BSCIT

Network Security

Unit 4

Transport Level Security


Unit 4

#[fit] Transport Level Security


Topics

  1. Web Security Issues
  2. Secure Socket Layers (SSL)
  3. Transport Layer Security (TLS)
  4. HTTPS (HyperText Transfer Protocols)
  5. Secure Shell (SSH)

#[fit] 4.1 Web Security Issues


fill


inline


[fit] http:// ⚔️ https://


[fit] 4.1.1 Web Security Threats

[fit] 4.1.2 Web Traffic Security Approaches


4.1.1 Web Security Threats


Two way of grouping Web Security Threats

> Nature of attack.

> Location of Attack.


Nature of attack.


1 Active Attack

2 Passive Attack


Location of Attack.


Client Server Architecture

inline fit


3 Locations for attack

  1. Client
  2. Server
  3. Network

In the context of web

  1. Web browser
  2. Web server
  3. Network traffic in between them

OSI Reference Model

fit


fit


inline

inline


SSL History


SSL Concepts


SSL Architecture

inline


SSL Architecture


SSL Record Protocol


inline


Operation (6 Steps)

  1. App Data from Application Layer
    • Fragmentation
    • Compass
    • Add MAC
    • Encrypt
    • Add SSL Record Header

inline


SSL Record Header


SSL Record Protocol


inline


1. The Change Cipher Spec Protocol

fit right


2. Alert Protocol

fit right


3. Handshake Protocol

fit right


inline


4 Phases of SSL Handshake

  1. Establish Security Capabilities
  2. Server Authentication and Key Exchange
  3. Client Authentication and Key Exchange
  4. Finish

fit


fit


fit


fit


fit


Transport Layer Security (TLS)