Apache web server: ConceI avanza0 (Lezione 2, Parte I) Emiliano Casalicchio (C)
|
|
- Beverly O’Neal’
- 8 years ago
- Views:
Transcription
1 Corso di Proge+azione di Re0 e Sistemi Informa0ci Apache web server: ConceI avanza0 (Lezione 2, Parte I) Emiliano Casalicchio emiliano.casalicchio@uniroma1.it
2 Agenda ConceI e pra0ca sul Virtual hos0ng Il supporto SSL/TLS in apache (h+ps) Caching Proxying
3 Virtual Host h+p://h+pd.apache.org/docs/2.2/vhosts/ The term Virtual Host refers to the prac0ce of running more than one web site (such as and on a single machine. Virtual hosts can be "IP based", meaning that you have a different IP address for every web site, or "name based", meaning that you have mul0ple names running on each IP address. The fact that they are running on the same physical server is not apparent to the end user. Name based virtual host (h+p://h+pd.apache.org/docs/2.2/vhosts/name based.html) Consiglio: in fase di test per associare più nomi all indirizzo u0lizzare il file / etc/hosts
4 IP based virtual host h+p://h+pd.apache.org/docs/2.2/vhosts/ip based.html As the term IP based indicates, the server must have a different IP address for each IP based virtual host. This can be achieved by the machine having several physical network connec0ons, or by use of virtual interfaces which are supported by most modern opera0ng systems (see system documenta0on for details, these are frequently called "ip aliases", and the "ifconfig" command is most commonly used to set them up). There are two ways of configuring apache to support mul0ple hosts. Either by running a separate h+pd daemon for each hostname, or by running a single daemon which supports all the virtual hosts. Use mul0ple daemons when: There are security par00oning issues You can afford the memory and file descriptor requirements of listening to every IP alias on the machine. Use a single daemon when: Sharing of the h+pd configura0on between virtual hosts is acceptable. The machine services a large number of requests, and so the performance loss in running separate daemons may be significant.
5 singolo demone h+pd
6 Esempi Virtual Hos0ng Running several name based web sites on a single IP address. Name based hosts on more than one IP address. Serving the same content on different IP addresses (such as an internal and external address). Running different sites on different ports. IP based virtual hos0ng Mixed port based and ip based virtual hosts Mixed name based and IP based vhosts Crea0ng virtual host configura0ons on your Apache server does not magically cause DNS entries to be created for those host names. You must have the names in DNS, resolving to your IP address, or nobody else will be able to see your web site. You can put entries in your hosts file for local tes@ng, but that will work only from the machine with those hosts entries.
7 Esercizio Provare la configurazione di Name base virtual host associando piu si0 allo stesso indirizzo IP associando piu si0 a indirizzi IP e porte diverse. Facolta0vo, provare IP based virtual hosts associando piu IP alla stessa scheda di rete.
8 Agenda ConceI e pra0ca sul Virtual hos0ng Il supporto SSL/TLS in apache (h+ps) Introduzione Cifratura in Apache Auten0cazione client e controllo d accesso in apache Caching Regole di riscri+ura
9 Introduzione a SSL/TLS Secure Socket Layer / Transport Layer Security tecniche di cri+ografia Chiave simmetrica (o convenzionale) Chiave pubblica, Diggest, Digital signature Conce+o di cer0ficato Il protocollo SSL
10 Symmetric cryptography Alice Bank A,B are required to share a key: a secret piece of informa0on that may be used to encrypt or decrypt a message. As long as this key is kept secret, nobody other than the sender or recipient can read the message. The task of sharing a key between sender and recipient before communica0ng, while also keeping it secret from others, can be problema0c.
11 Public key cryptography Solves the key exchange problem by defining an algorithm which uses two keys, each of which may be used to encrypt a message. If one key is used to encrypt a message then the other must be used to decrypt it. This makes it possible to receive secure messages by simply publishing one key (the public key) and keeping the other secret (the private key). Alice Bank B publish PuK_B A crypt M by using PuK_B A send (M,PuK_B) to B B decrypt (M,PuK_B) by using Pr_B
12 Problems with Public Key cryptography Integrity viola0on: A M B M might modify her original message or subs0tute it with a different one One way of guaranteeing the integrity of A s message is for her to create a concise summary of her message and send this to the bank as well. Upon receipt of the message, the bank creates its own summary and compares it with the one Alice sent. If the summaries are the same then the message has been received intact. Message summary = Diggest How B can be sure the message M is from A? Digital Signature
13 Message Disgest, one way func0on or hash func0on A: H(M)=D, A send M,D to B, B: H(M)=D, D =D? Message digests are used to create a short, fixed length representa0on of a longer, variable length message. Digest algorithms are designed to produce a unique digest for each message. Message digests are designed to make it imprac0cally difficult to determine the message from the digest and (in theory) impossible to find two different messages which create the same digest thus elimina0ng the possibility of subs0tu0ng one message for another while maintaining the same digest. Another challenge that A faces is finding a way to send the digest to the bank securely; Only if the digest is sent securely can the integrity of the associated message be determined.
