SEC602 Lab 13 – Http vs Https

To begin the security comparison between HTTP and HTTPS, I added Basic authentication to the default web site and started capturing packets in WireShark.

Lab13-6

I then logged into the website as administrator, stopped the WireShark capture and examined the packets.

Lab13-7

At the beginning of the packet capture I noticed the TCP three way handshake which is used to establish a connection. Below those TCP packets I noticed that within an HTTP packet I was able to see the login credentials within the HTTP dropdown.

Lab13-8

I then moved on to added HTTPS with a self-signed certificate.

Lab13-9

I then attempted to add a site binding but noticed that the https was already initiated from a previous lab.

Lab13-10

I then started another WireShark capture and logged back into server.classroom.local as the administrator.

Lab13-11

In the captured packets I noticed that there were no HTTP packets but many TCP and TLSv1.2 packets. The TLS packets are Transport Layer Security packets which encrypt the connection between the client and server.

Lab13-12

Critical Analysis and Thinking

I ran into a problem when trying to connect to server.classroom.local from the client vm. After checking my IPv4 was configured correctly with the DHCP set to automatic from 10.1.0.1 I decided to try ping the server.

Lab13-3

It turned out I could ping the server through “ping SERVER” but not when pinging 10.1.0.1 although that was the Servers IP address.

lab13-4

I then decided to remover the remote access role and feature that was installed during LAB 8 which I completed a few days prior to attempting this one. Once it finished uninstalling I was prompted to restart the server.

After restarting the server I was able to ping the server from the client and access server.classroom.local.

Lab13-5

From this lab it is clear that HTTP is not a secure protocol and should not be used when transferring sensitive data. There is also no excuse for every website to be running HTTPS. HTTPS encrypts the connection using asymetric keys which can only be encrypted by the corresponding key (public or private).

As shown is this lab, a certificate is required to run HTTPS. This is because it is needed for the identification of the server and also contains these keys. Lets encrypt is a Certificate Authority that can issue certificates to website domains. In this lab the certificate used was self-signed which would likely cause your browser to display a security error as it isn’t signed by a trusted Certificate Authority.

Advertisements
SEC602 Lab 13 – Http vs Https

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s