Soumettre la recherche
Mettre en ligne
9780840024220 ppt ch08
•
Télécharger en tant que PPTX, PDF
•
1 j'aime
•
604 vues
K
Kristin Harrison
Suivre
Chapter 08
Lire moins
Lire la suite
Formation
Signaler
Partager
Signaler
Partager
1 sur 58
Télécharger maintenant
Recommandé
CISSP - Chapter 4 - Network Fundamental
CISSP - Chapter 4 - Network Fundamental
Karthikeyan Dhayalan
WiFi - IEEE 802.11
WiFi - IEEE 802.11
Damien Magoni
CISSP - Chapter 4 - Intranet and extranets
CISSP - Chapter 4 - Intranet and extranets
Karthikeyan Dhayalan
Chapter04
Chapter04
Muhammad Ahad
Network Security Fundamentals
Network Security Fundamentals
Damien Magoni
BAIT1103 Chapter 8
BAIT1103 Chapter 8
limsh
network basics
network basics
Avin Ash
Network management
Network management
Mohd Arif
Recommandé
CISSP - Chapter 4 - Network Fundamental
CISSP - Chapter 4 - Network Fundamental
Karthikeyan Dhayalan
WiFi - IEEE 802.11
WiFi - IEEE 802.11
Damien Magoni
CISSP - Chapter 4 - Intranet and extranets
CISSP - Chapter 4 - Intranet and extranets
Karthikeyan Dhayalan
Chapter04
Chapter04
Muhammad Ahad
Network Security Fundamentals
Network Security Fundamentals
Damien Magoni
BAIT1103 Chapter 8
BAIT1103 Chapter 8
limsh
network basics
network basics
Avin Ash
Network management
Network management
Mohd Arif
14 coms 525 tcpip - applications - snmp
14 coms 525 tcpip - applications - snmp
Palanivel Kuppusamy
Web technologies: recap on TCP-IP
Web technologies: recap on TCP-IP
Piero Fraternali
The Meteor Framework
The Meteor Framework
Damien Magoni
Network layer
Network layer
Ahmed_Hamed_Attia
CISSP - Chapter 3 - Cryptography
CISSP - Chapter 3 - Cryptography
Karthikeyan Dhayalan
CISSP Prep: Ch 5. Communication and Network Security (Part 1)
CISSP Prep: Ch 5. Communication and Network Security (Part 1)
Sam Bowne
A Guide to Secure Remote Access - Eric Vanderburg
A Guide to Secure Remote Access - Eric Vanderburg
Eric Vanderburg
Net+, 6th Ed. CH. 1
Net+, 6th Ed. CH. 1
WedgeB
Unit 3 - Protocols and Client-Server Applications - IT
Unit 3 - Protocols and Client-Server Applications - IT
Deepraj Bhujel
Net essentials6e ch7
Net essentials6e ch7
APSU
A Complete Guide Cloud Computing
A Complete Guide Cloud Computing
Sripati Mahapatra
Net essentials6e ch12
Net essentials6e ch12
APSU
internet network for o level
internet network for o level
Samit Singh
4. Communication and Network Security
4. Communication and Network Security
Sam Bowne
CISSP Prep: Ch 5. Communication and Network Security (Part 2)
CISSP Prep: Ch 5. Communication and Network Security (Part 2)
Sam Bowne
Net essentials6e ch5
Net essentials6e ch5
APSU
Network Management Fundamentals - Back to the Basics
Network Management Fundamentals - Back to the Basics
SolarWinds
ET3003-2 OSI-TCPIP (Semester II 2013-2014)
ET3003-2 OSI-TCPIP (Semester II 2013-2014)
Tutun Juhana
CNIT 141 13. TLS
CNIT 141 13. TLS
Sam Bowne
Application layer
Application layer
Ahmed_Hamed_Attia
rm, 10e ch02 copy
rm, 10e ch02 copy
Kristin Harrison
Chapter 07
Chapter 07
Kristin Harrison
Contenu connexe
Tendances
14 coms 525 tcpip - applications - snmp
14 coms 525 tcpip - applications - snmp
Palanivel Kuppusamy
Web technologies: recap on TCP-IP
Web technologies: recap on TCP-IP
Piero Fraternali
The Meteor Framework
The Meteor Framework
Damien Magoni
Network layer
Network layer
Ahmed_Hamed_Attia
CISSP - Chapter 3 - Cryptography
CISSP - Chapter 3 - Cryptography
Karthikeyan Dhayalan
CISSP Prep: Ch 5. Communication and Network Security (Part 1)
CISSP Prep: Ch 5. Communication and Network Security (Part 1)
Sam Bowne
A Guide to Secure Remote Access - Eric Vanderburg
A Guide to Secure Remote Access - Eric Vanderburg
Eric Vanderburg
Net+, 6th Ed. CH. 1
Net+, 6th Ed. CH. 1
WedgeB
Unit 3 - Protocols and Client-Server Applications - IT
