restrictionsserver
500InternalServerError 时间:2021-02-01 阅读:()
Server-GatedCryptographyPROVIDINGBETTERSECURITYFORMOREUSERS2Server-GatedCryptographyForwardThinking.
.
.
Withthewidespreadglobaladoptionofwirelesstechnologies,hundredsofmillionsofpeoplelivingdevelopingcountriesareloggingontotheinternetforthefirsttime.
Whilemanywillbedoingsowithnewcomputers,stillmanymorewillnodoubtberelyingonoutdatedsoftwaretosurftheWWW.
Manyofthemwillbenaveaboutthedangersthatlieandwaitincyberspace.
Astheenablersofsecureandglobalelectroniccommerceitisourdutytohelpcompaniesempowerandprotectthesenewcitizensoftheinternet.
Ifourtechnology,trustedservicesandproductscanhelpyoutoprotectevenoneuser,letalonethetensofmillionswhorequiresuchassistance,thenwehavedoneourduty.
ThisiswhatSGC-enabledSSLcertificatesareintendedtodo.
OverviewThisguidewillhelpyoutounderstandhowSGC-enabledSSLcertificatesworkandwhytheyaredifferentfromothercertificates,whythetechnologywasfirstintroducedinthelate90s,andwhythistechnologyremainsasrelevanttodayasitwasbackthen.
E-commercebusinessesusingServer-GatedCryptography-enabledSSLcertificatescanhelpassurecustomersofstrongerencryption,greaterprivacyandreducedrisksoffraudandidentitytheft.
Thisisnotoneperson'sororganization'sopinion.
Thisisafact-provenbytheYankeeGroupwhoconductedexhaustiveindependenttests(368tobeexact!
)toarriveatthisconclusion(1).
SGCtechnologymayhaveoriginatedinthelate90sbutitremainsasrelevanttodayasitdidwhenitwasfirstintroducedmorethansixyearsago.
Thewidespreadgrowthofbroadbandglobally(2)willnecessitatetheuseoftechnologiesthatareforwardthinkingandproactive.
SGCissuchatechnologybecause,unlikeotherSSLcertificatesthatrelyontheuser'sbrowserbeingabletomatchaserver'sciphersuite,SGChelpsusersattainmoresecureconnectionbyactuallysteppingupsomeusers'browsersinspecificsituations.
TheYankeeGroup'sstudyveryboldlyconcluded,"SGC-enabledcertificatesenablemoreWindows2000userstoconnectwith128-bitencryption.
Thisdifferencemeanstensofmillionsmoreinternetusersworldwidewouldget128-bitencryptionorhigherifalle-commercevendorsusedSGC-enabledcertificates.
"(1)Thefactthat75%ofUSbusinesses(3)believethatathreatfromunprotectedsystemsindevelopingcountriesposeagrowingthreattotheirdigitalsecurity,strengthenstheargumentsupportingusingproactivetechnologieslikeSGC-enabledSSLcertificates.
Theinternethasgivencompaniesacost-effectiveandextremelypowerfulmediumtoconnectwithcustomersanywhereintheworld.
Broadbandismakingitpossibleformorepeoplefromeverycorneroftheglobetogoshoppingincybermalls,unrestrictedbytimeandgeography.
Thesegreatnewopportunitiesthatawaite-businesseswhowanttoexpandgloballywilldemandproactivesecuritytoprotectboththee-businessresourcesanddatabases,aswellasprovideprotectionfornewcustomerswhomayberelyingonoutdatedsoftwaretoexploretheinternet.
1.
BuildingBlocksofTransparentWebSecurity:Server-GatedCryptography-TheYankeeGroup,September20052.
WorldBroadbandStatistics:Q32005-PointTopicLtd.
20053.
U.
S.
Businesses:CostofCybercrimeOvertakesPhysicalCrime-IBM,March20063AnArgumentforProactiveSecurityTheinternetistheembodimentofglobalization–itsgrowthfueledbythewidespreadglobaladoptionoffaster,always-onbroadbandADSLandwirelessservice,theglobalexpansionofmultinationalsandtheirmobilizedarmyofworkerswhotradeinformationanywhereandanytime.
Withtheinternet'sgrowthcomesanewopportunityformanysmallandlargebusinessesthatarenowabletotradefromalocationinonecorneroftheglobe,withanyonewhoisabletoaccesstheirwebsiteandmakecreditcardpayments.
