Professional Documents
Culture Documents
--- This complex S/W may hide many potential security flaws.
o Web server can be easily exploited in corporation’s or agencies. Once
the Server is subverted, an attacker can gain access to data and systems
which are not part of Web but connected to server at local level.
o Casual and untrained users are common clients for Web-based services.
--- Such users are not aware of security risks and not have tools or
knowledge to take counter-measures.
Q2. List different types of threats faced in using Web.
Q3. Explain traffic security approach.
• They differ to their scope of applicability and their relative location in TCP/IP
protocol stack as shown.
Web Security
SSL consist of two important concepts SSL session and SSL connection.
1. Connection : A connection is an transport that provide a suitable type of
service.
For SSL such connection are peer-to-peer relationship.
Connection are transient(Valid for specific time).
Every connection is associated with one session.
o Each upper-layer message is fragmented into blocks of 214 bytes (16384 bytes)
or less.
o Next, Compression is optionally applied
o Compression may not increase the content length by more than 1024 bytes.
hash(MAC_write_secret || pad_2 ||
• Minor Version (8 bits) : Indicate minor version in use. For SSLv3 value is 0.