14 Digital Signature Digital signatures are created by encryp0ng a digest of the message and other informa0on (such as a sequence number) with the sender's private key. Though anyone can decrypt the signature using the public key, only the sender knows the private key. This means that only the sender can have signed the message. Including the digest in the signature means the signature is only good for that message; It also ensures the integrity of the message since no one can change the digest and s0ll sign it. To guard against intercep0on and reuse of the signature by an intruder at a later date, the signature contains a unique sequence number. This protects B from a fraudulent claim from A that she did not send the message only she could have signed it (non repudia0on).
15 Summarizing 1. A, PuK_A, PrK_A 2. B, PuK_B, PrK_B 3. A produce the dig.sig. of M S_M=f(PrK_A, (H(M),I,sn)) 4. A send f(puk_b, M), S_M to B A s0ll needs to be sure that she is really communica0ng with B. This means that A needs to be sure that the public key she is using is part of the B's key pair, and not an intruder's. B needs to verify that the message signature really was signed by the private key that belongs to A. If each party has a cer0ficate which validates the other's iden0ty, confirms the public key and is signed by a trusted agency, then both can be assured that they are communica0ng with whom they think they are. Such a trusted agency is called a Cer0ficate Authority and cer0ficates are used for authen0ca0on.
16 Introduzione a SSL/TLS Secure Socket Layer / Transport Layer Security tecniche di cri+ografia Chiave simmetrica (o convenzionale) Chiave pubblica, Diggest, Digital signature Conce+o di cer0ficato Il protocollo SSL
17 SSL The Secure Sockets Layer protocol is a protocol layer which may be placed between a reliable connec0on oriented network layer protocol (e.g. TCP/IP) and the applica0on protocol layer (e.g. HTTP). SSL provides for secure communica0on between client and server by allowing mutual authen0ca0on, the use of digital signatures for integrity and encryp0on for privacy.
18 SSL The protocol is designed to support a range of choices for specific algorithms used for cryptography, digests and signatures. This allows algorithm selec0on for specific servers to be made based on legal, export or other concerns and also enables the protocol to take advantage of new algorithms. Choices are nego0ated between client and server when establishing a protocol session.
19 Versions of SSL protocol
20 SSL handshake Once an SSL session has been established, it may be reused To do this, the server assigns each SSL session a unique session iden0fier which is cached in the server and which the client can use in future connec0ons to reduce the handshake 0me
21 SSL handshake The elements of the handshake sequence, as used by the client and server, are listed below: 1. Nego0ate the Cipher Suite to be used during data transfer Key Exchange Method Cipher for Data Transfer Message Digest for crea0ng the Message Authen0ca0on Code (MAC) 2. Establish and share a session key between client and server 3. Op0onally authen0cate the server to the client 4. Op0onally authen0cate the client to the server
22 SSL Record Protocol
23 Agenda ConceI e pra0ca sul Virtual hos0ng Il supporto SSL/TLS in apache (h+ps) Introduzione Cifratura in Apache Auten0cazione client e controllo d accesso in apache Caching Regole di riscri+ura
24 Apache mod_ssl: Cipher Suites and Enforcing Strong Security How can I create a real SSLv2 only server? How can I create an SSL server which accepts strong encryp0on only? How can I create an SSL server which accepts all types of ciphers in general, but requires a strong cipher for access to a par0cular URL?
25
26 Apache mod_ssl: Client Authen0ca0on and Access Control How can I force clients to authen0cate using cer0ficates? How can I force clients to authen0cate using cer0ficates for a par0cular URL, but s0ll allow arbitrary clients to access the rest of the server? How can I allow only clients who have cer0ficates to access a par0cular URL, but allow all clients to access the rest of the server? How can I require HTTPS with strong ciphers, and either basic authen0ca0on or client cer0ficates, for access to part of the Intranet website, for clients coming from the Internet?
27 How can I force clients to authen0cate using cer0ficates? When you know all of your users (eg, as is olen the case on a corporate Intranet), you can require plain cer0ficate authen0ca0on. All you need to do is to create client cer0ficates signed by your own CA cer0ficate (ca.crt) and then verify the clients against this cer0ficate. 1 means the client certificate can be self-signed or has to be signed by a CA which is directly known to the server (i.e. the CA's certificate is under SSLCACertificatePath) How to generate an SSL certificate:
28 How can I force clients to authen0cate using cer0ficates for a par0cular URL, but s0ll allow arbitrary clients to access the rest of the server?