Internetandelectronictradingknowsnotimeandhasnoborders.
But,asmanycompaniesreadythemselvesfortheonslaughtofnewcustomerscomingfromthefourcornersoftheglobe,securityexpertsareexpressingcaution.
Infact,manyUSbusinessesarealsoexpressingcautionandconcern.
InarecentsurveyconductedbyIBM(1)asmanyas75%oftheparticipatingcompaniesexpressedconcernforthegrowingcybercrimethreatthatwillcomefrommanyunprotectedcomputersinthedevelopingworld.
OutdatedsoftwareandunprotectedsystemsarearealthreatastheadoptionrateofbroadbandservicesstabilizesintheUSanddeclinesinAsia,whiletheMiddleEastandAfricaareshowingthehighestnewconnectionratesintheworldfortheseservices.
Whilemanycompaniesarerushingtocapitalizeonrapidglobalgrowthofbroadbandconnection,companiesmustheedthewarningsofmanyexpertswhoarecallingforproactivesecuritythatservestonotonlyprotectthevendor,butalso"thinks"fortheuserhelpingthemtoattainthebestpossiblesecurity.
Proactivesecuritywillnotonlycreateamoresecuredigitalenvironmentforeveryone,butitwillalsohelptobuildtrustamongstthemanynewusersoftheinternet.
Trustwillbuildconfidenceandconfidenceisgoodforbusiness.
Server-GatedCryptography:MakingtheDigitalWorldaMoreSecureSpace(1)Inthe1990s,theUSgovernmentimposedrestrictionsonexportingstrongcryptographytoothercountries.
TherestrictionmeantthatsoftwarethatimplementSSL,suchaswebbrowsers,operatingsystemsandwebservershadtolimitencryptiontoweakalgorithmsandshorterkeylengthsifitwasexportedoutsidetheUnitedStates.
Lawmakersincludedanexceptionforfinancialtransactionstoensurethatcustomersworldwidecouldsafelytransactonlineusingstrongencryption.
SGCwascreatedasanextensiontoSSLforconsumerswithexportversionsofwebbrowsersoftwaretousestrongcryptographyforfinancialtransactions.
USexportlawswereupheldbyissuingSGCcertificatesonlytoeligiblefinancialinstitutions,creatinganenforcementpointattheserverwithoutanyimpacttotheclient.
Therestrictionsonexportofstrongencryptionhavesincebeenrelaxed,andnowSGCcertificatesmaybeissuedtoanyinstitution.
RestrictionsonencryptionareevidentinolderversionsofWindows2000runningInternetExplorerthatarestillinuse.
Consumersande-commercevendors,particularlythoseoutsidetheUnitedStates,arestillusingweakencryption,despitethefactthatsafer,strongeralternativesareavailable.
AlthoughnewerversionsofWindows2000providethesefeatures,millionsstilluseoldversions.
Userswhoarestillusingcertainolderbrowserversionsthatonlyprovideweak40-bitor56-bitencryptioncangainfull-strength128-bitencryptionwhenconductingbusinesswithSGC-enabledwebsites.
WithSGC,browserandoperatingsystemversions-whetherexportsordomestic-thatwouldotherwiseconnectwithweakencryptionareaffordedmuchstrongersecurity.
Untilolderversionsofbrowserandoperatingsystemsdisappearcompletely,SGCcertificatescanprotectthisportionoftheuserpopulation.
1.
U.
S.
Businesses:CostofCybercrimeOvertakesPhysicalCrime-IBM,March2006Alsosee:Stronggetsstronger-256-bitencryption(Appendix2)1.
AnextractfromTheYankeeGrouppaperentitledBuildingBlocksofTransparentWebSecurity:Server-GatedCryptography,September2005)4HowanSGC-EnabledSSLCertificateWorksTounderstandhowanSGC-enabledSSLsessiondiffersfromotherSSLsessions,wefirstneedtoexplainhowanormalSSLsessionworks.
AsimplifiedSSLsessionlookslikethis:1.
theclient/browsersendstheserveralistofsupportedciphers2.
theserverchoosesacipherandsendsthatcipheralongwithitscertificatebacktotheclient/browser3.
theclient/browserverifiestheserver'scertificateandextractstheserver'spublickey4.
theclient/browserencryptsasecretusingtheserver'spublickeyandsendsittotheserver5.
theserverdecryptsthesecretusingitsprivatekey.
Atthispointtheclient/browserandserverbothsharethesecretandcanbeconfidentthatnooneelseknowsit.
