[go: up one dir, main page]
Scribd
Upload
50 views4 pages

Web Security Protocols

The document outlines various web security protocols and technologies, focusing on key issues such as confidentiality, authentication, and network security. It details specific protocols like HTTPS, SSH, S/MIME, and IPSec, including their workings, advantages, and disadvantages. The information emphasizes the importance of encryption, data integrity, and user trust in web security.

Uploaded by

s6307823
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
50 views4 pages

Web Security Protocols

The document outlines various web security protocols and technologies, focusing on key issues such as confidentiality, authentication, and network security. It details specific protocols like HTTPS, SSH, S/MIME, and IPSec, including their workings, advantages, and disadvantages. The information emphasizes the importance of encryption, data integrity, and user trust in web security.

Uploaded by

s6307823
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 4

Web Security Protocols and Technologies

Web Security Issues

1. Confidentiality:

- Ensures data is only accessible to authorized users using encryption.

- Example: Encrypting login credentials.

2. Authentication:

- Verifies the identity of users or systems.

- Methods: Passwords, OTPs, biometrics, digital certificates.

3. Network Security:

- Protects data during transmission.

- Uses: Firewalls, VPNs, HTTPS, SSL/TLS, SSH.

Hypertext Transfer Protocol Secure (HTTPS)

- HTTPS secures communication between browser and web server using SSL/TLS.

- Uses port 443.

- Encrypts data, ensures authenticity and integrity.

Working:

1. Browser connects to HTTPS server.

2. Server sends SSL certificate.

3. Browser verifies the certificate.

4. Secure connection is established.


Web Security Protocols and Technologies

Authentication & Integrity:

- Authentication: Digital certificates verify the website identity.

- Integrity: Ensures data isn't tampered using hashes.

Types of Validation:

- Domain Validation (DV): Verifies domain ownership.

- Organization Validation (OV): Verifies domain and organization.

- Extended Validation (EV): Full verification, shows green padlock.

Advantages:

- Data encryption and integrity.

- Builds user trust and boosts SEO.

Disadvantages:

- Slightly slower.

- Requires SSL certificate (cost and maintenance).

Secure Shell (SSH) Protocol

- SSH is used for secure remote login and file transfer.

- Uses port 22 and public key cryptography.

Working:

1. Client connects to server.

2. Server sends public key.


Web Security Protocols and Technologies

3. Client verifies and initiates secure encrypted session.

SSH Protocol Stack:

1. Transport Layer: Handles encryption and integrity.

2. Authentication Layer: Verifies user identity.

3. Connection Layer: Manages sessions and channels.

Users: System admins, developers, cloud engineers.

Advantages:

- Strong encryption, file transfer (SCP/SFTP), supports public key auth.

Disadvantages:

- Key compromise risk, requires CLI knowledge.

S/MIME (Secure/Multipurpose Internet Mail Extensions)

- Provides end-to-end security for email.

- Encrypts email content and signs it digitally.

Working:

- Uses public key cryptography.

- Sender signs and encrypts email using recipient's public key.

- Recipient decrypts using private key.


Web Security Protocols and Technologies

Advantages:

- Confidentiality, authentication, and integrity of email.

- Digital signature proves sender identity.

Disadvantages:

- Needs key management (certificates).

- Compatibility issues with some clients.

IP Security (IPSec)

- A framework to secure IP communications by authenticating and encrypting IP packets.

Modes of Operation:

1. Transport Mode: Encrypts only the data (payload) of the packet.

2. Tunnel Mode: Encrypts entire IP packet and wraps it in a new IP header.

Advantages:

- Transparent to applications.

- Provides authentication, encryption, and data integrity.

- Works at network layer.

Disadvantages:

- Complex to configure and manage.

- Compatibility issues with NAT.

- Overhead may reduce performance.

You might also like