Pages

Thursday, October 31, 2013

Implementing Web Security & Their Protocols Functions


A number of approaches to providing Web security are possible. The various approaches that exist are described in this part of the article.


Fig: Security facilities in the TCP/IP protocol stack

1.  Secure-HTTP (S-HTTP)

Secure Hypertext Transfer Protocol (SHTTP) extends the features of Hypertext Transfer Protocol (HTTP).  HTTP was designed for a Web that was simple, not requiring for dynamic graphics and hard encryption for end to end transactions that have since made. Since the Web has become in style for businesses users so the existing HTTP protocols required more cryptographic and graphic enhancement if it has to fulfill the demands of businesses users in the e-commerce industry.
S-HTTP protocol has the digital certificate whose design offers the secure connections between a HTTP client and a server mainly commercial transaction.  It is done by different techniques to offer the confidentiality, integrity and authentication.
The header and body of the messages are the two part of HTTP messages in which the header has information to the recipients (browser and server) on how to process the message’s body. The header of HTTP also contains information regarding the format during the transfer transaction which the client browser and the server will use. The S-HTTP protocol adds security by using additional headers for message encryption and how to decrypt the message body between the client browser and the server.

2.  Hypertext Transfer Protocol over Secure Socket Layer (HTTPS)

This is application layer protocol with security features within it and uses the Secure Sockets Layer (SSL) protocol as a sub-layer at the transport level. It is also referred to as Hypertext Transfer Protocol over Secure Socket Layer (HTTPS) or HTTP over SSL, in short. It is also a web protocol made by Netscape, and it is built into its browser to encrypt and decrypt user page requests as well as the pages that are returned by the Web server. It utilizes port 443 rather than HTTP port 80 in its communications with the lower layer, TCP/IP.

Secure Socket Layer (SSL)

SSL is a widely used common cryptographic system employed in the two main Internet browsers: Netscape and Explorer.  It offers an encrypted communication between a client and a server without considering about the platform or OS.
 S-HTTP was intended to deal with only web protocols. SSL protocols works with other network protocols in the network stack and it designed as an alternative for the sockets API. This protocol is defined at transport layer and adds security to the upper layers protocol while communication.

Transport Layer Security (TLS)

This protocol is also define at transport layer and is the effort of the 1996 Internet Engineering Task Force for standardization of a secure technique to communicate over the Web. The 1999 result of that effort was available as RFC 2246 spelling out a new protocol, the Transport Layer Security or TLS. It was responsible for offering security and data integrity at the transport layer between two applications. TLS version 1.0 was an evolved SSL 3.0. Normally, the new standard is termed as SSL/TLS. Since then, though, the subsequent supplementary features have been incorporated: Interoperability and Expandability. Interoperability is the ability to exchange TLS parameter whereas expandability is to plan for future expansion.

Secure Electronic Transactions (SET)

Secure electronic transactions is a cryptographic protocol made by a group of companies which are MasterCard, Netscape, Microsoft, RSA, Visa, IBM, and others.  For every transaction, it offers the subsequent services: confidentiality, message integrity, authentication, and linkage. It utilizes public key encryption and signed certificates to set up the identity of each one concerned in the transaction and to permit every communication between them to be confidential.

How to Secure Your Electronic Mail Using PGP & S/MIME


Avoiding the importance of sensitive conversation is not preferred. Preserving confidential information most effective option is by utilizing encryption. Using encryption in the messages e.g. e-mail, is necessary for the confidentiality together with security that’s the PGP can accomplish which is preferred at present. Phil Zimmermann introduced the Pretty Good Privacy protocol which is a public key cryptosystem.
PGP functions by making a loop of confidence among the clients. In the loop of confidence, clients, beginning with two, make the key ring of public key/name sets maintained by every client. Becoming a member of this “trust club” indicates relying on and utilizing the recommendations on somebody’s key circle.

Figure illustrates the general operation of PGP, and the relationship between the services

In contrast to the standard PKI system, this loop of confidence possesses an internal vulnerability which can be penetrated by an intruder. In spite of this, because PGP may be used to authorize messages, the occurrence of the digital signature is utilized to confirm the credibility of a text or file. This can be a good deal in making sure that an email message or file simply downloaded from the web is both risk-free and un-changed.

  S/MIME Protocol

S / MIME stands for the abbreviation of secure/ multipurpose internet mail extension that maximizes the features of MIME protocol by incorporating digital signatures as well as encryption to this protocol. To fully grasp S/MIME, you should initially examine MIME. MIME is a technological requirement of network rules that talks about the transmission of multimedia information containing images, sound, as well as videos. It is defined in RFC 1521; a computer user with greater desire for MIME can seek advice from RFC 1521. 
Web stuffs comprise of hyperlinks which are further associated onto different links. When a user demands for a Web file, the Web server delivers the required document to the client’s internet browser, it puts a MIME header to the file and sends it. This implies, Internet email communications comprise of two components: the header along with the body. Within the header, two sorts of knowledge are incorporated: MIME type as well as subtype.
-       The first one within the header specifies the content type whether it is pictures, audio, video or plain text.
-       The second one within the header specifies the extension of the file e.g. it is Jpeg, bmp, Png and so on.  
S/MIME has been created to enhance security services in the system by adding two cryptographic features one is encryption and the other is digital signatures. It facilitates 3DES, RSA and Diffie-Hallman public key algorithms to encrypt -session’s keys and 160 bit SHA1 or MD5 to make message digests.

