Presentation is loading. Please wait.

Presentation is loading. Please wait.

1. ◦ Intro ◦ Client-side security ◦ Server-side security ◦ Complete security ? 2.

Published byShona Weaver Modified over 8 years ago

Similar presentations

Presentation on theme: "1. ◦ Intro ◦ Client-side security ◦ Server-side security ◦ Complete security ? 2."— Presentation transcript:

1 1

2 ◦ Intro ◦ Client-side security ◦ Server-side security ◦ Complete security ? 2

3 ◦ The security of a web-based information system requires security controls at each tier (client, web server, database server, …). browser  web server  application/database server HTTP/HTTPS application protocol(s) or HTTP/HTTPS Figure 11.1 ◦ A web client can become an easy target. ◦ The servers are prime targets to the hackers. ◦ The communication links must be secured as well. 3

4  A challenge to provide total security to clients 1.Client devices tend to be handled by end users with varying levels of expertise. 2.There exist multiple types of client devices. 3.Various executables and/or email attachments may be downloaded to a networked client device. 4.There exist various client applications, each of which requires different configurations, updates, etc. 5.Less physical security 4

5  User awareness  Client configurations/updates ◦ anti-malware applications ◦ Web browsers ◦ Email client applications  How far and how long would sensitive data need to be protected? ◦ Encryption? (key management, …) ◦ MAC? ◦ Period of protection? 5

6  What need to be secured? ◦ The server itself (physical, applications, data) ◦ The connections to the clients ◦ The connected clients  A centralized location to enable security controls 6

7  Challenges? 1.A rewarding target (web presence, precious data) 2.Various server-side technologies  CGI scripts  Server APIs  Server-side includes  ASP  JSP/Servlets  PhP 7

8  Challenges? (cont.) 3.Possibly high workload (many connections) 4.Need for layered security (application layer vs network or lower layer) 5.Configurations and updates 8

9  That’s the goal.  Requires the cooperation of all participants, the security of all devices and communication links. ◦ Data security: When and where do sensitive data need to be protected?  Laws require corporations and organizations to implement proper measures to protect the data they process. 9

10 10

11 11

12 12

13 13

14 14

15 15

Download ppt "1. ◦ Intro ◦ Client-side security ◦ Server-side security ◦ Complete security ? 2."

Similar presentations

Internet Security Protocols

Internet Security Protocols
Module 5: TLS and SSL 1. Overview Transport Layer Security Overview Secure Socket Layer Overview SSL Termination SSL in the Hosted Environment Load Balanced.

Module 5: TLS and SSL 1. Overview Transport Layer Security Overview Secure Socket Layer Overview SSL Termination SSL in the Hosted Environment Load Balanced.
A Survey Of Web Security Aviel D. Rubin Daniel E. Geer Jr. “...with an internationally connected user network and rapidly expand Web functionality, reliability.

A Survey Of Web Security Aviel D. Rubin Daniel E. Geer Jr. “...with an internationally connected user network and rapidly expand Web functionality, reliability.
Internet, Intranet and Extranets

Internet, Intranet and Extranets
1 Configuring Virtual Private Networks for Remote Clients and Networks.

1 Configuring Virtual Private Networks for Remote Clients and Networks.
Server-Side vs. Client-Side Scripting Languages

Server-Side vs. Client-Side Scripting Languages
A Security Pattern for a Virtual Private Network Ajoy Kumar and Eduardo B. Fernandez Dept. of Computer Science and Eng. Florida Atlantic University Boca.

A Security Pattern for a Virtual Private Network Ajoy Kumar and Eduardo B. Fernandez Dept. of Computer Science and Eng. Florida Atlantic University Boca.
Administrative  Philosophy  Class survey  Grading  Proposal (5 points max)  Small projects (10 points each max)  Project (40 points max)  Presentation.

Administrative  Philosophy  Class survey  Grading  Proposal (5 points max)  Small projects (10 points each max)  Project (40 points max)  Presentation.
15 Chapter 15 Web Database Development Database Systems: Design, Implementation, and Management, Fifth Edition, Rob and Coronel.

15 Chapter 15 Web Database Development Database Systems: Design, Implementation, and Management, Fifth Edition, Rob and Coronel.
DATABASE APPLICATION DEVELOPMENT SAK 3408 The Web and DBMS.

DATABASE APPLICATION DEVELOPMENT SAK 3408 The Web and DBMS.
Internet…issues Managing the Internet

Internet…issues Managing the Internet
Security Management IACT 918 July 2004 Gene Awyzio SITACS University of Wollongong.

Security Management IACT 918 July 2004 Gene Awyzio SITACS University of Wollongong.
OCT1 Principles From Chapter One of “Distributed Systems Concepts and Design”

OCT1 Principles From Chapter One of “Distributed Systems Concepts and Design”
INTERNET DATABASE. Internet and E-commerce Internet – a worldwide collection of interconnected computer network Internet – a worldwide collection of interconnected.

INTERNET DATABASE. Internet and E-commerce Internet – a worldwide collection of interconnected computer network Internet – a worldwide collection of interconnected.
Nasca 2007 200 400 600 800 1000 Internet Ch. 5Internet Ch. 8 Networking and Security Ch. 6 Networking and Security Ch. 8.

Nasca Internet Ch. 5Internet Ch. 8 Networking and Security Ch. 6 Networking and Security Ch. 8.
Multiple Tiers in Action

Multiple Tiers in Action
Technologies for EC/EB Walt Scacchi FEMBA 290 Winter 2003.

Technologies for EC/EB Walt Scacchi FEMBA 290 Winter 2003.
Introduction to Web Based Application. Web-based application TCP/IP (HTTP) protocol Using WWW technology & software Distributed environment.

Introduction to Web Based Application. Web-based application TCP/IP (HTTP) protocol Using WWW technology & software Distributed environment.
Administrative  Philosophy  Class survey  Grading  Project  Presentation.

Administrative  Philosophy  Class survey  Grading  Project  Presentation.
Performed by:Gidi Getter Svetlana Klinovsky Supervised by:Viktor Kulikov 08/03/2009.

Performed by:Gidi Getter Svetlana Klinovsky Supervised by:Viktor Kulikov 08/03/2009.

Similar presentations

Ads by Google