Week 10 - Secure Sockets

Question 1

What is socket programming?

Answer 1

Way of connecting two nodes on a network to communicate with each other.
+ Either UDP or TCP
+ Transport layer

Question 2

List a few problems with sockets?

Answer 2

Some include:
+ Sockets are created without any limit every time a user performs an action.
+ Input received from sockets is used without being sanitized.
+ Sensitive data is sent via sockets without being encrypted.
+ Socket program does not have a native mechanism for authentication.
+ Data transmission via the Socket is done in clear text just like HTTP.

Question 3

What is SSL?

Answer 3

Secure socket layer is an encryption based internet security protocol.

Question 4

Generally, outline what SSL does.

Answer 4

SSL initiates an authentication through handshake between two communicating devices to ensure trust. SSL also digitally signs data in order to provide data integrity, verifying that the data is not tampered.

Question 5

True or False. SSL was succeeded by TLS?

Answer 5

True.

Question 6

How are session keys created?

Answer 6

When the client receives the public key of the server, it will generate a session key which is unique. Both server and client can generate session keys.

Question 7

True or False. Session keys are symmetric?

Answer 7

True.

Question 8

What is a SSL certificate?

Answer 8

A data file hosted on a website that contains the website’s public key and identity, along with related information.