‫أكاديمية الحكومة اإللكترونية الفلسطينية‬The Palestinian eGovernment Academy          www.egovacademy.psSecurity Tutorial ...
AboutThis tutorial is part of the PalGov project, funded by the TEMPUS IV program of theCommission of the European Communi...
© Copyright NotesEveryone is encouraged to use this material, or part of it, but should properlycite the project (logo and...
Tutorial 5:       Information SecuritySession 4: Certificates and HTTPS LabSession 4 Outline:  •Apache with Basic authenti...
Tutorial 5:                             Session 6: HTTPS LABThis session will contribute to the followingILOs:•   C: Profe...
Apache Web Server• In this lab we will explain how to configure secure  Apache web server.• To set up a web site we need a...
Installing Apache• The desktop version of Ubuntu does not install the  Apache web server by default. Therefore, the first ...
Configuring Apache•   The next step in setting up your web server is to configure it for a domain    name. Edit /etc/hosts...
Configuring Apache•   Next, create the /var/www/example.com directory and place an index.html    file in it. For example:•...
Configuring HTTPS• In order for Apache web server to provide HTTPS, a certificate and key file  are also needed. The defau...
Configuring HTTPS• Once you enter all required information, the CSR file will be created.  You can now submit this CSR fil...
Configuring HTTPS•   To configure Apache for HTTPS, edit default SSL configuration file in    /etc/apache2/sites-available...
Configuring HTTPS• To enable ssl module and default-ssl site within Apache  configuration:• sudo a2enmod ssl• sudo a2ensit...
HTTP Basic Authentication• HTTP basic authentication is used to restrict access to a  web site by looking up users in plai...
HTTP Basic Authentication• To add a user to your already existing password file:• htpasswd /var/www/passwords admin2• The ...
Summary• In this session we discussed the  following:  • Apache with Basic authentications.  • SSL practical (basic authen...
Thanks         Eng. Ghannam Aljabary                 PalGov © 2011   17
Upcoming SlideShare
Loading in …5
×

E gov security_tut_session_4_lab

516 views

Published on

Published in: Education, Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
516
On SlideShare
0
From Embeds
0
Number of Embeds
58
Actions
Shares
0
Downloads
17
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

