HSTS - HTTP Strict Transport Security - Protect against SSL Stripping attack - Practical TLS
Рет қаралды 38,119
HSTS (HTTP Strict Transport Security) prevents a site from being accessed over HTTP if it is meant to be accessed via HTTPS. It does this using three directives: Max-Age, IncludeSubDomains, Preload. In this video we discuss the SSL Stripping attack, and discuss how HSTS prevents it.
🔑 More free lessons from the course:
kzbin.info/aero/PLIFyRwBY_4bTwRX__Zn4-letrtpSj1mzY
🔐 More details about the course:
classes.pracnet.net/courses/practical-tls
🏢 Do you configure or troubleshoot TLS/SSL for work? If so, I'm willing to bet your employer would happily pay for this SSL training. Reach out if you'd like to coordinate an introduction for a bulk license purchase with your company. I'm happy to provide a generous referral bonus =)
💬 Join Practical Networking Discord
pracnet.net/discord
00:00 - Typical Browsing - 301 to HTTPS
01:27 - SSL Attack Vector - HTTP to HTTPS redirect
01:48 - SSL Stripping Attack
03:41 - HSTS Explained
04:48 - HSTS Demonstration
06:11 - HSTS includeSubDomains
06:42 - Still Vulnerable on First Visit / HSTS Preload
08:31 - HSTS prevents clicking through browser warnings
09:10 - HSTS directives on one line
09:25 - Summary / Outro
🖧 Want to learn how how data moves through a network?
kzbin.info/aero/PLIFyRwBY_4bRLmKfP1KnZA6rZbRHtxmXi
Since you've made it to the bottom of the Description, here's a $100 off coupon code you can use on the full course =)
YT100
#tls #ssl #hsts
@PracticalNetworking 2 жыл бұрын
📣📣 *October Birthday Month Sale* 🎂🎂 ✨🎇 *Promotion Price: $59* (Regular Price $297) 🎁🎁 Coupon Code: OctBDAY2024y 👉 More free lessons: kzbin.info/aero/PLIFyRwBY_4bTwRX__Zn4-letrtpSj1mzY
@scottspa74 2 жыл бұрын
I just sent this to my computer info systems and digital forensics current instructors to point out to them how much they're failing us. You, Ed, are doing the greatest work, you're a hero
@PracticalNetworking 2 жыл бұрын
Ha. Thank you Scott. I appreciate the shares =). Hope they sign up for my course!
@Jamesaepp 2 жыл бұрын
Followed this from reddit, binged the whole playlist. Just wanted to comment that this is incredibly well done. * I love the fading pen marks. I imagine this is great for learners for whom English is not a primary language, and it's great for when I'm reviewing/filling in small gaps while watching at 2x. :) * THANK YOU for including a couple episodes with actual math. You explained this more concisely and with better examples/context than the computerphile videos. I'll be recommending your series to anyone I know in the future who wants to better understand digital cryptography.
@PracticalNetworking 2 жыл бұрын
Hi James. Thank you for the kind words. I'm really happy you enjoyed this content as much as you did =). Yes, I love the math! Not math itself, granted, but the simpler Crypto examples really helped it click for me when I first learned all this, so I was eager to do the same to others watching the video. Do me a favor... if you're willing, do you mind posting a link or two to some of the other videos on Reddit? Self promotion is always looked at with suspicion, but a fellow Sysadmin referring good content is typically well received. No pressure either way. Thanks again for the kind words =).
@Larry-nx8ho 2 жыл бұрын
I've seen this make many wifi guest portals not be able to redirect, too. Great video, as always!
@PracticalNetworking 2 жыл бұрын
Absolutely! Glad you enjoyed it =)
@wildmanjeff42 2 жыл бұрын
Thanks for the video, very informative and easy to understand
@PracticalNetworking 2 жыл бұрын
You're welcome. Glad you enjoyed it, Jeff.
@thriveniraghav4356 2 жыл бұрын
All your videos are very informative. Thank you. Can you make videos on SD-WAN technology.
@PracticalNetworking 2 жыл бұрын
You're welcome, Thriveni. SD-WAN isn't in my expertise to teach on, I'm afraid.
@kotemanoble1734 2 жыл бұрын
Interesting, thanks for putting this out there.
@PracticalNetworking 2 жыл бұрын
You're welcome, Kaizen!
@Alexanderslaxis 2 жыл бұрын
Hey man, your tutorials are brilliant. Can you please create a new series to discuss optical networks and their components?(SONET/SDH, TDM,WDM,ROADM,RAMAN,WSS, G.709 OTN, FEC, OTN Alarms, OTN TCM, TTI, etc).
@PracticalNetworking 2 жыл бұрын
Hi Alexander, glad you're enjoying these. You listed a lot =). That is a big ask. ^_^ Regrettably, none of the acronyms seem to be within my expertise to teach =/
@navinreddy-xx1vo 8 ай бұрын
no words, awesome videos, Thanks for video
@PracticalNetworking 8 ай бұрын
You're very welcome!
