Question

In: Computer Science

From the security aspect of client/browser, connecting to a secure web site/server, From the cyber security...

From the security aspect of client/browser, connecting to a secure web site/server,

  1. From the cyber security perspective, what browser features should be examined for valid certificates.
  2. What are the risks of using expired web certificates

Solutions

Expert Solution

Part 1

Here is a very simplified explanation:

  1. Your web browser downloads the web server's certificate, which contains the public key of the web server. This certificate is signed with the private key of a trusted certificate authority.

  2. Your web browser comes installed with the public keys of all of the major certificate authorities. It uses this public key to verify that the web server's certificate was indeed signed by the trusted certificate authority.

  3. The certificate contains the domain name and/or ip address of the web server. Your web browser confirms with the certificate authority that the address listed in the certificate is the one to which it has an open connection.

  4. Your web browser generates a shared symmetric key which will be used to encrypt the HTTP traffic on this connection; this is much more efficient than using public/private key encryption for everything. Your browser encrypts the symmetric key with the public key of the web server then sends it back, thus ensuring that only the web server can decrypt it, since only the web server has its private key.

Note that the certificate authority (CA) is essential to preventing man-in-the-middle attacks. However, even an unsigned certificate will prevent someone from passively listening in on your encrypted traffic, since they have no way to gain access to your shared symmetric key.

Part 2

The following are scenarios that are most likely to follow an expired SSL certificate circumstance:

  • For website-owners, expired certificates are highly capable of increasing the instances of shopping cart abandonment and a subsequent decline in sales and revenue.
  • Whereas, website users put their personal information at risk by carrying out a financial transaction on a site with an expired SSL certificate.

venereology answered 2 weeks ago
Next > < Previous

Related Solutions

From the security aspect of client/browser, connecting to a secure web site/server, Mention the importance of...
From the security aspect of client/browser, connecting to a secure web site/server, Mention the importance of web certificates. Mention 4 certificate issuing companies Mention a security incident (or case study) of exploiting web certificates. From the cyber security perspective, what browser features should be examined for valid certificates. What are the risks of using expired web certificates?
AWS screenshot of a view of the web browser connection to your web server via the...
AWS screenshot of a view of the web browser connection to your web server via the load balancer (step 5 of this lab document).
Principles, Cyber security: The Deep Web and The Dark Web - A description of a dark...
Principles, Cyber security: The Deep Web and The Dark Web - A description of a dark net, the Surface Web, the Deep Web and the Dark Web. Are any of these terms synonymous? Do they all exist? What is the purpose of those that truly exist? need reference or citation for these questions
what we should do to protect and secure Web Site and Web Application
what we should do to protect and secure Web Site and Web Application
A cyber security engineer is installing a WAF to protect the company's website from malicious web...
A cyber security engineer is installing a WAF to protect the company's website from malicious web requests over SSL. Which of the following is needed to meet the objective? A. A reverse proxy B. A decryption certificate C. A split-tunnel VPN D. Load-balanced servers     A cyber security consultant was asked to revise the security baselines that are utilized by a large organization. Although the company provides different platforms for its staff, including desktops, laptops, and mobile devices, the...
Define and discuss Web Site Security and also Define and discuss Web Application Security.
Define and discuss Web Site Security and also Define and discuss Web Application Security.
There are many factors that can influence such decision for cloud server and client server. security,...
There are many factors that can influence such decision for cloud server and client server. security, cost, training and more. which would you choose and why ? there are many factors that influenced the decision on a cloud server or client server such as cost, security, training and more. which one would you choose, cost, security,training etc. and why ? cancel that answer
Cyber Security. Dark Web.................................. What is the supposed origin of the Dark Web? What does your...
Cyber Security. Dark Web.................................. What is the supposed origin of the Dark Web? What does your team think about whether it is needed/not needed? Important/not important? A security risk/not a risk? Any security implications? Please, need reference or citation!
in Java - implement ftp-server and ftp-client. ftp-server Logging into ftp-server from ftp-client The ftp-server is...
in Java - implement ftp-server and ftp-client. ftp-server Logging into ftp-server from ftp-client The ftp-server is an interactive, command-line program that creates a server socket, and waits for connections. Once connected, the ftp-client can send and receive files with ftp-server until ftp-client logs out. Sending and receiving files The commands sent from the ftp-client to the ftp-server must recognize and handle are these: rename- the ftp-server responds to this command by renaming the named file in its current directory to...
Describe the process involving the transmission of a Web page from a Web server to a...
Describe the process involving the transmission of a Web page from a Web server to a user’s computer.
ADVERTISEMENT
Subjects
ADVERTISEMENT
Latest Questions
ADVERTISEMENT