Other methods of authentication:
Hash Functions
What is it?
Using the password you typed, the browser creates a string using the password and other information including AuthRealm (authentication domain) and passes through the MD5 function. This string is then passed through the network to the server, which takes the information stored in the archive. Htpasswd to create the same chain and pass through the MD5 function and then compare the results, so it is not possible get the password because the password is not being sent.
Under MD5 requires information stored in the archive. Htpasswd and you can not use the crypt () on it. While using the MD5 function on the password before storing, if the code is stored, and a little knowledge, you can create a program to use instead of the password and work.
The solution is to file permissions
How is this done?
Syntax.
AuthDigestFile / u / web / .htdigest stantdar
AuthTypeDigest
AuthDigestFile The new guideline is one that takes two arguments, the full path of the file in which data from the Digest authentication feature are stored and the file format is usually standard.
To indicate that a directory is protected with MD5, it specifies a type of Digest Authentication.
External Access Control.
Firewalls
What is their purpose?
They are a very effective form of security in networks. Try to prevent attacks from external users to the internal network. Have multiple purposes:
1. Restrict entry to users.
2. Prevent attacks.
3. Restrict user permissions to points well controlled.
The firewall determines which network services can be accessed within it by those outside, ie, who can use network resources belonging to the organization. For a firewall to be effective, all traffic information via the Internet must pass through it where the information may be inspected. The firewall may only permit the passage of traffic, and the same may be immune to penetration, unfortunately, this system could not offer any protection once the offender is transferred or remain in this environment.
A firewall is vulnerable, it does not protect the people who are within the internal network, it works best if complemented with an internal defense.
5. Security of dial-up modems.
The first line of defense is to keep the phone out of reach of unauthorized persons, ie not publish it, not listed in the systems, etc..
You can also add a valid password modem that is separate and distinct from the login system to keep away anyone who does not know, with the command dpasswd in / etc / d_passwd, this can be done .
Modems with BACK: Do not immediately establish a connection when receiving a call, request login information. Then cut the modem connection, and if the information is correct again call the authorized user to a number stored in the system.
There are modems for encrypting the information sent and received.
There are modems quiet, which did not send the signal characteristic of "connection established" until they have completed the login, this will help prevent those engaged in the search for sequences of numbers of computers.
Secure Transactions
When using encryption, information sent by clients (usernames, passwords, confidential information.) Through a form can be transmitted safely to and from the web server.
There are two main ways to make transactions safer
Supports S-http:
Encryption to ensure privacy.
Authentication for the clients and servers
Digital signatures for verification and non-repudiation.
Your can control access and privacy to better allocate appropriate security for each transaction between the server and clients. Possible improvements may include:
Signature
Encryption
Signature and Encryption