Presentation is loading. Please wait.

Presentation is loading. Please wait.

Web Server Management: Securing Access to Web Servers Jon Warbrick University of Cambridge Computing Service.

Published byJohn Adams Modified over 7 years ago

Similar presentations

Presentation on theme: "Web Server Management: Securing Access to Web Servers Jon Warbrick University of Cambridge Computing Service."— Presentation transcript:

1 Web Server Management: Securing Access to Web Servers Jon Warbrick University of Cambridge Computing Service

2 Introduction ● Course Outline

3 Introduction ● Course Outline ● What is HTTPS?

4 Introduction ● Course Outline ● What is HTTPS?

5 Introduction ● Course Outline ● What is HTTPS?

6 What does HTTPS give you? ● Client-server, end-to-end encrypted traffic

7 What does HTTPS give you? ● Client-server, end-to-end encrypted traffic ● Message Integrity

8 What does HTTPS give you? ● Client-server, end-to-end encrypted traffic ● Message Integrity ● Authentication of the server

9 What does HTTPS give you? ● Client-server, end-to-end encrypted traffic ● Message Integrity ● Authentication of the server ● (optional) Authentication of the browser user

10 A warning about security ● "Security is a process, not a product"

11 A warning about security ● "Security is a process, not a product" ● TLS protects data in transmission

12 A warning about security ● "Security is a process, not a product" ● TLS protects data in transmission – What happens after it's received?

13 A warning about security ● "Security is a process, not a product" ● TLS protects data in transmission – What happens after it's received? –.. or before it's sent?

14 A warning about security ● "Security is a process, not a product" ● TLS protects data in transmission – What happens after it's received? –.. or before it's sent? – Is the webserver secure from attack?

15 A warning about security ● "Security is a process, not a product" ● TLS protects data in transmission – What happens after it's received? –.. or before it's sent? – Is the webserver secure from attack? – Is the webserver physically secure?

16 A warning about security ● "Security is a process, not a product" ● TLS protects data in transmission – What happens after it's received? –.. or before it's sent? – Is the webserver secure from attack? – Is the webserver physically secure? ● Legal requirements (DPA, RIPA)

17 Politics ● Patents

18 Politics ● Patents ● Munitions

19 A Crash Course in Cryptography

20 ● Symmetric ciphers

21 A Crash Course in Cryptography ● Symmetric ciphers

22 A Crash Course in Cryptography (2) ● Public-key ciphers

23 A Crash Course in Cryptography (2) ● Public-key ciphers

24 A Crash Course in Cryptography (3) ● Key Exchange

25 A Crash Course in Cryptography (3) ● Key Exchange

26 A Crash Course in Cryptography (4) ● Message digests

27 A Crash Course in Cryptography (5) ● Digital signatures

28 A Crash Course in Cryptography (5) ● Digital signatures

29 A Crash Course in Cryptography (5) ● Digital signatures

30 A Crash Course in Cryptography (5) ● Digital signatures

31 A Crash Course in Cryptography (5) ● Digital signatures

32 A Crash Course in Cryptography (6) ● Public key certificates

33 A Crash Course in Cryptography (6) ● Public key certificates ● Certification authorities

34 A Crash Course in Cryptography (6) ● Public key certificates ● Certification authorities – UCS Certificate scheme

35 A Crash Course in Cryptography (6) ● Public key certificates ● Certification authorities – UCS Certificate scheme ● PKI

36 The SSL Process ● Browser contacts server

37 The SSL Process ● Browser contacts server ● Client & server agree ciphers, protocols, etc.

38 The SSL Process ● Browser contacts server ● Client & server agree ciphers, protocols, etc. ● Server sends its certificate to the client

39 The SSL Process ● Browser contacts server ● Client & server agree ciphers, protocols, etc. ● Server sends its certificate to the client ● Client verifies the server's certificate

40 The SSL Process ● Browser contacts server ● Client & server agree ciphers, protocols, etc. ● Server sends its certificate to the client ● Client verifies the server's certificate ● Client sends a secret using server's public key

41 The SSL Process (2) ● Client & server create symmetric keys

42 The SSL Process (2) ● Client & server create symmetric keys ● Client & server switch to the agreed cipher

43 The SSL Process (2) ● Client & server create symmetric keys ● Client & server switch to the agreed cipher ● Sequence numbers and hashes protect against tampering

44 The downside of using HTTPS ● No caching of documents

45 The downside of using HTTPS ● No caching of documents ● Overheads on client and server

46 The downside of using HTTPS ● No caching of documents ● Overheads on client and server ● Firewalls may not allow HTTPS traffic

47 The downside of using HTTPS ● No caching of documents ● Overheads on client and server ● Firewalls may not allow HTTPS traffic ● £££ Cost