29 How can I allow only clients who have cer0ficates to access a par0cular URL, but allow all clients to access the rest of the server?
30 When your clients are all part of a common hierarchy, which is encoded into the DN, you can match them more easily using SSLRequire, as follows:
mod_ssl Cryptographic Techniques
mod_ssl Overview Reference The nice thing about standards is that there are so many to choose from. And if you really don t like all the standards you just have to wait another year until the one arises
More informationOverview of CSS SSL. SSL Cryptography Overview CHAPTER
CHAPTER 1 Secure Sockets Layer (SSL) is an application-level protocol that provides encryption technology for the Internet, ensuring secure transactions such as the transmission of credit card numbers
More information3.2: Transport Layer: SSL/TLS Secure Socket Layer (SSL) Transport Layer Security (TLS) Protocol
Chapter 2: Security Techniques Background Chapter 3: Security on Network and Transport Layer Network Layer: IPSec Transport Layer: SSL/TLS Chapter 4: Security on the Application Layer Chapter 5: Security
More informationThe Seven Habits of State-of-the-Art Mobile App Security
#mstrworld The Seven Habits of State-of-the-Art Mobile App Security Mobile Security 8 July 2014 Anand Dwivedi, Product Manager, MicroStrategy strworld Agenda - Seven Habits of State of the Art Mobile App
More informationOverview. SSL Cryptography Overview CHAPTER 1
CHAPTER 1 Note The information in this chapter applies to both the ACE module and the ACE appliance unless otherwise noted. The features in this chapter apply to IPv4 and IPv6 unless otherwise noted. Secure
More informationHow To Understand And Understand The Ssl Protocol (Www.Slapl) And Its Security Features (Protocol)
WEB Security: Secure Socket Layer Cunsheng Ding HKUST, Hong Kong, CHINA C. Ding - COMP581 - L22 1 Outline of this Lecture Brief Information on SSL and TLS Secure Socket Layer (SSL) Transport Layer Security
More informationChapter 17. Transport-Level Security
Chapter 17 Transport-Level Security Web Security Considerations The World Wide Web is fundamentally a client/server application running over the Internet and TCP/IP intranets The following characteristics
More informationWeb Security: Encryption & Authentication
Web Security: Encryption & Authentication Arnon Rungsawang fenganr@ku.ac.th Massive Information & Knowledge Engineering Department of Computer Engineering Faculty of Engineering Kasetsart University, Bangkok,
More informationSecurity Protocols: SSH. Michael E. Locasto University of Calgary
Security Protocols: SSH Michael E. Locasto University of Calgary Agenda Philosophy: data protec?on on the network Discussion of SSH SSH history Authen?ca?on Mechanisms SSH2 design overview / architecture
More informationSecurity & Privacy on the WWW. Topic Outline. Information Security. Briefing for CS4173
Security & Privacy on the WWW Briefing for CS4173 Topic Outline 1. Information Security Relationship to safety Definition of important terms Where breaches can occur Web techniques Components of security
More informationSSL/TLS: The Ugly Truth
SSL/TLS: The Ugly Truth Examining the flaws in SSL/TLS protocols, and the use of certificate authorities. Adrian Hayter CNS Hut 3 Team adrian.hayter@cnsuk.co.uk Contents Introduction to SSL/TLS Cryptography
More informationSSL Overview for Resellers
Web Security Enterprise Security Identity Verification Services Signing Services SSL Overview for Resellers What We ll Cover Understanding SSL SSL Handshake 101 Market Opportunity for SSL Obtaining an
More informationSBClient SSL. Ehab AbuShmais
SBClient SSL Ehab AbuShmais Agenda SSL Background U2 SSL Support SBClient SSL 2 What Is SSL SSL (Secure Sockets Layer) Provides a secured channel between two communication endpoints Addresses all three
More informationSecure Sockets Layer (SSL ) / Transport Layer Security (TLS) Network Security Products S31213
Secure Sockets Layer (SSL ) / Transport Layer Security (TLS) Network Security Products S31213 UNCLASSIFIED Example http ://www. greatstuf f. com Wants credit card number ^ Look at lock on browser Use https
More informationApache Security with SSL Using Linux
Apache Security with SSL Using Linux These materials are licensed under the Creative Commons Attribution-Noncommercial 3.0 Unported license (http://creativecommons.org/licenses/by-nc/3.0/) Some SSL background
More informationEmail Security. Guevara Noubir Network Security Northeastern University
Guevara Noubir Network Security Northeastern University 1 Email One of the most widely used applica>ons of the Internet but s>ll rela>vely insecure Designed without security concerns How does email work?
