Google Ads
This is a transcript for a video linked here: Secure Raspberry Pi IOT with HTTPS - stop hackers with Wireshark demo.
00:00:00.160 --> 00:00:06.800 in this video i'm going to explain about the differences between http and https that one 00:00:06.800 --> 00:00:11.680 letter can make a big difference between how secure a website is whether others can track 00:00:11.680 --> 00:00:17.360 your usage and how safe your submitted username and passwords are to demonstrate this i'll be 00:00:17.360 --> 00:00:22.640 setting up a simple web server on a raspberry pi i'll then show you how you can use wireshark a 00:00:22.640 --> 00:00:29.280 tool that hackers use to sniff the network with this you'll see how insecure http is and how it 00:00:29.280 --> 00:00:35.040 can be made much safer through adding encryption i'll be using a raspberry pi for the demonstration 00:00:35.040 --> 00:00:39.760 but you could follow along with other linux computers or using a virtual machine if you prefer 00:00:41.040 --> 00:00:47.600 so let's get started i'm going to start by showing a basic install of the nginx web server along with 00:00:47.600 --> 00:00:54.000 a very basic login script i'll be coming on to how you can secure this later but in this version 00:00:54.000 --> 00:00:59.600 it's just going to be basic http no encryption and just everything transmitted in plain text 00:01:00.880 --> 00:01:11.840 i started terminal i'm going to install the nginx using sudo apt to install nginx 00:01:13.280 --> 00:01:15.840 and install a few more packages so just click yes to that 00:01:25.040 --> 00:01:32.720 by default it's set up as a basic web server and it'll serve files out of the default directory 00:01:32.720 --> 00:01:43.680 which is /var/www/html as you can see there's a file called index.nginx-debian.html 00:01:45.600 --> 00:01:48.320 in there we don't need that so we can just delete that 00:01:48.880 --> 00:01:53.840 just use sudo at the moment so that we're using it as root 00:01:55.280 --> 00:02:03.280 and we'll replace that with our script i had to use that as root but if i change the 00:02:03.280 --> 00:02:08.640 ownership to my own username my username here is stewart but you change that to whatever you want 00:02:09.360 --> 00:02:17.440 then that will set it so that i can write new files to that directory 00:02:18.480 --> 00:02:24.960 alternatively you'd have to be as root to be able to edit that i do need to use that using 00:02:24.960 --> 00:02:30.880 the sudo command so just add that so it's running as root change ownership to myself 00:02:30.880 --> 00:02:41.280 and now i can update as required to be able to use php files we need to first install the fast-cgi 00:02:43.040 --> 00:02:50.480 package so that's sudo apt install php-fpm 00:02:55.920 --> 00:02:58.560 it's going to install a few other packages as well just 00:02:59.600 --> 00:03:05.520 type yes and once we've installed this there's a few parameters we just need to tweak 00:03:07.440 --> 00:03:18.080 to make it a little bit more secure so i'm just going to add a or change a particular 00:03:18.080 --> 00:03:26.560 entry in that to tell php not to try and execute the closest file it can find 00:03:27.920 --> 00:03:40.480 if the file can't be found it should just access the file that we tell it to so that's in /etc/php 00:03:40.480 --> 00:03:47.840 and then the version in which is 7.4 this version /fpm/php.ini 00:03:51.920 --> 00:04:02.720 and it's looking for cgi.fix_pathinfo that is the entry just at the bottom of this screen 00:04:07.600 --> 00:04:14.160 so i'll just change that to a zero 00:04:14.160 --> 00:04:21.280 that's just going to make it a little bit safer now uploaded a file called index.php 00:04:21.920 --> 00:04:31.280 to that fast www html directory now this is a very basic script it's not really useful for anything 00:04:31.280 --> 00:04:42.160 really it's literally just going to take user name and password and display that on the screen 00:04:42.160 --> 00:04:51.280 now you can see there it's called index.php now nginx won't automatically serve index.php files 00:04:51.280 --> 00:05:02.240 or any php files so we need to add this index.php as a default file in the config file 00:05:05.760 --> 