@jeremiahm5487 2 жыл бұрын
Been a while since we heard from you. Fantastic video BTW.
@PracticalNetworking 2 жыл бұрын
Glad you enjoyed it, Jeremiah. =)
@DonatoProce 2 жыл бұрын
excellent description - thanks!!
@PracticalNetworking 2 жыл бұрын
You're welcome !
@shahdharmik1919 Жыл бұрын
In this case of using HSTS, use of following is still vulnerable? 1. Browser extensions interception just like M-I-M attack? The manually installed ones! 2. Use of any non-standard browsers, i.e tor, lunaspace, uc browser, brave? Just curious to knw
@1Esteband 9 ай бұрын
Excellent presentation. Thank you!
@etpienaar 3 ай бұрын
really well thought out and explained :)
@sonyphilipp3345 2 жыл бұрын
Brilliant work
@PracticalNetworking 2 жыл бұрын
Thank you again, Sony =)
@AshishMishra-kw2zm 2 жыл бұрын
Wow ... Amazing Video ❤️❤️ ... Need session on SDN as well... VMware NSX-T please 🙏🙏
@PracticalNetworking 2 жыл бұрын
Glad you enjoyed it =). There are so many videos on my list to make. SDN is going to be a ways back. VMware probably isn't on the list, I'm afraid =(
@Alex-hn3lc 11 ай бұрын
Very well explained thank you.🙏
@waverache8296 2 жыл бұрын
Nice explanation
@PracticalNetworking 2 жыл бұрын
Thank you, Waver =)
@michawojcik1519 2 жыл бұрын
Very informative mate, thanks a lot
@PracticalNetworking 2 жыл бұрын
You're welcome, Michal. Cheers!
@sushilshiwaniwal 5 ай бұрын
Thanks for the shared information.
@ayyapanr Жыл бұрын
Hey Ed.. great explanation on ssl stripping. However I am wondering what happens if the MITM strips the HSTS headers on the response traffic in the scenario of Server MITM Client.
@rezamirzazadefarkhani6915 10 ай бұрын
Great question. Preloading is supposed to partially address this issue by making the very first request in HTTPS. However, Preloading does not scale up to the whole internet. Therefore, if the website is not in the Preloading list and if the attacker can strip the HSTS headers by MITM, then the attack scenario you mentioned is possible.
@DebasishMandal Ай бұрын
great video; thansk!
@AliRem 2 жыл бұрын
Perfect !
@PracticalNetworking 2 жыл бұрын
@abdirahmanabdullahi1150 2 жыл бұрын
Ed thank you 😊
@PracticalNetworking 2 жыл бұрын
You're welcome, Abdirahman!
@subee128 2 ай бұрын
Thanks
@youssefblt9839 9 ай бұрын
thanks verry infomative
@munirajulu 2 жыл бұрын
Thanks Sir 🙏
@PracticalNetworking 2 жыл бұрын
You're welcome!
@chadsexinton Жыл бұрын
What specifically on the browser does it use to remember that 63M seconds ?
@HubertHeller Жыл бұрын
Aside from security, how much will it make my website faster?
@PracticalNetworking Жыл бұрын
The speed gain is negligible. It could save you a round trip, in certain cases, but the main benefit of implementing HSTS should be security, not speed (that's a side perk).
@HubertHeller Жыл бұрын
@@PracticalNetworking what about HS TS preload? Any speed advantage there?
@PracticalNetworking Жыл бұрын
@@HubertHeller Again, there would be a slight advantage (in some cases) ... but speed shouldn't be the main driver of implementing HSTS =). For instance, if the user already initiated a session to the https version of the site.. there would be no visible affect to speed whether you implement HSTS and/or preload
@govindraj1092 2 жыл бұрын
Hello Master could you share me STP protocol & FHRP.. Details please
@PracticalNetworking 2 жыл бұрын
I hope to make some STP videos at some point, yes. While not explicitly about FHRP, I wrote an article on Gratuitous ARP that touches on how HSRP works, slightly. If you're interested: www.practicalnetworking.net/series/arp/gratuitous-arp
@pavankumarkj255 2 жыл бұрын
STP is explained by Keith barker here on YT. Definitely check that out. And always banger video form PN.
@nosajix 8 ай бұрын
What about self signed warnings?
@fekkon_rasulegando 3 ай бұрын
❤❤❤
@kornelijekovac9793 3 ай бұрын
Why all this? Can't they just enforce SSL connection at browser level for all websites?
@casper64 3 ай бұрын
The point is not to protect users but protect your self with encryption. If you use HSTS you can enforce encryption yourself instead of having to rely on the client
@BrendaSnead-z7d Ай бұрын
Enoch Field
Converto
Рет қаралды 24 МЛН
Gambiarratoop
Рет қаралды 6 МЛН