Theclient/browserandservercannowusethissecretandthechosenciphertohaveasecureconversation.
ThisisaverysimplifiedexplanationofaSSLhandshake.
WithSGCbasicallywhathappensiswhentheclient/browserreceivestheserver'scertificate(step3),theclientdiscoversthattheserverhasaSGC-enabledSSLcertificatetheclient/browserwillperformanewhandshake(oncethecurrenthandshakeisfinished)usingacompletelistofalltheciphersbeingsupportedincludingthestrong128-bitencryption,thusupgradingthecurrentsessiontostrongcryptography.
BuildingBlocksofTransparentWebSecurity:Server-GatedCryptographybytheYankeeGroup,September2005SecureSocketsLayer(SSL)isthedefactostandardforsecuringe-commercetransactions.
SSLencryptspersonalinformationsuchascreditcardnumbers,socialsecuritynumbers,passwords,namesandaddressessenttoane-commercevendorviaitswebsite.
Therefore,SSLisacriticalcomponentintheprotectionofconsumerprivacyandanecessitytoreducetherisksoffraudandidentitytheft.
YankeeGroupresearchshowsthatbetween1%and2%ofe-commercetransactionsarerelatedtofraud.
Lossestotaling$2billionin2004aregrowingatthesameratease-commercerevenueanderodingconsumerconfidence.
SSLencryptionisakeycomponentinprotectingconsumers'onlinetransactions.
Itstransparencytouserswillbeacriticalfactorinreducingfraud.
SSLlackstransparencyinakeyarea:thestrengthofencryptionusedforagivensession.
Browsers,webserversandoperatingsystemsallplayaroleindeterminingthelevelofencryptionused:40bit,56bitor128bit.
SomePCsystemscan'ttakeadvantageoffull128-bitSSLencryption.
Server-gatedcryptography(SGC)-enabledcertificatesaddressthisissue.
E-commercewebsitesusingSGCcanassurecustomersofstrongerencryption,greaterprivacyandreducedrisksoffraudandidentitytheft.
AspecialstudydonebyTheYankeeGrouptestedbothSGC–andnon-SGC-enabledcertificatesin92commonenvironmentstodetermineunderwhatconditionsusersbenefitfromstrongencryption.
TheYankeeGroup'sconclusion–"ThenumberofpeoplestillsubjecttoweakencryptionbecausetheyareusingolderversionsofWindowsandInternetExplorerisinthetensofmillions.
UsersrunningtheWindows2000operatingsystemwithoutServicePack4orthehigh-encryptionpackaremostlikelytobeaffected.
5"TestedbrowsersreleasedearlierthanMarch2000alsoreturnhigherratesofconnectionatlowencryptionlevels.
OurtestingresultsshowthatwhenusingSGCcertificates,virtuallyallcombinationsofWindowsoperatingsystem,InternetExplorerandserverareabletostepupto128-bitencryption.
Wide-scaledeploymentofSGC-enabledSSLcertificateswouldreducetheactualnumberofusersexposedbyweakerencryptiondramaticallyandmakeitpossibleforvirtuallyeveryinternetusertoenjoytheprotectionof128bitorstrongerencryption.
"IsThawte'sSGCSuperCertCertificateRightforMyBusinessWiththewidespreadglobaladoptionofbroadbandinternet,manye-commercebusinessesareconsideringexpandingtheirservicesintonewterritories.
However,beforeyourushintoopeningyourcyberdoorstothesenewrevenueopportunities,considerthemanynewchallengesthesenewcustomerscouldposetoyourbusiness.
Manyofthesenewcustomerscouldposeasecurityrisktoyourbusiness.
ManymillionsofPCusersstillrelyonoldersoftwarelikeWindows2000systemsthathavenotbeenupdatedwiththelatestservicepacks.
Theseusersmayonlybeabletoconnecttoyoursecuree-commercewebsiteusingweak40and56-bitencryption,exposingnotonlythemselvesbutalsoyourbusinesstounnecessarysecurityrisks.
Toprotectinternetfinancialtransactions,expertsrecommendthataminimumof128-bitencryptionbeused.
SGC-enabledSSLcertificates,likeourSGCSuperCerts,aretheonlySSLcertificatesthathavetheuniqueabilitytostepupencryptionstrengthfromtheweakencryptiontothemuchstronger128-bitencryption.
