DOCSLIB.ORG

Hypertext Transfer Protocol Is Used Between the Browser and a Web Server

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

HHTTTTPP BByy BBaarrddiiaa ,, PPaattiitt,, aanndd RRoozzhheehh HTTP - Introduction - Hyper Text Transfer Protocol -uses the TCP/IP technology -has had the most impact on the World Wide Web (WWW) - specs in RFC 2616 (RFC2616) HTTP - Importance of The Web • - before HTTP , FTP data transfers accounted for approximately 1/3 of the Internet traffic • - HTTP inception in 1990s and by 2000 Web traffic completely overshadowed other applications HTTP - Importance of The Web (continued) • - companies have web sites, online catalogs • - Internet and Web are indistinguishable for most users • - Uses of the Web include Graphical Design of Information, Dissemination of Research http://info. cern.ch/ (world’s first-ever web server) European organization for Nuclear Research, browsing and ordering of products, client and customer support, display of create arts HTTP - Architectural Components • - Web consists of large set of documents called Web Pages • - web pages considered hypermedia document • - media suffix used to indicate that document contains items other then text , such as graphics • - hyper prefix used to indicate document can contain selectable links • - Hyper Text Markup Language (HTML) used to present mixture of text and images HTTP - Sample HTML Page • <HTML> • <HEAD> • <TITLE>MyPage.html - My Home Page</TITLE> • <SCRIPT></SCRIPT> • </HEAD> • <BODY> • Welcome to My Home Page • </BODY> </HTML> HTTP - Sample HTML Page HTTP - Uniform Resource Locator (URL) • - each page assigned a unique URL name that is used to identify it http://hostname[:port]/path[;parameters][[?query] • - http / ftp = scheme specifies the transfer protocol, • - hostname string specifies the domain name or IP address of the server • - :port is an optional protocol port number needed only in case the server does not use the default port 80 HTTP - simple URL • Example: http://www.csun.edu/ URL - Query • Example: http://www.google.com/search?hl=en&lr=&safe=off& q=the+last+page+on+the+internet&btnG=Search • <html> • <head></head> • <body> • <form> • <input type=text name=“q”> • <input type=submit name="btnG" value="Search"> • </form> • </body> • </html> URL - last comment • Each Web Page is assigned a unique identifier known as a Uniform Resource Locator (URL). The absolute form of a URL contains a full specification; a relative form that omits the address of the server is only useful when the server is implicitly known. Fully validated URL • Good for www.externalsite.com to www.othersite.com • <a accesskey="0" href="http://www.csun.edu/test/accessibility.html">Access key details</a> Internal URL • Good for www.internalsite.com www.internsite.com • Local server validated URL: • <a href="accessibility.html">Accessibility</a> HTTP - Header Definition • HTTP/1.1 header fields. For entity-header fields, both sender and recipient refer to either the client or the server, depending on who sends and who receives the entity. • Example: The most common usage is a clear-text request by the client followed by a server demand to upgrade the connection • Client: • GET /encrypted-area HTTP/1.1 • Host: www.example.com • Server: • HTTP/1.1 426 Upgrade Required • Upgrade: TLS/1.0, HTTP/1.1 • Connection: Upgrade HTTP - Header GET Example • Below is a sample conversation between an HTTP client and an HTTP server running on www.example.com, port 80. • Client request (followed by a blank line, so that request ends with a double newline, each in the form of a carriage return followed by a line feed): • GET /index.html HTTP/1.1 • Host: www.example.com • The "Host" header distinguishes between various DNS names sharing a single IP address, allowing name-based virtual hosting. While optional in HTTP/1.0, it is mandatory in HTTP/1.1. • Server response (followed by a blank line and text of the requested page): • HTTP/1.1 200 OK • Date: Mon, 23 May 2005 22:38:34 GMT • Server: Apache/1.3.27 (Unix) (Red-Hat/Linux) • Last-Modified: Wed, 08 Jan 2003 23:11:55 GMT • Etag: "3f80f-1b6-3e1cb03b" • Accept-Ranges: bytes • Content-Length: 438 • Connection: close • Content-Type: text/html; charset=UTF-8 HTTP Status Codes • * 1 1xx Informational • * 2 2xx Success • * 3 3xx Redirection • * 4 4xx Client Error • * 5 5xx Server Error • * 6 See also • * 7 External links HTTP Status Code - 1xx Informational • Request received, continuing process. • * 100: Continue • * 101: Switching Protocols HTTP Status Code - 2xx Success • The action was successfully received, understood, and accepted. • * 200: OK • * 201: Created • * 202: Accepted • * 203: Non-Authoritative Information • * 204: No Content • * 205: Reset Content • * 206: Partial Content • * 207: Multi-Status • For use with XML-based responses when a number of actions could have been requested – details of the separate statuses are given in the message body. See WebDAV for associated specifications. HTTP Status Code - 3xx Redirection • The client must take additional action to complete the request. * 300: Multiple Choices * 301: