CS459/559 - Network Security - Chapter 16: Securing Your Web Connection

1. Ensuring Secure Web Communications
   • Secure Hypertext Transfer Protocol (S-HTTP) [Microsoft, Mastercard, Visa)
     • message-oriented communications protocol that extends HTTP that establishes a secure communications between an HTTP-based client/server pair
     • authenicates the server and encrypts data transmitted between the client and server
     • supports symmetric keys
     • To send an S-HTTP-based message, you need:
       • cleartext HTTP message
       • recipient's cryptographic preferences and keying material
       • sender's cryptographic preferences and keying material
     • To recover the message, you need
       • the S-HTTP message
       • recipient's cryptographic preferences and keying material
       • recipient's current cryptographic preferences and keying material
       • sender's previously stated cryptographic options
   • Secure Sockets Layer (SSL) developed by Netscape & RSA; uses prefix https
     • VeriSign - Security Solutions: The Digital ID System
     • Apache-SSL HTTP server
   • Cookies
   • Version Control Software
   • Microsoft Proxy Server
2. Security Threats on the Web
   • CGI Scripts
   • Downloadable Applets
   • Java
   • ActiveX
3. Web Browser Vulnerability (cache files, history files, bookmarks)
4. Search Engine Vulnerability attach search engine outside firewall and access internal info through the proxy server