Security in Computing (3rd Edition)

Info iconThis preview shows pages 1–5. Sign up to view the full content.

View Full Document Right Arrow Icon
1 Web Security CS 161/194-1 Anthony D. Joseph November 21, 2005 November 21, 2005 CS161 Fall 2005 Joseph/Tygar/Vazirani/Wagner 2 Outline • Web Servers – Static and Dynamic Content • Firewall review – Adding a DMZ • Secure Topologies
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
2 November 21, 2005 CS161 Fall 2005 Joseph/Tygar/Vazirani/Wagner 3 Polls • How many people have set up a personal web server? • How many people have set up a business web server? November 21, 2005 CS161 Fall 2005 Joseph/Tygar/Vazirani/Wagner 4 Web Servers • Web server serves up static, read-only content from file server • Scales up by replicating web servers – Can use DNS round-robin or load balancer Web Server Internet User User User User User File Server Web Server File Server Web Server File Server
Background image of page 2
3 November 21, 2005 CS161 Fall 2005 Joseph/Tygar/Vazirani/Wagner 5 Web Servers • Add a database server for dynamic content – DB used to store per-user info or site content – Also, used for authentication, read/write actions, e-commerce, … • Software connector to DB server – Object/Java DataBase Connectivity Web Server File Server DB Server Internet User User User User November 21, 2005 CS161 Fall 2005 Joseph/Tygar/Vazirani/Wagner 6 Web Servers • Static content model: – Web server uses file server for static content, templates, … • Dynamic content model: – Web server uses database server to retrieve/store dynamic content • Can have mixtures – Ex: Storing dynamic content in FS – Ex: Storing static content in DB • What are the security issues?
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
4 November 21, 2005 CS161 Fall 2005 Joseph/Tygar/Vazirani/Wagner 7 Some Web Server Threats and Attacks • Replace static content (“defacement”) – Exploit vulnerability to access Web or File servers • (Distributed) Denial of Service attack
Background image of page 4
Image of page 5
This is the end of the preview. Sign up to access the rest of the document.

Page1 / 11

Web Security - Web Security CS 161/194-1 Anthony D. Joseph...

This preview shows document pages 1 - 5. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online