Transport Level Security

What does SSL do?

Provides security services between TCP and applications that use TCP

What is the internet standard version called?

Transport Layer Services

Why are protocol mechanisms involved in SSL/TLS?

Protocol mechanisms to enable 2 TCP users to determine the security mechanisms and services they will use

What are the threats in web security in terms of integrity?

Change in user data, trojan horse browser and modification of memory Signup and view all the answers

What are the consequences in web security in terms of integrity?

Information being lost, machine is compromised, become vulnerable to threats Signup and view all the answers

What are the countermeasures in web security in terms of integrity?

Crytographic checksums Signup and view all the answers

What are the threats in web security in terms of Confidentiality?

Network being eavesdropped, info from server being stolen, data from client being stolen, info about network configuration Signup and view all the answers

What are the consequences in web security in terms of confidentiality ?

Information and privacy being lost Signup and view all the answers

What are the countermeasures in web security in terms of confidentiality ?

Encryption and web proxies Signup and view all the answers

What are the threats in web security in terms of denial of service?

Machine is filled with ridiculous requests, filling up disk or memory, isolating machine by DNS attacks Signup and view all the answers

What are the consequences in web security in terms of denial of service?

Annoying, could not get work done, disruptive Signup and view all the answers

What are the countermeasures in web security in terms of denial of service?

Difficult to prevent Signup and view all the answers

What are the threats in web security in terms of authentication?

Impersonation of legitimate users, data forgery Signup and view all the answers

What are the consequences in web security in terms of authentication?

Misrepresantation of user, believing false info Signup and view all the answers

What are the countermeasures in web security in terms of authentication?

Cryptographic techniques Signup and view all the answers

What is the adavantage IP/IPSec in the network level of TCP/IP protocol stack?

It is transparent to end users and applications and provides a general purpose solution Signup and view all the answers

What are the advantages of SSL or TLS in the transport level of TCP/IP protocol stack?

Transparent to applications or embedded in specific packages Signup and view all the answers

What are the securiy features in application level of TCP/IP protocol stack?

Kerberos, S/MIME, PGP, SET. They are embedded within an application. Service can be tailored to specific needs of a given application Signup and view all the answers

How is SSL designed?

SSL is designed to make use of the TCP to provide a reliable end to end secure service. It is a two layer protocol Signup and view all the answers

What is SSL handshake protocol used for?

Management of SSL exchanges Signup and view all the answers

What is the used of SSL record protocol?

Provides basic security to various higher layered protocols Signup and view all the answers

What is the handshake protocol?

Negotiation of security algorithm and parameters, key exchange, server authentication and optionally client authentication Signup and view all the answers

What is the record protocol?

Fragmentation, compression, message authentication and integrity protection, encryption Signup and view all the answers

What is the Alert protocol?

Error messages Signup and view all the answers

What is the change cipher spec protocol?

A single message that indicates the end of a SSL handshake Signup and view all the answers

What is a SSL session?

A session created between the server and the client using the handshake protocol. A session defines a set of cryptographic security parameters which can be shared among multiple connections. Signup and view all the answers

What is SSL connection?

A connection is transport that provides a suitable type of service Signup and view all the answers

What are the parameters defining an SSL session?

Session identifier, peer ceritificate, compression method, cipher spec, master secret, is resumable Signup and view all the answers

What are the parameters defining a SSL connection state?

Server and client random, server write MAC secret, client write MAC secret, server write key, client write key, initialisation vectors, sequence numbers Signup and view all the answers

What is the confidentiality service provided by the SSL handshake protocol?

Defines a shared secret key that is used for conventional encryption of SSL payloads. Signup and view all the answers

What is the message integrity service provided by the SSL handshake protocol?

Defines a shared key that is used to form a message authentication code(MAC) Signup and view all the answers

What is transport layer security?

Derived from secure sockets layer and used to provide security at the transport layer Signup and view all the answers

What does TLS prevent and who does it protect?

Eavesdropping, tampering and message forgery. Protecting communicating applications and their users on the internet Signup and view all the answers

Why is the handshake protocol the most complex part of SSL?

Allows the server and client to authenticate each other. Negotiation of encryption, MAC algorithm and cryptographic keys. Used before any application data is transmitted. Signup and view all the answers