LESSON 10 WEB SECURITY AND PRIVACY part IV

10.1.3 Looking through Tinted Windows - SSL
It wasn't too long before everyone realized that HTTP in plain text wasn't much good for
security. So the next variation was to apply encryption to it. This comes in the form of SSL4, and
is a reasonably secure 40 or 128 bit public key encryption method. Using a 40 bit key is a lot
less secure than the 128 bit and, with specialized hardware, may well be brute force
breakable within a period of minutes, where as the 128 bit key will still take longer that the
age of the Universe to break by brute force. There are however more complex technical
attacks using something called a known cyphertext attack – this involved calculating the
encryption key by analyzing a large number of messages ( > 1 million ) to deduce the key. In
any case, you aren't going to be rushing to try and crack 128 bit encryption – so what can we
learn about SSL HTTP Servers?
Quite a lot actually. As the SSL merely encrypts the standard HTTP traffic, if we set up an SSL
tunnel, we can query the server as we did in section 1.1. Creating an SSL tunnel is quite
straight forward, and there is a utility called “stunnel” purely for this purpose. Enter the
following into a file called stunnel.conf, (replacing ssl.enabled.host with the name of the SSL
server that you want to connect to:

client=yes
verify=0
[psuedo-https]
accept = 80
connect = ssl.enabled.host:443
TIMEOUTclose = 0

 

10.1.3 通过车窗玻璃看-SSL

不久人们就发现纯文本格式的HTTP协议安全性能不是很好。所以接下来就是对它加密。于是SSL4就出现了，SSL4是一个40-128位安全加密的方法。40位的密钥比128位的密钥安全性能差，通过特殊的硬件，几分钟只能就能强力破解，而128位的可能在宇宙毁灭后都破解不了。但是随之就出现了一些更加复杂的攻击技术，这些技术利用已知的加密文本进行攻击---需要分析大量的数据（大于100万）来计算密钥。不管怎么样，你都不可能能破解128位的加密算法---所以我们能从SSL HTTPS服务器学些什么呢？

其实有很多，因为SSL只对标准HTTP数据流进行加密，如果我们打开一个SSL通道，我们就能按前面1.1所将的方法查询服务器。创建一个SSL通道很简单，有一个名叫“stunnel”的工具就被用来做这项工作。将下列信息键入到stunnel.conf文件中，（用你想连接的ssl服务器的名字替换掉ssl.enabled.host部分）

client=yes
verify=0
[psuedo-https]
accept = 80
connect = ssl.enabled.host:443
TIMEOUTclose = 0

 

Stunnel will then map the local port 80 to the remote SSL Port 443 and will pass out plain text,
so you can connect to it using any of the methods listed above :

 

Stunnel就会将本地端口80映射到远程SSL端口443，并传输数据，所以你可以通过上述任何方法来进行连接：

 

simon@exceat:~> netcat 127.0.0.1 80
HEAD / HTTP/1.0
HTTP/1.1 200 OK
Server: Netscape-Enterprise/4.1
Date: Fri, 07 Jan 2005 10:32:38 GMT
Content-type: text/html
Last-modified: Fri, 07 Jan 2005 05:32:38 GMT
Content-length: 5437
Accept-ranges: bytes
Connection: close

 

10.1.4 Having someone else do it for you – Proxies
Proxies are middlemen in the HTTP transaction process. The client requests the proxy, the proxy
requests the server, the server responds to the proxy and then the proxy finally passes back
the request to the client, completing the transaction. Proxy servers are vulnerable to attacks
in themselves, and are also capable of being a jumping off point for launching attacks onto
other web servers. They can however increase security by filtering connections, both to and
from servers.

 

10.1.4 让别人代你做---代理服务器

代理服务器是HTTP传输过程中的中转站。客户端请求代理服务器，代理服务器请求服务器，服务器响应代理服务器，由代理服务器最终响应客户端，完成传输。代理服务器很容易被攻击，也很容易变成对另一个web服务器发动攻击的站点。但是这些代理服务器可以通过筛选对服务器的连接来提高安全性能。