1 / 14

security on the Web

security on the Web. security authentication privacy. 1. prevent attacks against Web clients and Web servers 2. guarantee private data exchange. two “types” of security:. security on the Web. security on the Web. threats to your Web client:. can you trust your browser ?

uzuri
Download Presentation

security on the Web

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. security on the Web • security • authentication • privacy 2. ETH-W4 (ra)

  2. 1. prevent attacks against Web clients and Web servers 2. guarantee private data exchange two “types” of security: security on the Web 2. ETH-W4 (ra)

  3. security on the Web threats to your Web client: • can you trust your browser ? • does your browser allow execution of scripts ? (i’m not talking about Java) • can you trust your helper applications ? 2. ETH-W4 (ra)

  4. security on the Web threats to your Web server: • do not run the httpd as root ! • make sure the script directory is well protected ! • scripts must not allow uncontrolled execution of shell commands ! 2. ETH-W4 (ra)

  5. security on the Web threats to your Web server (cont.): • turn off server side includes ! • beware security holes in httpd ! 2. ETH-W4 (ra)

  6. security on the Web “non technical” threats: a malicious server may attract your attention and make you • use a bad helper application ! • enter sensitive data ! 2. ETH-W4 (ra)

  7. authentication on the Web might be useful to: • identify a Web server or Web client • authenticate a buyer who submits an order • identify the author of an important document 2. ETH-W4 (ra)

  8. privacy on the Web might be required, if: • sensitive data is transferred (e.g. a credit card number or a password) 2. ETH-W4 (ra)

  9. more security on the Web simple means to improve security on the Web: • basic authentication • IP based access control • combination of the above 2. ETH-W4 (ra)

  10. more security on the Web more sophisticated means to improve security on the Web: • data encryption (U.S. export restrictions apply !) • Pretty Good Privacy (PGP) • secure network layer (SSL, PCT) 2. ETH-W4 (ra)

  11. more security on the Web more sophisticated means to improve security on the Web (cont.): • Kerberos based encryption • message digest (public domain !) • smart tokens (PCMCIA cards) 2. ETH-W4 (ra)

  12. more security on the Web open problems: • U.S export restrictions on encryption algorithms with large keys ! • different approaches (applications with security features vs secure network layer) • reliable key distribution (e.g. PGP) 2. ETH-W4 (ra)

  13. more security on the Web what i expect: • there WILL be more security on the Web (commercialization !) • various implementations (e.g. NetScape’s SSL, Microsoft’s PCT) • we might end up with the same problems as with HTML (chaos !) 2. ETH-W4 (ra)

  14. security on the Web for more information, see trip report: http://www.ra.ethz.ch/WWW/WWW4/tutorial_H.html can be found via “ETHZ Web related information” on ezInfo homepage. 2. ETH-W4 (ra)

More Related