SSL & TLS Protocols: Secure Web Servers

Questions and Answers

Which protocol is used to establish a secure connection between a client and a web server?

• SMTP
• SSL/TLS (correct)
• HTTP
• FTP

What is the purpose of the SSL/TLS handshake?

• To establish a secure connection between the client and server
• To authenticate the server to the client
• To encrypt the data being transmitted
• All of the above (correct)

What is the main difference between HTTP and HTTPS?

• HTTPS uses port 80 while HTTP uses port 443
• HTTPS is a secure version of HTTP that uses SSL/TLS encryption (correct)
• HTTPS is used for non-sensitive web traffic, while HTTP is used for sensitive web traffic
• HTTPS is faster than HTTP

What is the purpose of a web server?

To store and serve web pages to clients (A)

Which of the following is NOT a common type of web server?

Oracle WebLogic (A)

What is the purpose of a proxy server?

All of the above (D)

What is the primary function of the SSL/TLS protocol?

All of the above (D)

Which of the following is NOT a common attribute of a server?

Ability to run desktop applications (A)

What is the primary difference between a desktop computer and a server?

All of the above (D)

Which of the following is NOT a common service provided by a web server?

Running desktop applications (A)

Flashcards are hidden until you start studying

Study Notes

Web Servers and Secure Protocols

• HTTPS typically uses one of two secure protocols to encrypt communications: SSL (Secure Sockets Layer) or TLS (Transport Layer Security)
• Both TLS and SSL use an asymmetric Public Key Infrastructure (PKI) system, which uses two keys to encrypt communications: a public key and a private key
• Anything encrypted with the public key can only be decrypted by the private key and vice-versa
• Private keys should remain hidden at all times

SSL/TLS Handshaking Process

• The SSL/TLS handshaking process involves a series of steps to establish a secure connection between a client and a server

Proxy Servers

• A proxy server acts as an intermediary between a website and a device, with traffic passing through the proxy server
• A proxy server can be used for:
  • Caching pages and information to speed up retrieval
  • Blocking content from being returned or requested
• Proxy servers are commonly used to improve performance and security

Web Server (HTTPS)

• HTTPS was created to ensure the protection of:
  • Privacy – Data is not revealed to unauthorized parties
  • Integrity – Data is not manipulated or altered in any way by an unauthorized party
• The use of HTTPS protects against:
  • Man in the Middle Attack – An unauthorized party intercepts communications between the client and the server
• HTTPS benefits include:
  • Users' personal information, such as credit cards, are encrypted and cannot be intercepted
  • Users can verify the business or website they are using is registered and the owner is who they say it is

Importance of HTTPS

• HTTPS should always be used for:
  • Payment transactions
  • Online banking
  • Online shopping
  • Emails
• Since 2018, HTTPS has been more widely used on websites than original HTTP

Servers and Their Functions

• A server is a dedicated computer that provides services on behalf of clients
• A server can provide services such as:
  • Hosting websites
  • Data storage
• A server can be configured to provide one or multiple services
• Small organizations may have one server to run multiple services, while a large organization may have one server for a specific task

Attributes of a Server

• Servers should have processors that can process information quickly and should be robust
• Servers should be capable of processing several requests simultaneously while maintaining performance