Transport Layer Security(TLS) / Secure Sockets Layer
- Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL), both frequently referred to as "SSL", are cryptographic protocols that provide communications security over a computer network.[
- Websites use TLS to secure all communications between their servers and web browsers.
- In cryptography, a certificate authority or certification authority (CA) is an entity that issues digital certificates. A digital certificate certifies the ownership of a public key by the named subject of the certificate.
- Assumptions for TLS security
- No CA Certificate is compromised, No employees of CA issues bogus certificates, All CA thoroughly verifies owner of domain to issue certificate.
- All Cryptographic algorithms are secure.
- All root certificates in browser are correct, no bogus certificates are added in browser, browser securely downloads in root certificates, No virus or program alters the browser certificates.
- Browser does not contain remotely exploitable vulnerabilities.
- Malicious sites can not over write the browser UI (lock)
- User always checks the https and secure lock
- User does not accept bogus certificates, he can not be tricked into bogus URLs
- User does not ignore warnings if certificate is from different site.
- Attacks specific to Internet
- Internet SPAM
- Phishing
- Cross site scripting
- Pharming
- SQL Injection
Subscribe to:
Post Comments
(
Atom
)
No comments :
Post a Comment