24-11-2012, 04:35 PM
TRANSPORT LAYER SECURITY (2 Marks) QUESTION ANSWERS
LAYER SECURITY.doc (Size: 57.5 KB / Downloads: 28)
1. What is TLS/SSL?
TLS is the successor to Secure Sockets Layer (SSL), an older cryptographic protocol. TLS/SSL can be used to create a secure environment for web browsing, emailing, or other client-server applications.
TLS/SSL encryption requires the use of a digital certificate, which contains identity information about the owner as well as a public key, used for encrypting communications. These certificates are installed on a server; typically, a web server if the intention is to create a secure web environment, although they can also be installed on mail or other servers for encrypting other client-server communications
2. How to secure a web server with TLS/SSL?
This is the probably the most common application of TLS/SSL. If used with a web server, TLS/SSL can encrypt online transactions and confidential data relayed between a user's web browser and a website. A secured web server can be identified by a padlock symbol at the bottom of the browser window or in the address bar, as well as by a URL that begins with https rather than http.
3. How to Secure a mail server, database server, or directory server with TLS/SSL?
TLS/SSL can be used with mail servers to encrypt email messages. An email that was sent with TLS/SSL encryption may display a ribbon or other icon in the recipient's email client. TLS/SSL can similarly be used with database and directory servers to encrypt server queries
4. How to secure a virtual private network (VPN) with TLS/SSL?
TLS/SSL can be used by a VPN appliance to encrypt the connection between a remote user's computer and the network being accessed. For more information on how TLS/SSL works with VPN, see TechSoup's article Four Tools for Private Communication.
5. How does TLS/SSL Works?
A TLS/SSL session is authenticated with what is known as a "handshake." The client first sends the server a "hello" message that lists the client's supported cryptographic capabilities. Being a well-mannered machine, the server send back a "hello" message of its own with a choice of one of the listed cryptographic methods, to ensure the client and server will be able to speak the same language.
The server then sends its TLS/SSL certificate, which contains its public key, and may request a certificate from the client if client-authentication is necessary. The client checks that the certificate from the server is valid (if an untrusted certificate was installed on a web server, this is when a security warning would pop up in a web browser) and sends its own certificate if necessary
The client then sends a random number that has been encrypted with the server's public key. After this number is decrypted by the server, the client and server will have a common key that can be used to the send and receive data that only the pair of them can understand. Both the client and server then send messages notifying the other that all further communication will be encrypted and both send final messages that are actually encrypted, ending the handshake and allowing encrypted data exchange to begin.
6. What are the advantages of transport layer security?
• Increased flexibility. Parts of the message, instead of the entire message, can be signed or encrypted. This means that intermediaries can view the parts of the message that are intended for them. An example of this is a Web service that routes a SOAP message and is able to inspect unencrypted parts of the message to determine where to send the message, while other parts of the message remain encrypted. For an example of this, see the Perimeter Service Router pattern in Chapter 6, "Service Deployment Patterns."
• Support for auditing. Intermediaries can add their own headers to the message and sign them for the purpose of audit logging.
• Support for multiple protocols. You can send secured messages over many different protocols such as Simple Mail Transfer Protocol (SMTP), File Transfer Protocol (FTP), and Transmission Control Protocol (TCP) without having to rely on the protocol for security.