More informationUnderstanding Digital Certificates and Secure Sockets Layer (SSL)
Understanding Digital Certificates and Secure Sockets Layer (SSL) Author: Peter Robinson January 2001 Version 1.1 Copyright 2001-2003 Entrust. All rights reserved. Digital Certificates What are they?
More informationSecurity. Contents. S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks 1
Contents Security requirements Public key cryptography Key agreement/transport schemes Man-in-the-middle attack vulnerability Encryption. digital signature, hash, certification Complete security solutions
More informationA tutorial on how you can host mul$ple SSL Cer$ficates on a single IP address without losing any backward compa6bility
A tutorial on how you can host mul$ple SSL Cer$ficates on a single IP address without losing any backward compa6bility Paul van Brouwershaven Business Development Director EMEA, GlobalSign @vanbroup on
More informationCornerstones of Security
Internet Security Cornerstones of Security Authenticity the sender (either client or server) of a message is who he, she or it claims to be Privacy the contents of a message are secret and only known to
More informationManaging IPv4 scarcity when using SSL Cer7ficates Mul7ple SSL Cer7ficates on a single IP address
GlobalSign. A GMO Internet Inc group company. Managing IPv4 scarcity when using SSL Cer7ficates Mul7ple SSL Cer7ficates on a single IP address Paul van Brouwershaven Business Development Director EMEA,
More informationGT 6.0 GSI C Security: Key Concepts
GT 6.0 GSI C Security: Key Concepts GT 6.0 GSI C Security: Key Concepts Overview GSI uses public key cryptography (also known as asymmetric cryptography) as the basis for its functionality. Many of the
More informationSecurity: Focus of Control. Authentication
Security: Focus of Control Three approaches for protection against security threats a) Protection against invalid operations b) Protection against unauthorized invocations c) Protection against unauthorized
More informationClient Server Registration Protocol
Client Server Registration Protocol The Client-Server protocol involves these following steps: 1. Login 2. Discovery phase User (Alice or Bob) has K s Server (S) has hash[pw A ].The passwords hashes are
More informationVoIP Security How to prevent eavesdropping on VoIP conversa8ons. Dmitry Dessiatnikov
VoIP Security How to prevent eavesdropping on VoIP conversa8ons Dmitry Dessiatnikov DISCLAIMER All informa8on in this presenta8on is provided for informa8on purposes only and in no event shall Security
More informationSecure Socket Layer. Introduction Overview of SSL What SSL is Useful For
Secure Socket Layer Secure Socket Layer Introduction Overview of SSL What SSL is Useful For Introduction Secure Socket Layer (SSL) Industry-standard method for protecting web communications. - Data encryption
More informationUsing etoken for SSL Web Authentication. SSL V3.0 Overview
Using etoken for SSL Web Authentication Lesson 12 April 2004 etoken Certification Course SSL V3.0 Overview Secure Sockets Layer protocol, version 3.0 Provides communication privacy over the internet. Prevents
More informationIs your data safe out there? -A white Paper on Online Security
Is your data safe out there? -A white Paper on Online Security Introduction: People should be concerned of sending critical data over the internet, because the internet is a whole new world that connects
More informationIntroduction to Cryptography
Introduction to Cryptography Part 3: real world applications Jean-Sébastien Coron January 2007 Public-key encryption BOB ALICE Insecure M E C C D channel M Alice s public-key Alice s private-key Authentication
More informationImplementing Secure Sockets Layer on iseries
Implementing Secure Sockets Layer on iseries Presented by Barbara Brown Alliance Systems & Programming, Inc. Agenda SSL Concepts Digital Certificate Manager Local Certificate Authority Server Certificates
More informationComputer System Management: Hosting Servers, Miscellaneous
Computer System Management: Hosting Servers, Miscellaneous Amarjeet Singh October 22, 2012 Partly adopted from Computer System Management Slides by Navpreet Singh Logistics Any doubts on project/hypo explanation
More informationTLS/SSL in distributed systems. Eugen Babinciuc
TLS/SSL in distributed systems Eugen Babinciuc Contents 1. Introduction to TLS/SSL 2. A quick review of cryptography 3. TLS/SSL in distributed systems 4. Conclusions Introduction to TLS/SSL TLS/SSL History
More informationLecture 9: Application of Cryptography
Lecture topics Cryptography basics Using SSL to secure communication links in J2EE programs Programmatic use of cryptography in Java Cryptography basics Encryption Transformation of data into a form that