Unit 3 - Protocols and Client-Server Applications - IT
Deepraj Bhujel
Net essentials6e ch7
Net essentials6e ch7
APSU
A Complete Guide Cloud Computing
A Complete Guide Cloud Computing
Sripati Mahapatra
Net essentials6e ch12
Net essentials6e ch12
APSU
internet network for o level
internet network for o level
Samit Singh
4. Communication and Network Security
4. Communication and Network Security
Sam Bowne
CISSP Prep: Ch 5. Communication and Network Security (Part 2)
CISSP Prep: Ch 5. Communication and Network Security (Part 2)
Sam Bowne
Net essentials6e ch5
Net essentials6e ch5
APSU
Network Management Fundamentals - Back to the Basics
Network Management Fundamentals - Back to the Basics
SolarWinds
ET3003-2 OSI-TCPIP (Semester II 2013-2014)
ET3003-2 OSI-TCPIP (Semester II 2013-2014)
Tutun Juhana
CNIT 141 13. TLS
CNIT 141 13. TLS
Sam Bowne
Application layer
Application layer
Ahmed_Hamed_Attia
Tendances
(20)
14 coms 525 tcpip - applications - snmp
14 coms 525 tcpip - applications - snmp
Web technologies: recap on TCP-IP
Web technologies: recap on TCP-IP
The Meteor Framework
The Meteor Framework
Network layer
Network layer
CISSP - Chapter 3 - Cryptography
CISSP - Chapter 3 - Cryptography
CISSP Prep: Ch 5. Communication and Network Security (Part 1)
CISSP Prep: Ch 5. Communication and Network Security (Part 1)
A Guide to Secure Remote Access - Eric Vanderburg
A Guide to Secure Remote Access - Eric Vanderburg
Net+, 6th Ed. CH. 1
Net+, 6th Ed. CH. 1
Unit 3 - Protocols and Client-Server Applications - IT
Unit 3 - Protocols and Client-Server Applications - IT
Net essentials6e ch7
Net essentials6e ch7
A Complete Guide Cloud Computing
A Complete Guide Cloud Computing
Net essentials6e ch12
Net essentials6e ch12
internet network for o level
internet network for o level
4. Communication and Network Security
4. Communication and Network Security
CISSP Prep: Ch 5. Communication and Network Security (Part 2)
CISSP Prep: Ch 5. Communication and Network Security (Part 2)
Net essentials6e ch5
Net essentials6e ch5
Network Management Fundamentals - Back to the Basics
Network Management Fundamentals - Back to the Basics
ET3003-2 OSI-TCPIP (Semester II 2013-2014)
ET3003-2 OSI-TCPIP (Semester II 2013-2014)
CNIT 141 13. TLS
CNIT 141 13. TLS
Application layer
Application layer
En vedette
rm, 10e ch02 copy
rm, 10e ch02 copy
Kristin Harrison
Chapter 07
Chapter 07
Kristin Harrison
9780840024220 ppt ch09
9780840024220 ppt ch09
Kristin Harrison
9780840024220 ppt ch01
9780840024220 ppt ch01
Kristin Harrison
Chapter 12
Chapter 12
Kristin Harrison
Chapter 14
Chapter 14
Kristin Harrison
9780840024220 ppt ch05
9780840024220 ppt ch05
Kristin Harrison
Chapter 09
Chapter 09
Kristin Harrison
Chapter 04
Chapter 04
Kristin Harrison
Chapter 10
Chapter 10
Kristin Harrison
Chapter 13
Chapter 13
Kristin Harrison
9781305119215 rm, 10e ch03
9781305119215 rm, 10e ch03
Kristin Harrison
Chapter 11
Chapter 11
Kristin Harrison
baim_ch10
baim_ch10
baim08
Ch02 records management
Ch02 records management
xtin101
Ch06 records management slide show part 2 with notes
Ch06 records management slide show part 2 with notes
francarter2
Ch07 records management
Ch07 records management
xtin101
Voter turnout on varansi
Voter turnout on varansi
जी. आर. दीक्षित
Uncertain future of medicare pass throughs and add-ons
Uncertain future of medicare pass throughs and add-ons
BESLER
PowerPoint 2013 ch04
PowerPoint 2013 ch04
Kristin Harrison
En vedette
(20)
rm, 10e ch02 copy
rm, 10e ch02 copy
Chapter 07
Chapter 07
9780840024220 ppt ch09
9780840024220 ppt ch09
9780840024220 ppt ch01
9780840024220 ppt ch01
Chapter 12
Chapter 12
Chapter 14
Chapter 14
9780840024220 ppt ch05
9780840024220 ppt ch05
Chapter 09
Chapter 09
Chapter 04
Chapter 04
Chapter 10
Chapter 10
Chapter 13
Chapter 13
9781305119215 rm, 10e ch03
