Embed Size (px)
Citation preview
Securing Home Based Web Servers
Sander SmithFounder and PresidentSericon Technology, Inc.
March 27, 2007
2
Copyright © 2007 by Sericon Technology Inc.
Home Based Web Servers
Copyright © 2007 by Sericon Technology Inc.
Is Security Necessary? UserID/password are Base64 encoded Personal files - Pictures/video Live images from inside the home
Internet
Wireless Webcam Wireless Router Office PC
Secured with WPA At risk from hackers
Copyright © 2007 by Sericon Technology Inc.
How to Secure? Security solution must be simple
Typical user is not an audience member Requires no/limited configuration Easy to understand
VPN? SSH? SSL?
Copyright © 2007 by Sericon Technology Inc.
Self-Signed Certificates
Copyright © 2007 by Sericon Technology Inc.
Gateway Architecture
Internet
Secured by unknown means Secured by SSL
GatewayWebcam Web browser
InternetSSL
certificate
Copyright © 2007 by Sericon Technology Inc.
How Certificate Authorities Work
Insight: If we combine certificate generation with DNS assignment into an atomic operation, we can issue SSL certificates in a completely automatic way.
Central QuestionDoes the holder of this keypair have legal authority over the named domain?
Copyright © 2007 by Sericon Technology Inc.
Certificate authority
AutoSSL serverWebcam
DNS server
The AutoSSL Process
smith.acmewebcam.com
Copyright © 2007 by Sericon Technology Inc.
Benefits Completely automated Trusted certificates can be cheap
amazon.acmewebcam.com VS. www.amazon.com
Revocation becomes simple
Copyright © 2007 by Sericon Technology Inc.
Thank You for Your Time
For more information, please contact:
