f



end to end security

hi
what exactly does end to end security mean?? is SSL considered as an
end to end
security product? 
Besides using SSL in web servers/browsers, in what other ways can we
make use of SSL? can it be used in file transfers and how to do it??
thanks
0
9/5/2003 11:07:55 AM
comp.security.misc 4155 articles. 0 followers. Post Follow

2 Replies
466 Views

Similar Articles

[PageSpeed] 4

mike wrote:
> 
> hi
> what exactly does end to end security mean?? is SSL considered as an
> end to end security product?

End-to-end means that the communicating parties en/decrypt themselves.
No party along the path is able to decrypt the messages. In this sense
SSL is end-to-end.

> Besides using SSL in web servers/browsers, in what other ways can we
> make use of SSL? can it be used in file transfers and how to do it??

In theory any protocol that runs over sockets can also run over secure
sockets. (Unless IPv4 addresses are embedded in the messages, and a NAT
box along the path f***s things up.)

-- Lassi
0
lahippel (50)
9/5/2003 12:02:40 PM
I've heard of SSL protecting email but have never actually seen it in
action.  For something like that you would probably be better off using
S/MIME or PGP encryption.  SSL can also be used to secure VPN's, plus I'm
sure there are a variety of other things that the protocol can be used for.
As far as file transfer I guess it would depend how you are going about
transferring the files...  Might want to check out SSH though.

As for the end-to-end question, yes- SSL would be considered end-to-end but
that often only means client to webserver.  You should think of any backend
apps or databases that might not have an encrypted path/encrypted storage.

B

"mike" <s99999999s2003@yahoo.com> wrote in message
news:dfd17ef4.0309050307.24bbc88f@posting.google.com...
> hi
> what exactly does end to end security mean?? is SSL considered as an
> end to end
> security product?
> Besides using SSL in web servers/browsers, in what other ways can we
> make use of SSL? can it be used in file transfers and how to do it??
> thanks


0
pbjason9 (5)
9/6/2003 6:21:41 PM
Reply:

Similar Artilces:

SN#14290 Securing Web Services Using End-to-End Security
SYSTEM NEWS FOR SUN USERS Vol 86 Issue 1 2005-04-04 Article 14290 from section "Java Technology" XWS-Security Framework Recommended for Top Security Web Services are on the uptake due to their simplicity in building business applications, cost savings and enablement of new business models. Enterprises wanting to incorporate these computing services into their IT environment are expressing concern about security. Qusay H. Mahmoud offers some basic concepts on securing Web Services. Details at http://sun.systemnews.com/g?A=14290 Have a custom version of 'System News for Sun Users' delivered to you via email each week in PDF, text or HTML. Only the sections that you select will be included in your copy of the news magazine. Subscribe at http://sun.systemnews.com/subscribe (c) 2005 System News, Inc. http://www.systemnews.com ...

Securing both front end and back end
I have a 2K database with a front end linked to a back end. I need to lock down or secure both ends so a user can not access the raw data in tables etc. I also need usernames and passwords for 50+ users. I've experimented with securing the database but can't get it the way I want it. I can still use the shift key to obtain access. Anyone have a link to a site or something to give me a guideline as to what I can do? Thanks You need Jamie's Software - Access Property Editor. Download from http://www.jamiessoftware.tk/ On Fri, 20 Jan 2006 12:55:10 GMT, "Brad P" <br...

