Hypertext Transfer Protocol (HTTP) is a protocol that allows users to exchange information over the Internet. This information is usually in the form of HyperText Markup Language (HTML) documents, but other formats of information are supported as well such as Flash and various types of multimedia. For secure transmission, such as bank transactions, HTTP can use Secure Sockets Layer (SSL) for encryption. In this instance, the website is designated HTTPS (e.g. https//:www.wellsfargo.com).
Recently, SSL and it's successor Transport Layer Security have come under fire. Two security researchers, Juliano Rizzo and Thai Duong, have created a JavaScript called BEAST, which is an acronym for Browser Exploit Against SSL/TLS. Without getting too technical, what this script does is it uses a network sniffer and decrypts encrypted cookies that a website uses to grant access to restricted user accounts and they successfully demonstrated this capability on a secure PayPal Account [1] [2] [3]. I verified the accuracy of this through three different sources, which you will find below. So what does this mean or have to do with HTTP? Other than the security of websites that use SSL/TSL, nothing much. HTTP still works the same way regardless of what if any security protocols are used. I just thought that it was an interesting side note. Moving on...
File Transfer Protocol (FTP) is a protocol that allows users to transfer files to an FTP server. A company or individual can set up an FTP server to host files that are larger than would be practical to exchange through HTTP. Software or music vendors may use FTP to allow customers to download purchased content. File Transfer Protocol can also be set up with SSL and like HTTPS is designated FTPS.
A very common use of FTP is on servers of web-hosting companies. In order for a person to get their website on the web, they (usually) must go through a hosting company such as GoDaddy.com. While some of these companies provide online tools with which to create the website right online, many, if not most, developers prefer to create and troubleshoot their sites off line and then upload them. So companies like GoDaddy.com implement FTP on their hosting server to facilitate the upload of content to a user's domain.
So this concludes my series on Data Transmission and Protocols. By now you should know the difference between asynchronous and synchronous transmission. You should know the difference between digital and analog signals and have an introductory knowledge of how these signals are converted and sent. Simplex, half duplex, and full duplex transmissions should not be a mystery to you either. You should also have a pretty good understanding of the differences between broadband and baseband transmission and the advantages and disadvantages of each. You should now be able to find and distinguish the parallel and serial posts on your computer and understand how the data moves across them. In addition, you should have a basic understanding of some of the more common and more important protocols used in data transmission; TCP/IP, SLIP, PPP, HTTP, FTP; as well as when and why they are used. With the many ways that computers can communicate, knowing these modes of communication as well as the protocols that govern them becomes important to anyone who is designing or administering a network. Knowledge of these fundamental aspects of network communication can help an administrator to decide the best approach to take in any given situation.
[1] Goodin, D. (2011, September 27). World takes notice as SSL-chewing BEAST is unleashed. The Register. Retrieved from http://www.theregister.co.uk/2011/09/27/beast_attacks_paypay/
[2] Mills, E. (2011, Septembar 29). Browsers tackle the ’BEAST’ Web security problem. CNET News. Retrieved from http://news.cnet.com/8301-27080_3-20113530-245/browsers-tackle-the-beast-web-security-problem/
[3] fupper. (2011, September 20). Researchers cracked SSL. Your internet is not safe, even on HTTPS. [Web log message]. Retrieved from http://nbnl.globalwhelming.com/2011/09/20/researchers-cracked-ssl-internet-safe-https/
No comments:
Post a Comment