SSL & TLS Protocols: Secure Web Servers

Questions and Answers

Which protocol is used to establish a secure connection between a client and a web server?

• SMTP
• SSL/TLS (correct)
• HTTP
• FTP

What is the purpose of the SSL/TLS handshake?

• To establish a secure connection between the client and server
• To authenticate the server to the client
• To encrypt the data being transmitted
• All of the above (correct)

What is the main difference between HTTP and HTTPS?

• HTTPS uses port 80 while HTTP uses port 443
• HTTPS is a secure version of HTTP that uses SSL/TLS encryption (correct)
• HTTPS is used for non-sensitive web traffic, while HTTP is used for sensitive web traffic
• HTTPS is faster than HTTP

What is the purpose of a web server?

To store and serve web pages to clients (A)

Which of the following is NOT a common type of web server?

Oracle WebLogic (A)

What is the purpose of a proxy server?

All of the above (D)

What is the primary function of the SSL/TLS protocol?

All of the above (D)

Which of the following is NOT a common attribute of a server?

Ability to run desktop applications (A)

What is the primary difference between a desktop computer and a server?

All of the above (D)

Which of the following is NOT a common service provided by a web server?

Running desktop applications (A)

Study Notes

Web Servers and Secure Protocols

• HTTPS typically uses one of two secure protocols to encrypt communications: SSL (Secure Sockets Layer) or TLS (Transport Layer Security)
• Both TLS and SSL use an asymmetric Public Key Infrastructure (PKI) system, which uses two keys to encrypt communications: a public key and a private key
• Anything encrypted with the public key can only be decrypted by the private key and vice-versa
• Private keys should remain hidden at all times

SSL/TLS Handshaking Process

• The SSL/TLS handshaking process involves a series of steps to establish a secure connection between a client and a server

Proxy Servers

• A proxy server acts as an intermediary between a website and a device, with traffic passing through the proxy server
• A proxy server can be used for:
  • Caching pages and information to speed up retrieval
  • Blocking content from being returned or requested
• Proxy servers are commonly used to improve performance and security

Web Server (HTTPS)

• HTTPS was created to ensure the protection of:
  • Privacy – Data is not revealed to unauthorized parties
  • Integrity – Data is not manipulated or altered in any way by an unauthorized party
• The use of HTTPS protects against:
  • Man in the Middle Attack – An unauthorized party intercepts communications between the client and the server
• HTTPS benefits include:
  • Users' personal information, such as credit cards, are encrypted and cannot be intercepted
  • Users can verify the business or website they are using is registered and the owner is who they say it is

Importance of HTTPS

• HTTPS should always be used for:
  • Payment transactions
  • Online banking
  • Online shopping
  • Emails
• Since 2018, HTTPS has been more widely used on websites than original HTTP

Servers and Their Functions

• A server is a dedicated computer that provides services on behalf of clients
• A server can provide services such as:
  • Hosting websites
  • Data storage
• A server can be configured to provide one or multiple services
• Small organizations may have one server to run multiple services, while a large organization may have one server for a specific task

Attributes of a Server

• Servers should have processors that can process information quickly and should be robust
• Servers should be capable of processing several requests simultaneously while maintaining performance

Description

Explore the use of SSL (Secure Sockets Layer) and TLS (Transport Layer Security) protocols in securing web servers. Learn how these protocols use an asymmetric Public Key Infrastructure system for encryption, where a public key and a private key are used to encrypt communications.