Securing database with separate front-end / back-end
Whenever anyone has a question about securing an Access database he/she is usually referred (unsurprisingly) to the Security FAQ. This is however incomplete/unclear with respect to databases with a separate front-end and back-end, which is rather surprising considering that all Access databases should be split into a separate front-end and back-end. Noticing that there are quite a lot of questions on this subject in the Access newsgroups I have put together a page on the subject, in the hope that it will be of use: http://www.xs4all.nl/~sbpoley/tech/access-security.html I do not however claim to be an Access guru, so I would be grateful if people familiar with this area would have a look to check that nothing there is obscure, incomplete, or plain screwed-up. -- Stephen Poley On Tue, 01 Aug 2006 21:03:04 +0200, Stephen Poley <sbpoleySpicedHamTrap@xs4all.nl> wrote: Few comments: * The term "back-end" occurs 23 times in the S-FAQ. Several topics (e.g. table links) only make sense in the context of split databases. * MySQL is not necessarily a secure db. I woudn't name it in the same breath as Oracle or SQL Server. * The Exchange "feature" you're experiencing is not related to that core product, but to configuration options or 3rd party tools. -Tom. >Whenever anyone has a question about securing an Access database he/she >is usually referred (unsurprisingly) to the Security FAQ. This is >however incomplete/unclear with respect...

how secure is the security from my security form?
Hey, I have a question about how secure the following will be.... I want to have a login form that posts to itself, so when it loads it checks if there is a username and password on the query list. If there is not, it asks for one. If there is, it checks to see if the information is valid. If it is not valid, it deletes the attributes and calls itself again. If it is valid it sets a particular session variable to be some value and redirects to the next page. Every page from there on in will check to see if the session variable is set and if not will redirect back to the login page. Are ...

How secure is the security from my security form?
Hey, I have a question about how secure the following will be.... I want to have a login form that posts to itself, so when it loads it checks if there is a username and password on the query list. If there is not, it asks for one. If there is, it checks to see if the information is valid. If it is not valid, it deletes the attributes and calls itself again. If it is valid it sets a particular session variable to be some value and redirects to the next page. Every page from there on in will check to see if the session variable is set and if not will redirect back to the lo...

How secure is the security from my security form?
Hey, I have a question about how secure the following will be.... I want to have a login form that posts to itself, so when it loads it checks if there is a username and password on the query list. If there is not, it asks for one. If there is, it checks to see if the information is valid. If it is not valid, it deletes the attributes and calls itself again. If it is valid it sets a particular session variable to be some value and redirects to the next page. Every page from there on in will check to see if the session variable is set and if not will redirect back to the login page. Are ...

How secure is the security from my security form?
Hey, I have a question about how secure the following will be.... I want to have a login form that posts to itself, so when it loads it checks if there is a username and password on the query list. If there is not, it asks for one. If there is, it checks to see if the information is valid. If it is not valid, it deletes the attributes and calls itself again. If it is valid it sets a particular session variable to be some value and redirects to the next page. Every page from there on in will check to see if the session variable is set and if not will redirect back to the lo...

Security
I've been doing some investigation into a little problem with privileges. And this is what I have found. If you want to access an Informix database via ODBC and your normal login and password are restricted then set up your odbc connection with no user name and password and you can do anything. This is what I did to prove it. 1. I created a new database called security. 2. I added two tables - opentab and securetab 3. I revoked all permissions on securetab from public 4. I granted connect to public. 5. From MS-Access I set up a new database 6. I used "link-tables" to add a new odbc connection with no username or password, and to link both tables. 7. I could SELECT, INSERT, UPDATE, and DELETE from both tables. 8. I then deleted both tables from my access database. and used control panel to remove the odbc connection. 9. I then repeated steps 5-7 but with a valid username and password. 10. I couldn't access the securetab. So, using a username and password is secure but not using a username and password gives full access. Can anybody spot anything wrong in my reasoning? BTW I have done this on IDS 9.4, running on AIX 5.2, and I was running Windows XP with MS-Access 2002 SP3, and Informix-Client SDK version 2.81 regards Malcolm mweallans@panacea.co.uk wrote: > I've been doing some investigation into a little problem with > privileges. And this is what I have found. > > If you want to acces...

