Presentation is loading. Please wait.

Presentation is loading. Please wait.

PKI 2: Protezione del traffico Web tramite SSL Fabrizio Grossi.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "PKI 2: Protezione del traffico Web tramite SSL Fabrizio Grossi."— Presentation transcript:

1 PKI 2: Protezione del traffico Web tramite SSL Fabrizio Grossi

2 Overview  Introduction to SSL Security  Enabling SSL on a Web Server  Implementing Certificate-based Authentication

3 Introduction to SSL Security  Why Use SSL to Secure Web Traffic?  Multimedia: Using SSL to Secure Web Traffic  Certificates Used for an SSL Session  Guidelines for Choosing a Private or Commercial CA

4 Why Use SSL to Secure Web Traffic? By default, HTTP packets are transmitted as plaintext Implement SSL to: Encrypt the transmitted data at the application layer Enable Web clients to authenticate the Web server By default, HTTP packets are transmitted as plaintext Implement SSL to: Encrypt the transmitted data at the application layer Enable Web clients to authenticate the Web server

5 Using SSL to Secure Web Traffic Web Client Internet Web Server HTTP

6 Certificates Used for an SSL Session Certificate typeUsagePurpose Server certificates Mandatory  Secure transmission of the session key  Authenticate the Web server User certificates Optional  Authenticate the user  Implement certificate-based authentication of Web users

7 Guidelines for Choosing a Private or Commercial CA Business requirement Private CA Commercial CA Increase user confidence in your Web site Minimize the configuration of internal computers Include liability insurance Enforce your organization’s security policy Give end users flexibility for managing certificates Reduce the costs of issuing certificates

8 Enabling SSL on a Web Server  How to Acquire a Web Server Certificate from a Private CA  How to Acquire a Web Server Certificate from a Commercial CA  SSL Configuration Options  Certificate Deployment for Complex Configurations  Guidelines for Enabling SSL Security

9 Implementing Certificate-based Authentication  Web-based Authentication Methods  Types of Certificate Mapping  How to Implement Certificate Mapping in IIS  How to Implement Certificate Mapping in Active Directory  Guidelines for Certificate Mapping

10 Web-based Authentication Methods Authentication method Authentication security Anonymous authentication N/A Basic authentication * Digest authentication **.NET Passport *** Integrated Windows authentication **** Basic authentication with SSL **** Client certificates ***** * = low; ***** = high

11 Types of Certificate Mapping Mapping typeDescriptionUse when One to one A single certificate maps to one user account Each user must be uniquely identified Many to one Multiple certificates map to one user account based on common attributes Multiple users require the same level of access

Download ppt "PKI 2: Protezione del traffico Web tramite SSL Fabrizio Grossi."

Similar presentations

Transfer Content to a Website What is FTP? File Transfer Protocol FTP is a protocol – a set of rules Designed to allow files to be transferred across.

Transfer Content to a Website What is FTP? File Transfer Protocol FTP is a protocol – a set of rules Designed to allow files to be transferred across.
Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.

Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.
Lori Fitterling LI843 SSL Secured Sockets Layer. What is Secure Sockets Layer (SSL)? It is protection of data transferred over the Internet using encryption.

Lori Fitterling LI843 SSL Secured Sockets Layer. What is Secure Sockets Layer (SSL)? It is protection of data transferred over the Internet using encryption.
Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.

Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.
Cross Platform Single Sign On using client certificates Emmanuel Ormancey, Alberto Pace Internet Services group CERN, Information Technology department.

Cross Platform Single Sign On using client certificates Emmanuel Ormancey, Alberto Pace Internet Services group CERN, Information Technology department.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 13: Administering Web Resources.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 13: Administering Web Resources.
Module 5: Configuring Access to Internal Resources.

Module 5: Configuring Access to Internal Resources.
Web Server Administration TEC 236 Securing the Web Environment.

Web Server Administration TEC 236 Securing the Web Environment.
1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.

1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.
1 Configuring Virtual Private Networks for Remote Clients and Networks.

1 Configuring Virtual Private Networks for Remote Clients and Networks.
Using Internet Information Server And Microsoft ® Internet Explorer To Implement Security On The Intranet HTTP.

Using Internet Information Server And Microsoft ® Internet Explorer To Implement Security On The Intranet HTTP.
Introduction To Windows NT ® Server And Internet Information Server.

Introduction To Windows NT ® Server And Internet Information Server.
Internet Protocol Security (IPSec)

Internet Protocol Security (IPSec)
Access Control in IIS 6.0 Windows 2003 Server Prepared by- Shamima Rahman School of Science and Computer Engineering University of Houston - Clear Lake.

Access Control in IIS 6.0 Windows 2003 Server Prepared by- Shamima Rahman School of Science and Computer Engineering University of Houston - Clear Lake.
Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.

Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.
1 Enabling Secure Internet Access with ISA Server.

1 Enabling Secure Internet Access with ISA Server.
Public Key Infrastructure Ammar Hasayen 2013. ….

Public Key Infrastructure Ammar Hasayen ….
Managing Client Access

Managing Client Access
Module 4 Managing Client Access. Module Overview Configuring the Client Access Server Role Configuring Client Access Services for Outlook Clients Configuring.

Module 4 Managing Client Access. Module Overview Configuring the Client Access Server Role Configuring Client Access Services for Outlook Clients Configuring.
Internet Information Server 6.0. Overview  What’s New in IIS 6.0?  Built-in Accounts and IIS 6.0  IIS Pass-Through Authentication  Securing Web Traffic.

Internet Information Server 6.0. Overview  What’s New in IIS 6.0?  Built-in Accounts and IIS 6.0  IIS Pass-Through Authentication  Securing Web Traffic.

Similar presentations

Ads by Google