Moved Permanently • This and all future requests should be directed to another URI. • * 302: Found • This is the most popular redirect code, but also an example of industrial practice contradicting the standard. HTTP/1.0 specification (RFC 1945) required the client to perform temporary redirect (the original describing phrase was "Moved Temporarily"), but popular browsers implemented it as a 303 See Other. Therefore, HTTP/1.1 added status codes 303 and 307 to disambiguate between the two behaviors. However, majority of Web applications and frameworks still use the 302 status code as if it were the 303. • See also 302 Google Jacking. • * 303: See Other (since HTTP/1.1) • The response to the request can be found under another URI using a GET method. • * 304: Not Modified • * 305: Use Proxy (since HTTP/1.1) • Many HTTP clients (such as Mozilla and Internet Explorer) don't correctly handle responses with this status code. • * 306 is no longer used, but reserved. Was used for 'Switch Proxy'. • * 307: Temporary Redirect (since HTTP/1.1) In this occasion, the request should be repeated with another URI, but future requests can still be directed to the original URI. In contrast to 303, the original POST request must be repeated with another POST request. HTTP Status Code - 4xx Client Error • The request contains bad syntax or cannot be fulfilled. • * 400: Bad Request • * 401: Unauthorized • Similar to 403/Forbidden, but specifically for use when authentication is possible but has failed or not yet been provided. See basic authentication scheme and digest access authentication. • * 402: Payment Required • The original intention was that this code might be used as part of some form of digital cash/micropayment scheme, but that has never eventuated, and thus this code has never been used. • * 403: Forbidden • * 404: Not Found • * 405: Method Not Allowed • * 406: Not Acceptable • * 407: Proxy Authentication Required • * 408: Request Timeout • * 409: Conflict • * 410: Gone • * 411: Length Required • * 412: Precondition Failed • * 413: Request Entity Too Large • * 414: Request-URI Too Long • * 415: Unsupported Media Type • * 416: Requested Range Not Satisfiable • * 417: Expectation Failed • * 449: Retry With A Microsoft extension: The request should be retried after doing the appropriate action. HTTP Status Code - 5xx Server Error • The server failed to fulfil an apparently valid request. • * 500: Internal Server Error • * 501: Not Implemented • * 502: Bad Gateway • * 503: Service Unavailable • * 504: Gateway Timeout • * 505: HTTP Version Not Supported • * 509: Bandwidth Limit Exceeded • This status code, while used by many servers, is not an official HTTP status code. How a browsers contacts to a web server ? • The browsers begins with a URL, extracts the hostname section, uses DNS to map the name into an equivalent IP Address, and uses the IP address to form a TCP connection to the server. • Once the TCP connection is in place, the browser and web server use HTTP to communicate; the browser sends a request to retrieve a specific page and the server responds by sending a copy of the page HTTP GET REQUEST A browser sends an HTTP GET command to request a web page from a server. The request consist of a single line of text that begins with key word “GET” followed by a URL and an HTTP version number Example: If we want to retrieve the web page for comp429 from server wwwwww..ccssuunn..eedduu a browser can send the following request: • GEThttp://www.csun.edu/comp429/officehour/http/1.1 • Once a TCP connection is in place, there no need to send an absolute URL --- the following relative URL will retrieve the same page GET /comp429/officehour/http/1.1 TO SUMMARIZE: • The HTTP or Hypertext transfer Protocol is used between the browser and a web server. The browser send a GET request to which a server responds by sending the requested item. What should a web server respond when it receives an illegal request? The answer is simple the sever send the error message to the browsers via HTML. Why? - because since the request has been sent by a browser, so the browser will attempt to display whatever the server returns. Example of an Error Messages: <html> <head><title>400 bad request</title> </head> <body> <h1>bad request</h1>your browser sent a request that this server could not understand </body> </html> it will appear on the user’s screen like bad request your browser sent a request that this server could not understand. Persistent Connections • The first version of HTTP used TCP connection per data transfer. • As a result it was increasing the load on HTTP server causing congestion on the internet. • So later the new version of HTTP was implemented. (HTTP version 1.1) What new in HTTP version1.1? • Using persistent connection approach as the default. That is once a client opens a TCP connection to server, the client leaves the connection in place during multiple requests and responses. When either a client or server is ready to close the connection, it informs the other side ,and the connection is closed.
Recommended publications
  • Resin 3.2 Reference