More informationApache Security with SSL Using Ubuntu
Apache Security with SSL Using Ubuntu These materials are licensed under the Creative Commons Attribution-Noncommercial 3.0 Unported license (http://creativecommons.org/licenses/by-nc/3.0/) Some SSL background
More informationSecurity Goals Services
1 2 Lecture #8 2008 Freedom from danger, risk, etc.; safety. Something that secures or makes safe; protection; defense. Precautions taken to guard against crime, attack, sabotage, espionage, etc. An assurance;
More informationSecurity. Friends and Enemies. Overview Plaintext Cryptography functions. Secret Key (DES) Symmetric Key
Friends and Enemies Security Outline Encryption lgorithms Protocols Message Integrity Protocols Key Distribution Firewalls Figure 7.1 goes here ob, lice want to communicate securely Trudy, the intruder
More informationCSE/EE 461 Lecture 23
CSE/EE 461 Lecture 23 Network Security David Wetherall djw@cs.washington.edu Last Time Naming Application Presentation How do we name hosts etc.? Session Transport Network Domain Name System (DNS) Data
More informationUsing EMC Unisphere in a Web Browsing Environment: Browser and Security Settings to Improve the Experience
Using EMC Unisphere in a Web Browsing Environment: Browser and Security Settings to Improve the Experience Applied Technology Abstract The Web-based approach to system management taken by EMC Unisphere
More informationSSL Protect your users, start with yourself
SSL Protect your users, start with yourself Kulsysmn 14 december 2006 Philip Brusten Overview Introduction Cryptographic algorithms Secure Socket Layer Certificate signing service
More informationSecurity Digital Certificate Manager
IBM i Security Digital Certificate Manager 7.1 IBM i Security Digital Certificate Manager 7.1 Note Before using this information and the product it supports, be sure to read the information in Notices,
More informationInternet Programming. Security
Internet Programming Security Introduction Security Issues in Internet Applications A distributed application can run inside a LAN Only a few users have access to the application Network infrastructures
More informationLab Exercise SSL/TLS. Objective. Step 1: Open a Trace. Step 2: Inspect the Trace
Lab Exercise SSL/TLS Objective To observe SSL/TLS (Secure Sockets Layer / Transport Layer Security) in action. SSL/TLS is used to secure TCP connections, and it is widely used as part of the secure web:
More informationSecurity Digital Certificate Manager
System i Security Digital Certificate Manager Version 5 Release 4 System i Security Digital Certificate Manager Version 5 Release 4 Note Before using this information and the product it supports, be sure
More informationUnderstanding Digital Certificates and Wireless Transport Layer Security (WTLS)
Understanding Digital Certificates and Wireless Transport Layer Security (WTLS) Author: Allan Macphee January 2001 Version 1.1 Copyright 2001-2003 Entrust. All rights reserved. Digital Certificates What
More informationENABLING RPC OVER HTTPS CONNECTIONS TO M-FILES SERVER
M-FILES CORPORATION ENABLING RPC OVER HTTPS CONNECTIONS TO M-FILES SERVER VERSION 2.3 DECEMBER 18, 2015 Page 1 of 15 CONTENTS 1. Version history... 3 2. Overview... 3 2.1. System Requirements... 3 3. Network
More informationNetwork Security [2] Plain text Encryption algorithm Public and private key pair Cipher text Decryption algorithm. See next slide
Network Security [2] Public Key Encryption Also used in message authentication & key distribution Based on mathematical algorithms, not only on operations over bit patterns (as conventional) => much overhead
More informationNetwork Security Protocols
Network Security Protocols EE657 Parallel Processing Fall 2000 Peachawat Peachavanish Level of Implementation Internet Layer Security Ex. IP Security Protocol (IPSEC) Host-to-Host Basis, No Packets Discrimination
More informationSSL Guide. (Secure Socket Layer)
SSL Guide (Secure Socket Layer) To find basic information about network and advanced network features of your Brother machine: uu Network User's Guide. To download the latest manual, please visit the Brother
More informationWeb Payment Security. A discussion of methods providing secure communication on the Internet. Zhao Huang Shahid Kahn
Web Payment Security A discussion of methods providing secure communication on the Internet Group Members: Peter Heighton Zhao Huang Shahid Kahn 1. Introduction Within this report the methods taken to
More informationHow to configure SSL proxying in Zorp 3 F5
How to configure SSL proxying in Zorp 3 F5 June 14, 2013 This tutorial describes how to configure Zorp to proxy SSL traffic Copyright 1996-2013 BalaBit IT Security Ltd. Table of Contents 1. Preface...
