Encrypting Wireless Data with VPN Techniques
Module 5: TLS and SSL 1. Overview Transport Layer Security Overview Secure Socket Layer Overview SSL Termination SSL in the Hosted Environment Load Balanced.

Module 5: TLS and SSL 1. Overview Transport Layer Security Overview Secure Socket Layer Overview SSL Termination SSL in the Hosted Environment Load Balanced.
Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.

Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.
Lori Fitterling LI843 SSL Secured Sockets Layer. What is Secure Sockets Layer (SSL)? It is protection of data transferred over the Internet using encryption.

Lori Fitterling LI843 SSL Secured Sockets Layer. What is Secure Sockets Layer (SSL)? It is protection of data transferred over the Internet using encryption.
BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.

BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.
CHAPTER 8: SECURITY IN COMPUTER NETWORKS Encryption Encryption Authentication Authentication E-Mail Security E-Mail Security Secure Sockets Layer Secure.

CHAPTER 8: SECURITY IN COMPUTER NETWORKS Encryption Encryption Authentication Authentication Security Security Secure Sockets Layer Secure.
SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.

SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.
18-jan-962. ETH-W4 (ra)1 feedback from the 4th WWW conference in boston 11-14. dec. 1995 reto ambühler.

18-jan-962. ETH-W4 (ra)1 feedback from the 4th WWW conference in boston dec reto ambühler.
1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:

1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:
19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.

19.1 Silberschatz, Galvin and Gagne ©2003 Operating System Concepts with Java Chapter 19: Security The Security Problem Authentication Program Threats.
Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.

Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.
Chapter 12 Network Security.

Chapter 12 Network Security.
 Key exchange o Kerberos o Digital certificates  Certificate authority structure o PGP, hierarchical model  Recovery from exposed keys o Revocation.

 Key exchange o Kerberos o Digital certificates  Certificate authority structure o PGP, hierarchical model  Recovery from exposed keys o Revocation.
Electronic Transaction Security (E-Commerce)

Electronic Transaction Security (E-Commerce)
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.
Intro to SSL/TLS Network Security Gene Itkis. 6/14/2015 Gene Itkis: CS558 Network Security 2 Origins Internet Engineering Task Force (IETF) –www.ietf.orgwww.ietf.org.

Intro to SSL/TLS Network Security Gene Itkis. 6/14/2015 Gene Itkis: CS558 Network Security 2 Origins Internet Engineering Task Force (IETF) –
Information Networking Security and Assurance Lab National Chung Cheng University Guidelines on Electronic Mail Security

Information Networking Security and Assurance Lab National Chung Cheng University Guidelines on Electronic Mail Security
Intro to SSL/TLS Network Security Gene Itkis. 6/23/2015 cs458-658 Network Security (Gene Itkis) 2 Origins Internet Engineering Task Force (IETF) –www.ietf.orgwww.ietf.org.

Intro to SSL/TLS Network Security Gene Itkis. 6/23/2015 cs Network Security (Gene Itkis) 2 Origins Internet Engineering Task Force (IETF) –
Using Internet Information Server And Microsoft ® Internet Explorer To Implement Security On The Intranet HTTP.

Using Internet Information Server And Microsoft ® Internet Explorer To Implement Security On The Intranet HTTP.
Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Similar presentations

Ads by Google