00:05:11.520 and there you go there's a comment there that says add index.php to list if using php 00:05:19.520 --> 00:05:30.960 so we also need to enable php cgi functionality just by uncommenting this location section and 00:05:30.960 --> 00:05:40.400 the entry that says fast cgi pass unix and then it's got the unix socket php reference 00:05:42.320 --> 00:05:49.040 save that we can just test that file using nginx minus t 00:05:50.400 --> 00:05:55.920 i've missed the final brackets actually go back into we can just add that 00:05:59.200 --> 00:06:02.560 yeah we have to comment that closing bracket as well so close that now 00:06:03.120 --> 00:06:12.400 now we can run the test again and use the reload and that's reloaded nginx 00:06:16.000 --> 00:06:25.200 just going to quickly show what that index.php file does this is a web browser on another 00:06:25.200 --> 00:06:33.840 computer and i've just connected to that the web server which is on 192.168.0.165. 00:06:34.720 --> 00:06:41.760 the file that's on there gives you this login screen which is just a html form 00:06:42.640 --> 00:06:49.280 it allows you insert a username and password that is passed to the index.php file 00:06:49.280 --> 00:06:53.600 but it doesn't actually do anything with it it just comes back and shows your username 00:06:53.600 --> 00:06:59.760 regardless of what your password is so what it actually does with it normally obviously 00:06:59.760 --> 00:07:03.760 that would be a back end login process and things like that 00:07:03.760 --> 00:07:09.200 but this is purely for demonstration purposes to show you what you can see using wireshark 00:07:10.880 --> 00:07:17.520 so i'm now going to install wireshark on the raspberry pi that's acting as my web server 00:07:18.720 --> 00:07:23.760 and that's going to sniff the network interface and show us the traffic that's going on 00:07:25.040 --> 00:07:32.960 this will be installed on the web server now that a hacker would be trying to intercept this some 00:07:32.960 --> 00:07:40.240 other way perhaps connecting to the switch and trying to intercept it that way or perhaps found 00:07:40.240 --> 00:07:45.920 some way of tapping into your connection otherwise could be running a router or something similar 00:07:47.760 --> 00:07:53.040 i'm just going to install wireshark it's in the standard software repository so i 00:07:53.040 --> 00:08:00.800 can just use sudo apt install wireshark i'm gonna yes i'm gonna install these packages 00:08:07.040 --> 00:08:14.560 this allows you to use a group to be able to run wireshark instead of running this route 00:08:16.800 --> 00:08:21.680 that's probably a good idea to do that so that you don't have to run wireshark as root so 00:08:21.680 --> 00:08:29.120 i'm going to choose yes at this point and install so that you just need to be in the 00:08:31.040 --> 00:08:39.840 wireshark group to be able to run this 00:08:45.760 --> 00:08:53.840 so now we can add ourselves to that group which is done using the user mod command 00:08:56.240 --> 00:09:07.840 this is done using sudo usermod -a to append -G for the group name and then your own username 00:09:09.920 --> 00:09:11.440 and that's added this to that group 00:09:13.760 --> 00:09:17.840 i am going to make a change to the web server first just to disable 00:09:17.840 --> 00:09:25.760 gzip compression now gzip compression does not add any extra security to a session 00:09:25.760 --> 00:09:30.080 but it does make it a little harder to read in wireshark so that's why i'm going to turn it off 00:09:31.120 --> 00:09:36.720 also needs to be turned off before you use https which is what i'm going to come to later 00:09:37.920 --> 00:09:44.320 so basically looking for the setting that says gzip on and we'll just change that to gzip off 00:09:46.000 --> 00:09:49.840 the the benefit of using this is that it saves on bandwidth 00:09:50.880 --> 00:09:57.360 by compressing files as they're sent over the network i just need to restart the server now 00:10:01.280 --> 00:10:09.200 i'll just test the config file first and then reload the web server 00:10:11.920 --> 00:10:19.040 now i can go into wireshark i'm going to put a filter on this and see this has a capture filter 