More informationSecuring your Online Data Transfer with SSL
Securing your Online Data Transfer with SSL A GUIDE TO UNDERSTANDING SSL CERTIFICATES, how they operate and their application 1. Overview 2. What is SSL? 3. How to tell if a Website is Secure 4. What does
More informationLecture 31 SSL. SSL: Secure Socket Layer. History SSL SSL. Security April 13, 2005
Lecture 31 Security April 13, 2005 Secure Sockets Layer (Netscape 1994) A Platform independent, application independent protocol to secure TCP based applications Currently the most popular internet crypto-protocol
More informationWireless Networks: Network Protocols/Mobile IP
Wireless Networks: Network Protocols/Mobile IP Mo$va$on Data transfer Encapsula$on Security IPv6 Problems DHCP Adapted from J. Schiller, Mobile Communications 1 Mo$va$on for Mobile IP Rou$ng based on IP
More informationSecure Sockets Layer (SSL) / Transport Layer Security (TLS)
Secure Sockets Layer (SSL) / Transport Layer Security (TLS) Brad Karp UCL Computer Science CS GZ03 / M030 19 th November 2014 What Problems Do SSL/TLS Solve? Two parties, client and server, not previously
More informationSecuring your Online Data Transfer with SSL A GUIDE TO UNDERSTANDING SSL CERTIFICATES, how they operate and their application INDEX 1. Overview 2. What is SSL? 3. How to tell if a Website is Secure 4.
More informationNetwork-Enabled Devices, AOS v.5.x.x. Content and Purpose of This Guide...1 User Management...2 Types of user accounts2
Contents Introduction--1 Content and Purpose of This Guide...........................1 User Management.........................................2 Types of user accounts2 Security--3 Security Features.........................................3
More informationCRYPTOGRAPHY IN NETWORK SECURITY
ELE548 Research Essays CRYPTOGRAPHY IN NETWORK SECURITY AUTHOR: SHENGLI LI INSTRUCTOR: DR. JIEN-CHUNG LO Date: March 5, 1999 Computer network brings lots of great benefits and convenience to us. We can
More informationAs enterprises conduct more and more
Efficiently handling SSL transactions is one cornerstone of your IT security infrastructure. Do you know how the protocol actually works? Wesley Chou Inside SSL: The Secure Sockets Layer Protocol Inside
More informationComputer Networks 1 (Mạng Máy Tính 1) Lectured by: Dr. Phạm Trần Vũ MEng. Nguyễn CaoĐạt
Computer Networks 1 (Mạng Máy Tính 1) Lectured by: Dr. Phạm Trần Vũ MEng. Nguyễn CaoĐạt 1 Lecture 11: Network Security Reference: Chapter 8 - Computer Networks, Andrew S. Tanenbaum, 4th Edition, Prentice
More informationCommunication Systems SSL
Communication Systems SSL Computer Science Organization I. Data and voice communication in IP networks II. Security issues in networking III. Digital telephony networks and voice over IP 2 Network Security
More information[SMO-SFO-ICO-PE-046-GU-
Presentation This module contains all the SSL definitions. See also the SSL Security Guidance Introduction The package SSL is a static library which implements an API to use the dynamic SSL library. It
More informationSavitribai Phule Pune University
Savitribai Phule Pune University Centre for Information and Network Security Course: Introduction to Cyber Security / Information Security Module : Pre-requisites in Information and Network Security Chapter
More informationWEB Security & SET. Outline. Web Security Considerations. Web Security Considerations. Secure Socket Layer (SSL) and Transport Layer Security (TLS)
Outline WEB Security & SET (Chapter 19 & Stalling Chapter 7) Web Security Considerations Secure Socket Layer (SSL) and Transport Layer Security (TLS) Secure Electronic Transaction (SET) Web Security Considerations
More informationTransport Level Security
Transport Level Security Overview Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-14/
More informationCryptosystems. Bob wants to send a message M to Alice. Symmetric ciphers: Bob and Alice both share a secret key, K.