InanindependentstudyconductedbytheYankeeGroupinSeptember2005itwasshownthatSGCenabledcertificatesenablemoreWindows2000userstoconnectwith128-bitencryption.
Thedifferencemeanstensofmillionsmoreusersworldwidewouldget128-bitencryption,ifalle-commercebusinessesusedSGC.
256-bitencryptioncanbeachievediftheuser'sbrowsercapabilityandtheciphersuiteinstalledonthewebserverareboth256-bitcompatible.
ThawteSGCSuperCertsprovide:Ahigherstrengthofencryptionforcertainolderversionsofexportbrowsers.
Confidenceintheintegrityandsecurityofyouronlinebusinessandnetworkinfrastructure.
CustomersarebecomingincreasinglyawareoftheadvantagesofSSLsecurityandwilloftennotpurchaseonlinefromnon-securestores.
AllmajorwebmerchantsuseSSLsecuritybackedbystrongwarrantiestoencouragecustomerstobuyonline.
Interoperabilityandsupportforstandardapplicationsandbrowsers,suchasMicrosoftInternetExplorerandNetscapeCommunicator.
Non-forgeableproofofyourwebsiteidentity.
Easeofuse.
ASGCSuperCertisastand-alonesolutionthatrequiresnoinstallationofextrasoftwareontheserverorthebrowser.
Peace-of-mindforthoseconductinginternationalonlinebusiness,knowingthatyourbusinessisforwardthinkingandproactiveinitsattitudeconcerningthesecurityofitscustomers.
TheValueofAuthenticationInformationisacriticalassettoyourbusiness.
Toensuretheintegrityandsafetyofyourinformation,itisimportanttoidentifywithwhomyouaredealing,andthedatayouarereceivingistrustworthy.
Authenticationcanhelpestablishtrustbetweenpartiesinvolvedinalltypesoftransactionsbyaddressingauniquesetofsecurityissuesincluding:SPOOFING:Thelowcostofwebsitedesignandtheeasewithwhichexistingpagescanbecopiedmakesitalltooeasytocreateillegitimatewebsitesthatappeartobepublishedbyestablishedorganizations.
Infact,conartistshaveillegallyobtainedcreditcardnumbersbysettingupprofessionallookingstorefrontsthatmimiclegitimatebusinesses.
6UNAUTHORIZEDACTION:Acompetitorordisgruntledcustomercanalteryourwebsitesothatitmalfunctionsorrefusestoservicepotentialclients.
UNAUTHORIZEDDISCLOSURE:Whentransactioninformationistransmitted"intheclear",hackerscaninterceptthetransmissionstoobtainsensitiveinformationfromyourcustomers.
DATAALTERATION:Thecontentofatransactioncanbeinterceptedandalteredenroute,eithermaliciouslyoraccidentally.
Usernames,creditcardnumbersandcurrencyamountssent"intheclear"areallvulnerabletoalteration.
UsefulURL'sFormoredetailonthawte'sSGCSuperCerts,pleasevisit:http://www.
thawte.
com/sgc/index.
htmlLearnmoreaboutSGCSuperCerts:http://www.
thawte.
com/ssl/sgc-supercerts-ssl-certificates/21-DayFreeTrialSSLCertificatehttps://www.
thawte.
com/ucgi/gothawte.
cgia=w62240062237049007BuySGCSuperCerts:http://www.
thawte.
com/buyAppendix:Why128-BitisStrongerthan40and56-BitEncryptionUnderstandingCryptographicStrengthCryptographicstrengthisexpressedinkeylengthorbitlength.
Keyscomeinavarietyoflengths(e.
g.
40-bit,56-bitand128-bit).
Assuminganinherentstrengthintheencryptionalgorithm,alongerkey/bitlengthwillmakeithardertocrackanencryptedmessage.
Werefertobitlengthasthisspecifiesthenumberofbitsrequiredtowritethenumberofpossiblekeysinbinary.
Keylengthshaveincreaseovertimetocounteractadvancesincomputingpowerwhichmakethecrackingofencryptedmessageseasier.
KeyLengthApproximateNumberofKeys40-bit1,099,511,627,77656-bit72,057,594,037,927,900128-bit340,282,366,920,938,000,000,000,000,000,000,000,000Consumersande-commercevendorsoftenviewencryptionastoocomplexfortheaveragehackertoexploit.
Surelyanysortofencryptionprovidesenoughsecuritytodoonlinebankingandshopping,rightUnfortunately,theanswerisno.