    Resin 3.2 Reference

    Contents 1 Overview 3 1.1 Features - Resin and Resin Professional . .3 2 Installation 11 2.1 Resin Installation Quick Start . 11 2.2 Resin Installation . 16 2.3 Resin Web Server . 16 2.4 Resin with Apache . 22 2.5 Resin with IIS . 34 2.6 How the Plugins Dispatch to Resin . 44 3 Command-Line 47 3.1 Command-Line Configuration . 47 4 Admin Guide 51 4.1 User Guide: Administration . 51 5 Watchdog 63 5.1 Resin Watchdog . 63 6 Virtual Hosts 73 6.1 Virtual Hosting . 73 7 Clustering 89 7.1 Resin Clustering . 89 8 Web Applications 109 8.1 An Overview of Web Applications . 109 9 Logging 137 9.1 Log . 137 10 Administration 163 10.1 Resin Administration . 163 1 CONTENTS 11 Deployment 177 11.1 Packaging/Deployment . 177 12 Proxy Caching 181 12.1 Server Caching . 181 13 Quercus 193 13.1 Quercus: PHP in Java . 193 14 Security 217 14.1 Resin Security . 217 15 Inversion of Control 271 15.1 Resin IoC . 271 15.2 Scheduled Task . 308 16 Amber 327 16.1 Amber . 327 17 Embedding Resin 355 17.1 Embedding Resin . 355 18 Filters 367 18.1 Filters . 367 19 BAM 379 19.1 BAM . 379 20 Comet 405 20.1 Comet/Server-Push Servlet . 405 21 Remoting 411 21.1 Resin Remoting . 411 21.2 Hessian . 417 22 Messaging 423 22.1 Resin Messaging . 423 23 JSF - Java Server Faces 435 23.1 JSF - Java Server Faces . 435 24 Configuration Tags 445 24.1 cluster: Cluster tag configuration .
  • Poster: Introducing Massbrowser: a Censorship Circumvention System Run by the Masses

    Poster: Introducing Massbrowser: a Censorship Circumvention System Run by the Masses

