Lab 4: HTTPS and Encryption Techniques
40 Questions
1 Views

Choose a study mode

Play Quiz
Study Flashcards
Spaced Repetition
Chat to Lesson

Podcast

Play an AI-generated podcast conversation about this lesson

Questions and Answers

What is the primary purpose of implementing HTTPS in the web application?

  • To secure communications and validate the server (correct)
  • To increase the website's loading speed
  • To enable user-specific verification
  • To change the server's IP address

What does TLS validate during the communication process?

  • The server's identity (correct)
  • The encryption method used
  • The client's identity
  • Both the client and server's identities

Which of the following is true regarding client validation in HTTPS solutions?

  • Clients must always be validated to use HTTPS.
  • Only clients with a CA-signed certificate can connect.
  • Client validation is optional and typically not needed. (correct)
  • Clients are always automatically validated.

What method is suggested for client authentication after a TLS handshake?

<p>Username and password combination (D)</p> Signup and view all the answers

In which scenario is it most important to validate the client's identity?

<p>When sensitive data is being transmitted (C)</p> Signup and view all the answers

What kind of certificate will be used for converting the existing website in the lab?

<p>Self-signed certificate (A)</p> Signup and view all the answers

What kind of encryption is implied to be used for enhancing security in web communications?

<p>TLS encryption for secure channels (D)</p> Signup and view all the answers

What is the purpose of modifying your system to use your RULE host as a DNS server?

<p>To enable browsing to the four unique web sites hosted on the RULE server. (D)</p> Signup and view all the answers

What needs to be configured on the rule host before modifying the web site to use HTTPS?

<p>Initial setup for the four web sites must be complete (D)</p> Signup and view all the answers

Where can you find the hosts file on a Mac or Linux device?

<p>/etc/hosts (C)</p> Signup and view all the answers

What type of certificate must be created for the Pass Task to protect the specified HTTPS site?

<p>A self-signed certificate (D)</p> Signup and view all the answers

Which key does the server application use to encrypt communications with the browser?

<p>Private key (A)</p> Signup and view all the answers

Which statement about the use of key pairs in establishing an encrypted channel is correct?

<p>The browser generates a temporary public/private key pair. (B)</p> Signup and view all the answers

What might be a workaround for using a RULE host as a DNS server on a Swinburne PC?

<p>Use a browser add-on that simulates DNS functionality. (D)</p> Signup and view all the answers

What is needed from the previous labs to create a self-signed certificate?

<p>Both the generated private key file and the signed certificate (A)</p> Signup and view all the answers

What is the correct command to restart the DNS server after making configuration changes?

<p>/usr/local/etc/rc.d/named restart (C)</p> Signup and view all the answers

Which algorithm is adapted for establishing an encrypted channel using key pairs?

<p>Diffie-Hellman algorithm (D)</p> Signup and view all the answers

Which configuration files need to be modified for the web server?

<p>httpd.conf and httpd-vhosts.conf (C)</p> Signup and view all the answers

What should be done after modifying configuration files for the web server?

<p>Restart the web server (B)</p> Signup and view all the answers

In the httpd-vhosts.conf file, what aspects need to be changed from rule201 to ruleXX?

<p>All instances of rule201 (A)</p> Signup and view all the answers

What is the purpose of the ErrorLog in the web server configuration?

<p>To log error messages for troubleshooting (B)</p> Signup and view all the answers

What IP address should all five names resolve to after making the DNS changes?

<p>136.186.230.XX (A)</p> Signup and view all the answers

What does the CustomLog track in the web server configuration?

<p>Successful access attempts to the web server (A)</p> Signup and view all the answers

What is the first step to take when updating the DNS configuration?

<p>Change the PTR value to ruleXX.tne30024. (A)</p> Signup and view all the answers

Where should the site name be encoded in a modern SSL certificate?

<p>Both the commonName and subjectAltName fields (A)</p> Signup and view all the answers

What does the browser TLS implementation check before allowing a connection?

<p>The subjectAltName matches the name of the server (D)</p> Signup and view all the answers

What is the recommended form of the DNS entry in the subjectAltName field for a self-signed certificate?

<p>selfsigned.tne30024 (B)</p> Signup and view all the answers

What is a critical security practice regarding the installation of private keys?

<p>Never install the private key in the directory that hosts the actual website (A)</p> Signup and view all the answers

What is the purpose of the Apache SSL module?

<p>To provide all https:// functionality (A)</p> Signup and view all the answers

In which file must the Apache web server be configured to enable SSL?

<p>/usr/local/etc/apache24/httpd.conf (A)</p> Signup and view all the answers

What must be done after enabling the SSL module for the selfsigned.tne30024 website?

