Computer Security :: Lessons :: SSL
Web Security
The internet is basically a client/server application, but the characteristics of the web suggest that it needs its own security tools:
- The web is easy to use, but the underlying software is extremely complex, which can hide potential security flaws.
- A web server can be exploited as an initial point of entry to a company's entire computer infrastructure.
- Casual computer users are common on the web and may not be aware of security risks.
Below are a number of threats on the internet along with their potential consequences and countermeasures.
| Threats | Consequences | Countermeasures | |
|---|---|---|---|
| Integrity |
|
|
Cryptographic checksums |
| Confidentiality |
|
|
Encryption, web proxies |
| Denial of Service |
|
|
Difficult to prevent |
| Authentication |
|
|
Cryptographic techniques |
A number of approaches can be taken to provide web security. One way is to use IP security (IPsec). This type of security is transparent to end users and applications and allows filtering so only selected traffic needs to go through the IPsec processing.
The Secure Sockets Layer (SSL) is just above TCP and is typically provided on web servers as well as end-use applications such as web browsers.
Finally, application-specific security such as Kerberos of S/MIME has the advantage of being tailored to a specific application.
Secure Sockets Layer
SSL is a general-purpose service implemented as a set of protocols that rely on TCP. SSLv3 was deprecated in June of 2015 and was followed up by Transport Layer Security (TLS).
