Post on 28-Jan-2018
Web Security & SSL
Akhil Nadh PC17203101 Mtech - 2017 ( IS )
NIT Jalandhar
Web Security, also known as “Cybersecurity” involves protecting that
information by preventing, detecting, and responding to attacks
Web Security: Terminologies
Hacker
Viruses
Worms
Trojan horses
Ransomware
KeyLoggers
Firewalls
Web Security: Aspects
Privacy
Integrity
Authentication
Web Security: Issues
<? phpmail(“recipient@yahoo.com”, ”Hi from Bill Gates”, ”Hi, I amBill gates” , "From: billgates@microsoft.com");
?>
From: billgates@microsoft.com
To: recipient@yahoo.com
Subject: Hi from Bill GatesHi, I am Bill gates
Web Security: Issues
Malicious websites
SPAM
Phishing
DDOS
How will you provide your customers safe and secure environment on your website ?
SSL (Secure Socket Layer)
Transport Layer Security Protocol Used to secure data between two
machines Online ID card ensures who they are
You May Know SSL
Pad Lock Browser bar turning Green https
Without SSL
Lets Fully Understand How SSL Works.
Bob is Business Owner He Owns bobsbike.bizHe wants people to be safe visiting hisWebsite
He need to apply for SSL Certificate From Web Hosting company or purchase online from third party Certificate Authority
[ VeriSign , GeoTrust , Comodo , Digicert ]
Suppose He calls VeriSign
• Research Company • Check the references • and postively determine they are who they are
SSL• Assures Identity • Encrypt data to and fro
When Customer internet browser connect with BOB Server• Check SSL is Valid• What type of Encryption and Scrabling they use
Now , Bob does not have to worry about loosing customers due to Performance Issues
Now , When Customer places Orders Sensitive Info is secured with SSL Certificate
Assured Safe and Legitimate Website
Customer Gets the BikeBob gets the PaymentAttacker gets NOTHING..!
SSL (Secure Socket Layer)
transport layer security service
originally developed by Netscape
version 3 designed with public input
uses TCP to provide a reliable end-to-end service
SSL has two layers of protocols
SSL Record Protocol
Handshake Protocol
Change Cipher Spec Protocol
Alert Protocol
HTTP
Two important SSL concepts
SSL Session:
is an association between a client and a server.
created by the Handshake Protocol.
define a set of cryptographic security parameters which can be shared among multiple connections.
are used to avoid the expensive negotiation of new security parameters for each connection
SSL Connection
A connection is a transport that provides a suitable type of service.
are peer-to-peer relationships
are transient.
Every connection is associated with one session.
SSL Architecture
SSL Handshake Protocol
allows server & client to:
authenticate each other
to negotiate encryption & MAC algorithms
to negotiate cryptographic keys to be used
comprises a series of messages in phases
1. Establish Security Capabilities
2. Server Authentication and Key Exchange
3. Client Authentication and Key Exchange
4. Finish
Thank You