9781305119215 rm, 10e ch03
Chapter 11
Chapter 11
baim_ch10
baim_ch10
Ch02 records management
Ch02 records management
Ch06 records management slide show part 2 with notes
Ch06 records management slide show part 2 with notes
Ch07 records management
Ch07 records management
Voter turnout on varansi
Voter turnout on varansi
Uncertain future of medicare pass throughs and add-ons
Uncertain future of medicare pass throughs and add-ons
PowerPoint 2013 ch04
PowerPoint 2013 ch04
Similaire à 9780840024220 ppt ch08
Chapter 7 Presentation
Chapter 7 Presentation
Amy McMullin
Chap 03.ppt
Chap 03.ppt
Razith2
Chapter 7 Administering a Secure Network
Chapter 7 Administering a Secure Network
Dr. Ahmed Al Zaidy
Chapter 8 Presentaion
Chapter 8 Presentaion
Amy McMullin
9781305094352 ppt ch08
9781305094352 ppt ch08
Amy McMullin
9780840024220 ppt ch04
9780840024220 ppt ch04
Kristin Harrison
ISM Chapter 3 Application and Network Attacks.ppt
ISM Chapter 3 Application and Network Attacks.ppt
SajjadAbdullah4
640-554 IT Certification and Career Paths
640-554 IT Certification and Career Paths
hibaehed
Investigation, Design and Implementation of a Secure
Investigation, Design and Implementation of a Secure
Firas Alsayied
network security / information security
network security / information security
Rohan Choudhari
Security - ch5.ppt
Security - ch5.ppt
HabtamuHaileMichael2
Information Security Lesson 4 - Baselines - Eric Vanderburg
Information Security Lesson 4 - Baselines - Eric Vanderburg
Eric Vanderburg
Coud discovery chap 5
Coud discovery chap 5
Alain Charpentier
9780840024220 ppt ch02
9780840024220 ppt ch02
Kristin Harrison
PLNOG 8: Merike Kaeo - Guide to Building Secure Infrastructures
PLNOG 8: Merike Kaeo - Guide to Building Secure Infrastructures
PROIDEA
ITN6_Instructor_Materials_Chapter11.pdf
ITN6_Instructor_Materials_Chapter11.pdf
ThangDang53
Datacom_Section_2_-_Protocols.ppt
Datacom_Section_2_-_Protocols.ppt
Kristopher Hefner
Thick client application security assessment
Thick client application security assessment
Sanjay Kumar (Seeking options outside India)
Server Hardening Primer - Eric Vanderburg - JURINNOV
Server Hardening Primer - Eric Vanderburg - JURINNOV
Eric Vanderburg
CCNA (R & S) Module 01 - Introduction to Networks - Chapter 11
CCNA (R & S) Module 01 - Introduction to Networks - Chapter 11
Waqas Ahmed Nawaz
Similaire à 9780840024220 ppt ch08
(20)
Chapter 7 Presentation
Chapter 7 Presentation
Chap 03.ppt
Chap 03.ppt
Chapter 7 Administering a Secure Network
Chapter 7 Administering a Secure Network
Chapter 8 Presentaion
Chapter 8 Presentaion
9781305094352 ppt ch08
9781305094352 ppt ch08
9780840024220 ppt ch04
9780840024220 ppt ch04
ISM Chapter 3 Application and Network Attacks.ppt
ISM Chapter 3 Application and Network Attacks.ppt
640-554 IT Certification and Career Paths
640-554 IT Certification and Career Paths
Investigation, Design and Implementation of a Secure
Investigation, Design and Implementation of a Secure
network security / information security
network security / information security
Security - ch5.ppt
Security - ch5.ppt
Information Security Lesson 4 - Baselines - Eric Vanderburg
Information Security Lesson 4 - Baselines - Eric Vanderburg
Coud discovery chap 5
Coud discovery chap 5
9780840024220 ppt ch02
9780840024220 ppt ch02
PLNOG 8: Merike Kaeo - Guide to Building Secure Infrastructures
PLNOG 8: Merike Kaeo - Guide to Building Secure Infrastructures
ITN6_Instructor_Materials_Chapter11.pdf
ITN6_Instructor_Materials_Chapter11.pdf
Datacom_Section_2_-_Protocols.ppt
Datacom_Section_2_-_Protocols.ppt
Thick client application security assessment
Thick client application security assessment
Server Hardening Primer - Eric Vanderburg - JURINNOV
Server Hardening Primer - Eric Vanderburg - JURINNOV