00:10:20.320 --> 00:10:27.520 wireshark has two types of filters this is the capture set filter which reduces 00:10:27.520 --> 00:10:32.400 the amount of data that's captured you can also put display filter which you can see at the top 00:10:33.120 --> 00:10:36.880 use the display filter it still captures all the information but only displays 00:10:38.400 --> 00:10:46.240 what you filter out the benefit to using capture filter is it's going to greatly reduce 00:10:46.240 --> 00:10:51.600 the amount of traffic that you see and save so it's going to result in a smaller file 00:10:54.000 --> 00:10:57.120 the advantage to using display filters you've still got that other information 00:10:57.120 --> 00:11:03.360 if you need to retrieve that later so this is now showing the 00:11:05.040 --> 00:11:11.680 communication between the web server i've just repeated that session in the browser 00:11:11.680 --> 00:11:18.080 where you sort of log on and we can see the get request this is loading the initial 00:11:21.040 --> 00:11:27.840 page just using the / which say we set up to return that index.php file 00:11:32.240 --> 00:11:33.840 and now this is the response 00:11:36.400 --> 00:11:42.400 and you can see this is the index.php file being returned and you can see that it's got the form 00:11:42.400 --> 00:11:44.080 asking for a username and password 00:11:46.720 --> 00:11:53.360 and now we can move down and see the post file which is the data being passed and this is where 00:11:53.360 --> 00:12:00.880 we logged in with the username and password and lo and behold in a minute we will see 00:12:03.520 --> 00:12:08.240 at the bottom is your username and password 00:12:08.240 --> 00:12:15.120 sent in plain text clearly my username i put test my password was test1password2 00:12:17.520 --> 00:12:24.640 as one word the the spacing in there is just for convenience trying to read this but basically 00:12:26.800 --> 00:12:30.880 the real danger is that the password was just sent plain text 00:12:31.440 --> 00:12:38.240 anybody who could physically get onto that network and monitor traffic in this way 00:12:38.240 --> 00:12:44.560 can see your password being sent to and from and obviously that's very dangerous you just need to 00:12:45.440 --> 00:12:52.640 stiff on the network find the password and then you can log in as that person and this is why 00:12:52.640 --> 00:13:00.400 we need encryption this is a real big thing imagine you entered your credit card details 00:13:02.640 --> 00:13:06.880 it basically allows somebody using a sniffer to capture those details 00:13:07.920 --> 00:13:12.960 and then be able to use them for malicious purposes 00:13:15.440 --> 00:13:19.840 and that's why we need encryption on our web traffic 00:13:20.480 --> 00:13:25.040 before they can do that though they do need to have a point of monitoring the network 00:13:26.720 --> 00:13:31.600 for instance i've installed wireshark on the server itself but it doesn't 00:13:31.600 --> 00:13:36.320 need to be on the server it could be on any intermediate point between you and that server 00:13:38.400 --> 00:13:43.760 a particular example would be that you come across a public wi-fi network 00:13:44.640 --> 00:13:50.480 connect to that and it's actually a hacker's network that's allowing you to connect to the 00:13:50.480 --> 00:13:56.800 internet but monitoring all that traffic at the same time so you do need to be careful about 00:13:57.440 --> 00:14:03.280 what you do on public networks and also be careful that you always on an encrypted site 00:14:04.880 --> 00:14:11.360 when giving away or using personal information putting that in a website 00:14:13.280 --> 00:14:16.480 don't do that on something that just uses http 00:14:18.800 --> 00:14:27.520 so the solution is to encrypt the data encrypt the data between your laptop or your web browser that 00:14:27.520 --> 00:14:34.720 you're using and the end server and that's done by using a protocol known as https 00:14:36.240 --> 00:14:42.000 https is a way of encrypting the information so that even if somebody intercepts the traffic they 00:14:42.000 --> 00:14:47.040 cannot understand it this is based on the use of encryption keys that keep the message secret 