    Poster: Introducing MassBrowser: A Censorship Circumvention System Run by the Masses Milad Nasr∗, Anonymous∗, and Amir Houmansadr University of Massachusetts Amherst fmilad,[email protected] ∗Equal contribution Abstract—We will present a new censorship circumvention sys- side the censorship regions, which relay the Internet traffic tem, currently being developed in our group. The new system of the censored users. This includes systems like Tor, VPNs, is called MassBrowser, and combines several techniques from Psiphon, etc. Unfortunately, such circumvention systems are state-of-the-art censorship studies to design a hard-to-block, easily blocked by the censors by enumerating their limited practical censorship circumvention system. MassBrowser is a set of proxy server IP addresses [14]. (2) Costly to operate: one-hop proxy system where the proxies are volunteer Internet To resist proxy blocking by the censors, recent circumven- users in the free world. The power of MassBrowser comes from tion systems have started to deploy the proxies on shared-IP the large number of volunteer proxies who frequently change platforms such as CDNs, App Engines, and Cloud Storage, their IP addresses as the volunteer users move to different a technique broadly referred to as domain fronting [3]. networks. To get a large number of volunteer proxies, we This mechanism, however, is prohibitively expensive [11] provide the volunteers the control over how their computers to operate for large scales of users. (3) Poor QoS: Proxy- are used by the censored users. Particularly, the volunteer based circumvention systems like Tor and it’s variants suffer users can decide what websites they will proxy for censored from low quality of service (e.g., high latencies and low users, and how much bandwidth they will allocate.
  • In Computer Networks, A

    In Computer Networks, A

    Practical No.1 Date:- Title:- Installation of Proxy-Server Windows Server 2003 What is proxy server? In computer networks, a proxy server is a server (a computer system or an application program) that acts as an intermediary for requests from clients seeking resources from other servers. A client connects to the proxy server, requesting some service, such as a file, connection, web page, or other resource, available from a different server. The proxy server evaluates the request according to its filtering rules. For example, it may filter traffic by IP address or protocol. If the request is validated by the filter, the proxy provides the resource by connecting to the relevant server and requesting the service on behalf of the client. A proxy server may optionally alter the client's request or the server's response, and sometimes it may serve the request wit hout contacting the specified server. In this case, it 'caches' responses from the remote server, and returns subsequent requests for the same content directly . Most proxies are a web proxy, allowing access to content on the World Wide Web. A proxy server has a large variety of potential purposes, including: To keep machines behind it anonymous (mainly for security).[1] To speed up access to resources (using caching). Web proxies are commonly used to cache web pages from a web server.[2] To apply access policy to network services or content, e.g. to block undesired sites. To log / audit usage, i.e. to provide company employee Internet usage reporting. To bypass security/ parental controls. To scan transmitted content for malware before delivery.
  • Threat Modeling and Circumvention of Internet Censorship by David Fifield

    Threat Modeling and Circumvention of Internet Censorship by David Fifield

    Threat modeling and circumvention of Internet censorship By David Fifield A dissertation submitted in partial satisfaction of the requirements for the degree of Doctor of Philosophy in Computer Science in the Graduate Division of the University of California, Berkeley Committee in charge: Professor J.D. Tygar, Chair Professor Deirdre Mulligan Professor Vern Paxson Fall 2017 1 Abstract Threat modeling and circumvention of Internet censorship by David Fifield Doctor of Philosophy in Computer Science University of California, Berkeley Professor J.D. Tygar, Chair Research on Internet censorship is hampered by poor models of censor behavior. Censor models guide the development of circumvention systems, so it is important to get them right. A censor model should be understood not just as a set of capabilities|such as the ability to monitor network traffic—but as a set of priorities constrained by resource limitations. My research addresses the twin themes of modeling and circumvention. With a grounding in empirical research, I build up an abstract model of the circumvention problem and examine how to adapt it to concrete censorship challenges. I describe the results of experiments on censors that probe their strengths and weaknesses; specifically, on the subject of active probing to discover proxy servers, and on delays in their reaction to changes in circumvention. I present two circumvention designs: domain fronting, which derives its resistance to blocking from the censor's reluctance to block other useful services; and Snowflake, based on quickly changing peer-to-peer proxy servers. I hope to change the perception that the circumvention problem is a cat-and-mouse game that affords only incremental and temporary advancements.
  • How to Download Torrent Anonymously How to Download Torrent Anonymously

