20-07-2012, 02:17 PM
Web Security
ws.ppt (Size: 2.5 MB / Downloads: 63)
Web now widely used by business, government, individuals
but Internet & Web are vulnerable
have a variety of threats
integrity
confidentiality
denial of service
authentication
need added security mechanisms
SSL (Secure Socket Layer)
originally developed by Netscape
version 3 designed with public review and input from industry
subsequently became Internet standard known as TLS (Transport Layer Security)
SSLv3.1 published by TLS group
uses TCP to provide a reliable end-to-end service
SSL Architecture
SSL connection
a transient, peer-to-peer, communications link
associated with 1 SSL session
SSL session
an association between client & server
created by the Handshake Protocol
define a set of cryptographic parameters
may be shared by multiple SSL connections
SSL Alert Protocol
conveys SSL-related alerts to peer entity
severity
Warning(1) or fatal(2)
specific alert
fatal: unexpected message, bad record mac, decompression failure, handshake failure, illegal parameter
warning: close notify, no certificate, bad certificate, unsupported certificate, certificate revoked, certificate expired, certificate unknown
compressed & encrypted like all SSL data
ws.ppt (Size: 2.5 MB / Downloads: 63)
Web now widely used by business, government, individuals
but Internet & Web are vulnerable
have a variety of threats
integrity
confidentiality
denial of service
authentication
need added security mechanisms
SSL (Secure Socket Layer)
originally developed by Netscape
version 3 designed with public review and input from industry
subsequently became Internet standard known as TLS (Transport Layer Security)
SSLv3.1 published by TLS group
uses TCP to provide a reliable end-to-end service
SSL Architecture
SSL connection
a transient, peer-to-peer, communications link
associated with 1 SSL session
SSL session
an association between client & server
created by the Handshake Protocol
define a set of cryptographic parameters
may be shared by multiple SSL connections
SSL Alert Protocol
conveys SSL-related alerts to peer entity
severity
Warning(1) or fatal(2)
specific alert
fatal: unexpected message, bad record mac, decompression failure, handshake failure, illegal parameter
warning: close notify, no certificate, bad certificate, unsupported certificate, certificate revoked, certificate expired, certificate unknown
compressed & encrypted like all SSL data