Information Security: The Big Picture – Part V

The World Wide Web has become the de facto communications medium for the Internet. Millions of people use it every day to getinformation, communicate with coworkers, buy and sell goods, entertain themselves, and keep up to date with current events. However, most ofthese people have very little knowledge about how the web actually works. On this slide we will give you a brief introduction to the web and tellyou everything you always wanted to know about the web but were afraid to ask. All in less than three minutes....
Nội dung trích xuất từ tài liệu:
Information Security: The Big Picture – Part V Information Security: The Big Picture – Part V Stephen FriedInformation Security: The Big Picture - SANS GIAC © 2000 1 1 Agenda • General Security Introduction • Telecommunications Fundamentals • Network Fundamentals • Network Security • World Wide Web Security • Information Secrecy & Privacy • Identification and Access Control • Programmatic Security • Conclusion Information Security: The Big Picture - SANS GIAC © 2000 2If you are taking this course you undoubtedly know about the World Wide Web. As valuable, asuseful, and as important to our everyday lives as the web has become, it is full of security issues andproblems. This section will examine those issues. 2 Everything You Always Wanted to Know About Web Communications… • Servers and Clients • HTTP and HTML • Stateless Communications • Retrieving Information – GET • Sending Information – POST Information Security: The Big Picture - SANS GIAC © 2000 3The World Wide Web has become the de facto communications medium for the Internet. Millions of people use it every day to getinformation, communicate with coworkers, buy and sell goods, entertain themselves, and keep up to date with current events. However, most ofthese people have very little knowledge about how the web actually works. On this slide we will give you a brief introduction to the web and tellyou everything you always wanted to know about the web but were afraid to ask. All in less than three minutes.All computers on the web fall into one of two categories: clients or servers. Let’s start with servers. A server is a computer that contains somesort of information that an organization wants to distribute. The server runs a special piece of software, called a web server, that takes requestsfrom other machines, figures out what the request is for, finds the answer to the request, and sends it back to the requesting machine. That’sbasically all a server does.The client machine is the machine that is doing the requesting. The client runs a piece of software called a “Web browser”, or just browser forshort. Browsers take input from users, convert that input into a language the server will understand, send it off to the server over the network,and waits for the reply. When the server sends the reply, the browser will format it and display it for the user. Simple as that. OK, it’s not reallyall that simple. There may be a lot of processing that goes on behind the scenes. For example, the server may have to contact other computers toget the information the client needs, or the client may have to run some other programs in order to properly interpret the response from thebrowser, but here you have the basics: Client sends request, server responds to request.The way clients and servers communicate on the Web is through a protocol called HTTP – the HyperText Transfer Protocol. Like any otherprotocol, HTTP is just a set of standards, conventions, and notations the two systems must understand in order to communicate.The HyperText Markup Language, or HTML, is the actual language used to develop web pages. HTML uses a set of special notations, calledtags, to tell the browser how to display a page, including things like where to center text, what fonts to use, where to place images on a page, andso on. If you want to see examples of HTML, most browsers allow you to view the HTML source code for any page it displays.Communication on the Web is called “stateless.” This is because each interaction between clients and servers is an independent transaction. Forexample, each time you click on a web page you are starting a completely new interaction between your browser and the server. If you click on12 different links on a page your browser will make 12 different connections to the server. There is no information about the state of anyprevious transactions carried over from one transaction to the next. That’s why it is called “stateless.” We will see in the next slide how serversand clients can be tricked into carrying state information between transactions.There are two types of transactions that browsers can request of servers. They are called GET and POST. A GET transaction asks the server toget some information and send it back to the b ...