hit counter script

Introduction To Ssl; Port Blocking Mechanism - Cisco CSS11501 - 100Mbps Ethernet Load Balancing Device Configuration Manual

11000 series secure content accelerator
Hide thumbs Also See for CSS11501 - 100Mbps Ethernet Load Balancing Device:
Table of Contents

Advertisement

Introduction to SSL

Introduction to SSL

Port Blocking Mechanism

Cisco 11000 Series Secure Content Accelerator Configuration Guide
F-2
Secure Sockets Layer (SSL) is an application-level protocol that enables secure
transactions of data through privacy, authentication, and data integrity. It relies
upon certificates, public keys, and private keys.
Certificates are similar to digital ID cards. They prove the identity of the server to
clients. Certificates are issued by Certificate Authorities (CAs) such as VeriSign
or Thawte. Each certificate includes the name of the authority that issued it, the
name of the entity to which the certificate was issued, the entity's public key, and
time stamps that indicate the certificate's expiration date.
Public and private keys are the ciphers used to encrypt and decrypt information.
While the public key is shared quite freely, the private key is never given out. Each
public-private key pair works together: data encrypted with the public key can
only be decrypted with the private key.
You can configure the Cisco Secure Content Accelerator using either the GUI or
CLI, or through the QuickStart wizard (available through both the CLI and GUI).
The CLI is available through telnet or serial connections.
During configuration you must specify the SSL and clear text (decrypted) TCP
service ports. Cisco Secure Content Accelerator devices monitor the SSL TCP
service port(s) you specify, perform SSL decoding of packets on those ports, then
send the packets to the server via a user-defined TCP clear text service port. All
other network traffic is passed through the appliance transparently.
The clear text TCP service port used for data transfer between the SSL appliance
and the Web server cannot be used for any other data. The SSL appliance blocks
access to the clear text port, protecting your secure data from direct clear test
access.
One result of this port blocking strategy is that you cannot use the same clear text
TCP service port between the SSL appliance and the server for both non-secure
(http:) and decrypted secure data (https:) transfer. Network port traffic received
on the clear text TCP service port is dropped. See the figures below.
Appendix F
SSL Introduction
78-13124-05
®

Advertisement

Table of Contents
loading

Table of Contents