LOGO

Khoa Cng Ngh Thng tin B Mn: Mng v truyn thng

AN NINH MNG BO CO : TM HIU SSL V NG DNG TRN WEB SERVER GVHD : Th.s Nguyn c BnhSinh Vin : Nguyn Cng Long Vn TruynThi nguyn, Ngy 13 thng 05 nm 2012

NI DUNG BO CO12

L Thuyt SSL Quy Trnh Ci t Demo

3

11

L Thuyt SSL L THUYTLch s pht trin ca giao thc SSL

Gii Thiu V SSL2

Cu trc ca giao thc SSLCc thut ton m ha dng trong SSL

ng Dng SSL

Cc ng dng ph bin ca SSL ng Dng SSL Trn Web Server

Lch s pht trin ca giao thc SSLTi sao s dng SSL?- Vic truyn cc thng tin nhy cm trn mng rt khng an ton v nhng vn sau:

+ Bn khng th chc rng bn ang trao i thng tin vi ng i tng cn trao i.+ D liu mng c th b chn ,v vy d liu c th b 1 i tng th 3 khc c trm, thng c bit n nh attacker + Nu attacker c th chn d liu, attacker c th sa i d liu trc khi gi n n ngi nhn.

Lch s pht trin ca giao thc SSLGiao thc SSL l g?- SSL (Secure Sockets Layer) l giao thc an ninh thng tin mng c s dng rng ri nht hin nay nhm m ha v cung cp mt knh an ton gia cc my tnh trn Internet hoc mng ni b. - SSL m ch mt lp (bo mt) trung gian gia Transport Layer v Application Layer.

- c pht trin bi Netscape, ngy nay giao thc Secure Socket Layer (SSL) c s dng rng ri trn World Wide Web trong vic xc thc v m ho thng tin gia client v server

Giao thc SSL l g?- SSL c thit k nh l mt giao thc ring cho vn bo mt c th h tr cho rt nhiu ng dng - m bo tnh bo mt thng tin trn internet hay bt k mng TCP/IP no th SSL ra i kt hp vi nhng yu t sau thit lp giao dch an ton: *Xc thc: m bo tnh xc thc ca trang m bn s lm vic u kia ca kt ni. Cng nh vy, cc trang Web cng cn phi kim tra tnh xc thc ca ngi s dng.

Giao thc SSL l g?*M ho: m bo thng tin khng th b truy cp bi i tng th ba. loi tr vic nghe trm nhng thng tin nhy cm khi n c truyn qua Internet.*Ton vn d liu: m bo thng tin khng b sai lch v n phi th hin chnh xc thng tin gc gi n.

Lch s pht trin ca giao thc SSLCc phin bn ca SSLGiao thc SSL ban u c pht trin bi Netscape.Cho n by gi, c ba phin bn ca SSL: * SSL 1.0: Bi Netscape. N cha mt s khim khuyt nghim trng v khng bao gi c tung ra bn ngoi * SSL 2.0 Microsoft cng gii thiu giao thc PCT cnh tranh trong ln tung ra Internet Explorer u tin ca n vo nm 1996 *SSL 3.0 Phn ng li giao thcPCT ca Microsft ci tin SSL 2.0

Cu trc ca giao thc SSL- SSL c thit k dng TCP cung cp 1 dch v bo mt ng tin cy.SSL khng phi l mt giao thc n m l 2 lp giao thc:

Cu trc ca giao thc SSL1.Giao Thc SSL Record ProtocolSSL Record Protocol cung cp 2 dch v cho kt ni SSL:+ Confidentiality (tnh cn mt): Handshake Protocol nh ngha 1 kha b mt c chia s, kha ny c s dng cho m ha quy c cc d liu SSL + Message integrity (tnh ton vn thng ip):Handshake Protocol cng nh ngha 1 kha b mt c chia s, kha ny c s dng hnh thnh MAC (m xc thc message).