Never-ending stream of Linux security problems... never ends
http://www.linuxsecurity.com/content/view/149338/187/ Fixes to arbitrary code execution, fixes to buffer overflows, fixes to breakages caused by the last "fix"... Linux is perfect Linux is reliable DFS wrote: > http://www.linuxsecurity.com/content/view/149338/187/ > > Fixes to arbitrary code execution, fixes to buffer overflows, fixes to > breakages caused by the last "fix"... GNU/Linux has security vulnerabilities but very few security problems. Windows has many security vulnerabilities and very many security problems. > Linux is perfect No it is...

A new approach to secure webmail with end-to-end encryption using JavaScript
Lavaboom [1]is a new approach to secure webmail with end-to-end encryption using JavaScript in a web client. Is it the new lavabit? [1] https://lavaboom.com/tech-info -- tdk Take back your Internet! http://squte.com/Webertarian-Manifesto View this thread at http://squte.com/node/6847?src=u On 15/09/2014 8:24 PM, tdk wrote: > Lavaboom [1]is a new approach to secure webmail with end-to-end > encryption using JavaScript in a web client. Is it the new lavabit? > > > [1] https://lavaboom.com/tech-info It lacks sufficient technical detail. Sylvia. Sylvi...

Book Review: "Wireless Security End to End", Carter/Shumway
BKWLSCEE.RVW 20031019 "Wireless Security End to End", Brian Carter/Russell Shumway, 2002, 0-7645-4886-7, U$39.99/C$59.99/UK#29.95 %A Brian Carter %A Russell Shumway %C 5353 Dundas Street West, 4th Floor, Etobicoke, ON M9B 6H8 %D 2002 %G 0-7645-4886-7 %I John Wiley & Sons, Inc. %O U$39.99/C$59.99/UK#29.95 416-236-4433 fax: 416-236-4448 %O http://www.amazon.com/exec/obidos/ASIN/0764548867/robsladesinterne http://www.amazon.co.uk/exec/obidos/ASIN/0764548867/robsladesinte-21 %O http://www.amazon.ca/exec/obidos/ASIN/0764548867/robsladesin03-20 %P 336 p. %T "Wireless Security End to End" Part one is an introduction to wireless network security. Chapter one is supposed to be an opening to wireless networking, but is basically a list of common protocols. Wireless threat analysis, in chapter two, is an unstructured list of miscellaneous threats. A facile overview of blackhat communities, some intrusion tools, and a discussion of insider attacks (without mention of any relevance to wireless networking) is in chapter three. Part two looks at the components of network security. Chapter four presents us with random security factors in place of the promised network security model. Network intrusion protection is said, in chapter five, to consist of firewalls and other tools with limited application to wireless topologies. In regard to network intrusion detection, some of the material in chapter ...

REVIEW: "Wireless Security End to End", Brian Carter/Russell Shumway
BKWLSCEE.RVW 20031019 "Wireless Security End to End", Brian Carter/Russell Shumway, 2002, 0-7645-4886-7, U$39.99/C$59.99/UK#29.95 %A Brian Carter %A Russell Shumway %C 5353 Dundas Street West, 4th Floor, Etobicoke, ON M9B 6H8 %D 2002 %G 0-7645-4886-7 %I John Wiley & Sons, Inc. %O U$39.99/C$59.99/UK#29.95 416-236-4433 fax: 416-236-4448 %O http://www.amazon.com/exec/obidos/ASIN/0764548867/robsladesinterne http://www.amazon.co.uk/exec/obidos/ASIN/0764548867/robsladesinte-21 %O http://www.amazon.ca/exec/obidos/ASIN/0764548867/robsladesin03-20 %P 336 p. %T "Wireless Security End to End" Part one is an introduction to wireless network security. Chapter one is supposed to be an opening to wireless networking, but is basically a list of common protocols. Wireless threat analysis, in chapter two, is an unstructured list of miscellaneous threats. A facile overview of blackhat communities, some intrusion tools, and a discussion of insider attacks (without mention of any relevance to wireless networking) is in chapter three. Part two looks at the components of network security. Chapter four presents us with random security factors in place of the promised network security model. Network intrusion protection is said, in chapter five, to consist of firewalls and other tools with limited application to wireless topologies. In regard to network intrusion detection, some of the material in chapter six is pointless (who would expect a...