CCNA (R & S) Module 01 - Introduction to Networks - Chapter 11
CCNA (R & S) Module 01 - Introduction to Networks - Chapter 11
Plus de Kristin Harrison
9780840024220 ppt ch12
9780840024220 ppt ch12
Kristin Harrison
9780840024220 ppt ch11
9780840024220 ppt ch11
Kristin Harrison
9780840024220 ppt ch10
9780840024220 ppt ch10
Kristin Harrison
9780840024220 ppt ch03
9780840024220 ppt ch03
Kristin Harrison
9780840024220 ppt ch07
9780840024220 ppt ch07
Kristin Harrison
9780840024220 ppt ch06
9780840024220 ppt ch06
Kristin Harrison
Chapter 08
Chapter 08
Kristin Harrison
Chapter 05
Chapter 05
Kristin Harrison
Chapter 06
Chapter 06
Kristin Harrison
Chapter 01
Chapter 01
Kristin Harrison
Ppt2013 ch10
Ppt2013 ch10
Kristin Harrison
Ppt2013 ch09
Ppt2013 ch09
Kristin Harrison
Ppt2013 ch08
Ppt2013 ch08
Kristin Harrison
Access2013 ch10
Access2013 ch10
Kristin Harrison
Access2013 ch09
Access2013 ch09
Kristin Harrison
Plus de Kristin Harrison
(15)
9780840024220 ppt ch12
9780840024220 ppt ch12
9780840024220 ppt ch11
9780840024220 ppt ch11
9780840024220 ppt ch10
9780840024220 ppt ch10
9780840024220 ppt ch03
9780840024220 ppt ch03
9780840024220 ppt ch07
9780840024220 ppt ch07
9780840024220 ppt ch06
9780840024220 ppt ch06
Chapter 08
Chapter 08
Chapter 05
Chapter 05
Chapter 06
Chapter 06
Chapter 01
Chapter 01
Ppt2013 ch10
Ppt2013 ch10
Ppt2013 ch09
Ppt2013 ch09
Ppt2013 ch08
Ppt2013 ch08
Access2013 ch10
Access2013 ch10
Access2013 ch09
Access2013 ch09
Dernier
social pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajan
pragatimahajan3
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...
PsychoTech Services
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Krashi Coaching
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and Mode
Thiyagu K
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
EduSkills OECD
Z Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot Graph
Thiyagu K
General AI for Medical Educators April 2024
General AI for Medical Educators April 2024
Janet Corral
Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..
Disha Kariya
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
heathfieldcps1
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104
misteraugie
Class 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdf
AyushMahapatra5
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
kauryashika82
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy Consulting
TechSoup
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global Impact
PECB
APM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across Sectors
Association for Project Management
Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17
Celine George
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
christianmathematics
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impact
dawncurless
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
Sapna Thakur
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdf
Admir Softic
Dernier
(20)
social pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajan
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and Mode
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Z Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot Graph
General AI for Medical Educators April 2024
General AI for Medical Educators April 2024
Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104
Class 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdf
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy Consulting
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global Impact
APM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across Sectors
Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impact
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdf
9780840024220 ppt ch08
1.
