9 Basic Access Authentication Example: Browser displays Username/Password prompt displaying host name and authentication realm.
10 Basic Access Authentication Example: Client Resubmits Request with Username/Password GET /download/report.doc HTTP/1.1 Accept: application/msword, */* Accept-Language: en-us Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0) Host: :81 Connection: Keep-Alive Authorization: Basic ZnJhbms6ZmllZGxlcg==
11 Basic Access Authentication Example: Server compares client information to its user/password list. 3 Possibilitys: username : password is valid: server sends requested content. authorization fails: server resends 401 Authorization Required header Client hits cancel: browser shows error message sent along with 401 message.
12 Basic Access Authentication Problem: The Username/Password is sent in cleartext Authorization: Basic ZnJhbms6ZmllZGxlcg== "ZnJhbms6ZmllZGxlcg==" -> base64decode() -> "frank:fiedler"
13 Basic Access Authentication Solution: Digest Access Authentication Password won't be sent in cleartext Password will be sent encrypted (normaly as md5 hash of the password and some other values)
15 Digest Access Authentication Description of the aditional attributes realm: Displayed to User in Login-Formula qop: quality of protection for backward compatibility with RFC The value "auth" indicates authentication; - the value "auth-int" indicates authentication with integrity protection nonce: server-specified quoted data string uniquely generated each time a 401 response is made. opaque: quoted data string replied unchanged the whole session by the client; might be used for session tracking stale: flag set if the client requests a new nonce value TRUE: - if the client wants to reauthenticate - if the server gets an outdated nonce value but correct user/password from the client algorithm: one or more algorithms used to encrypt user/password
17 Digest Access Authentication Description of the aditional attributes username: the username in cleartext realm: the realm the user wants to authenticate to qop: the quality of protection selected by the client -mustbepresentiftheserversenta qop directive cnonce: client generated unique data string - must be present if qop is present nc: nonce-count - the count of requests sent by the client - must be present if qop is present response: encrypted password
18 Digest Access Authentication How the response is encrypted depending on qop its the md5 Hash of various attributes
19 Proxy-Authentication and Proxy- Authorization This authentication scheme may also be used for authenticating users to proxies, proxies to proxies, or proxies to origin servers by use of the Proxy-Authenticate and Proxy- Authorization headers.
20 Proxy-Authentication and Proxy- Authorization Just replace the Authentication-Header: HTTP/ Unauthorized WWW-Authenticate: Digest... would be: HTTP/ Proxy Authentication Required Proxy-Authenticate: Digest...
21 Security Considerations Basic Authentication Very insecure because of cleartext transmition of username/password (Man in the middle/network sniffering)
22 Security Considerations Digest Authentication Replay Attacks Depending on the way the nonce-value is created can be completely avoid (if nessecary) if each nonce-value is only used once
23 Security Considerations Digest Authentication Multiple Authentication Schemes some Browsers only support Basic Authentication
24 Security Considerations Digest Authentication Online dictionary attacks to avoid them force the usage of "strong" passwords, not listed in any dictionary
25 Security Considerations Digest Authentication Man in the Middle - remove all offered choices, replacing them with a challenge that requests only Basic authentication (may realized as http-proxy) -> Useragents should display the authmechanism
26 Security Considerations Digest Authentication Man in the Middle - eve sends the same nonce to more clients -> time to find the first pwd will be reduced -> if one password is known all passwords can be decrypted can be avoid using the cnonce-directive by the clients
27 Security Considerations Basic/Digest Authentication Password-File at the Server stored at a safe location! passwords stored not as cleartext
C H A P T E R 4 Layer 7 Load Balancing and Content Customization This chapter will discuss the methods and protocols involved in accomplishing a Layer 7 load-balancing solution. The reasons for and benefits
T e c h n i c a l T i p TT-0411405a -- Information -- 24-Nov-2004 Contents: Introduction:...1 Associated Products:...1 Overview...1 Sample Configuration...3 Setup...3 Configuring PC1...4 Configuring PC2...4
Ecessa Proxy VoIP Manual Table of Contents Introduction...1 Configuration Overview...2 VoIP failover requirements...2 Import VoIP Authentication...3 Add a user manually...3 Setup...3 Hosted setup...3 Example
Web Application Firewall on SonicWALL SRA Document Scope This document describes how to configure and use the Web Application Firewall feature in SonicWALL SRA 6.0. This document contains the following
FAQ How does the new Big Bend Backup (powered by Keepit) work? Once you establish which of the folders on your hard drive you ll be backing up, you ll log into myaccount.bigbend.net and from your control
Page 1 User Manual for Encrypted Email Services Instructions for Using Encrypted Email Services This document is being provided to assist you in opening encrypted emails sent from Century Bank. The following
SPAM over Internet Telephony and how to deal with it Diploma thesis - Rachid El Khayari Supervisor: Prof. Dr. Claudia Eckert, Dr. Andreas U. Schmidt, Nicolai Kuntze Fraunhofer Institute for Secure Information
Guidance for using the East Sussex County Council Secure Email system ESCC February 2010 Using the ESCC SecureMail system The ESCC SecureMail system is an email system that provides a high level of security
docs.rackspace.com/api Rackspace Cloud Backup Developer API v1.0 (2015-06-30) 2015 Rackspace US, Inc. This document is intended for software developers interested in developing applications using the Rackspace
RSA Authentication Manager 8.1 Help Desk Administrator s Guide Revision 1 Contact Information Go to the RSA corporate website for regional Customer Support telephone and fax numbers: www.emc.com/domains/rsa/index.htm
Chapter 4 Configuring Authentication for Microsoft Windows In this chapter: Storing and Transmitting Credentials..............................69 Storing Secrets in Windows......................................83
Reading an email sent with Voltage SecureMail Using the Voltage SecureMail Zero Download Messenger (ZDM) SecureMail is an email protection service developed by Voltage Security, Inc. that provides email
Cloud Authentication Getting Started Guide Version 2.1.0.06 ii Copyright 2011 SafeNet, Inc. All rights reserved. All attempts have been made to make the information in this document complete and accurate.
HASSO - PLATTNER - INSTITUT für Softwaresystemtechnik an der Universität Potsdam The Apache Modeling Project Bernhard Gröne, Andreas Knöpfel, Rudolf Kugel und Oliver Schmidt Technische Berichte des Hasso-Plattner-Instituts
BSR/ASHRAE Addendum g to ANSI/ASHRAE Standard 135-2004 Public Review Draft ASHRAE Standard Proposed Addendum g to Standard 135-2004, BACnet A Data Communication Protocol for Building Automation and Control
Configuration Guide BES12 Version 12.1 Published: 2015-04-22 SWD-20150422113638568 Contents Introduction... 7 About this guide...7 What is BES12?...7 Key features of BES12... 8 Product documentation...
Message Containers and API Framework Notices Copyright 2009-2010 Motion Picture Laboratories, Inc. This work is licensed under the Creative Commons Attribution-No Derivative Works 3.0 United States License.
1 SerialMailer Manual For SerialMailer 7.2 Copyright 2010-2011 Falko Axmann. All rights reserved. 2 Contents 1 Getting Started 4 1.1 Configuring SerialMailer 4 1.2 Your First Serial Mail 7 1.2.1 Database
Recipients Guide for Email Encryption Version 1.2 Document Location n/a Copies can be requested from the IT Dept 01603 50 8622 Revision Previous Revision by Summary of Changes Version date revision date