00:14:47.680 --> 00:14:51.040 you also need certificates which are used to prove who you are 00:14:52.320 --> 00:14:59.200 the technology behind https is called secure sockets layer abbreviated to ssl 00:15:00.480 --> 00:15:04.880 actually usually it's normally based on tls transport layer security 00:15:05.440 --> 00:15:13.840 which is the newer version of ssl and sometimes this is referred to as ssl/tls or it's often that 00:15:13.840 --> 00:15:21.600 people just refer to it as ssl regardless of whether it's ssl or tls and this may also 00:15:21.600 --> 00:15:29.440 depend on the browser and web server as they can negotiate which version of a encryption key to use 00:15:31.120 --> 00:15:36.160 for example when tls was released then the server may have been upgraded but the client not 00:15:36.160 --> 00:15:45.600 so in that case they may have negotiated to use an ssl key instead if all that sounds confusing 00:15:45.600 --> 00:15:51.760 then don't worry you can just think of ssl and tls as being the same thing tls is more secure 00:15:51.760 --> 00:15:58.640 but it's effectively just an updated version of ssl if you're running a production website then 00:15:58.640 --> 00:16:03.040 you should get official certificates registered through a trusted certificate authority 00:16:03.840 --> 00:16:07.920 this will mean that another organization has said that you are who you claim to be 00:16:09.040 --> 00:16:14.480 but for this example i'll be using a local web server just use for a maker project i'll 00:16:14.480 --> 00:16:19.440 be creating a self-signed certificate which will result in a warning in your browser 00:16:20.400 --> 00:16:27.920 the process is similar as if you're using a official certificate but there may be some 00:16:27.920 --> 00:16:34.880 extra steps required which your certificate issuer should explain one example 00:16:35.840 --> 00:16:41.840 is let's encrypt which provides free certificates which can be installed using their tool certbot 00:16:43.040 --> 00:16:47.440 note that let's encrypt is not the same as using a commercial certificate authority 00:16:48.000 --> 00:16:54.880 they won't require you to prove who you are and your certificate will not have the same 00:16:55.440 --> 00:17:03.600 trust relationship as if you go to a commercial certificate provider the library used for this is 00:17:03.600 --> 00:17:12.160 openssl and we'll use the openssl tool to create the encryption and certificates the first we can 00:17:12.720 --> 00:17:18.320 create the encryption keys and certificates which are going to be used to secure the session 00:17:20.400 --> 00:17:25.600 i'm going to copy and paste this i'll put this in on my website 00:17:28.080 --> 00:17:36.320 and this is using sudo to run as root it's the open ssl command this sets 00:17:38.720 --> 00:17:50.400 various things about the encryption such as it will expire in 365 days using an rsa 2048-bit 00:17:50.400 --> 00:18:00.800 key and this is where the key will be output and this is where the certificate will be output too 00:18:04.080 --> 00:18:27.840 so it's going to ask some things about the certificate that is uk 00:18:30.160 --> 00:18:33.840 the next one says asking about the name of the server 00:18:34.880 --> 00:18:41.840 normally that would be fqdn fully qualified domain name so that's such as www.penguintutor.com 00:18:42.720 --> 00:18:48.400 or something like that in this case i'm going to use the ip address of the server 00:18:51.440 --> 00:18:57.680 because it doesn't have a qualified domain name and that's created the certificate 00:19:02.000 --> 00:19:07.280 i'm also going to create a diffie-hellman group this is used for perfect forward 00:19:07.280 --> 00:19:12.160 secrecy essentially it's a way of protecting past communications if 00:19:12.160 --> 00:19:16.400 the encryption key is broken in the future so if somebody's able to capture the data now 00:19:18.000 --> 00:19:26.400 and then your key is broken in the future it means they can't decrypt your old messages 00:19:30.480 --> 00:19:41.760 uses the open ssl command as well but the dh perrami minus out slash etc 00:19:43.760 --> 00:19:51.840 i'll just put in the same search directory 00:19:54.080 --> 00:19:57.360 and so it