2.3 Recognize and understand the administration of the following Internet security concepts
o SSL / TLS (Secure Sockets Layer / Transport Layer Security)
o HTTP/S (Hypertext Transfer Protocol / Hypertext Transfer Protocol over Secure Sockets Layer)
o Instant Messaging
o Vulnerabilities
o Packet Sniffing
o Privacy
o Vulnerabilities
o Java Script
o ActiveX
o Buffer Overflows
o Cookies
o Signed Applets
o CGI (Common Gateway Interface)
o SMTP (Simple Mail Transfer Protocol) Relay
SSL
What is SSL?
SSL, or secure sockets layer, is an encryption method that uses public-key cryptography for authentication, hashing for integrity, and symmetric cryptography for securing a session (domain 4). It uses port 443, and is often used on the Internet to encrypt data when a client purchases something to protect the financial information. It uses a "handshake" to exchange keys. Unlike, IPSec, SSL is only available if the application supports it.
TLS
What is TLS?
TLS, or transport layer security, is a protocol competing with SSL. It uses cryptography/encryption for the same purposes as SSL, but supports other methods of exchanging keys than the SSL handshake. It usually uses the same ports as SSL would. SSL and TLS do not work together, although TLS can "downgrade" itself to provide backward compatibility.
HTTP
What is HTTP?
HTTP stands for hypertext transfer protocol. It is a protocol that is used to transfer data and information over hte Internet. Pages written in HTTP are generally viewed in a web browser, such as Mozilla Firefox or Internet Explorer.
HTTPS
What is HTTPS?
HTTPS stands for hypertext transfer protocol over secure sockets layer. This protocol uses HTTP and SSL to encrypt data for protection.
Instant Messaging
What is Instant Messaging?
Instant Messaging is sending messages electronically through a program such as AOL Instant Messager (AIM), ICQ, Google Talk, Yahoo! Messenger or Windows Live Messenger. These, by default, are sent in cleartext and are not secure. The messages are sent directly from one user to another, unlike e-mail.
What are some vulnerabilities?
IM software is very vulnerable to packet sniffing, which allows attackers to read the content of the messages, resulting in a violation of privacy. There is software that can encrypt messages.
JavaScript
What is JavaScript?
JavaScript is a scripting langauge that allows for enhanced functionality in websites. The code is compiled on the client, so it is a client-side scripting language. As a result, it is possible for it to access files, although the user must do something to allow it. There have been and will probably be more exploits on JavaScript. To prevent this, it is possible to block all JavaScripts except those explicitly mentioned and it is best to update your browser frequently
ActiveX
What is ActiveX?
ActiveX was created by Microsoft to allow software to interact over a network. ActiveX controls are also executed on the client rather than the server, but are not restricted like Java applets. After an ActiveX control is installed, it can do anything on the computer. There is a method of digitally signing ActiveX controls, and only those by companies you trust should be accepted. Internet Explorer can also block all unsigned ActiveX controls, which I would highly recommend doing.
Buffer Overflows
What is a buffer overflow?
A buffer overflow is a type of denial of service (DOS) attack. They crash the computer by filling up the buffer. The best way to avoid this is by updating your software and operating system frequently. All scripts and programs should check each input to make sure it fits certain criteria and cannot cause a buffer overflow.
Cookies
What are cookies?
Cookies are small text files that store information about the user. They are place on your computer by websites to provide certain functions such as remaining logged in or remembering preferences. However, some cookies can track sites you go to if their ads are on the sites. These are called third-party cookies since they do not come from the site you are currently viewing and they are able to, and should be, blocked.
Signed Applets
What are signed applets?
Signed applets are Java applications that were signed by some company. They are interpreted on the client by a virtual machine that is in a sandbox, or protected environment. Signed applets can do more damage since they are more trusted. Java Virtual Machine should be frequently updated to avoid common exploits.
CGI
What is CGI?
CGI, or Common Gateway Interface, is an interface for communication. They run on the server, not the client and are used for many contact forms on the Internet. Since they run on the server, they are vulnerable to buffer overflows that allow unauthorized access to the server.
SMTP Relay
What is an SMTP Relay?
An SMTP Relay is the automatic forwarding of an SMTP message to the destination. However, these are commonly exploited to send spam. To protect this, it is recommended to restrict SMTP relaying to the local network only.