SN#11567 Sun Wireless Security Services Provides End-to-End Solutions & Strategies
SYSTEM NEWS FOR SUN USERS Vol 70 Issue 5 2003-12-29 Article 11567 from section "Telco" Customized Solutions Assess Needs and Design Complete Architecture Wireless Service Providers and Enterprises find Sun's Security Services provide the expertise and tools to assess, architect, implement and manage their security needs and demands. By enhancing end-to-end security of services, Sun assists both the enterprise customer and the service provider with comprehensive security technology. Key Benefits of Sun Wireless Security Services - Security architecture and strategy customized to fit the enterprise's business goals, policies, business processes and technologies - A security structure that advances the development of policies, processes, technologies and infrastructure necessary to meet business needs - A framework that can help customers manage information resources and assets securely while maintaining control To connect enterprises with the wireless world, Sun consultants work with key Wireless Service Providers to deliver tailored architectural solutions. From tunneled Virtual Private Network's to portal strategies, it's important for enterprises to understand the different systemic requirements such as scalability, availabili...

Hello,Where is declared the "end" var present in arch/arm/boot/compressed/misc.c ? In the file arch/arm/boot/compressed/misc.c a var "end" is declared : extern int end; I'd like to kno
Hello, In the file arch/arm/boot/compressed/misc.c a var "end" is declared : extern int end; I'd like to know where this var comes from. Since it's extern, I guess it should be declared in another file, but I can't find which one. I've tried, in source tree, find . -name "*.o" -exec nm {} \; > nm.txt then I looked in the generated file, but can't find the "end" var ... If you have an idea ... Thanks Yann yannouch wrote: > Hello, > > In the file arch/arm/boot/compressed/misc.c > a var "end" is declared : > > extern int end; > > I'd like to know where this var comes from. Since it's extern, I guess > it should be declared in another file, but I can't find which one. > > I've tried, in source tree, > > find . -name "*.o" -exec nm {} \; > nm.txt > > then I looked in the generated file, but can't find the "end" var ... > > If you have an idea ... > It is also possible to declare externals in a linker script. Have a look at the file vmlinux.lds.in in the same directory. For the linker behaviour see the GNU binutils documentation. -- Tauno Voipio tauno voipio (at) iki fi yannouch wrote: > Hello, > > In the file arch/arm/boot/compressed/misc.c > a var "end" is declared : > > extern int end; > > I'd like to know where this var comes from. Since it's extern,...

Secure your digital information assets with Secure Auditor. Secure Windows with Secure Auditor
hey guys If you want to identify vulnerabilities in your windows than try this new tool Secure Auditor. It does Windows scanning, auditing, password cracking, event log viewing, port scanning, Windows hardware and software inventory management etc. Download this link and make your system hacking proof. http://www.download.com/Secure-Auditor/3000-2653-10826743.html?part=dl-SecureAud&subj=uo&tag=button Just install it and see the magic. No security hole and no false positive. By the way it also audit Oracle database, MSSQL databases and Cisco Routers. ...

Secure your digital information assets with Secure Auditor Secure Windows with Secure Auditor
hey guys! If you want to identify vulnerabilities in your windows than try this new tool Secure Auditor. It does Windows scanning, auditing, password cracking, event log viewing, port scanning, Windows hardware and software inventory management etc. Download this link and make your system hacking proof. http://www.download.com/Secure-Auditor/3000-2653-10826743.html?part=dl-SecureAud&subj=uo&tag=button Just install it and see the magic. No security hole and no false positive. By the way it also audit Oracle database, MSSQL databases and Cisco Routers. ...