says this is going to take a long time so it's going to be 00:19:58.640 --> 00:20:00.480 not quite as quick as the previous 00:20:02.800 --> 00:20:05.840 keys 00:20:09.280 --> 00:20:20.400 okay so that's completed now and now we can update the nginx web server to use these i'm going to 00:20:21.120 --> 00:20:33.600 make the changes in the sites file let's go to genex if we look at this two folders one's 00:20:33.600 --> 00:20:38.880 called sites available and one's called sites enabled these will show the same at the moment 00:20:41.680 --> 00:20:46.320 and so sites available is where you store all the different kinds of sites that you 00:20:46.320 --> 00:20:52.240 want because a single web server can serve up multiple websites 00:20:53.840 --> 00:20:58.960 and then when you enable them you normally put a link to sites enabled 00:21:01.280 --> 00:21:04.480 and as you can see that's the same one we'll just put a 00:21:04.480 --> 00:21:12.080 minor cell on that you'll see that this is a link rather than the actual file now you could 00:21:12.080 --> 00:21:17.280 edit either file because of that link you'll just be editing the same file regardless 00:21:17.920 --> 00:21:20.880 but it's actually the one that's in sites available that's the standard file 00:21:22.080 --> 00:21:29.840 you may want to take a backup of this beforehand so i thought let's do that it's going to 00:21:34.240 --> 00:21:41.120 cd to the site's available and we'll just cp default 00:21:46.160 --> 00:21:55.200 because it's not copied into enabled then it won't be enabled it's just there as a backup basically 00:21:57.760 --> 00:21:59.680 so you need to edit this as root 00:22:01.840 --> 00:22:03.280 so we use the sudo 00:22:06.800 --> 00:22:11.520 let's get rid of the port 80 entries at the moment so this is 00:22:11.520 --> 00:22:15.280 standard web server that's been running so far which is on port 80. 00:22:17.280 --> 00:22:24.080 we will later on redirect those that will be a bit later on in the file so come on 00:22:24.080 --> 00:22:31.760 a bit and enable these listen so we're going to listen on port 443 which is what's used for ssl 00:22:34.960 --> 00:22:37.600 tell us about disabling gzip we've already done that 00:22:38.240 --> 00:22:40.720 but if you hadn't then you would have to do that as well 00:22:42.880 --> 00:22:52.960 and there's some information on creating a secure configuration i'm going to be just putting a 00:22:52.960 --> 00:23:01.520 few basic settings on there you may want to look at further ways of securing it further 00:23:05.840 --> 00:23:10.320 you change that server name to be the ip address again you would normally use 00:23:10.320 --> 00:23:21.840 the website name fully qualified domain name 00:23:23.040 --> 00:23:24.480 and then i'm going to add 00:23:28.320 --> 00:23:29.440 some lines in fact 00:23:31.840 --> 00:23:35.840 i just realized 00:23:42.240 --> 00:23:45.120 then at the bottom of this server section which is here 00:23:47.360 --> 00:23:50.720 i'm gonna put in the certificates so 00:23:52.800 --> 00:23:55.040 these are the certificates we're using 00:23:58.080 --> 00:24:08.960 so you've got the certificate the certificate key and that dh param file that we created as well 00:24:12.480 --> 00:24:18.640 i'm also going to add some information about the protocols we want to use 00:24:23.920 --> 00:24:24.960 put those in here 00:24:28.640 --> 00:24:31.840 there are various different settings that you could use 00:24:36.640 --> 00:24:38.320 and there's just a few of them 00:24:45.040 --> 00:24:50.320 so that's the ssl part done i'm going to just add one more section 00:24:51.360 --> 00:24:54.160 the right to the bottom i'm going to add another server 00:24:54.880 --> 00:25:02.800 entry and this is going to redirect anything coming in on port 80 the standard http to port 00:25:02.800 --> 00:25:11.280 443 the https server again i'm going to copy and paste this so i'll include the code on my website 00:25:13.760 --> 00:25:16.720 again see the description for details of that 00:25:20.160 --> 00:25:24.240 so this is just saying that if the host matches this ip address 00:25:26.640 --> 00:25:36.880 and we're listening on port 8 then return 301 redirect to go to the https version 00:25:41.760 --> 00:25:45.680 that's it created i'm just clear i'm going to run 00:25:48.560 --> 00:25:55.280 the test to see if there's any configuration parameters it doesn't seem to like 00:25:55.280 --> 00:26:00.240 my ssl dh params let's go and have a look at that 00:26:03.920 --> 00:26:09.840 976. 