    How to Download Torrent Anonymously How to Download Torrent Anonymously

    how to download torrent anonymously How to download torrent anonymously. Completing the CAPTCHA proves you are a human and gives you temporary access to the web property. What can I do to prevent this in the future? If you are on a personal connection, like at home, you can run an anti-virus scan on your device to make sure it is not infected with malware. If you are at an office or shared network, you can ask the network administrator to run a scan across the network looking for misconfigured or infected devices. Another way to prevent getting this page in the future is to use Privacy Pass. You may need to download version 2.0 now from the Chrome Web Store. Cloudflare Ray ID: 66b6c3aaaba884c8 • Your IP : 188.246.226.140 • Performance & security by Cloudflare. Download Torrents Anonymously: 6 Safe And Easy Ways. Who doesn’t want to know how to download torrents anonymously? The thing is, in order to download torrents anonymously you don’t need to have a lot of technical know-how. All you need to download torrents anonymously is some grit and a computer with an internet connection. The technology world never remains the same. In fact, new development and discoveries come to the surface of this industry every day. They also come into the attention of online users every year. Moreover, this allows us to do much more than we could do in the past, in faster and easier ways. A highly relevant aspect to mention at this stage is that: Now we can also download torrents anonymously from best torrent sites.
  • World-Wide Web Proxies

    World-Wide Web Proxies

    World-Wide Web Proxies Ari Luotonen, CERN Kevin Altis, Intel April 1994 Abstract 1.0 Introduction A WWW proxy server, proxy for short, provides access to The primary use of proxies is to allow access to the Web the Web for people on closed subnets who can only access from within a firewall (Fig. 1). A proxy is a special HTTP the Internet through a firewall machine. The hypertext [HTTP] server that typically runs on a firewall machine. server developed at CERN, cern_httpd, is capable of run- The proxy waits for a request from inside the firewall, for- ning as a proxy, providing seamless external access to wards the request to the remote server outside the firewall, HTTP, Gopher, WAIS and FTP. reads the response and then sends it back to the client. cern_httpd has had gateway features for a long time, but In the usual case, the same proxy is used by all the clients only this spring they were extended to support all the within a given subnet. This makes it possible for the proxy methods in the HTTP protocol used by WWW clients. Cli- to do efficient caching of documents that are requested by ents don’t lose any functionality by going through a proxy, a number of clients. except special processing they may have done for non- native Web protocols such as Gopher and FTP. The ability to cache documents also makes proxies attrac- tive to those not inside a firewall. Setting up a proxy server A brand new feature is caching performed by the proxy, is easy, and the most popular Web client programs already resulting in shorter response times after the first document have proxy support built in.
  • TRANSPORT LAYER SECURITY (TLS) Lokesh Phani Bodavula

    TRANSPORT LAYER SECURITY (TLS) Lokesh Phani Bodavula

    TRANSPORT LAYER SECURITY (TLS) Lokesh Phani Bodavula October 2015 Abstract 1 Introduction The security of Electronic commerce is completely in the hands of Cryptogra- phy. Most of the transactions through e-commerce sites, auction sites, on-line banking, stock trading and many more are exchanged over the network. SSL or TLS are the additional layers that are required in order to obtain authen- tication, privacy and integrity for all kinds of communication going through network. This paper focuses on the additional layer (TLS) which is responsi- ble for the whole communication. Transport Layer Security is a protocol that is responsible for offering privacy between the communicating applications and their users on Internet. TLS is inserted between the application layer and the network layer-where the session layer is in the OSI model TLS, however, requires a reliable transport channel-typically TCP. 2 History Instead of the end-to-end argument and the S-HTTP proposal the developers at Netscape Communications introduced an interesting secured connection concept of low-layer and high-layer security. For achieving this type of security there em- ployed a new intermediate layer between the transport layer and the application layer which is called as Secure Sockets Layer (SSL). SSL is the starting stage for the evolution of different transport layer security protocols. Technically SSL protocol is assigned to the transport layer because of its functionality is deeply inter-winded with the one of a transport layer protocol like TCP. Coming to history of Transport layer protocols as soon as the National Center for Super- computing Application (NCSA) released the first popular Web browser called Mosaic 1.0 in 1993, Netscape Communications started working on SSL protocol.
  • Enhanced Virtual Hosting Avi Networks — Technical Reference (20.1)