Computer Security Misc
Homeland Security - Protecting Critical Infrastructure 13-17 June 2011 Las Vegas, Nevada ********************************************************* G. F. Bryant Jr., CMAS, CHS-V Executive Director World Institute for Security Enhancement Las Vegas, Nevada, 89130 United States of America +1-702-722-7779 voice securitytraining@pobox.com http://www.worldinstitute.org Notice: This electronic communication may contain information of a confidential, personal and/or privileged nature and is intended for the exclusive use of, and to be viewed only by, the intended recipient(s). If you receive this email in error, please delete it and notify my office by email at securitytraining@pobox.com. If you are not the intended recipient(s), please note that any distribution, forwarding, copying or use of this communication or the information in it is strictly prohibited. Warning: Any unauthorized interception of this electronic communication is a violation of 18 USC 2510, et seq., The Electronic Communications Privacy Act, which carries penalties of up to 5 years imprisonment, criminal fines, and possible civil liability. ...

Back-End Security question
Hello - I have read many threads regarding back-end security and have found them all useful. I have a couple of (what seem to be basic) questions: I have a secured front-end and back-end database. (I did use the security wizard for this.) By using the shortcuts provided, both files require a password to get in. Here is the problem: if I try to access the front-end through Windows Explorer, I do get the prompt stating it cannot be opened. However, I am able to open the back-end without a prompt. I'm pretty sure I read a thread that basically stated this is just the way it is when it com...

end to end testing
when doing end to end testing wheather we stop the testing and contact some other testing? anand4180 wrote: > when doing end to end testing wheather we stop the testing and > contact some other testing? You never stop testing. You "analyze" (meaning "guess") how much of each kind to do, and then you release whenever the program passes all tests and has new features. And most of your tests should be automated. Again, you "analyze" to discover how many. -- Phlip http://www.greencheese.us/ZeekLand <-- NOT a blog!!! On Mar 17, 6:13 am, "anand4180" <anand...@gmail.com> wrote: > when doing end to end testing wheather we stop the testing and > contact some other testing? I hope I understood your question correctly and you are asking about when one end-to-end test ends and another begins. This is not a trivial question. I prefer to look at the end-to-end testing as the modeling of real user behavior. In order to build an effective end-to- end test one needs to look at the system functions in a whole. For example, if you are testing a text editor try the following sequences for end-to-end testing: 1. Create new file -> Write text -> Change some text -> Save -> Change some text -> Print -> Close the file -> Verify changes. 2. Open existing file -> change some text -> save changes -> open another existing file -> find and replace -> print -> save -> close. Usua...

End Of Complex Security Mechanisms
Hi, If you dare to dream of world free from terrorism, malpractices, unfairness then take a pause and go through postings on http://samirsrivastava.typepad.com . It will help you in making breathrough decision. Please post your comments on the blog and forward this among your contacts to support a drive to make world free from any kind of unfairness. It lists the REASON FOR THE PEOPLE TO VOTE FOR CHANGE WHICH WAS NOT BROUGHT EARLIER. This work has got stuck because of politics of powerful influential persons. Please help me in forming public opinion for the proposed change. The ideas *AVOIDS* terrorism including white collar terrorism too. Cashless Economy due to traceability eliminates complex algorithm encryption for money spam etc. Complete multimedia recording eliminates the need of complex security algorithms. Only integrity checks for malfunctioning of computing resources is needed, Regards Samir Srivastava Legal Disclaimer: Opinions expressed in the above message are individual opinion of the author. Readers use them at their own risk. Author cannot be held responsible for damages/ consequences caused ...

End User Security Policy
I am trying to find a good template to use for a security policy. This must be from the end user (non technical) perspective but relating to data and IT security issues/best practices. Any one have any examples or sources? Thanks ...

