Brettos Blunder

Name:
Location: Bathurst, New South Wales, Australia

Tuesday, April 11, 2006

S-HTTP EXPLAINED by Brett Griffiths

I thought it would be best to try to explain as much of this in my own words as I'm not to "familiar" with a lot of the technical terms used in what I read on the Net. So putting this in Layman,s terms (as much as possible) I will try to set this out expalining everything as if to someone new to the web.

So WHAT IS S-HTTP ?

I will start from the beginning. S-HTTP stands for "secure Hypertext Transfer Protocol" it was designed by E Rescorla and A Schiffman of Enterprize Intergration Technologies "EIT" to be an extention to the HTTP protocol to support sending data securley over the World Wide Web. It was designed to coexist with HTTP's messaging model and to be easily intergrated with HTTP applications or simply put "It keeps your moolah safe on its way from your wallet to a computer transaction on the internet".

Now not all browsers and servers support S-HTTP, another technology for transmitting secure communications over the web is "SSL" or Secure Sockets Layer with is more prevalent. The fact that S-HTTP and SSL have very different designs and goals it is possible and reccomended to use the two protocals together. Where SSL is designed to establish a secure connection between two computers, S-HTTP is desgned to send individual messages securly.

HOW DOES IT WORK

A Secure HTTP message is a request or status line, followed by other headers (which must be RFC-822 compliant), and some content. The content can be raw data, a secure HTTP message, or an HTTP message. The request is defined as :-

Secure * Secure-HTTP/1.1 to which the response must be:
Secure-HTTP/1.1 200 OK


These lines are defined to stop an attacker from seeing the success or failure of a given request. Secure HTTP takes a general paranoid attitude to all information, leaking as little as possible.

Headers

There are a few headers that should go in the Secure HTTP header. These are other headers which go into an HTTP header, which is located within the S-HTTP message. Those headers are defined in S-HTTP, but are used as headers in the HTTP document. ie, they cannot be used without being protected by an S-HTTP encapsulation.

Negotiation

To offer flexibility in the cryptographic enhancements used, clients and server negotiate about what enhancements each is willing to use, unwilling to use, or will be required to use. Negotiations blocks have four parts property, value, direction (always in respect to the negotiator), and strength (for preference). If agents are unable to discover a common set of algorithms, appropriate actions should be taken. Continuing to request a refused option is considered ineffectual and inappropriate.

An example negotiation line would be :
SHTTP-KEY_Exchange-Algorithims: recv-required+RSA,Kerb-
5.

To mean messages to this machine must use Kereros 5 or RSA encryption to exchange keys.

Message format Options.

The format of the body of a message is indicated by the Content-Privact-Domain SHTTP header line. There are several acceptable Content-Privacy-Domains, which are PEM, PGP, and PKCS-7. Under PKCS-7, the most interesting option is a self signed signature certificate in a message body. This is permitted, and no assertions are made to its reliability. This allows implementers a great deal of flexibility.

Error Conditions and Retry Behavior.

Not all error in Secure HTTP result in connections being closed. Some will require a new attempt, with different option. The 3XX set of redirection codes provides the building blocks on which to proform redirection. Clients must interpret server messages to decide on the appropriateness or a retry.

Threats

Threats to S-HTTP are similar to those against SSL. However, the more general nature of S-HTTP make it difficult to assess exactly what is possible.In the case of a hacker, or looker, the attack on a CA may be more difficult due to the existence of Multiple CA's. A key could theoretically be verified by several CA's making an attack un feasible.

Protections offered

The default operational mode of S-HTTP is substantially more resistant to attach than that of SSL. It resists clear text cryptanalysis, Man in the Middle, and replay attacks. It is more robust than SSL, because option renegotiation and retries are permitted.

In conclusion you can readily see the importance of SHTTP, particularly to companies and business who are moving towards the cheapest for of transactions, like those that rely in E commerce like E bay and various web booking engines for airlines and financial institutions who use e banking and B pay.

It is also recommended to use SHTTP in conjunction with something like SSL to provide a more secure transfer of information.
So I hope with the above description of SHTTP you get the general idea of what is it and how it is used.


Brett

Tuesday, March 14, 2006


IMPRESSIONS OF FTP CLIENTS

For the assignment I used Smart FTP to up download the files.
I thought that this program was not partucularly user friendly and also was very slow.

To upload the files I chose Filezilla. This one was "a no go" could not even connect so I tried CoffeeCup Free FTP. This one was a lot easier and user friendly. I also though it was a lot faster.

