PART 5: NETWORK
AND INTERNET SECURITY
Chapter 16 TRANSPORT-LEVEL SECURITY
o Web Security Considerations
·
Web Security Threats
·
Web Traffic Security
Approaches
o Secure Socket Layer and Transport Layer Security
·
SSL Architecture SSL
Record Protocol
·
Change Cipher Spec
Protocol Alert Protocol
·
Handshake Protocol
Cryptographic Computations
o Transport Layer Security
·
Version Number
·
Message
Authentication Code Pseudorandom
Function Alert Codes
·
Cipher Suites
·
Client Certificate Types Certificate_Verify and Finished Messages Cryptographic Computations
·
Padding
o HTTPS
·
Connection
Initiation Connection Closure
o Secure Shell (SSH)
·
Transport Layer
Protocol User Authentication Protocol Connection Protocol
KEY
POINTS
◆ Secure Socket Layer (SSL) provides
security services between TCP and applications that use TCP. The Internet
standard version is called Transport Layer Service (TLS).
◆ SSL/TLS provides confidentiality using
symmetric encryption and message integrity using a message authentication code.
◆ SSL/TLS includes protocol mechanisms to
enable two TCP users to deter- mine the security mechanisms and services they
will use.
◆ HTTPS (HTTP over SSL) refers to the
combination of HTTP and SSL to implement secure communication between a Web
browser and a Web server.
◆ Secure Shell (SSH) provides secure remote
logon and other secure client/server facilities.
Virtually all businesses, most government agencies, and many individuals now have Web sites. The number of individuals and companies with Internet access is expanding rapidly and all of these have graphical Web browsers. As a result, businesses are enthu- siastic about setting up facilities on the Web for electronic commerce. But the reality is that the Internet and the Web are extremely vulnerable to compromises of various sorts. As businesses wake up to this reality, the demand for secure Web services grows. The topic of Web security is a broad one and can easily fill a book. In this chapter, we begin with a discussion of the general requirements for Web security and then focus on three standardized schemes that are becoming increasingly important as part of Web commerce and that focus on security at the transport layer: SSL/TLS, HTTPS, and SSH.
Related Topics
Privacy Policy, Terms and Conditions, DMCA Policy and Compliant
Copyright © 2018-2024 BrainKart.com; All Rights Reserved. Developed by Therithal info, Chennai.