2.3 The Web
The Web, by virtue of being a widely used Internet service, generates a lot of interesting network traffic. Traffic to and from the web on a daily basis ranges from the boringly mundane (that days headlines from a local newspapers web site), to the acutely personal (someones brokerage account number and password and the list of holdings in that account). As use of the web has grown, so has the list of technologies related to it. We look at a variety of these technologies and their security implications below.
As far as the web server itself goes, the web server is responsible for receiving requests from clients and sending back to the client the data that satisfies the request. In many (perhaps most) cases, the client requests a file whose name ends in .html or .htm, which indicates a static text file stored on the server, then the server reads the file into memory and sends it back to the client. In other cases, the client requests a file ending in .jsp or .asp, which the server recognizes as being a program it should load and run, and then send the results of running that program back to the client. Standard operating system security techniques such as file access protections, as well as optional web-server-specific add on security techniques like configuration files specifying which directories on the web server are accessible to users, are used to control the data which can be retrieved by the web server and sent down to the client. This will be discussed in more detail in Chapter 3.
Before we dive into a discussion of web-related technologies, just be aware that not all web security vulnerabilities are technological. Some take advantage of user naiveté. For example, just as there are email hoaxes, there are also Web hoaxes -- similar to email hoaxes except they are posted at a web site. Some sites are just for fun and actually are real190, while others are fiction. Remember that anyone can host a web site and anyone can register a domain name that sounds legitimate
Quoting from the web site The legend grows as it goes. Hoaxes are information that sound credible and are passed on. Web Hoaxes promote fear and reduce productivity.
In this section, we look into various technologies used to improve the security of web-based communications, as well as specific vulnerabilities related to the web. We also take a look at instant messaging (IM) communications.
Home - Table Of Contents - Contact Us
CertiGuide for Security+ (http://www.CertiGuide.com/secplus/) on CertiGuide.com
Version 1.0 - Version Date: November 15, 2004
Adapted with permission from a work created by Tcat Houser et al.
CertiGuide.com Version © Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.