Contenu connexe Similaire à E gov security_tut_session_4_lab Similaire à E gov security_tut_session_4_lab (20) Plus de Mustafa Jarrar (20) 1. أكاديمية الحكومة اإللكترونية الفلسطينية
The Palestinian eGovernment Academy
www.egovacademy.ps
Security Tutorial
Session 4
LAB
PalGov © 2011 1
2. About
This tutorial is part of the PalGov project, funded by the TEMPUS IV program of the
Commission of the European Communities, grant agreement 511159-TEMPUS-1-
2010-1-PS-TEMPUS-JPHES. The project website: www.egovacademy.ps
Project Consortium:
Birzeit University, Palestine
University of Trento, Italy
(Coordinator )
Palestine Polytechnic University, Palestine Vrije Universiteit Brussel, Belgium
Palestine Technical University, Palestine
Université de Savoie, France
Ministry of Telecom and IT, Palestine
University of Namur, Belgium
Ministry of Interior, Palestine
TrueTrust, UK
Ministry of Local Government, Palestine
Coordinator:
Dr. Mustafa Jarrar
Birzeit University, P.O.Box 14- Birzeit, Palestine
Telfax:+972 2 2982935 mjarrar@birzeit.eduPalGov © 2011
2
3. © Copyright Notes
Everyone is encouraged to use this material, or part of it, but should properly
cite the project (logo and website), and the author of that part.
No part of this tutorial may be reproduced or modified in any form or by any
means, without prior written permission from the project, who have the full
copyrights on the material.
Attribution-NonCommercial-ShareAlike
CC-BY-NC-SA
This license lets others remix, tweak, and build upon your work non-
commercially, as long as they credit you and license their new creations
under the identical terms.
PalGov © 2011 3
4. Tutorial 5:
Information Security
Session 4: Certificates and HTTPS Lab
Session 4 Outline:
•Apache with Basic authentications.
•Open SSL certificate and certificate authority
•Apache and HTTPS
PalGov © 2011 4
5. Tutorial 5:
Session 6: HTTPS LAB
This session will contribute to the following
ILOs:
• C: Professional and Practical Skills:
• c1: Deploy and configure a secure system to protect their computing
resources.
• c2: Configure an end-to-end secure and available system using
Apache.
• c3: Configure integral and confidentiality services using integrity
and confidentiality algorithms and protocols.
• c4: Configure user authentication and authorization services using
LDAP and SSL certificates.
• D: General and Transferable Skills
• d1: Communication and team work.
• d2: Systems configurations.
• d3: Analysis and identification skills.
PalGov © 2011 5
6. Apache Web Server
• In this lab we will explain how to configure secure
Apache web server.
• To set up a web site we need a web server, a
domain name, and an IP address.
• We will use Ubuntu 11.10 in setting up Apache web
server.
PalGov © 2011 6
7. Installing Apache
• The desktop version of Ubuntu does not install the
Apache web server by default. Therefore, the first step is
to install Apache.
• To install Apache from the command-line start a terminal
window (Ctrl-Alt-T) and run the following command at the
command prompt:
• sudo apt-get install apache2
• Once the installation is complete the next step is to verify
the web server is up and running.
• To do this run the web browser and enter 127.0.0.1 in the
address bar. The browser should load a page that reads It
works!.
8. Configuring Apache
• The next step in setting up your web server is to configure it for a domain
name. Edit /etc/hosts and add the domain name:
• 127.0.1.1 example.com
• To configure the web server open a terminal window and change directory
to /etc/apache2/sites-available. Edit the default file as follows:
• <VirtualHost *:80>
• ServerAdmin webmaster@example.com
• ServerName example.com
•
• DocumentRoot /var/www/example.com
• <Directory />
• Options FollowSymLinks
• AllowOverride None
• </Directory>
• <Directory /var/www/example.com>
• Options Indexes FollowSymLinks MultiViews
• AllowOverride None
• Order allow,deny
• allow from all
• </Directory> PalGov © 2011 8
9. Configuring Apache
• Next, create the /var/www/example.com directory and place an index.html
file in it. For example:
• <html>
• <title>Sample Web Page</title>
• <body>
• Welcome to my website.