How to Protect Network Using Firewalls



 Firewalls can be an effective means of protecting a local system or network of systems from network based security threats. Firewalls can be either software based or hardware based device with the functionality of which traffic is pass through. If a firewall is a packet filter type then firewall policy decides which packets are allowed to pass through the firewall. And if it’s an application proxy or gateway type then it will decide which type of services will be allowed to be accessed through the firewall. In general, the firewall policy can be divided into two categories: allow by default and deny by default.
Figure (a) illustrates the packet filter firewall placement in the border router, on the security perimeter, between the external less-trusted Internet, and the internal more trusted private network

Figure (b) illustrates an application-level gateway (or proxy server), emphasizing that it only supports a specific list of application services


The policy which is allow by default, allows every type of packets and services to pass through the firewall. The ones which don’t want to permit will be denied explicitly. This type of policy is Insecure by default because anything new and uncovered in rules will pass through the firewall. The kind of policy is normally used for research and development purposes. Deny by default policy is to deny all packets and services to pass through the firewall. Anything which wants to allow will be allowed explicitly. Also this kind of policy is secure by nature because it has already denied any forthcoming unseen threats by default.
In the screened host firewall, single homed bastion configuration, the firewall consists of two systems: a packet filtering router and a bastion host. Router functions to forward IP packet to and fro the bastion whereas bastion host performs authentication and proxy functions. The screened host firewall, dual homed bastion configuration has dual layer of security and physically prevents security breach when the packet filtering router of single home configuration is completely compromised. The third one screened subnet firewall is the most secure configuration in which two packets filtering routers are used, one between the bastion host and the internet and one between the bastion host and the internal network. It creates an isolated sub network with several advantages and blocks the traffic across the screened subnet.

Monday, July 8, 2013

How to send encrypted email using Gmail, Chrome, and Mailvelope

 how to send/receive encrypted email using Gmail to ensure I can transfer sensitive information without prying eyes being able to read it…for at least a decade assuming their computers try cracking it.  Mailvelope brings PGP encryption to Gmail, Yahoo, Outlook.com and others.  It isn’t a complicated process to setup or to encrypt/decrypt messages but if you are not familiar with this it can be a little daunting.  Don’t worry, I’ll walk you through this.
Step 1: Read this article that describes how Public Key encryption works. It’s a simple enough concept and they explain it very well.
Step 2: Install the Mailvelope extension in your Chrome browser.
Step 3: Setup Mailvelope inside of Chrome.
  • Go to Mailvelope Options and click Generate Key (it’s a little padlock in the upper right of the browser extension toolbar or you can 
  • access it via the Menu > Window > Extensions)







  • Enter your name
  • Email address
  • Encryption method (I recommend making it the strongest possible, RSA/4096)
  • Enter a very strong passphrase (this can include spaces) A quote by a famous person is extremely secure passphrase e.g. Paper is poverty; it is the ghost of money and not money itself. Thomas Jefferson
  • You now need to share your public key with anyone you want to send encrypted emails with
  • Go to Display Keys
  • Click the blue export button and choose Display public key
  • In the ‘Export Key’ dialog box that appears, click Create file.
  • This will download your public key into a text file that you will share with anyone you want to email.
  • I have posted my public key on my website and will have it in Dropbox to easily send to anyone. (NEVER EVER SHARE YOURPRIVATE KEY OR POST IT ANYWHERE)
Step 4.  Import the public keys for those you want to email. They can email you their public key as text or as an attachment. They will export their public key as descibed above. If you don’t have the other person’s public key, you won’t be able to encrypt the message for them.

Sending an encrypted message will add a few extra steps to your email workflow. I’ll write up the Cliff notes version here but you can read a more detailed description on http://www.mailvelope.com/help
Step 5.  Compose and Send your encrypted email
Click Gmail’s Compose button.

  • Inside your message body you should see an icon with a pen & paper on it. Click this.
  • A new composition window will open and this is where you’ll compose your message (not inside the regular Gmail compose window)
  • Type your message and when done, click the padlock button. This is where you choose who you will encrypt the message for (assuming you’ve been given their public key and imported it into Mailvelope)
  • Click Add for each email recipient you want to be able to decrypt the message.  Then click Ok.
  • The text you typed will change into a paragraph of alphanumeric characters which is your message but encrypted.
  • Now click the Transfer blue button and this will copy that text into the regular Gmail compose window)
  • Send your message to the same email address as the one you encrypted it for and the person on the other end will decrypt your message using their private key.
  • To decrypt a message, open the email and you’ll see this type of image.
    • Mailvelope will look for the corresponding private key that is needed to decrypt this message.  When it finds it, it will show this dialog box.
      • Enter your private key password and the message will be decrypted and displayed.

Wednesday, February 20, 2013

Life Hacker: [TuT]How To Get A Fully Undetectable Backdoor/Payl...

Life Hacker: [TuT]How To Get A Fully Undetectable Backdoor/Payl...: Hi, Today I would talk about how to create a backdoor completely undetectable by antivirus a very simple way and totally free(no crypter). ...