1.Giao Thc SSL Record Protocol

Ton b hot ng ca SSL Record Protocol:

Cu trc ca giao thc SSL2.Giao thc SSL Change Cipher Spec Protocol- Giao thc SSL Change Cipher Spec l giao thc n gin nht trong ba giao thc c trng ca SSL. - Giao thc ny bao gm mt message n 1 byte gi tr l 1. Mc ch chnh ca message ny l sinh ra trng thi tip theo gn vo trng thi hin ti,v trng thi hin ti cp nht li b m ha s dng trn kt ni ny

Cu trc ca giao thc SSL3.Giao thc SSL Alert- Giao thc SSL Alert c dng truyn cnh bo lin kt SSL vi u cui bn kia.+bad_record_mac: MAC khng chnh xc +unsupported_certificate: dng certificate nhn c th khng h tr. +certificate_revoked: certificate b thu hi bi nh cung cp. +certificate_expired: certificate ht hn ng k.

Cu trc ca giao thc SSL4.Giao Thc SSL Handshake- Giao thc ny cho php server v client chng thc vi nhau v thng lng c ch m ha , thut ton MAC v kha mt m c s dng bo v d liu c gi trong SSL record.- Giao thc SSL Handshake thng c s dng trc khi d liu ca ng dng c truyn i.

4.Giao thc SSL Handshake

C ch giao thc SSL Handshake

Cc thut ton m ha dng trong SSL- Cc thut ton m ho l cc hm m ho v gii m thng tin. - Giao thc SSL h tr rt nhiu cc thut ton m ho, s dng trong qu trnh xc thc server v clientMt s thut ton SSL s dng : - DES (Data Encryption Standard) - DSA (Digital Signature Algorithm): - MD5 (Message Digest algorithm): - RSA: l thut ton m ho cng khai dng cho c qu trnh xc thc v m ho - RSA key exchange: l thut ton trao i kho dng trong SSL da trn thut ton RSA. - RC2 and RC4: - SHA-1 (Secure Hash Algorithm):

2.ng Dng SSLCc ng dng ph bin ca SSL- Tuy vn cn mt s li hng khai thc, nhng SSL vn l giao thc bo mt cao nht m cha mt giao thc bo mt no c th thay th vai tr ca n - ng dng i km SSL c IANA(Internet Assigned Numbers Authority) cng nhn :Name Nsiiop Https Smtps Port 261 443 465 Description Dch v IIOP trn TLS/SSL HTTP trn TLS/SSL SMTP trn TLS/SSL

NntpsLdaps Ftps-data Ftps Telnets Imaps

563636 989 990 992 994

NNTP trn TLS/SSLLDAP trn TLS/SSL FTP-d liu trn TLS/SSL FTP-iu khin trn TLS/SSL TELNET trn TLS/SSL IRC trn TLS/SSL

2.ng Dng SSLng Dng SSL Trn Web ServerWeb Server ?My ch c dung lng ln, tc cao dng lu tr thng tin ,cha website cng nhng thng tin lin quan khc. C a ch IP hoc tn min Khi my tnh kt ni n mt Web Server v gi n yu cu truy cp cc thng tin t mt trang Web no , Web Server Software s nhn yu cu v gi li cho bn nhng thng tin m bn mong mun

2.ng Dng SSL ng Dng SSL Trn Web Server

Phn loi Web SeverC nhiu loi Web Server khc nhau, nhng ch yu trn th trng ch thng s dng Apache v IIS (Internet Information Server ca Microsoft).

Apache Web Server

Web ServerIIS Web Server

2.ng Dng SSL ng Dng SSL Trn Web Server

Gii Php Bo V Web Server?Mt s phng php cho Web Server an ton hn:

2

Quy Trnh Ci t

Quy Trnh1. Chn 1 Server Cho ng dng 2. To 1 CSR(Certificate Signing Request)(ty theo Server chn m c cch thc to khc nhau) * bc ny 1 Private Key s c to ra cng lc vi CSR.

3. ng k to SSL Certificate t 1 CA(Certificate Authority)( V D :http://www.thawte.com)

4. Install SSL ty theo yu cu ca tng Server.

2

Quy Trnh Ci t

Ci tNh bit c 2 loi Web Server ph bin l IIS v Apache:

+ Cch ci t SSL trn my ch Internet Information Services (IIS) Web trn Win Server.( Xin mt chng ch cho web)+ Cch ci t SSL trn my ch Apache Web Server trn h iu hnh CenTos.( T to mt chng ch web)

3

Demo

1. ng dng SSL trong bo mt Web Server IIS 2. ng Dng SSL trong bo mt Web Server Apache.

LOGO

Khoa Cng Ngh Thng tin B Mn: Mng v truyn thng