Low-levelencryption,using56bitsorless,isuniversallydeemedtooweakforsafefinancialtransactions.
Withthecomputingpoweravailabletoday,it'snotcostprohibitiveforhackerstoattack56-bitencryptionusingbruteforce,whichinvolvestryingeverypossiblekeycombinationuntiltheyfindtheonethatconvertsciphertextintoplaintext.
Thedifferenceinsecuritybetween40bit,56bitand128bitissignificant.
Theprogressmadeincomputingtechnologymeansthatweakerencryptionusing40-bitor56-bitkeyscanbeattackedbybruteforceandbrokeninamatterofhoursusinganaverage-speedPC.
Asrecentlyas1997,thesameexercisewouldhavetakendaysandrequiredtheeffortofmultiplecomputersandpeople.
Atcurrentcomputingspeeds,128-bitencryptionwilltakemorethanatrillionyearstoattackusingbruteforce,anobstaclethatwoulddeteranyfinanciallymotivatedattacker.
Bycontrast,breakingshorter40-bitor56-bitencryptedsessionsisarelativelysmallinvestmentforattackersharvestingpersonalinformation.
ThereisacommonmisconceptionthatdigitalcertificatesdeterminethestrengthofencryptionandthisisreinforcedbymanyCertificationAuthoritiesthatreferto40-bitor128-bitcertificates.
Itisimportanttounderstandthatencryptionstrengthisnormallydeterminedbynegotiationbetweenthebrowser,operatingsystemandawebserverbeforeasecuresessionisestablished.
72013Thawte,Inc.
Allrightsreserved.
Thawte,thethawtelogo,andothertrademarks,servicemarks,anddesignsareregisteredorunregisteredtrademarksofThawte,Inc.
anditssubsidiariesandafliatesintheUnitedStatesandinforeigncountries.
Allothertrademarksarepropertyoftheirrespectiveowners.
OnlydigitalcertificatesenabledwithSGCtechnologyarecapableofinfluencingtheencryptionstrengthofasessionbeyondwhatisagreedbetweenthebrowser,operatingsystemandserver(morethislater).
StrongGetsStronger-256-BitEncryptionAlthoughencryptionstrengthisdependentonthenatureofthebrowseraswellasthesoftwareonthewebservertowhichthebrowserisconnecting,256-bitencryptionisthehighestlevelofencryptioncurrentlypossible.
Whilesomebrowserssupportthislevelofencryption,thisdoesnotguaranteethatasecureinternetsessionwilloccuratthislevel.
Thelevelofencryptionusedtosecureaninternetconnectiondependsontwofactors-firstlythecapacityoftheciphersuiteinstalledonthewebserverbeingaccessed,andsecondlythecapabilityofthewebbrowserbeingusedtoestablishtheconnection.
Aciphersuiteisessentiallyanencryptionalgorithm,whichawebserverwillusetonegotiateanencryptedinternetsession.
Toestablisha256-bitencryptionsessiontheciphersuitemustbecapableofdeliveringthislevelofencryption.
Theencryptionlevelthatwillbeusedtoestablishasecureinternetconnectionisdeterminedthroughanegotiationthatoccurswhentheinternetbrowserandwebserverperformtheirhandshake.
Duringthishandshakesessiontheinternetbrowsersendsitslistofciphersuitestothewebserver,whichtheserverusestodeterminethehighestorstrongestencryptionthatcanbeusedfortheencryptedsession.
Differentbrowseranddifferentbrowserversionwillofferdifferentlevelsofencryption.
Some(olderversionsofNetscapeandInternetExplorer)willevenberestrictedtoofferingonlyweakencryption,unlesstheyareconnectingtoserversusingServer-GatedCryptographyenabledSSLcertificate.
So,dependingonthebrowser'svendorandversion,somewillonlybecapableofencryptingat40or56-bitencryption,whilemorerecentbrowserversionsarecapableof128andeven256-bitencryption.
Anothergroupofbrowserswillonlybecapableof40or56-bitencryptionuntilithasbeenestablishedthattheserverinvolvedhasanSGC-enabledSSLcertificateinstalled.
Thesebrowserswillthenbecapable,withhelpfromtheserver,of128-bitencryption.
Notallciphersuitesarethesameeither.
OnlynewerciphersuitessuchasAdvancedEncryptionStandardarecapableofmanaging256-bitencryptionrates.
