Dieses Dokuwiki verwendet ein von Anymorphic Webdesign erstelltes Thema.

Razlike

Slijede razlike između dviju inačica stranice.

Poveznica na ovu usporedbu

Starije izmjene na obje strane Starija izmjena
Novija izmjena 		Starija izmjena
racfor_wiki:mrezna_forenzika:sigurnost_https_protokola [2020/01/05 19:19]
dsaric 		racfor_wiki:mrezna_forenzika:sigurnost_https_protokola [2024/12/05 12:24] (trenutno)
Redak 134: Redak 134:
 This results in a breach in the integrity and confidentiality of personal information such as login credentials, bank accounts, sensitive business data, etc. Users can combat this attack by using Strict Transport Security (HSTS) and by always checking that they are using HTTPS in their browsers. This results in a breach in the integrity and confidentiality of personal information such as login credentials, bank accounts, sensitive business data, etc. Users can combat this attack by using Strict Transport Security (HSTS) and by always checking that they are using HTTPS in their browsers.
  
-Cryptographic **attack ****FREAK**  (Factoring RSA Export Keys), discovered in 2014, is a type of downgrade attack which relied on using weak RSA encryption keys shorter than 512 bits. These weak RSA encryption keys are a product of espionage from U.S. government. During the 1990s, U.S. government set up rules for the export of encryption systems. These rules limited the strength of the RSA encryption keys to a maximum of 512 bits in any Secure Socket Layer (SSL) implementations targeted for export. The key length of maximum 512 bits made the protocol easily hackable by NSA (National Security Agency), but not by the agencies with lesser computing power. In 2014, when FREAK was discovered, affected 37 % of HTTPS websites [19]. Shortly after discovery shortcoming were patched in most browsers.+Cryptographic **attack ****FREAK**  (Factoring RSA Export Keys), discovered in 2014, is a type of downgrade attack which relied on using weak RSA encryption keys shorter than 512 bits. These weak RSA encryption keys are a product of espionage from U.S. government. During the 1990s, U.S. government set up rules for the export of encryption systems. These rules limited the strength of the RSA encryption keys to a maximum of 512 bits in all Secure Socket Layer (SSL) implementations targeted for export. The key length of maximum 512 bits made the protocol easily hackable by NSA (National Security Agency), but not by the agencies with lesser computing power. In 2014, when FREAK was discovered, affected 37 % of HTTPS websites [19]. Shortly after discovery shortcoming were patched in most browsers.
  
 Another type of attack is a **BEAST ****attack**. BEAST is short for Browser Exploit Against SSL/TLS. This vulnerability is an attack against the confidentiality of a HTTPS connection in a negligible amount of time. That is, it provides a way to extract the unencrypted plaintext from an encrypted session. This type of attack was remedied in TLSv1.1. Another type of attack is a **BEAST ****attack**. BEAST is short for Browser Exploit Against SSL/TLS. This vulnerability is an attack against the confidentiality of a HTTPS connection in a negligible amount of time. That is, it provides a way to extract the unencrypted plaintext from an encrypted session. This type of attack was remedied in TLSv1.1.
Redak 162: Redak 162:
 HyperText Transfer Protocol Secure (HTTPS) is an extension of the Hypertext Transfer Protocol (HTTP). HTTP is one of the most used protocol in the world and is a backbone of the web. HTTPS uses TLS or SSL to encrypt transferred data over computer network. Using encryption over communication channel ensures a private connection. Meaning that no one else with access to this communication channel can't understand data transferred between server and client. A lot of flaws of HTTP are not fixed with HTTPS and they cannot be fixed with improving the protocol further. Rather the protection from exploits is a responsibility the host (web server) in the correct implementation of the protocol. For the implementation of a web server security it is important to know the flaws of HTTPS protocol and keep them in mind while developing. HyperText Transfer Protocol Secure (HTTPS) is an extension of the Hypertext Transfer Protocol (HTTP). HTTP is one of the most used protocol in the world and is a backbone of the web. HTTPS uses TLS or SSL to encrypt transferred data over computer network. Using encryption over communication channel ensures a private connection. Meaning that no one else with access to this communication channel can't understand data transferred between server and client. A lot of flaws of HTTP are not fixed with HTTPS and they cannot be fixed with improving the protocol further. Rather the protection from exploits is a responsibility the host (web server) in the correct implementation of the protocol. For the implementation of a web server security it is important to know the flaws of HTTPS protocol and keep them in mind while developing.
  
-HTTPS protocol and its underlying security protocol TLS is continually being improved as more and more attacks are being discovered. A lot of mentioned flaws of HTTPS are patched in newer versions, but they must be considered as the older systems still run on flawed protocols. Furthermore, even newer systems under an uneducated user can be exploited with the right tools.+HTTPS protocol and its underlying security protocol TLS are continually being improved as more and more attacks are being discovered. A lot of mentioned flaws of HTTPS are patched in newer versions, but they must be considered as the older systems still run on flawed protocols. Furthermore, even newer systems under an uneducated user can be exploited with the right tools.
  
 HTTPS protocol is a perfect example that software developers can never say they developed a bug free code, rather a code without any bugs discovered. They should always strive to write a manageable code rather than a bug free one. HTTPS protocol is a perfect example that software developers can never say they developed a bug free code, rather a code without any bugs discovered. They should always strive to write a manageable code rather than a bug free one.
 +
  
 ===== Sources ===== ===== Sources =====
racfor_wiki/mrezna_forenzika/sigurnost_https_protokola.1578251973.txt.gz · Zadnja izmjena: 2024/12/05 12:23 (vanjsko uređivanje)
Dieses Dokuwiki verwendet ein von Anymorphic Webdesign erstelltes Thema.
CC Attribution-Share Alike 4.0 International
www.chimeric.de Valid CSS Driven by DokuWiki do yourself a favour and use a real browser - get firefox!! Recent changes RSS feed Valid XHTML 1.0