00:26:11.600 --> 00:26:14.640 that i've just missed the semicolon off the end 00:26:17.440 --> 00:26:23.840 i can do that and try testing again yep it's okay test is successful 00:26:28.240 --> 00:26:36.400 so now we can reload our because of the changes i'm going to do a full system a full restart 00:26:36.400 --> 00:26:46.320 of the server rather than just to reload so i'll do that using a system control restart 00:26:51.280 --> 00:26:54.400 i can just check the status on that make sure it's started correctly 00:26:56.960 --> 00:27:01.280 yeah it looks like it so i've switched to my laptop now 00:27:02.000 --> 00:27:07.680 so i'm on a different computer to the raspberry pi that's for hosting the web server i can now put in 00:27:11.520 --> 00:27:18.720 the address and as you see it's come up with a scary message this is because we've got 00:27:18.720 --> 00:27:25.840 a self-signed certificate so what you can see is that i although i only typed in without the 00:27:25.840 --> 00:27:35.280 https it's gone to the https site but it's put strike through your connection is not private 00:27:37.120 --> 00:27:45.280 be careful what information you give basically and it shows that the security certificate 00:27:45.280 --> 00:27:50.000 is not trusted and that's because it's a self-signed certificate so 00:27:50.960 --> 00:27:59.040 if you ever get this on a normal website then stop what you're doing and verify before you proceed 00:27:59.840 --> 00:28:06.480 but because this is a self-signed certificate i was expecting this so it's safe to carry on 00:28:07.760 --> 00:28:10.880 and there's more information on here and it says 00:28:13.360 --> 00:28:16.720 that it's basically not been signed by anybody 00:28:22.400 --> 00:28:24.240 the issuer is is just myself 00:28:28.320 --> 00:28:38.080 so we can click proceed as you see we've got the website before we can put in a past username 00:28:43.280 --> 00:28:47.280 password and it works in the same way as it did before 00:28:48.560 --> 00:28:53.680 and now we can take a look at wireshark and see what we can see using that 00:28:55.360 --> 00:29:00.480 i'm back on the raspberry pi now i'm going to start wireshark again 00:29:02.880 --> 00:29:07.440 i do need to change my filter a little this time because i want to be able to watch 00:29:07.440 --> 00:29:13.920 both port 80 and port 443 http and port and https 00:29:19.200 --> 00:29:22.400 port 80 or port 00:29:24.480 --> 00:29:25.840 443 00:29:29.200 --> 00:29:39.840 so i can set that go in 00:29:40.400 --> 00:29:48.640 so capturing from ethernet zero potential four four three so if i now go on to the browser 00:29:52.880 --> 00:29:56.080 and this first bit has just 00:29:58.240 --> 00:30:02.240 loaded the first page i'm going to put my username in now 00:30:05.360 --> 00:30:07.840 and submit the password 00:30:09.680 --> 00:30:14.400 all right so we can now take a look through the traffic so there's quite a bit more 00:30:14.400 --> 00:30:26.800 traffic than before and see what it's found so we can see these are some tcp handshakes 00:30:29.920 --> 00:30:35.840 so here's the handshake and during the handshake it's basically turned around and said 00:30:37.680 --> 00:30:43.760 you're not accepted on port 80 you need to go to port 443 instead 00:30:46.320 --> 00:30:53.120 so then it starts the handshake again with port 443 and we've got the client hello 00:30:54.880 --> 00:31:05.760 you can see it's http 1.1 but then everything else is encrypted so server hello and 00:31:05.760 --> 00:31:11.520 again i have encrypted handshake you can't even see which pages they're asking for 00:31:14.000 --> 00:31:23.840 I did get a certificate annouince here and then we accepted that and then carried on so 00:31:25.280 --> 00:31:31.840 sends the request again so this is the quest for the web page 00:31:36.160 --> 00:31:36.560 and 00:31:39.280 --> 00:31:46.160 basically