Get this Security+ CertiGuide for your own computer.
Click Here!
Use coupon code "certiguide" to save 20%!
(Expires 2004/12/31)

Also available: 300-question Security+ practice test!
Get It Here!

Custom Search







Table Of Contents  CertiGuide to Security+
 9  Chapter 2:  Communication Security (Domain 2.0; 20%)

Previous Topic/Section
Pop Quiz 2.1
Previous Page
Pages in Current Topic/Section
1
Next Page
2.3.1  SSL/TLS (Secure Sockets Layer / Transport Layer Security)
Next Topic/Section

2.3  The Web

The Web, by virtue of being a widely used Internet service, generates a lot of interesting network traffic. Traffic to and from the web on a daily basis ranges from the boringly mundane (that day’s headlines from a local newspaper’s web site), to the acutely personal (someone’s brokerage account number and password and the list of holdings in that account). As use of the web has grown, so has the list of technologies related to it. We look at a variety of these technologies and their security implications below.

As far as the web server itself goes, the web server is responsible for receiving requests from clients and sending back to the client the data that satisfies the request. In many (perhaps most) cases, the client requests a file whose name ends in “.html” or “.htm”, which indicates a static text file stored on the server, then the server reads the file into memory and sends it back to the client. In other cases, the client requests a file ending in “.jsp” or “.asp”, which the server recognizes as being a program it should load and run, and then send the results of running that program back to the client. Standard operating system security techniques such as file access protections, as well as optional web-server-specific add on security techniques like configuration files specifying which directories on the web server are accessible to users, are used to control the data which can be retrieved by the web server and sent down to the client. This will be discussed in more detail in Chapter 3.

Before we dive into a discussion of web-related technologies, just be aware that not all web security vulnerabilities are technological. Some take advantage of user naiveté. For example, just as there are email hoaxes, there are also Web hoaxes -- similar to email hoaxes except they are posted at a web site. Some sites are just for fun and actually are real190, while others are fiction. Remember that anyone can host a web site – and anyone can register a domain name that sounds legitimate

Quoting from the web site “The legend grows as it goes”. Hoaxes are “information” that sound credible and are passed on. Web Hoaxes promote fear and reduce productivity.

In this section, we look into various technologies used to improve the security of web-based communications, as well as specific vulnerabilities related to the web. We also take a look at instant messaging (IM) communications.

Quick navigation to subsections and regular topics in this section



 __________________

190. http://www.cheeseracing.org/

Previous Topic/Section
Pop Quiz 2.1
Previous Page
Pages in Current Topic/Section
1
Next Page
2.3.1  SSL/TLS (Secure Sockets Layer / Transport Layer Security)
Next Topic/Section

If you find CertiGuide.com useful, please consider making a small Paypal donation to help the site, using one of the buttons below. You can also donate a custom amount using the far right button (not less than $1 please, or PayPal gets most/all of your money!) In lieu of a larger donation, you may wish to consider buying an inexpensive PDF equivalent of the CertiGuide to Security+ from StudyExam4Less.com. (Use coupon code "certiguide" by December 31, 2004 to save 20%!) Thanks for your support!
Donate $2
Donate $5
Donate $10
Donate $20
Donate $30
Donate: $



Home - Table Of Contents - Contact Us

CertiGuide for Security+ (http://www.CertiGuide.com/secplus/) on CertiGuide.com
Version 1.0 - Version Date: November 15, 2004

Adapted with permission from a work created by Tcat Houser et al.
CertiGuide.com Version Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.