HowCanyouEstablishWhen256-BitEncryptionWillbeUsedWhenConnectingtoaSecureServerFirstly,ensurethatthebrowseryouareusingis256-bitencryptioncapable.
Secondly,checkwiththeserveradministratoriftheserveronwhichthewebsiteishostedhasa256-bitciphersuiteinstalled.
Whenbothcriteriahavebeenmetyoushouldbeestablishinga256-bitencryptionsecureconnectionwiththatwebsite.
Thiscaneasilybeverifiedbyhoveringyourmousecursorovertheinternetbrowser'sclosedpadlock.
Viaphone––UStoll-free:+18884842983––UK:+442034505486––SouthAfrica:+27218192800––Germany:+4969380789081––France:+33157324268Emailsales@thawte.
comVisitourwebsiteathttps://www.
thawte.
com/log-inTolearnmore,contactoursalesadvisors:Protectyourbusinessandtranslatetrusttoyourcustomerswithhigh-assurancedigitalcertificatesfromThawte,theworld'sfirstinternationalspecialistinonlinesecurity.
Backedbya17-yeartrackrecordofstabilityandreliability,aproveninfrastructure,andworld-classcustomersupport,Thawteistheinternationalpartnerofchoiceforbusinessesworldwide.
.
.
Withthewidespreadglobaladoptionofwirelesstechnologies,hundredsofmillionsofpeoplelivingdevelopingcountriesareloggingontotheinternetforthefirsttime.
Whilemanywillbedoingsowithnewcomputers,stillmanymorewillnodoubtberelyingonoutdatedsoftwaretosurftheWWW.
Manyofthemwillbenaveaboutthedangersthatlieandwaitincyberspace.
Astheenablersofsecureandglobalelectroniccommerceitisourdutytohelpcompaniesempowerandprotectthesenewcitizensoftheinternet.
Ifourtechnology,trustedservicesandproductscanhelpyoutoprotectevenoneuser,letalonethetensofmillionswhorequiresuchassistance,thenwehavedoneourduty.
ThisiswhatSGC-enabledSSLcertificatesareintendedtodo.
OverviewThisguidewillhelpyoutounderstandhowSGC-enabledSSLcertificatesworkandwhytheyaredifferentfromothercertificates,whythetechnologywasfirstintroducedinthelate90s,andwhythistechnologyremainsasrelevanttodayasitwasbackthen.
E-commercebusinessesusingServer-GatedCryptography-enabledSSLcertificatescanhelpassurecustomersofstrongerencryption,greaterprivacyandreducedrisksoffraudandidentitytheft.
Thisisnotoneperson'sororganization'sopinion.
Thisisafact-provenbytheYankeeGroupwhoconductedexhaustiveindependenttests(368tobeexact!
)toarriveatthisconclusion(1).
SGCtechnologymayhaveoriginatedinthelate90sbutitremainsasrelevanttodayasitdidwhenitwasfirstintroducedmorethansixyearsago.
Thewidespreadgrowthofbroadbandglobally(2)willnecessitatetheuseoftechnologiesthatareforwardthinkingandproactive.
SGCissuchatechnologybecause,unlikeotherSSLcertificatesthatrelyontheuser'sbrowserbeingabletomatchaserver'sciphersuite,SGChelpsusersattainmoresecureconnectionbyactuallysteppingupsomeusers'browsersinspecificsituations.
TheYankeeGroup'sstudyveryboldlyconcluded,"SGC-enabledcertificatesenablemoreWindows2000userstoconnectwith128-bitencryption.
Thisdifferencemeanstensofmillionsmoreinternetusersworldwidewouldget128-bitencryptionorhigherifalle-commercevendorsusedSGC-enabledcertificates.
"(1)Thefactthat75%ofUSbusinesses(3)believethatathreatfromunprotectedsystemsindevelopingcountriesposeagrowingthreattotheirdigitalsecurity,strengthenstheargumentsupportingusingproactivetechnologieslikeSGC-enabledSSLcertificates.
Theinternethasgivencompaniesacost-effectiveandextremelypowerfulmediumtoconnectwithcustomersanywhereintheworld.
Broadbandismakingitpossibleformorepeoplefromeverycorneroftheglobetogoshoppingincybermalls,unrestrictedbytimeandgeography.
Thesegreatnewopportunitiesthatawaite-businesseswhowanttoexpandgloballywilldemandproactivesecuritytoprotectboththee-businessresourcesanddatabases,aswellasprovideprotectionfornewcustomerswhomayberelyingonoutdatedsoftwaretoexploretheinternet.