Cryptosystems Bob wants to send a message M to Alice. Symmetric ciphers: Bob and Alice both share a secret key, K. C= E(M, K), Bob sends C Alice receives C, M=D(C,K) Use the same key to decrypt. Public
More informationThe Secure Sockets Layer (SSL)
Due to the fact that nearly all businesses have websites (as well as government agencies and individuals) a large enthusiasm exists for setting up facilities on the Web for electronic commerce. Of course
More informationQuickstream Connectivity Options
A division of Westpac Banking Corporation ABN 33 007 457 141 Quickstream Connectivity Options Document History Date 25-Jun-2003 1-Jul-2003 3-July-2003 18-July-2003 18-Aug-2003 8-Sep-2003 19-Sep-2003 31-Oct-2003
More informationFirst Semester Examinations 2011/12 INTERNET PRINCIPLES
PAPER CODE NO. EXAMINER : Martin Gairing COMP211 DEPARTMENT : Computer Science Tel. No. 0151 795 4264 First Semester Examinations 2011/12 INTERNET PRINCIPLES TIME ALLOWED : Two Hours INSTRUCTIONS TO CANDIDATES
More informationSecurity IIS Service Lesson 6
Security IIS Service Lesson 6 Skills Matrix Technology Skill Objective Domain Objective # Configuring Certificates Configure SSL security 3.6 Assigning Standard and Special NTFS Permissions Enabling and
More information4.1: Securing Applications Remote Login: Secure Shell (SSH) E-Mail: PEM/PGP. Chapter 5: Security Concepts for Networks
Chapter 2: Security Techniques Background Chapter 3: Security on Network and Transport Layer Chapter 4: Security on the Application Layer Secure Applications Network Authentication Service: Kerberos 4.1:
More informationUnderstanding digital certificates
Understanding digital certificates Mick O Brien and George R S Weir Department of Computer and Information Sciences, University of Strathclyde Glasgow G1 1XH mickobrien137@hotmail.co.uk, george.weir@cis.strath.ac.uk
More informationWeb Security Considerations
CEN 448 Security and Internet Protocols Chapter 17 Web Security Dr. Mostafa Hassan Dahshan Computer Engineering Department College of Computer and Information Sciences King Saud University mdahshan@ccis.ksu.edu.sa
More informationWeb Security (SSL) Tecniche di Sicurezza dei Sistemi 1
Web Security (SSL) Tecniche di Sicurezza dei Sistemi 1 How the Web Works - HTTP Hypertext transfer protocol (http). Clients request documents (or scripts) through URL. Server response with documents. Documents
More informationCommunication Systems 16 th lecture. Chair of Communication Systems Department of Applied Sciences University of Freiburg 2009
16 th lecture Chair of Communication Systems Department of Applied Sciences University of Freiburg 2009 1 25 Organization Welcome to the New Year! Reminder: Structure of Communication Systems lectures
More informationHow Secure are your Channels? By Morag Hughson
How Secure are your Channels? By Morag Hughson Building Blocks So, you ve gone to great lengths to control who has access to your queues, but would you care if someone could see the contents of your messages
More informationTLS and SRTP for Skype Connect. Technical Datasheet
TLS and SRTP for Skype Connect Technical Datasheet Copyright Skype Limited 2011 Introducing TLS and SRTP Protocols help protect enterprise communications Skype Connect now provides Transport Layer Security
More information7 Network Security. 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework. 7.5 Absolute Security?
7 Network Security 7.1 Introduction 7.2 Improving the Security 7.3 Internet Security Framework 7.4 Firewalls 7.5 Absolute Security? 7.1 Introduction Security of Communications data transport e.g. risk
More informationNIST Email Security Improvements. William C. Barker and Scott Rose October 22, 2015 M3AAWG 35 th General Meeting
NIST Email Security Improvements William C. Barker and Scott Rose October 22, 2015 M3AAWG 35 th General Meeting Presenters Scott Rose Computer Scientist, NIST ITL William (Curt) Barker Guest Researcher,
More informationLektion 2: Web als Graph / Web als System
Lektion 2: Web als Graph / Web als System Helmar Burkhart Informatik Universität Basel Helmar.Burkhart@... WT-2-1 Lernziele und Inhalt Web als Graph erkennen Grundelemente von sozialen Netzwerken sehen
More informationCommon security requirements Basic security tools. Example. Secret-key cryptography Public-key cryptography. Online shopping with Amazon
1 Common security requirements Basic security tools Secret-key cryptography Public-key cryptography Example Online shopping with Amazon 2 Alice credit card # is xxxx Internet What could the hacker possibly
More informationEE 7376: Introduction to Computer Networks. Homework #3: Network Security, Email, Web, DNS, and Network Management. Maximum Points: 60
EE 7376: Introduction to Computer Networks Homework #3: Network Security, Email, Web, DNS, and Network Management Maximum Points: 60 1. Network security attacks that have to do with eavesdropping on, or
More informationCommunication Security for Applications
Communication Security for Applications Antonio Carzaniga Faculty of Informatics University of Lugano March 10, 2008 c 2008 Antonio Carzaniga 1 Intro to distributed computing: -server computing Transport-layer
More informationIntroduction. Haroula Zouridaki Mohammed Bin Abdullah Waheed Qureshi
Introduction Haroula Zouridaki Mohammed Bin Abdullah Waheed Qureshi Introduction Comparing Secure Hypertext protocol (S-HTTP) to Secure Socket Layer (SSL) Agenda Waheed opens the presentation introduces
More informationHOST LINKS SSL G&R. Using SSL for security with G&R products. http://www.gar.no/hostlinks/
HOST LINKS SSL G&R Using SSL for security with G&R products http://www.gar.no/hostlinks/ Microsoft, Windows, MS, MS-DOS are registered trademarks of Microsoft Corp. IBM and PC are registered trademarks
More information(n)code Solutions CA A DIVISION OF GUJARAT NARMADA VALLEY FERTILIZERS COMPANY LIMITED P ROCEDURE F OR D OWNLOADING
(n)code Solutions CA A DIVISION OF GUJARAT NARMADA VALLEY FERTILIZERS COMPANY LIMITED P ROCEDURE F OR D OWNLOADING a Class IIIc SSL Certificate using BEA Weblogic V ERSION 1.0 Page 1 of 8 Procedure for
More informationUnifying Information Security. Implementing TLS on the CLEARSWIFT SECURE Email Gateway
Unifying Information Security Implementing TLS on the CLEARSWIFT SECURE Email Gateway Contents 1 Introduction... 3 2 Understanding TLS... 4 3 Clearswift s Application of TLS... 5 3.1 Opportunistic TLS...