48 The downside of using HTTPS ● No caching of documents ● Overheads on client and server ● Firewalls may not allow HTTPS traffic ● £££ Cost ● Search Engines

49 Creating Keys and Certificates

50 OpenSSL ● Used by most Unix and some Windows systems

51 OpenSSL ● Used by most Unix and some Windows systems – Cryptographic library

52 OpenSSL ● Used by most Unix and some Windows systems – Cryptographic library – Command-line utilities

53 OpenSSL ● Used by most Unix and some Windows systems – Cryptographic library – Command-line utilities ● Pre-built packages for RedHat, Fedora, SuSE, Debian, Solaris. Windows executables can be found

54 OpenSSL ● Used by most Unix and some Windows systems – Cryptographic library – Command-line utilities ● Pre-built packages for RedHat, Fedora, SuSE, Debian, Solaris. Windows executables can be found ●... or build your own

55 OpenSSL ● Used by most Unix and some Windows systems – Cryptographic library – Command-line utilities ● Pre-built packages for RedHat, Fedora, SuSE, Debian, Solaris. Windows executables can be found ●... or build your own ● Command-line arguments confusing

56 Configuring Apache

57 Getting or building SSL Apache ● Apache V.1 with mod_ssl (or Apache-SSL)

58 Getting or building SSL Apache ● Apache V.1 with mod_ssl (or Apache-SSL) ● Apache V.2

59 Getting or building SSL Apache ● Apache V.1 with mod_ssl (or Apache-SSL) ● Apache V.2 ● RedHat/Debian/Fedora/SuSE have pre-built packages

60 Getting or building SSL Apache ● Apache V.1 with mod_ssl (or Apache-SSL) ● Apache V.2 ● RedHat/Debian/Fedora/SuSE have pre-built packages ● Pre-compiled Windows available

61 Getting or building SSL Apache ● Apache V.1 with mod_ssl (or Apache-SSL) ● Apache V.2 ● RedHat/Debian/Fedora/SuSE have pre-built packages ● Pre-compiled Windows available ●... or build your own

62 Other Issues ● Additional Directives

63 Other Issues ● Additional Directives ● Proxying HTTPS

64 Other Issues ● Additional Directives ● Proxying HTTPS ● Extended Validation

65 Other Issues ● Additional Directives ● Proxying HTTPS ● Extended Validation

66 Other Issues ● Additional Directives ● Proxying HTTPS ● Extended Validation ● Server Gated Cryptography

67 Further Material ● http://www-uxsup.csx.cam.ac.uk/~jw35/ courses/using_https/ http://www-uxsup ● web-support@ucs.cam.ac.uk

Download ppt "Web Server Management: Securing Access to Web Servers Jon Warbrick University of Cambridge Computing Service."

Similar presentations

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
CS470, A.SelcukSSL/TLS & SET1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

CS470, A.SelcukSSL/TLS & SET1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.

Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.
TLS. 14.1 Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.

TLS Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.
Cryptography and Network Security

Cryptography and Network Security
Presented by Fengmei Zou Date: Feb. 10, 2000 The Secure Sockets Layer (SSL) Protocol.

Presented by Fengmei Zou Date: Feb. 10, 2000 The Secure Sockets Layer (SSL) Protocol.
SSL CS772 Fall 2011. Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.

SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
1 Network Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

1 Network Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
COMP043-Cryptology Week 4 – Certs and Sigs. Digital Signatures Digital signatures provide –Integrity –Authenticity and –Non-repudiation How do they work?

COMP043-Cryptology Week 4 – Certs and Sigs. Digital Signatures Digital signatures provide –Integrity –Authenticity and –Non-repudiation How do they work?
Chapter 7 Web Security MSc. NGUYEN CAO DAT Dr. TRAN VAN HOAI.

Chapter 7 Web Security MSc. NGUYEN CAO DAT Dr. TRAN VAN HOAI.
Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.

Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.
Http Web Authentication Web authentication is used to verify a users identity before allowing access to certain web pages On web browsers you get a login.

Http Web Authentication Web authentication is used to verify a users identity before allowing access to certain web pages On web browsers you get a login.
Principles of Information Security, 2nd edition1 Cryptography.

Principles of Information Security, 2nd edition1 Cryptography.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.

Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
Online Security Tuesday April 8, 2003 Maxence Crossley.

Online Security Tuesday April 8, 2003 Maxence Crossley.
Spring 2002CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2002CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Spring 2003CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2003CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions.

Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions.
SSL / TLS in ITDS Arun Vishwanathan 23 rd Dec 2003.

SSL / TLS in ITDS Arun Vishwanathan 23 rd Dec 2003.
Protecting Internet Communications: Encryption  Encryption: Process of transforming plain text or data into cipher text that cannot be read by anyone.

Protecting Internet Communications: Encryption  Encryption: Process of transforming plain text or data into cipher text that cannot be read by anyone.

Similar presentations

Ads by Google