1.
BuildingBlocksofTransparentWebSecurity:Server-GatedCryptography-TheYankeeGroup,September20052.
WorldBroadbandStatistics:Q32005-PointTopicLtd.
20053.
U.
S.
Businesses:CostofCybercrimeOvertakesPhysicalCrime-IBM,March20063AnArgumentforProactiveSecurityTheinternetistheembodimentofglobalization–itsgrowthfueledbythewidespreadglobaladoptionoffaster,always-onbroadbandADSLandwirelessservice,theglobalexpansionofmultinationalsandtheirmobilizedarmyofworkerswhotradeinformationanywhereandanytime.
Withtheinternet'sgrowthcomesanewopportunityformanysmallandlargebusinessesthatarenowabletotradefromalocationinonecorneroftheglobe,withanyonewhoisabletoaccesstheirwebsiteandmakecreditcardpayments.
Internetandelectronictradingknowsnotimeandhasnoborders.
But,asmanycompaniesreadythemselvesfortheonslaughtofnewcustomerscomingfromthefourcornersoftheglobe,securityexpertsareexpressingcaution.
Infact,manyUSbusinessesarealsoexpressingcautionandconcern.
InarecentsurveyconductedbyIBM(1)asmanyas75%oftheparticipatingcompaniesexpressedconcernforthegrowingcybercrimethreatthatwillcomefrommanyunprotectedcomputersinthedevelopingworld.
OutdatedsoftwareandunprotectedsystemsarearealthreatastheadoptionrateofbroadbandservicesstabilizesintheUSanddeclinesinAsia,whiletheMiddleEastandAfricaareshowingthehighestnewconnectionratesintheworldfortheseservices.
Whilemanycompaniesarerushingtocapitalizeonrapidglobalgrowthofbroadbandconnection,companiesmustheedthewarningsofmanyexpertswhoarecallingforproactivesecuritythatservestonotonlyprotectthevendor,butalso"thinks"fortheuserhelpingthemtoattainthebestpossiblesecurity.
Proactivesecuritywillnotonlycreateamoresecuredigitalenvironmentforeveryone,butitwillalsohelptobuildtrustamongstthemanynewusersoftheinternet.
Trustwillbuildconfidenceandconfidenceisgoodforbusiness.
Server-GatedCryptography:MakingtheDigitalWorldaMoreSecureSpace(1)Inthe1990s,theUSgovernmentimposedrestrictionsonexportingstrongcryptographytoothercountries.
TherestrictionmeantthatsoftwarethatimplementSSL,suchaswebbrowsers,operatingsystemsandwebservershadtolimitencryptiontoweakalgorithmsandshorterkeylengthsifitwasexportedoutsidetheUnitedStates.
Lawmakersincludedanexceptionforfinancialtransactionstoensurethatcustomersworldwidecouldsafelytransactonlineusingstrongencryption.
SGCwascreatedasanextensiontoSSLforconsumerswithexportversionsofwebbrowsersoftwaretousestrongcryptographyforfinancialtransactions.
USexportlawswereupheldbyissuingSGCcertificatesonlytoeligiblefinancialinstitutions,creatinganenforcementpointattheserverwithoutanyimpacttotheclient.
Therestrictionsonexportofstrongencryptionhavesincebeenrelaxed,andnowSGCcertificatesmaybeissuedtoanyinstitution.
RestrictionsonencryptionareevidentinolderversionsofWindows2000runningInternetExplorerthatarestillinuse.
Consumersande-commercevendors,particularlythoseoutsidetheUnitedStates,arestillusingweakencryption,despitethefactthatsafer,strongeralternativesareavailable.
AlthoughnewerversionsofWindows2000providethesefeatures,millionsstilluseoldversions.
Userswhoarestillusingcertainolderbrowserversionsthatonlyprovideweak40-bitor56-bitencryptioncangainfull-strength128-bitencryptionwhenconductingbusinesswithSGC-enabledwebsites.
WithSGC,browserandoperatingsystemversions-whetherexportsordomestic-thatwouldotherwiseconnectwithweakencryptionareaffordedmuchstrongersecurity.
Untilolderversionsofbrowserandoperatingsystemsdisappearcompletely,SGCcertificatescanprotectthisportionoftheuserpopulation.
1.
U.
S.