Guide to Network
Security 1st Edition Chapter Eight Security of Web Applications
2.
© 2013 Course
Technology/Cengage Learning. All Rights Reserved Objectives • List the various Internet services in use • Identify threats to Internet services and basic countermeasures • Describe the basics of Web client-server communication • Identify the various Web languages and describe their uses • Identify various Web threats and attacks • Discuss the steps necessary to secure a Web server 2
3.
© 2013 Course
Technology/Cengage Learning. All Rights Reserved Introduction • Internet – Physical set of networks – Many services available • World Wide Web – Set of applications running on top of the Internet – Documents linked via HTTP • Majority of Internet attacks aimed at Web applications 3
4.
© 2013 Course
Technology/Cengage Learning. All Rights Reserved Internet Services • Components of Internet security – Securing Web sites – Securing various services that use the interconnected networks 4
5.
© 2013 Course
Technology/Cengage Learning. All Rights Reserved 5 Figure 8-1 Overall Internet usage by service © Cengage Learning 2013
6.
© 2013 Course
Technology/Cengage Learning. All Rights Reserved SMTP, POP, and IMAP • Simple Mail Transfer Protocol (SMTP) – Used to send Internet mail • Post Office Protocol 3 (POP3) and Internet Message Access Protocol (IMAP) – Used to receive Internet mail • Protocols operate within Application layer of the OSI reference model 6
7.
© 2013 Course
Technology/Cengage Learning. All Rights Reserved 7 Table 8-1 Quick reference guide for some of the most common Internet services © Cengage Learning 2013
8.
© 2013 Course
Technology/Cengage Learning. All Rights Reserved SMTP, POP, and IMAP (cont’d.) • Attacks on E-mail – Attacker uses e-mail server to send messages: • From the victim organization • SMTP initially had no way of authenticating users • ESMTP protocol introduced SMTP-AUTH feature • Open relay – Attackers look for unrestricted SMTP servers • Mail bombing – E-mail based denial of service attack 8
9.
© 2013 Course
Technology/Cengage Learning. All Rights Reserved SMTP, POP, and IMAP (cont’d.) • Security solutions – Restrict mail relayed on the e-mail server – Test server configuration to be sure it is not set up as open relay – Use real-time blacklisting – Authenticate on POP before allowing mail sent through SMTP server 9
10.
© 2013 Course
Technology/Cengage Learning. All Rights Reserved FTP • File Transfer Protocol (FTP) – Simple method of transferring files between computer systems – Operates in the Application layer of the OSI reference model – Requires two TCP ports for communications • Command port and data port – Can operate in active or passive mode 10
11.
© 2013 Course
Technology/Cengage Learning. All Rights Reserved 11 Figure 8-3 Example of FTP session established in active mode © Cengage Learning 2013
12.
© 2013 Course
Technology/Cengage Learning. All Rights Reserved 12 Figure 8-4 Example of FTP session established in passive mode © Cengage Learning 2013
13.
© 2013 Course
Technology/Cengage Learning. All Rights Reserved FTP (cont’d.) • Trivial File Transfer Protocol (TFTP) – Used to transfer data files – Fewer features than FTP – Uses only one port – Used most often on network appliances • To transfer configuration files, backups, and boot files • Attacks on FTP and TFTP – Server can be set up with anonymous FTP access • Problematic if anonymous user given too many rights – Weakness: TFTP does not allow authentication 13
14.
© 2013 Course
Technology/Cengage Learning. All Rights Reserved FTP (cont’d.) • Security solutions – Best option: not enable FTP or TFTP server – Use encryption and authentication – Avoid anonymous FTP • Secure substitute methods of transferring files – FTP over SSL – Secure Copy (SCP) 14
15.
© 2013 Course
Technology/Cengage Learning. All Rights Reserved Telnet • Application-layer protocol for connecting to a remote computer • Users connect a remote shell to run programs, view files, and perform other actions: – As if using the system locally • Attacks on Telnet – Misconfigured or poorly administered servers vulnerable – Telnet traffic sent unencrypted over the network 15
16.