If I was to recomend a FTP client to someone who has little knowlege of how these things work and don't need a heap of bells and whistles I would definitely recomend "CoffeeCup Free FTP" It also has the coolest name and it even sort of rhymes. I give it 8/10

Monday, March 13, 2006

ASSIGNMENT FTP CLIENTS

A REVIEW OF FTP CLIENTS

CUTE FTP Home
COST : $59.00 with express checkout they also a 30 day free trail
Cost includes priority support and free upgrades for 12 months.
TYPE OF LICENCE: Single user Shareware
MAJOR FEATURES:-
  • Simple connections
  • Drag and drop transfers
  • Server address book
LINK: www.cuteftp.com

CUTE FTP Professional

COST: $89.99 with express checkout. They also offer a 30 day free trial.
Cost includes priority support and free upgrades for 12 months.
TYPE OF LICENCE: Single user Shareware.
MAJOR FEATURES:-
  • Automated transfers
  • Script and Macro support
  • Accelerated transfersAdvanced security
LINK: www.cuteftp.com

WS_FTP

COST: $89.95 with 12 months worth of support and upgrades or $54.95 with none.
They also have a 30 day free trial.
TYPE OF LICENCE: Single user Shareware
MAJOR FEATURES:-
  • Enhanced Protocol Support
  • Built in compression
  • Bullet proof security

LINK: www.ipswitch.com

FTP Voyger

COST: From $39.95 for FTP Voyger Standard and $49.95 Secure for 1-19 copies. They also have 2 years costs and also cost options for department , Site and Enterprize . They have a 30 day fee trial.
TYPE OF LICENCE: Share Ware
MAJOR FEATURES:-
  • MLST/MLSD Support
  • Windows XP/Office 2003 User Interface
  • Thumbnail image view
  • Add on Support
  • Faster Transfers through Data compression
  • Power transfer feature
  • Bandwith limiting
  • XCRC Support
  • 128 bit SSL and SSH Support
  • HIPAA compliant secure edition

LINK: www.ftpvoyger.com


SmartFTP

COST: This product comes as an unlicenced product which is free and a licenced product for 1 year with support at a cost of USD36.95
TYPE OF LICENCE: Freeware/Shareware
MAJOR FEATURES:-
  • Secure Connections (TSL/SSL)
  • Modern graphical user interface (GUI)
  • Multilingual (over 20 languages)
  • IPv6
  • One the fly compression (Mode Z)
  • UTF-8 Support
  • Drag and Drop
  • Multiple connections
  • Auto reconnect and resume of broken transfers
  • Transfer Integrity
  • FXP Support
  • Remote edit
  • Enhanced NAT/UPnp support
  • Transfer Queue
  • International Domain names (IDN)
  • Proxy Firewall Support
  • Backup tool
  • URL Watcher
  • Cache remote directories
  • FTP command line
  • Custom Commands
  • CHMOD Properties
LINK: www.smartftp.com

FTP Explorer

COST: 30 day free trial after that $30.00 single user.
TYPE OF LICENCE: Shareware
MAJOR FEATURES:-
  • This is "The Original" Explorer like FTP Client.
  • FTP Explorer lets you explore the website while transfers are active.
  • Will automatically reconnect if connection is lost.
  • The site structure can be "remembered" between connections.
  • Can resume interupted transfers where it left off.
  • File discriptions are convenientally loaded into list view.
  • Lets you creat shortcuts to FTP sites.
  • Drag and drop support.


LINK: www.ftpx.com

CoffeeCup Free FTP

COST: Free Download
TYPE OF LICENCE: Freeware
MAJOR FEATURES:-
  • One Click browser testing
  • Full Drag and Drop FTP upload/download
  • Upload/Download entire folders at once
  • Previews images while on server
  • Built-in zip archiveing makes backup a snap
  • Multiple FTP Server Profile Support
  • Multiple-colour HTML tag highlighting
  • Quickstartwizard for new HTML pages
  • Link Wizard, Image Wizard and Font Wizard.

Link: www.coffeecup.com

FTP Commander

COST: $29.95
TYPE OF LICENCE: Shareware
MAJOR FEATURES:-
  • Restart and complete file transfers when connection has been lost
  • Automatic connection to FTP Server if initial attemps have failed.
  • Deletes one or more files as well as folders and subdirectories
  • Keeps the FTP connection when FTP program is idle
  • Displays hidden server directories.
  • Specify both the initial directory you connect to and the local directory you want to upload from.
  • Synchranises Directories
  • Automatically assigns file transfer parameters.

LINK : www.ftpcommander.com

Filezilla

COST: Free
TYPE OF LICENCE: Freeware
FEATURES:
  • Has the ability to resume upload/download operations.
  • Custom Commands.
  • Site manager with folders.
  • Keep alive System,
  • Time out detection,
  • Firewall support,
  • SOCKS4/5 and HTTP1.1 Proxy support
  • SSL Secured connections.
  • SFTP Support
  • Upload/Download queue
  • Drag and Drop
  • Multi language support
  • GSS Authentication and encryption useing Kerberos.
LINK : filezilla.sourceforge.net