Difference between revisions of "Secure connections"

 
(One intermediate revision by the same user not shown)
Line 16: Line 16:
 
Most modern browsers will give a warning if an SSL cert has expired or is invalid - as in that it may be a spoof certificate.
 
Most modern browsers will give a warning if an SSL cert has expired or is invalid - as in that it may be a spoof certificate.
  
One of the most commonly used SSL software packages on the Internet, OpenSSL, suffered a major security flaw in the shape of the [http://heartbleed.com/| Heart Bleed bug]. This left most websites using a certain version of OpenSSL open to an exploit. This incident highlights that no technology is 100% secure and requires constant monitoring.
+
One of the most commonly used SSL software packages on the Internet, OpenSSL, suffered a major security flaw in the shape of the [http://heartbleed.com/ Heart Bleed bug]. This left most websites using a certain version of OpenSSL open to an exploit. This incident highlights that no technology is 100% secure and requires constant monitoring.
  
 
</li>
 
</li>
Line 22: Line 22:
 
'''SFTP'''
 
'''SFTP'''
 
When transfering files to or from a remote server it is integral to security to use an SFTP client. This stands for Secure File Tranfer Protocol. In a similar manner to SSL it ensures that the communications to and from the server are not open to external individuals.
 
When transfering files to or from a remote server it is integral to security to use an SFTP client. This stands for Secure File Tranfer Protocol. In a similar manner to SSL it ensures that the communications to and from the server are not open to external individuals.
 +
 +
An excellent client is [http://cyberduck.io/ Cyberduck]
 
</li>
 
</li>
 
<li>
 
<li>
 
'''SSH'''
 
'''SSH'''
When connecting directly to a server, for example for command line access, it is imperative to use the Secure SHell protocol. As the telnet protocol provides no level of security and should be disabled. For further information see []
+
When connecting directly to a server, for example for command line access, it is imperative to use the Secure SHell protocol. As the telnet protocol provides no level of security and should be disabled. For further information see [http://www.openssh.com/ openSSH docs].
 +
 
 +
For windows a good client is [http://www.putty.org/ putty] for mac and linux the Terminal can be used.
 
</li>
 
</li>
 
<ol>
 
<ol>

Latest revision as of 19:10, 28 May 2014

When communicating data to/from a server it is important that the infromation not be susceptible to man-in-the-middle attacks. If data is communicated over open, plain text mediums such as FTP or HTTP then that data can be intercepted and read by any entity on any of the networks that the information passes through; this can included Local Area Networks, ISPs, or National Entities

There are a number of steps that can be taken to protect communication channels to and from the server, though no system is 100% secure.

  1. SSL If your website does not have an SSL certificate then all web traffic direct to your site will be unencrypted and potentially subject to snooping, either at the ISP level, at the level of your hosting provider or at a level that specifically targets your site's users locally (ie: local interception of their communications on a coffee shop's wireless network). Secure Socket Layer(SSL) is a cryptographic protocol which allows secure client-server interactions. Once a secure session has been established between the client, for example your web browser, and the server, your website in this case, all the information that passes between the two is unreadable to external parties. In order, to provide SSL for your website you must purchase an SSL certificate. This is a digital document that is signed by a recognised certificate reseller that uniquely belongs to your domain. An added benefit of SSL certificates is that they can aid in preventing SSL spoofing. This occurs where a malicious websites pretend to be a legitimate website or a server pretends to be a legitimate holder of the SSL cert. Most modern browsers will give a warning if an SSL cert has expired or is invalid - as in that it may be a spoof certificate. One of the most commonly used SSL software packages on the Internet, OpenSSL, suffered a major security flaw in the shape of the Heart Bleed bug. This left most websites using a certain version of OpenSSL open to an exploit. This incident highlights that no technology is 100% secure and requires constant monitoring.
  2. SFTP When transfering files to or from a remote server it is integral to security to use an SFTP client. This stands for Secure File Tranfer Protocol. In a similar manner to SSL it ensures that the communications to and from the server are not open to external individuals. An excellent client is Cyberduck
  3. SSH When connecting directly to a server, for example for command line access, it is imperative to use the Secure SHell protocol. As the telnet protocol provides no level of security and should be disabled. For further information see openSSH docs. For windows a good client is putty for mac and linux the Terminal can be used.