© 2013 Course
Technology/Cengage Learning. All Rights Reserved Telnet (cont’d.) • Security solutions – Best practice: do not use Telnet • Secure Shell or other tool that uses encryption a better choice – All users should have appropriate rights and strong passwords – Avoid having the server available to the Internet – Have external users attach using a VPN 16
17.
© 2013 Course
Technology/Cengage Learning. All Rights Reserved SNMP • Simple Network Management Protocol (SNMP) – Application layer management protocol – Used to monitor status and performance of network devices and systems • SNMP agent installed on desired host or network device • Management information base – Translates information sent from agents • Trap – Status information message about monitored device 17
18.
© 2013 Course
Technology/Cengage Learning. All Rights Reserved SNMP (cont’d.) • Attacks on SNMP – Most weaknesses occur with SNMP version 1 • Uses only simple authentication • Sends data over network in plaintext • Security solutions – Upgrade SNMP to a newer version (e.g., v3) – Do not connect SNMP-enabled systems to the Internet 18
19.
© 2013 Course
Technology/Cengage Learning. All Rights Reserved LDAP • Lightweight Directory Access Protocol (LDAP) – Provides a communication framework with centralized directories – Example use: central database of users, user rights, and user properties • LDAP protocol standard operations – Authenticating to the directory – Searching the directory – Reading attributes from the directory 19
20.
© 2013 Course
Technology/Cengage Learning. All Rights Reserved LDAP (cont’d.) • LDAP protocol standard operations (cont’d.) – Adding entries to the directory – Modifying entries in the directory – Removing entries from the directory • Attacks on LDAP – Most common attacks similar to SQL injection attacks • Security solutions – Protect servers with physical security, user ID management, and rights management 20
21.
© 2013 Course
Technology/Cengage Learning. All Rights Reserved LDAP (cont’d.) • Security solutions (cont’d.) – Input validation • Scrub incoming data to pass only valid information to LDAP server 21
22.
© 2013 Course
Technology/Cengage Learning. All Rights Reserved NNTP • Network News Transfer Protocol (NNTP) – Designed to facilitate newsgroup communications – Similar to SMTP in architecture and function • Clients use a newsgroup client to connect via NNTP – Central newsgroup server used to download and post messages • Attacks on NNTP – Usenet groups and forums may have links to malicious Web sites or files 22
23.
© 2013 Course
Technology/Cengage Learning. All Rights Reserved NNTP (cont’d.) • Security solutions – Ensure NNTP servers are patched regularly – Scan newsgroup content for malware – Implement user authentication when possible 23
24.
© 2013 Course
Technology/Cengage Learning. All Rights Reserved DNS • Domain Name System (DNS) – Service that translates domain name into IP address – Operates within the Application layer – Allows clients to access various DNS servers to perform the translation – Information store is distributed • DNS overview – Operations split among three components • DNS servers, DNS protocol, and DNS clients (resolvers) 24
25.
© 2013 Course
Technology/Cengage Learning. All Rights Reserved 25 Figure 8-8 Typical DNS query confined to a local organization © Cengage Learning 2013
26.
© 2013 Course
Technology/Cengage Learning. All Rights Reserved 26 Figure 8-9 Typical DNS query for a public Internet system (iterative query) © Cengage Learning 2013
27.
© 2013 Course
Technology/Cengage Learning. All Rights Reserved DNS (cont’d.) • Fully qualified domain name – Uniquely identifies a host – Represents host name, subdomain, second-level domain, and top-level domain – Example mailserver1.mail.sampleorg.com • Top-level domains managed by Internet Assigned Numbers Authority (IANA) 27
28.
© 2013 Course
Technology/Cengage Learning. All Rights Reserved 28 Table 8-2 DNS record types © Cengage Learning 2013
29.
© 2013 Course
Technology/Cengage Learning. All Rights Reserved DNS (cont’d.) • DNS zones – Divide responsibility among various DNS servers • Attacks on DNS – DNS open resolver – DNS poisoning – DNS denial-of-service attack 29
30.
© 2013 Course
Technology/Cengage Learning. All Rights Reserved 30 Figure 8-10 DNS query using recursive queries © Cengage Learning 2013
31.
