Client-side vs Server-side Security - PowerPoint PPT Presentation

1 / 15
About This Presentation
Title:

Client-side vs Server-side Security

Description:

Intro Client-side security Server-side security Complete security ? * The security of a web-based information system requires security controls at each tier (client ... – PowerPoint PPT presentation

Number of Views:182
Avg rating:3.0/5.0
Slides: 16
Provided by: Sun169
Category:
Tags: client | security | server | side

less

Transcript and Presenter's Notes

Title: Client-side vs Server-side Security


1
Client-side vs Server-side Security
2
Outline
  • Intro
  • Client-side security
  • Server-side security
  • Complete security ?

3
Intro.
  • The security of a web-based information system
    requires security controls at each tier (client,
    web server, database server, ).
  • browser ?? web server ?? application/database
    server
  • HTTP/HTTPS application protocol(s) or
    HTTP/HTTPS
  • Figure 11.1
  • A web client can become an easy target.
  • The servers are prime targets to the hackers.
  • The communication links must be secured as well.

4
Client-side security
  • A challenge to provide total security to clients
  • Client devices tend to be handled by end users
    with varying levels of expertise.
  • There exist multiple types of client devices.
  • Various executables and/or email attachments may
    be downloaded to a networked client device.
  • There exist various client applications, each of
    which requires different configurations, updates,
    etc.
  • Less physical security

5
Challenges
  • User awareness
  • Client configurations/updates
  • anti-malware applications
  • Web browsers
  • Email client applications
  • How far and how long would sensitive data need to
    be protected?
  • Encryption? (key management, )
  • MAC?
  • Period of protection?

6
Server-side security
  • What need to be secured?
  • The server itself (physical, applications, data)
  • The connections to the clients
  • The connected clients
  • A centralized location to enable security
    controls

7
Server-side security
  • Challenges?
  • A rewarding target (web presence, precious data)
  • Various server-side technologies
  • CGI scripts
  • Server APIs
  • Server-side includes
  • ASP
  • JSP/Servlets
  • PhP

8
Server-side security
  • Challenges? (cont.)
  • Possibly high workload (many connections)
  • Need for layered security (application layer vs
    network or lower layer)
  • Configurations and updates

9
Is complete security possible?
  • Thats the goal.
  • Requires the cooperation of all participants, the
    security of all devices and communication links.
  • Data security When and where do sensitive data
    need to be protected?
  • Laws require corporations and organizations to
    implement proper measures to protect the data
    they process.

10
Layered Security Protecting Your Data in Today's
Threat Landscape, Tripwire white paper, 2011.
11
(No Transcript)
12
(No Transcript)
13
(No Transcript)
14
(No Transcript)
15
Points of discussions- a better solution to
client/end security? Thin clients cloud
computing ?- Is multi-layer security a
complete solution?
Write a Comment
User Comments (0)
About PowerShow.com