    Enhanced Virtual Hosting Avi Networks — Technical Reference (20.1)

    Page 1 of 9 Enhanced Virtual Hosting Avi Networks — Technical Reference (20.1) Enhanced Virtual Hosting view online Overview This guide explains the usage of enhanced virtual hosting (EVH). This will help in enabling the virtual hosting on virtual service irrespective of SNI. Virtual service can be of two main types, namely, * Non-virtual hosting enabled virtual service * Virtual hosting enabled virtual service Non-Virtual Hosting enabled Virtual Service If you uncheck Virtual Hosting VS checkbox, in Virtual Service window, then that particular virtual service would be non- virtual hosting enabled virtual service. Virtual Hosting enabled Virtual Service SNI Virtual Hosting Virtual service have a configuration option to enable virtual hosting support. Enabling this option within a virtual service indicates the virtual service is a parent or child of another service, in a server name indication (SNI) deployment. Server Name Indication, or SNI, is a method of virtual hosting multiple domain names for an SSL enabled virtual IP. For more details on virtual hosting enabled virtual service, refer to Server Name Indication, Wildcard SNI Matching for Virtual Hosting user guides. Enhanced Virtual Hosting Virtual service have a configuration option to enable virtual hosting support. Enabling this option within a virtual service indicates the virtual service is a parent or child of another service. If the type of a virtual service is either parent or child, it is considered a virtual hosting enabled virtual service. Copyright © 2021 Avi Networks, Inc. Page 2 of 9 Enhanced Virtual Hosting Avi Networks — Technical Reference (20.1) The virtual service placement for EVH service follow the same conditions as SNI parent child.
  • Technical and Legal Overview of the Tor Anonymity Network

    Technical and Legal Overview of the Tor Anonymity Network

    Emin Çalışkan, Tomáš Minárik, Anna-Maria Osula Technical and Legal Overview of the Tor Anonymity Network Tallinn 2015 This publication is a product of the NATO Cooperative Cyber Defence Centre of Excellence (the Centre). It does not necessarily reflect the policy or the opinion of the Centre or NATO. The Centre may not be held responsible for any loss or harm arising from the use of information contained in this publication and is not responsible for the content of the external sources, including external websites referenced in this publication. Digital or hard copies of this publication may be produced for internal use within NATO and for personal or educational use when for non- profit and non-commercial purpose, provided that copies bear a full citation. www.ccdcoe.org [email protected] 1 Technical and Legal Overview of the Tor Anonymity Network 1. Introduction .................................................................................................................................... 3 2. Tor and Internet Filtering Circumvention ....................................................................................... 4 2.1. Technical Methods .................................................................................................................. 4 2.1.1. Proxy ................................................................................................................................ 4 2.1.2. Tunnelling/Virtual Private Networks ............................................................................... 5
  • The Measured Access Characteristics of World-Wide-Web Client Proxy Caches

    The Measured Access Characteristics of World-Wide-Web Client Proxy Caches

    The following paper was originally published in the Proceedings of the USENIX Symposium on Internet Technologies and Systems Monterey, California, December 1997 The Measured Access Characteristics of World-Wide-Web Client Proxy Caches Bradley M. Duska, David Marwood, and Michael J. Feeley University of British Columbia For more information about USENIX Association contact: 1. Phone: 510 528-8649 2. FAX: 510 548-5738 3. Email: [email protected] 4. WWW URL:http://www.usenix.org/ The Measured Access Characteristics of World-Wide-Web Client Proxy Caches Bradley M. Duska, David Marwood, and Michael J. Feeley Department of Computer Science University of British Columbia g fbduska,marwood,feeley @cs.ubc.ca Abstract three fronts. The ®rst is to scale Web servers to handle the increasing demands being placed on them. The sec- The growing popularity of the World Wide Web is plac- ond is to ensure that the Internet itself will scale by con- ing tremendous demands on the Internet. A key strategy tinuing to increase its capacity and by deploying new net- for scaling the Internet to meet these increasing demands work technologies. The third is to focus on the clients: is to cache data near clients and thus improve access la- Web browsers and a hierarchy of proxy servers to which tency and reduce network and server load. Unfortunately, they may be connected. research in this area has been hampered by a poor un- Client-side solutions such as caching and prefetching derstanding of the locality and sharing characteristics of are attractive because they improve the performance of Web-client accesses.
  • SSL EVERYWHERE Application and Web Security, Many Websites Still Have Weak Best Practices for Improving Enterprise Security Implementations of SSL/TLS

