SSL (Secure Socket Layer) and Secure Web Pages - PowerPoint PPT Presentation

About This Presentation
Title:

SSL (Secure Socket Layer) and Secure Web Pages

Description:

SSL (Secure Socket Layer) and Secure Web Pages Rob Sodders, University of Florida CIS4930 Advanced Web Design Spring 2004 rsodders_at_cise.ufl.edu – PowerPoint PPT presentation

Number of Views:169
Avg rating:3.0/5.0
Slides: 19
Provided by: Compu348
Learn more at: http://plaza.ufl.edu
Category:
Tags: ssl | internet | layer | pages | secure | socket | web

less

Transcript and Presenter's Notes

Title: SSL (Secure Socket Layer) and Secure Web Pages


1
SSL (Secure Socket Layer) and Secure Web Pages
  • Rob Sodders, University of Florida
  • CIS4930 Advanced Web Design
  • Spring 2004
  • rsodders_at_cise.ufl.edu

2
What is SSL?
  • SSL Secure Socket Layer
  • SSL transmits information over the internet in
    encrypted form. The SSL protocol ensures that a
    transmission is sent only from client to server.
  • SSL was originally developed by Netscape to
    provide secure transmission between a web browser
    and web server.

3
What is SSL?
  • The SSL protocol provides 40-bit1 and 128-bit
    encryption.
  • The usage of the SSL protocol is commonly
    denoted by a URL beginning with https (though
    this is not always the case and likewise https
    does not always imply the use of SSL).
  • (1) 40 bit encryption 1,099,511,627,776
    possible key combinations

4
Why use SSL?
  • Data is usually sent across the internet in plain
    text.
  • Unscrupulous individuals often use applications,
    commonly called Sniffers that search for
    patterns that represent potentially valuable
    information, including but not limited to Credit
    Card Numbers, Social Security Numbers, User
    Names/Passwords, etc.

5
How does SSL Work?
6
How does SSL Work?
  • Three parts to the SSL protocol
  • SSL Server authentication and/or
  • SSL Client authentication,
  • as well as an encrypted SSL connection.

7
How does SSL Work?
  • Client-Side Authentication
  • Allows user to check that servers certificate
    and public ID are valid. The users identity with
    this information can be verified with this
    information
  • Checks that certificate is issued by a trusted
    certificate authority (i.e. VeriSign). These can
    be expensive.
  • Commonly used in online sales.
  • Server-Side Authentication
  • Allows user to check that servers certificate
    and public ID are valid. The users identity with
    this information can be verified with this
    information
  • Checks that a certificate is issued by trusted
    certificate authority (in this case it is often
    the provided to the client by the Server (not
    in a physical sense)
  • Not as frequently used. Useful when a server
    needs to validate the identity of the user (i.e.
    a bank sending confidential information to a
    customer).

8
How Does SSL Work?
  • An encrypted SSL connection - ensures all
    information sent between a client and a server to
    be encrypted by the sending software and
    decrypted by the receiving software, thus
    providing a high degree of confidentiality. All
    data sent over an encrypted SSL connection is
    protected with a mechanism for detecting
    tampering--that is, for automatically determining
    whether the data has been altered in transit.

9
Implementing SSL on your site.
  • First some limitations
  • Youre unlikely to have purchased a certificate
    from a trusted provide (the cost of a VeriSign
    certificate begins at 350 year!!).
  • SSL toolkit/protocol must be installed on your
    server. Most servers will have this installed. If
    not you may wish to point your System
    Administrator to OpenSSL (www.openssl.org).
  • Open SSL is installed on most LAMP setups.

10
Implementing SSL on your site.
  • This example is not on my CIS4930 page, but on my
    CISE homepage. We dont have a certificate so in
    actuality this will basic authentication.
  • Hopefully this will make the demo a bit more
    useful for everyone (it may be particulary
    useful for anyone taking CEN3031 or CIS4301 in
    the future when attempting the project(s).)

11
Implementing SSL on your site
  • In the various directories of your web page you
    need to have a htaccess file (on most servers
    though it is .htaccess file).
  • Well do an example using basic authentication
    first and the go about how you would implement
    SSL.
  • SIDENOTE You can do many things with your
    htaccess including setting a different default
    homepage (other than index.html), blocking and/or
    allowing only certain IP addresses and domains,
    allowing only certain browsers and OS.

12
Your htaccess file
  • If you dont have a htaccess file visit CISE Web
    Help to help in creating one for your CISE
    account.
  • Your htaccess file should have something like
    this
  • AuthUserFile /cise/homes/rsodders/public_html/ci
    s4930/private/htpasswd
  • AuthName Test
  • AuthType Basic
  • require user test

13
Creating user file on CISE
  • To create password for the user test at the
    command prompt
  • htpasswd -c /cise/homes/rsodders/public_html/cis49
    30/private/htpasswd test

14
Creating user file on CISE
  • Youll be prompted to enter the password for the
    user (Ive used cis4930).
  • Ex.
  • New password
  • Re-type new password
  • Adding password for user test

15
Creating user file on CISE
  • http//www.cise.ufl.edu/rsodders/cis4930/private/
    is now using basic encryption.

16
If we had a SSL certificate..
  • In the htaccess fille
  • Replace AuthUserFile with the address of your
    installed/purchased certificate.
  • Replace AuthType with SSL.
  • Replace/add require with the certificate that the
    client must have.

17
Sources
  • Netscape SSL Info http//developer.netscape.com/d
    ocs/manuals/security/sslin/contents.htm
  • CISE SSL Certificate http//www.cise.ufl.edu/help
    /access/cert.shtml
  • CISE htaccess http//www.cise.ufl.edu/help/web/ht
    passwd.shtml

18
Download these Slides
  • http//rob.donotforgetme.com/cis4930.html
Write a Comment
User Comments (0)
About PowerShow.com