© 2013 Course
Technology/Cengage Learning. All Rights Reserved DNS (cont’d.) • Security solutions – Secure DNS servers and update software regularly – Block incoming DNS traffic – Limit zone transfers to trusted IP addresses – Digitally sign information using Domain Name System Security Extensions – Disable recursive query ability 31
32.
© 2013 Course
Technology/Cengage Learning. All Rights Reserved Web Overview • Web – HTTP-driven content transmitted over the Internet • Web Client/Server Architecture – Server – Client – Communication protocol 32
33.
© 2013 Course
Technology/Cengage Learning. All Rights Reserved Web Client/Server Architecture • Web server requirements – Connect system to the Internet or internal network – Install Web server software – Have content to share – Allow incoming connections • Web client – Web browser – Command-line clients 33
34.
© 2013 Course
Technology/Cengage Learning. All Rights Reserved Web Client/Server Architecture (cont’d.) • HTTP communication – Basis for Web communication – Consists of requests and responses 34
35.
© 2013 Course
Technology/Cengage Learning. All Rights Reserved 35 Table 8-3 Common HTTP request methods © Cengage Learning 2013
36.
© 2013 Course
Technology/Cengage Learning. All Rights Reserved 36 Table 8-4 Common HTTP response codes © Cengage Learning 2013
37.
© 2013 Course
Technology/Cengage Learning. All Rights Reserved 37 Figure 8-11 Typical HTTP request and response exchange © Cengage Learning 2013
38.
© 2013 Course
Technology/Cengage Learning. All Rights Reserved Web Programming Languages • HTML – Works with HTTP to move content from servers to clients – Uses tags to tell browsers how to format content – Versions include HTML 1.0 to HTML 5 • CSS – Standardizes HTML formatting for an entire Web site • XML – Allows developers to define their own tags 38
39.
© 2013 Course
Technology/Cengage Learning. All Rights Reserved Web Programming Languages (cont’d.) • CGI – Application programming interface – Allows external programs or scripts to interact with a Web server • Perl – Programming language developed in 1987 – Provides more robust scripting capability for UNIX – Strength: text-manipulation 39
40.
© 2013 Course
Technology/Cengage Learning. All Rights Reserved Web Programming Languages (cont’d.) • PHP – Allows developers to create dynamically generated HTML content – Interpreted on the server side prior to content being delivered to the user • Javascript – Developed in 1995 – Code interpreted on the client side • Instead of on the Web server 40
41.
© 2013 Course
Technology/Cengage Learning. All Rights Reserved Web Programming Languages (cont’d.) • AJAX – New use of existing technologies – Several mini-requests from client to server make content seem dynamic – See Figure 8-14 for example exchange • Other languages – Ruby – Python 41
42.
© 2013 Course
Technology/Cengage Learning. All Rights Reserved 42 Figure 8-14 Client and server interaction using AJAX © Cengage Learning 2013
43.
© 2013 Course
Technology/Cengage Learning. All Rights Reserved Threats and Vulnerabilities in Web Applications • Open Web Application Security Project (OWASP) – Organization dedicated to security of Web applications – Promotes collaboration, discussion, and education • OWASP’s top ten risks to Web applications – Covered on subsequent slides 43
44.
© 2013 Course
Technology/Cengage Learning. All Rights Reserved Injection • Deemed top risk in Web applications • Attacks use various techniques to inject data into SQL command • Can add, modify, or remove data from back-end database communicating with Web application • Security solutions – Limit access to Web application within database – Use prebuilt statements that do not take user input – Invoke stored procedures instead of sending SQL queries to the database 44
45.
© 2013 Course
Technology/Cengage Learning. All Rights Reserved Injection (cont’d.) • Security solutions (cont’d.) – Scrub input – Indicate which type of data is acceptable and discard the rest 45
46.
© 2013 Course
Technology/Cengage Learning. All Rights Reserved Cross-Site Scripting (XSS) • Server sends unverified data to the client – Client executes code that exploits the Web browser • Attack occurs due to vulnerabilities of legitimate Web sites • Security solutions – Ensure untrusted data cannot be inserted into HTML returned to a client • Or into URL parameters passed to a Web application – Scrub all accepted input prior to return – Remove special URL characters from input data used to form a URL parameter 46
47.