More informationERserver. iseries. Securing applications with SSL
ERserver iseries Securing applications with SSL ERserver iseries Securing applications with SSL Copyright International Business Machines Corporation 2000, 2001. All rights reserved. US Government Users
More informationSecure Socket Layer. Carlo U. Nicola, SGI FHNW With extracts from publications of : William Stallings.
Secure Socket Layer Carlo U. Nicola, SGI FHNW With extracts from publications of : William Stallings. Abstraction: Crypto building blocks NS HS13 2 Abstraction: The secure channel 1., run a key-exchange
More informationHow To Encrypt Data With Encryption
USING ENCRYPTION TO PROTECT SENSITIVE INFORMATION Commonwealth Office of Technology Security Month Seminars Alternate Title? Boy, am I surprised. The Entrust guy who has mentioned PKI during every Security
More informationSecurity. Learning Objectives. This module will help you...
Security 5-1 Learning Objectives This module will help you... Understand the security infrastructure supported by JXTA Understand JXTA's use of TLS for end-to-end security 5-2 Highlights Desired security
More informationPasswords are for Chumps
Copyright 2014 Splunk Inc. Passwords are for Chumps David Veuve SE, Splunk Who Am I?! David Veuve Sales Engineer for Major Accounts in Northern California! dveuve@splunk.com! Former Splunk Customer (For
More informationWhitepaper : Using Unsniff Network Analyzer to analyze SSL / TLS
Whitepaper : Using Unsniff Network Analyzer to analyze SSL / TLS A number of applications today use SSL and TLS as a security layer. Unsniff allows authorized users to analyze these applications by decrypting
More informationThe Case For Secure Email
The Case For Secure Email By Erik Kangas, PhD, President, Lux Scientiae, Incorporated http://luxsci.com Contents Section 1: Introduction Section 2: How Email Works Section 3: Security Threats to Your Email
More informationSSL Configuration Best Practices for SAS Visual Analytics 7.1 Web Applications and SAS LASR Authorization Service
Paper SAS1541-2015 SSL Configuration Best Practices for SAS Visual Analytics 7.1 Web Applications and SAS LASR Authorization Service Heesun Park and Jerome Hughes, SAS Institute Inc., Cary, NC ABSTRACT
More informationEncrypted Connections
EMu Documentation Encrypted Connections Document Version 1 EMu Version 4.0.03 www.kesoftware.com 2010 KE Software. All rights reserved. Contents SECTION 1 Encrypted Connections 1 How it works 2 Requirements
More informationINTERNET SECURITY: FIREWALLS AND BEYOND. Mehernosh H. Amroli 4-25-2002
INTERNET SECURITY: FIREWALLS AND BEYOND Mehernosh H. Amroli 4-25-2002 Preview History of Internet Firewall Technology Internet Layer Security Transport Layer Security Application Layer Security Before
More informationSync Security and Privacy Brief
Introduction Security and privacy are two of the leading issues for users when transferring important files. Keeping data on-premises makes business and IT leaders feel more secure, but comes with technical
More informationHow to configure HTTPS proxying in Zorp 5
How to configure HTTPS proxying in Zorp 5 June 24, 2014 This tutorial describes how to configure Zorp to proxy HTTPS traffic Copyright 1996-2014 BalaBit IT Security Ltd. Table of Contents 1. Preface...
More informationUnderstanding Digital Certificates on z/os Vanguard Las Vegas, NV Session AST3 June 26th 2012
Understanding Digital Certificates on z/os Vanguard Las Vegas, NV Session AST3 June 26th 2012 Wai Choi, CISSP IBM Corporation RACF/PKI Development & Design Poughkeepsie, NY e-mail: wchoi@us.ibm.com 1 Trademarks
More informationETSF10 Part 3 Lect 2
ETSF10 Part 3 Lect 2 DHCP, DNS, Security Jens A Andersson Electrical and Information Technology DHCP Dynamic Host Configuration Protocol bootp is predecessor Alternative: manual configuration IP address
More information