    SSL EVERYWHERE Application and Web Security, Many Websites Still Have Weak Best Practices for Improving Enterprise Security Implementations of SSL/TLS

    SOLUTION BRIEF CHALLENGES • Even with recent focus on SSL EVERYWHERE application and web security, many websites still have weak Best Practices for improving enterprise security implementations of SSL/TLS. without impacting performance • Main reasons for weak SSL Although increased attention has been focused on application and web security implementations include lack recently, many websites still have weak implementations of Secure Socket Layer of infrastructure and browser (SSL) / Transport Layer Security (TLS). Lack of infrastructure and browser support, support, performance penalty, and performance penalty, and implementation complexity have been the primary implementation complexity. reasons for the dearth of stronger SSL implementations. However, with recent • Legacy hardware load balancers advances in the SSL protocol, as well as significant performance improvements of cannot scale elastically, and are SSL on commodity x86 platforms, stronger SSL can be – and should be – everywhere. capped at speeds that are punitively Avi Networks Application Delivery Controller (ADC) natively supports these new tied to acquisition costs. capabilities to maximize application security without sacrificing performance. SOLUTION • The Avi Vantage Platform natively NEW ACRONYMS IN THE WORLD OF SSL implements server name indication Server Name Indication (SNI) (SNI) infrastructure, HTTP Strict Virtual hosting with SSL is a chicken-and-egg problem. The client sends an SSL Transport Security (HSTS), RSA and Hello, and the server must send back the SSL public key. If there are multiple Elliptic Curve Cryptography (ECC) domain names attached to the same IP address, a client that supports Server Name certificates, and Perfect Forward Indication (SNI) sends the hello along with the requested domain name. The server Secrecy (PFS) with point-and-click can now send back the proper SSL response.
  • What Is SOCKS?

    What Is SOCKS?

    Version 2.0 What is SOCKS? An explanation of the SOCKS protocol and application proxy gateway systems B. Scott Wilson, CISSP IBM Global Services, Network Services What is SOCKS? ! SOCKS is a generic proxy protocol for TCP/IP-based networking applications. ! The SOCKS protocol provides a flexible framework for developing secure communications by easily integrating other security technologies. 2 How does it Work? ! When an application client needs to connect to an application server, the client machine connects to a SOCKS proxy server. The proxy server connects to the application server on behalf of the client, and relays data between the client and the application server. ! For the application server, the proxy server is the client. 3 The SOCKS Protocol ! SOCKS version 5 is an IETF approved standard protocol implementation (RFC 1928). ! SOCKS includes two components, the SOCKS server and the SOCKS client. The SOCKS server is implemented at the application layer, while the SOCKS client is implemented between the application and transport layers (see next slide). ! The basic purpose of the protocol is to enable hosts on one side of a SOCKS server to gain access to hosts on the other side of a SOCKS Server, without requiring direct “IP-reachability”. 4 SOCKS and the OSI Layer Model 5 Functions of SOCKS ! The SOCKS protocol performs four functions: " Making connection requests " Setting up proxy circuits " Relaying application data " Performing user authentication (optional) 6 Features of SOCKS ! Transparent network access across multiple proxy servers ! Easy deployment of authentication and encryption methods ! Rapid deployment of new network applications ! Simple network security policy management 7 Benefits of SOCKS ! A single communication protocol authenticates users and establishes the communication channel ! SOCKS is application independent ! Can be used with either UDP or TCP based protocols; even supports redirection of ICMP! ! Bi-directional support and intrinsic NAT, for added security and anti-spoofing.