none of this data is of any use to the application data 00:31:46.160 --> 00:31:49.440 you can't make out what the page said 00:31:52.160 --> 00:31:59.840 and you certainly can't see any usernames or passwords all you see is this encryption related 00:32:01.200 --> 00:32:08.160 traffic and then this is finishing the handshake yeah so as you can see 00:32:10.240 --> 00:32:15.600 it's all nice and secure now and this is exactly what we want we need to make sure 00:32:15.600 --> 00:32:21.520 that any data we send if somebody is sniffing the network 00:32:24.000 --> 00:32:31.920 they basically just get encrypted data they cannot see what pages you've requested 00:32:33.680 --> 00:32:39.200 what the information on that page was and they definitely can't see your username or password 00:32:39.200 --> 00:32:45.920 as it was exchanged but as you can see i'll bring up the the browser this is what we see 00:32:48.320 --> 00:32:58.480 and it's allowed us to log in so as you can see on this video basically looked at using http and 00:32:58.480 --> 00:33:04.560 as you can clearly see you can use a tool such as wireshark monitor the network and you can 00:33:05.120 --> 00:33:10.800 see exactly what is going on between the server and the client you can see what web pages were 00:33:10.800 --> 00:33:15.840 accessed you could see the data that was going backwards and forwards and crucially you could 00:33:15.840 --> 00:33:21.120 see the username and password and that would apply if you put anything into http that could include 00:33:21.120 --> 00:33:29.920 credit card details etc really it's not secure it's you could still use it for just browsing 00:33:31.120 --> 00:33:35.440 normal websites as long as you don't mind people being able to see your history 00:33:36.960 --> 00:33:41.600 but you definitely won't want to use it for passing any secure information 00:33:42.960 --> 00:33:49.680 and then you've seen how we can improve our security by reconfiguring our web server to use 00:33:50.880 --> 00:34:00.560 tls/ssl security use that encryption encrypts the data so that you cannot 00:34:02.560 --> 00:34:08.800 read it you cannot understand it you can capture it but unless you know the encryption keys which 00:34:08.800 --> 00:34:14.880 are kept securely on the server you can't understand what the conversation's saying 00:34:14.880 --> 00:34:22.000 and obviously that is much more important from a security point of view that is how banks protect 00:34:22.000 --> 00:34:31.520 your information how your information is protected when you put in your credit card informations 00:34:33.280 --> 00:34:39.440 it's really important that you always check that you do get these secure padlocks on your 00:34:39.440 --> 00:34:47.840 web browser when you're going to a website and you're entering personal information like that 00:34:49.920 --> 00:34:57.520 as we showed here we used a self-signed certificate that means the web browser is 00:34:57.520 --> 00:35:06.400 not able to verify that as a valid certificate and that's why we got a warning message you could use 00:35:06.400 --> 00:35:10.960 a free service like let's encrypt or you could use a commercial service which will give you a proper 00:35:11.680 --> 00:35:21.040 signed certificate to say that they have proved that it is you that is running that website 00:35:23.520 --> 00:35:28.000 so i hope this has been useful if it has please give it a like 00:35:28.000 --> 00:35:33.200 if you found anything new please leave a comment let me know what you think of it 00:35:35.360 --> 00:35:41.600 if you've not already subscribed please do so and click the notification icon to get notified 00:35:41.600 --> 00:35:47.840 of when i create future videos i'll be looking at other security related aspects on this channel 00:35:48.720 --> 00:35:54.400 both hands-on practical like this demonstration with wireshark but also some of the theory 00:35:54.400 --> 00:35:59.280 as well so if you're interested in learning more about cyber security then 00:35:59.840 --> 00:36:05.760 please do subscribe thank you for watching i look forward to seeing you on a future video
Please note that this should only be used against systems where you have appropriate permissions.