<p>Reconfigure the web server settings in httpd-vhosts.conf (C)</p> Signup and view all the answers

What is best practice for storing the certificate on the web server?

<p>Host the certificate in another directory from the website (A)</p> Signup and view all the answers

What is the first change that needs to be made regarding Apache's configuration?

<p>Configure Apache to accept connections on port 443 (B)</p> Signup and view all the answers

What must be included in the VirtualHost block to enable HTTPS?

<p>SSL certificate and private key information (C)</p> Signup and view all the answers

After making the necessary changes to the configuration, what is the next step?

<p>Restart the Apache Server (D)</p> Signup and view all the answers

What does a browser show when visiting a site with a self-signed certificate?

<p>Untrusted certificate warning (D)</p> Signup and view all the answers

What should you expect to see in the browser if the connection is correctly set up but the certificate is untrusted?

<p>A red broken padlock icon (B)</p> Signup and view all the answers

What is the function of the DocumentRoot in a VirtualHost configuration?

<p>Specifies the directory for website files (A)</p> Signup and view all the answers

Why is it necessary to accept the risk when visiting a site with a self-signed certificate?

<p>To verify the site is authentic despite the untrusted certificate (A)</p> Signup and view all the answers

What should be done before confirming encrypted communication using Wireshark?

<p>Reload the web page (B)</p> Signup and view all the answers

Study Notes

Lab 4 Modifying existing HTTP Website to use HTTPS and encryption

  • The goal of this lab is to modify an existing HTTP website to use HTTPS and encrypt all communications.
  • The lab uses a self-signed certificate to secure the website.
  • HTTPS utilizes TLS as the communication protocol.

HTTPS Communication

  • TLS ensures the client is communicating with an authorized entity.
  • TLS encrypts communication to prevent unauthorized access.

Server & Client Authentication

  • The client does not authenticate itself to the server.
  • Client authentication is optional and can be implemented using username/password after the encrypted channel is established.
  • When using HTTPS, any client can connect to the server.

Preparation

  • The lab uses four websites hosted on a rule host.
  • You need to customize the DNS and web server configuration with your rule host number.
  • Updating the DNS server and web server configurations requires restarting the respective services.

DNS Config

  • Update the DNS configuration files by changing the rule host number (XX) in the files.
  • Confirm the DNS configuration changes by performing a DNS lookup on all five names.
  • All five names should resolve to the same IP address.

Web Server Config

  • Modify the web server configuration files to reflect your rule host number.
  • Update the ServerName, ServerAlias, ErrorLog, and CustomLog fields within the VirtualHost block to reflect the corresponding rule host.
  • Restart the web server after making changes to the configuration.

Testing Web Server

  • Verify all four web sites are accessible by browsing to their URLs.
  • You can use either your own device configured with your rule host as a DNS server, or modify your system's hosts file.

Methodology

Certificate Creation

  • Generate a self-signed certificate and corresponding private key.
  • Include the website URL in both the commonName and subjectAltName fields of the certificate.
  • Set the subjectAltName field to DNS:selfsigned.tne30024.

Installing the Certificate and Private Key

  • Copy or install the certificate and private key files on the rule host in a directory with general access permissions.
  • Store the private key in a directory that is not accessible by the browser, to ensure its security.
  • Consider hosting the certificate in a dedicated folder for better organization.

Modifying the Web Site

  • Enable the Apache SSL module in the /usr/local/etc/apache24/httpd.conf file.
  • Reconfigure the selfsigned.tne30024 website in the /usr/local/etc/apache24/extra/httpd-vhosts.conf file.
  • Configure the selfsigned.tne30024 VirtualHost block to accept connections on port 443.
  • Specify the location of the certificate and private key in the VirtualHost block.

Testing the Solution

  • Browse to the new HTTPS website (https://selfsigned.tne30024).
  • Accept the security risk of an untrusted certificate and verify the website is displayed with a red broken padlock.
  • Review the certificate details to confirm its validity.
  • Reload the website while Wireshark is running to verify encrypted communication between the browser and your rule host.
  • Use the automated marking script at http://ruleprimary1.caia.swin.edu.au/tne30024.php for evaluation if unable to use a browser.

Studying That Suits You

Use AI to generate personalized quizzes and flashcards to suit your learning preferences.

Quiz Team

Related Documents

Lab4 - P-2 (4).pdf

Description

This lab focuses on modifying an existing HTTP website to implement HTTPS and encrypt all communications with a self-signed certificate. Students will learn about the TLS protocol, its role in server-client authentication, and the necessary preparations for updating DNS and web server configurations.

More Like This

Use Quizgecko on...
Browser
Browser