Web Hosting Forum | Lunarpages

Author Topic: "secure line" question  (Read 3135 times)

Offline Anatolie

  • Trekkie
  • **
  • Posts: 14
"secure line" question
« on: December 11, 2003, 10:24:41 AM »
I'd like to create a "secure line" for the visitors to my site. I know that an SSL certificate installed on the server ensures that data sent by the user is encrypted, but I also want to encrypt the other flow - from the site to the user - too.

How can I make sure nobody else would see what my users read on my site? Is this possible? Would any SSL certificates installed on the client side help?

Please let me know at least where I can dig up that information!

Thak you!

Danielle

  • Guest
"secure line" question
« Reply #1 on: December 11, 2003, 10:32:58 AM »
Hi Anatolie,

Although I don't know about a security certificate installed on the client side, I do know that you could password protect those areas of the site you don't want people to view other than your clients/users.  You can set up password protection in CPanel.  You can set up individual users in there with their own username and password as well.

I hope this is helpful.

Offline Anatolie

  • Trekkie
  • **
  • Posts: 14
"secure line" question
« Reply #2 on: December 11, 2003, 10:58:49 AM »
Thank you for the explanation!

However, my question is about setting encryption of the site information sent to the user.

If somebody is monitoring a user's line, I'd like to avoid them seeing the information that user is browsing on my site.

I guess, my question is about setting up a "TOP SECURITY" site  8-)

Offline scanman20

  • Senior Moderator
  • Über Jedi
  • *****
  • Posts: 1549
    • http://www.notonebit.com
"secure line" question
« Reply #3 on: December 11, 2003, 01:32:34 PM »
SSL encryption is both ways.
Even a broken clock is right twice a day.
NotOneBit.com
MCSE - MCSA - MCP (<- unused since 2006!)

Offline Anatolie

  • Trekkie
  • **
  • Posts: 14
"secure line" question
« Reply #4 on: December 11, 2003, 01:50:43 PM »
Do you mean that if I install an SSL certificate just on the server, then the encription is both ways? Or is it that installing an SSL certificate in client's browser also works and makes encription both ways? Sorry for being so nitpicking.... :oops:

I just though about it.... If just the SSL certificate on the server encripts the data flow both ways, then it doesn't make much sense, since the server sends the open/public key to the client during the handshake. If anybody would eavesdrop onto the wire (including during the handshake), they'll have the key to decript any information coming from the server.

It seems like an SSL certificate on the client side would address it by sending it's own public key to server requiring incomming flow to be encripted with it. This way nobody would be able to decipher it!

Offline MishaPappa

  • Jabba the Hutt
  • *****
  • Posts: 587
"secure line" question
« Reply #5 on: December 11, 2003, 02:09:49 PM »
You are being suspiciously paranoid...

Google search on SSL and you'll discover lots about how it works.

Unless you intend to conduct web activity that, if discovered, would lead to persecution by a government agency and possible imprisonment -- server side SSL should be more than adequate for your needs.
"I know that you understood what you think I said but I'm not sure you realize that what you heard is not what I meant..."

Andromeda, April 2003 - Sept 2004
Lyra, since Sept 2004

Misha

Offline Anatolie

  • Trekkie
  • **
  • Posts: 14
"secure line" question
« Reply #6 on: December 11, 2003, 02:19:47 PM »
:| Unfortunately, yes, it is the case of people potentially having BIG problems with the government (not the US governemnt, of course, it is about a communist country...). It's not the activity itself that may endager visitors, just the information they get access to...

Offline scanman20

  • Senior Moderator
  • Über Jedi
  • *****
  • Posts: 1549
    • http://www.notonebit.com
"secure line" question
« Reply #7 on: December 11, 2003, 05:37:20 PM »
The SSL on the server is completely secure. The server sends the public key but only with the server's private key can the transmission be decrypted so unless you're working on the server and have access to the key pair it doesn't matter if you sniff packets, you won't be able to decipher it any more easily than if the client had a certificate.
Even a broken clock is right twice a day.
NotOneBit.com
MCSE - MCSA - MCP (<- unused since 2006!)

Offline scanman20

  • Senior Moderator
  • Über Jedi
  • *****
  • Posts: 1549
    • http://www.notonebit.com
"secure line" question
« Reply #8 on: December 11, 2003, 05:39:50 PM »
By the way, since I know you don't believe me, maybe you'll take Sun's word for it...

"Secure Sockets Layer(SSL) Protocol Explained


SSL encrypts data so that no one who intercepts is able to read it.

SSL can assure a client that they are dealing with the real server they intended to connect to.

SSL can prevent any unauthorized clients from connecting to the server.

SSL prevents anyone from meddling with data going to or coming from the server.



The Secure Sockets Layer(SSL) Protocol provides several layers of security available for all users of a web server equipped with SSL. All data coming from and going to an SSL equipped server is encrypted. This ensures that anyone who may be able to spy on the data transmission will not be able to understand the data. An SSL equipped server can also identify itself to anyone who visits it. This ensures that your clients can trust that they have indeed connected to the server they intended to reach.

When necessary, an SSL equipped server can also authenticate the clients that are connecting to it. This ensures that a person connecting to your server is not pretending to be someone to whom you have given restricted access. An SSL equipped server can also assure data integrity. This security measure prevents meddlers from intercepting a data transmission (which they cannot understand) and replacing it with a fake one they create. With this feature you can be confident that no one is able to intervene between the server and the client."
Even a broken clock is right twice a day.
NotOneBit.com
MCSE - MCSA - MCP (<- unused since 2006!)

Offline Anatolie

  • Trekkie
  • **
  • Posts: 14
"secure line" question
« Reply #9 on: December 12, 2003, 11:16:44 AM »
You are very convincing, especially with exerpts from Sun.

However, here is what I found while looking more into this issue - http://www.seifried.org/security/cryptography/20011108-end-of-ssl-ssh.html

With the latest version of dsniff you also gain the ability to intercept and monitor SSH (protocol version 1) and SSL...

...it is now available in a convenient source ball package that an attacker can easily compile and use...

Offline scanman20

  • Senior Moderator
  • Über Jedi
  • *****
  • Posts: 1549
    • http://www.notonebit.com
"secure line" question
« Reply #10 on: December 12, 2003, 11:25:09 AM »
You can sniff ANY traffic but that doesnt mean you can decrypt it.
Even a broken clock is right twice a day.
NotOneBit.com
MCSE - MCSA - MCP (<- unused since 2006!)

Offline Anatolie

  • Trekkie
  • **
  • Posts: 14
"secure line" question
« Reply #11 on: December 12, 2003, 05:40:10 PM »
Check this out -
http://www.thoughtcrime.org/ie.html

Just download, compile, run and whatch the encrypted traffic not being encrypted anymore....

Offline scanman20

  • Senior Moderator
  • Über Jedi
  • *****
  • Posts: 1549
    • http://www.notonebit.com
"secure line" question
« Reply #12 on: December 12, 2003, 07:06:10 PM »
No offense but I'm not installing anything from a site where they have "Legalize Drugs" and "Linux for Anarchists" as the main text on their homepage.
Even a broken clock is right twice a day.
NotOneBit.com
MCSE - MCSA - MCP (<- unused since 2006!)

 

Share |