© 2013 Course
Technology/Cengage Learning. All Rights Reserved Broken Authentication and Session Management • Vulnerabilities occur with custom systems to authenticate users – Example: banking Web session that does not automatically end when browser closes • Security solutions – Require complex passwords – Use encryption to transmit password information – Disconnect sessions after certain time period – Do not give away information in error messages – Lock account after several invalid logon attempts – Session IDs should be random and encrypted 47
48.
© 2013 Course
Technology/Cengage Learning. All Rights Reserved Insecure Direct Object References • HTML form often restricts user choices – Drop-down list, check box, etc. – Does not necessarily limit data passed to Web application – Attacker can intercept and modify request • Security solutions – Ensure server prevents directory traversal – Ensure user is authenticated and authorized to access requested data – Avoid exposing key names, variable types, or other attributes 48
49.
© 2013 Course
Technology/Cengage Learning. All Rights Reserved Cross-Site Request Forgery (CSRF) • Attack that exploits Web site’s previous authentication of a user • Security solutions – Generate random tokens for each HTML form used • Pass tokens to server for sensitive Web actions – Use challenge-response mechanism – Ensure users log off every session 49
50.
© 2013 Course
Technology/Cengage Learning. All Rights Reserved Security Misconfiguration • System administrator steps to secure Web server – Stay informed of updates as they are released – Treat Web server as a bastion host – Secure application and development frameworks – Limit user accounts to the absolutely essential • Ensure complex passwords are used – Limit error messaging to Web visitors • Limits information an attacker can use 50
51.
© 2013 Course
Technology/Cengage Learning. All Rights Reserved Insecure Cryptographic Storage • Data may be encrypted while resting in a database: – But not when sent to backup – Encryption key may be included on the backup • Security solutions – Use strong encryption algorithms and keys – Encrypt backups separate from managing keys – Verify data can only be decrypted by authorized users 51
52.
© 2013 Course
Technology/Cengage Learning. All Rights Reserved Failure to Restrict URL Access • Attacker may guess a URL – If Web server does not check for authentication, attacker can access scripts meant for administrator only • Security solutions – Ensure sensitive pages require authentication – Check user authorization for specific pages 52
53.
© 2013 Course
Technology/Cengage Learning. All Rights Reserved Insufficient Transport Layer Protection • Network sniffer can display packet text if unencrypted • Security solutions – Encrypt data during transfer from client to server • And vice versa – Use the “secure” flag on all sensitive cookies – Ensure SSL is valid and issued by a trusted CA – Encrypt communications from Web server to back- end systems 53
54.
© 2013 Course
Technology/Cengage Learning. All Rights Reserved Unvalidated Redirects and Forwards • Web site may need to redirect visitors to another page – Redirects may be manipulated • Security solutions – Do not use redirects – Make sure no parameters are fed to the redirects – Validate parameters and authorize users if they must be used 54
55.
© 2013 Course
Technology/Cengage Learning. All Rights Reserved Securing a Web Server • Best practices – Upgrade and patch Web server software – Remove or disable unnecessary applications and services – Limit user accounts – Enforce strong password policy – Monitor user activity – Limit access to sensitive OS and Web resources 55
56.
© 2013 Course
Technology/Cengage Learning. All Rights Reserved Securing a Web Server (cont’d.) • Best practices (cont’d.) – Configure security settings • Ensure application does not run with admin privileges – Do not use links in public Web content – Disallow search engine indexing on sensitive directories – Control access to specific pages and directories 56
57.
© 2013 Course
Technology/Cengage Learning. All Rights Reserved Summary • SMTP is used to send Internet mail • POP3 and IMAP are used to receive Internet mail • FTP and TFTP are simple methods of transferring files between computer systems – Should be used in conjunction with SSL • Telnet allows users to connect to a computer remotely – Must be used over a secure network link for safety • SNMP is used to monitor status and performance of network devices 57
58.
© 2013 Course
Technology/Cengage Learning. All Rights Reserved Summary (cont’d.) • LDAP provides a communication framework with centralized directories • NNTP allows users to use a distributed protocol to download and post messages • DNS performs translation of domain names to network addresses • A variety of Web programming languages exist • Common attacks on Web applications include injection attacks and cross-site scripting 58
Télécharger maintenant