E gov security_tut_session_4_lab

  1. 1. ‫أكاديمية الحكومة اإللكترونية الفلسطينية‬The Palestinian eGovernment Academy www.egovacademy.psSecurity Tutorial Session 4 LAB PalGov © 2011 1
  2. 2. AboutThis tutorial is part of the PalGov project, funded by the TEMPUS IV program of theCommission of the European Communities, grant agreement 511159-TEMPUS-1-2010-1-PS-TEMPUS-JPHES. The project website: www.egovacademy.psProject Consortium: Birzeit University, Palestine University of Trento, Italy (Coordinator ) Palestine Polytechnic University, Palestine Vrije Universiteit Brussel, Belgium Palestine Technical University, Palestine Université de Savoie, France Ministry of Telecom and IT, Palestine University of Namur, Belgium Ministry of Interior, Palestine TrueTrust, UK Ministry of Local Government, PalestineCoordinator:Dr. Mustafa JarrarBirzeit University, P.O.Box 14- Birzeit, PalestineTelfax:+972 2 2982935 mjarrar@birzeit.eduPalGov © 2011 2
  3. 3. © Copyright NotesEveryone is encouraged to use this material, or part of it, but should properlycite the project (logo and website), and the author of that part.No part of this tutorial may be reproduced or modified in any form or by anymeans, without prior written permission from the project, who have the fullcopyrights on the material. Attribution-NonCommercial-ShareAlike CC-BY-NC-SAThis license lets others remix, tweak, and build upon your work non-commercially, as long as they credit you and license their new creationsunder the identical terms. PalGov © 2011 3
  4. 4. Tutorial 5: Information SecuritySession 4: Certificates and HTTPS LabSession 4 Outline: •Apache with Basic authentications. •Open SSL certificate and certificate authority •Apache and HTTPS PalGov © 2011 4
  5. 5. Tutorial 5: Session 6: HTTPS LABThis session will contribute to the followingILOs:• C: Professional and Practical Skills: • c1: Deploy and configure a secure system to protect their computing resources. • c2: Configure an end-to-end secure and available system using Apache. • c3: Configure integral and confidentiality services using integrity and confidentiality algorithms and protocols. • c4: Configure user authentication and authorization services using LDAP and SSL certificates.• D: General and Transferable Skills • d1: Communication and team work. • d2: Systems configurations. • d3: Analysis and identification skills. PalGov © 2011 5
  6. 6. Apache Web Server• In this lab we will explain how to configure secure Apache web server.• To set up a web site we need a web server, a domain name, and an IP address.• We will use Ubuntu 11.10 in setting up Apache web server. PalGov © 2011 6
  7. 7. Installing Apache• The desktop version of Ubuntu does not install the Apache web server by default. Therefore, the first step is to install Apache.• To install Apache from the command-line start a terminal window (Ctrl-Alt-T) and run the following command at the command prompt:• sudo apt-get install apache2• Once the installation is complete the next step is to verify the web server is up and running.• To do this run the web browser and enter 127.0.0.1 in the address bar. The browser should load a page that reads It works!.
  8. 8. Configuring Apache• The next step in setting up your web server is to configure it for a domain name. Edit /etc/hosts and add the domain name:• 127.0.1.1 example.com• To configure the web server open a terminal window and change directory to /etc/apache2/sites-available. Edit the default file as follows:• <VirtualHost *:80>• ServerAdmin webmaster@example.com• ServerName example.com•• DocumentRoot /var/www/example.com• <Directory />• Options FollowSymLinks• AllowOverride None• </Directory>• <Directory /var/www/example.com>• Options Indexes FollowSymLinks MultiViews• AllowOverride None• Order allow,deny• allow from all• </Directory> PalGov © 2011 8
  9. 9. Configuring Apache• Next, create the /var/www/example.com directory and place an index.html file in it. For example:• <html>• <title>Sample Web Page</title>• <body>• Welcome to my website.• </body>• </html>• The last step is to restart the Apache web server• sudo /etc/init.d/apache2 restart• If the web server sits on a network protected by a firewall, you need to configure the firewall to forward port 80 to the web server system. The mechanism for performing this differs between firewalls and devices. PalGov © 2011 9
  10. 10. Configuring HTTPS• In order for Apache web server to provide HTTPS, a certificate and key file are also needed. The default HTTPS configuration file use an auto- generated certificate and key. The auto-generated certificate and key are used for testing, but should be replaced by a certificate specific to the site or server.• To generate a key, change directory to /etc/ssl/private and run the following command from a terminal window:• openssl genrsa -des3 -out server.key 2048• A key without a passphrase is often used with Apache web server to allow Apache service to start without manual intervention. To remove passphrase from private key:• openssl rsa -in server.key -out server.key• Next, create the Certificate Signing Request (CSR):• openssl req -new -key server.key -out server.csr PalGov © 2011 10
  11. 11. Configuring HTTPS• Once you enter all required information, the CSR file will be created. You can now submit this CSR file to a Certification Authority (CA) to issue the certificate. Alternatively, you can create your own self- signed certificate.• To create a self-signed certificate, run the following commands:• openssl x509 -in server.csr -out server.crt -req - signkey server.key -days 365• chmod 400 server.* PalGov © 2011 11
  12. 12. Configuring HTTPS• To configure Apache for HTTPS, edit default SSL configuration file in /etc/apache2/sites-available as follows:• <VirtualHost *:443>• ServerAdmin webmaster@example.com• ServerName example.com•• DocumentRoot /var/www/example.com• <Directory />• Options FollowSymLinks• AllowOverride None• </Directory>• <Directory /var/www/example.com>• Options Indexes FollowSymLinks MultiViews• AllowOverride None• Order allow,deny• allow from all• </Directory>• SSLCertificateFile /etc/ssl/private/server.crt• SSLCertificateKeyFile /etc/ssl/private/server.key PalGov © 2011 12
  13. 13. Configuring HTTPS• To enable ssl module and default-ssl site within Apache configuration:• sudo a2enmod ssl• sudo a2ensite default-ssl• With Apache now configured for HTTPS, restart the service to enable the new settings:• sudo /etc/init.d/apache2 restart PalGov © 2011 13
  14. 14. HTTP Basic Authentication• HTTP basic authentication is used to restrict access to a web site by looking up users in plain text password file.• To create a password file for protecting the directory /var/www/example.com/secret:• htpasswd -c /var/www/passwords admin• Next, we need to configure Apache to request a password and tell the server which users are allowed access.• To configure Apache, edit default configuration file in /etc/apache2/sites-available as follows:• <Directory /var/www/example.com/secret>• AuthType Basic• AuthName "Restricted Files“• AuthUserFile /var/www/passwords• Require valid-user• </Directory> PalGov © 2011 14
  15. 15. HTTP Basic Authentication• To add a user to your already existing password file:• htpasswd /var/www/passwords admin2• The last step is to check access to the directory by runing the web browser and enter http://127.0.0.1/secret in the address bar. The browser should ask for username and password to load the page. PalGov © 2011 15
  16. 16. Summary• In this session we discussed the following: • Apache with Basic authentications. • SSL practical (basic authentication over SSL, HTTPS) • Open SSL certificate and certificate authority PalGov © 2011 16
  17. 17. Thanks Eng. Ghannam Aljabary PalGov © 2011 17

×