SIP and end-to-end
Common wisdom says that for a SIP-based telephony session the media stream is directly end to end. However, for both FWD and sipgate.de I figured that the media stream goes via the respective provider. I would assume the sip proxy to manipulate the Invite messages accordingly. Is this being done to better cope with NAT devices and firewalls? -- Georg Schwarz http://home.pages.de/~schwarz/ georg.schwarz@freenet.de +49 178 8545053 Hello, > Common wisdom says that for a SIP-based telephony session the media > stream is directly end to end. > However, for both FWD and sipgate.de I figured that the media stream > goes via the respective provider. I would assume the sip proxy to > manipulate the Invite messages accordingly. > Is this being done to better cope with NAT devices and firewalls? Exactly. For instance see PortaSIP User Guide, "NAT traversal" chapter for more details. http://www.portaone.com/resources/docs/PortaSIP/m-r-11/PortaSIP_User_Guide_MR11.pdf With best regards, Andriy Zhylenko -- Andrew Zhilenko Please remove "hide-email." from my email address when replying, so my address should be andrew (at) ti dot cz ...

Security Wizard but Not Secure
Hello people. I have a database that: * was not secured originally * I applied the user-level security wizard to * has the Admin user demoted to the Users group * had the User's group with no permissions * the Admin user doesn't own any objects When I open this with my shortcut and new mdw file everything works as expected. When I open this with standard Access security.mdw, my database is still wide open. Any ideas what step I missed? Thanks <drink.the.koolaid@gmail.com> wrote in message news:1147781112.258494.175040@i39g2000cwa.googlegroups.com... > Hello people. >...

Secure Auditor new release and Secure your database with Secure Auditor
Hi guys, Oracle DBA's life could become easier with the help of a new tool named Secure Auditor which is capable of performing enumeration, audit, penetration test and forensics on Oracle databases. It is the most cost effective tool in its domain as it includes 30 additional tools like Oracle event log viewer, Oracle access rights auditor, Oracle password Auditor, Oracle default password auditor, Oracle Sid tester, Oracle TNS password tester. Go and get your free copy from http://www.download.com/Secure-Auditor/3000-2653-10826743.html?part=dl-SecureAud&subj=uo&tag=button so you ...

Web resources about - end to end security - comp.security.misc

Krebs on Security
The House Financial Services Committee is slated to hold a hearing this Friday on the impact of cyber heists against small- to mid-sized businesses. ...

Security Middle East - Latest news from the Middle East.
Security Middle East is a news portal for the entire security industry, focussed specifically on latest security news from the Middle East. Security ...

Information Security News, IT Security News & Expert Insights: SecurityWeek.Com
IT Security News and Information Security News, Cyber Security, Network Security, Enterprise Security Threats, Cybercrime News and more. Information ...

Security (finance) - Wikipedia, the free encyclopedia
equity securities, e.g., common stocks ; and, The company or other entity issuing the security is called the issuer . A country's regulatory ...

Israel's cyber security expert details his protection network
A leading Israeli cyber security expert says Russia is well ahead of the clumsy Chinese when it comes to hacking and shows how serious the risks ...

IRS shuts down identity security tool for taxpayers due to security problems
The Internal Revenue Service has temporarily suspended use of its Identity Protection PIN tool "as part of its ongoing security review," according ...

Enterprises struggle to implement security without harming other business initiatives
While data security has become a priority for management, many businesses are still struggling to incorporate it effectively into their organization. ...

President Obama snubs Apple, praises other tech companies for improving digital security
If there’s one company that strives to offer the best security possible when it comes to digital data, it's Apple . And the FBI’s case against ...

Trump Ramps Up His Private Intelligence Gathering, Security Services
... Meanwhile, the Trump campaign appears to be ramping up efforts to prevent displays of dissent. On Friday, two members of Trump’s private security ...

GOP National Security Establishment Snubs Trump, Backs Rubio
'The National Security Advisory Council will provide strategic advice to Marco'

Resources last updated: 3/10/2016 11:45:16 AM