IT Baseline Protection Manual - The Information Warfare Site
19.12.2012 Views
Share Embed Flag

IT Baseline Protection Manual - The Information Warfare Site

IT Baseline Protection Manual - The Information Warfare Site

IT Baseline Protection Manual - The Information Warfare Site

SHOW MORE
SHOW LESS
ePAPER READ
DOWNLOAD ePAPER
iwar.org.uk

You also want an ePaper? Increase the reach of your titles

YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.

START NOW

Safeguard Catalogue - Communications Remarks<br />

____________________________________________________________________ .........................................<br />

S 5.65 Use of S-HTTP<br />

Initiation responsibility: Head of <strong>IT</strong> Section, <strong>IT</strong> Security Management<br />

Implementation responsibility: Administrators, users<br />

Secure HTTP (S-HTTP) provides for the securing of messages that are<br />

exchanged between an HTTP client and an HTTP server. S-HTTP makes the<br />

following mechanisms available as an extension of HTTP:<br />

- Authentication of instances<br />

- Negotiation of security services<br />

- <strong>Protection</strong> of the confidentiality and integrity of HTML documents by<br />

means of cryptographic checksums and encryption.<br />

S-HTTP protects submitted HTTP data at the sender's end by encrypting it or<br />

by attaching a cryptographically generated checksum, and transfers the<br />

protected data to the transport system. <strong>The</strong> protected data is then sent to the<br />

recipient. At the recipient's end, the encapsulated data is transferred from the<br />

transport system to the local S-HTTP. This decrypts the protected HTTP data<br />

and forwards it to the HTTP application.<br />

<strong>The</strong> security services are based on the RSA, DES, RC2, MD2 and MD5<br />

algorithms (in this connection see also S 3.23 Introduction to basic<br />

cryptographic terms). With S-HTTP, the security policy and the cryptographic<br />

algorithms that are to be used can be selected by means of an optional<br />

negotiation phase before every transmission.<br />

In addition, various cryptographic security mechanisms can also be integrated<br />

into S-HTTP, for example PKCS-7 (cryptographic message syntax) and PEM.<br />

Interoperability between S-HTTP clients and servers which do not use S-<br />

HTTP is guaranteed by the optional negotiation phase.<br />

<strong>The</strong> essential differences with respect to SSL (see S 5.66) are as follows:<br />

- S-HTTP must be integrated into WWW clients and servers at the<br />

application level.<br />

- S-HTTP offers its security services on the basis of the content of the<br />

HTML documents, whereas SSL protects the HTTP communication<br />

channel.<br />

S-HTTP is used for protecting WWW applications. Nevertheless, malicious<br />

applets or MIME-encoded executable programs may get through to internal<br />

systems despite this protection or precisely because of it.<br />

____________________________________________________________________ .........................................<br />

<strong>IT</strong>-<strong>Baseline</strong> <strong>Protection</strong> <strong>Manual</strong>: Oktober 2000

logo

products

Resources

Company

Terms of service
Privacy policy
Cookie policy
Cookie settings
Imprint
Change language
Made with love in Switzerland
© 2024 Yumpu.com all rights reserved

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!