• </body>
• </html>
• The last step is to restart the Apache web server
• sudo /etc/init.d/apache2 restart
• If the web server sits on a network protected by a firewall, you need to
configure the firewall to forward port 80 to the web server system. The
mechanism for performing this differs between firewalls and devices.
PalGov © 2011 9
10. Configuring HTTPS
• In order for Apache web server to provide HTTPS, a certificate and key file
are also needed. The default HTTPS configuration file use an auto-
generated certificate and key. The auto-generated certificate and key are
used for testing, but should be replaced by a certificate specific to the site
or server.
• To generate a key, change directory to /etc/ssl/private and run the
following command from a terminal window:
• openssl genrsa -des3 -out server.key 2048
• A key without a passphrase is often used with Apache web server to allow
Apache service to start without manual intervention. To remove
passphrase from private key:
• openssl rsa -in server.key -out server.key
• Next, create the Certificate Signing Request (CSR):
• openssl req -new -key server.key -out server.csr
PalGov © 2011 10
11. Configuring HTTPS
• Once you enter all required information, the CSR file will be created.
You can now submit this CSR file to a Certification Authority (CA) to
issue the certificate. Alternatively, you can create your own self-
signed certificate.
• To create a self-signed certificate, run the following commands:
• openssl x509 -in server.csr -out server.crt -req -
signkey server.key -days 365
• chmod 400 server.*
PalGov © 2011 11
12. Configuring HTTPS
• To configure Apache for HTTPS, edit default SSL configuration file in
/etc/apache2/sites-available as follows:
• <VirtualHost *:443>
• ServerAdmin webmaster@example.com
• ServerName example.com
•
• DocumentRoot /var/www/example.com
• <Directory />
• Options FollowSymLinks
• AllowOverride None
• </Directory>
• <Directory /var/www/example.com>
• Options Indexes FollowSymLinks MultiViews
• AllowOverride None
• Order allow,deny
• allow from all
• </Directory>
• SSLCertificateFile /etc/ssl/private/server.crt
• SSLCertificateKeyFile /etc/ssl/private/server.key
PalGov © 2011 12
13. Configuring HTTPS
• To enable ssl module and default-ssl site within Apache
configuration:
• sudo a2enmod ssl
• sudo a2ensite default-ssl
• With Apache now configured for HTTPS, restart the service to
enable the new settings:
• sudo /etc/init.d/apache2 restart
PalGov © 2011 13
14. HTTP Basic Authentication
• HTTP basic authentication is used to restrict access to a
web site by looking up users in plain text password file.
• To create a password file for protecting the directory
/var/www/example.com/secret:
• htpasswd -c /var/www/passwords admin
• Next, we need to configure Apache to request a password
and tell the server which users are allowed access.
• To configure Apache, edit default configuration file in
/etc/apache2/sites-available as follows:
• <Directory /var/www/example.com/secret>
• AuthType Basic
• AuthName "Restricted Files“
• AuthUserFile /var/www/passwords
• Require valid-user
• </Directory>
PalGov © 2011 14
15. HTTP Basic Authentication
• To add a user to your already existing password file:
• htpasswd /var/www/passwords admin2
• The last step is to check access to the directory by
runing the web browser and enter
http://127.0.0.1/secret in the address bar. The
browser should ask for username and password to
load the page.
PalGov © 2011 15
16. Summary
• In this session we discussed the
following:
• Apache with Basic authentications.
• SSL practical (basic authentication over
SSL, HTTPS)
• Open SSL certificate and certificate
authority
PalGov © 2011 16
17. Thanks
Eng. Ghannam Aljabary
PalGov © 2011 17