Businesses:CostofCybercrimeOvertakesPhysicalCrime-IBM,March2006Alsosee:Stronggetsstronger-256-bitencryption(Appendix2)1.
AnextractfromTheYankeeGrouppaperentitledBuildingBlocksofTransparentWebSecurity:Server-GatedCryptography,September2005)4HowanSGC-EnabledSSLCertificateWorksTounderstandhowanSGC-enabledSSLsessiondiffersfromotherSSLsessions,wefirstneedtoexplainhowanormalSSLsessionworks.
AsimplifiedSSLsessionlookslikethis:1.
theclient/browsersendstheserveralistofsupportedciphers2.
theserverchoosesacipherandsendsthatcipheralongwithitscertificatebacktotheclient/browser3.
theclient/browserverifiestheserver'scertificateandextractstheserver'spublickey4.
theclient/browserencryptsasecretusingtheserver'spublickeyandsendsittotheserver5.
theserverdecryptsthesecretusingitsprivatekey.
Atthispointtheclient/browserandserverbothsharethesecretandcanbeconfidentthatnooneelseknowsit.
Theclient/browserandservercannowusethissecretandthechosenciphertohaveasecureconversation.
ThisisaverysimplifiedexplanationofaSSLhandshake.
WithSGCbasicallywhathappensiswhentheclient/browserreceivestheserver'scertificate(step3),theclientdiscoversthattheserverhasaSGC-enabledSSLcertificatetheclient/browserwillperformanewhandshake(oncethecurrenthandshakeisfinished)usingacompletelistofalltheciphersbeingsupportedincludingthestrong128-bitencryption,thusupgradingthecurrentsessiontostrongcryptography.
BuildingBlocksofTransparentWebSecurity:Server-GatedCryptographybytheYankeeGroup,September2005SecureSocketsLayer(SSL)isthedefactostandardforsecuringe-commercetransactions.
SSLencryptspersonalinformationsuchascreditcardnumbers,socialsecuritynumbers,passwords,namesandaddressessenttoane-commercevendorviaitswebsite.
Therefore,SSLisacriticalcomponentintheprotectionofconsumerprivacyandanecessitytoreducetherisksoffraudandidentitytheft.
YankeeGroupresearchshowsthatbetween1%and2%ofe-commercetransactionsarerelatedtofraud.
Lossestotaling$2billionin2004aregrowingatthesameratease-commercerevenueanderodingconsumerconfidence.
SSLencryptionisakeycomponentinprotectingconsumers'onlinetransactions.
Itstransparencytouserswillbeacriticalfactorinreducingfraud.
SSLlackstransparencyinakeyarea:thestrengthofencryptionusedforagivensession.
Browsers,webserversandoperatingsystemsallplayaroleindeterminingthelevelofencryptionused:40bit,56bitor128bit.
SomePCsystemscan'ttakeadvantageoffull128-bitSSLencryption.
Server-gatedcryptography(SGC)-enabledcertificatesaddressthisissue.
E-commercewebsitesusingSGCcanassurecustomersofstrongerencryption,greaterprivacyandreducedrisksoffraudandidentitytheft.
AspecialstudydonebyTheYankeeGrouptestedbothSGC–andnon-SGC-enabledcertificatesin92commonenvironmentstodetermineunderwhatconditionsusersbenefitfromstrongencryption.
TheYankeeGroup'sconclusion–"ThenumberofpeoplestillsubjecttoweakencryptionbecausetheyareusingolderversionsofWindowsandInternetExplorerisinthetensofmillions.
UsersrunningtheWindows2000operatingsystemwithoutServicePack4orthehigh-encryptionpackaremostlikelytobeaffected.
5"TestedbrowsersreleasedearlierthanMarch2000alsoreturnhigherratesofconnectionatlowencryptionlevels.
OurtestingresultsshowthatwhenusingSGCcertificates,virtuallyallcombinationsofWindowsoperatingsystem,InternetExplorerandserverareabletostepupto128-bitencryption.
Wide-scaledeploymentofSGC-enabledSSLcertificateswouldreducetheactualnumberofusersexposedbyweakerencryptiondramaticallyandmakeitpossibleforvirtuallyeveryinternetusertoenjoytheprotectionof128bitorstrongerencryption.
"IsThawte'sSGCSuperCertCertificateRightforMyBusinessWiththewidespreadglobaladoptionofbroadbandinternet,manye-commercebusinessesareconsideringexpandingtheirservicesintonewterritories.
However,beforeyourushintoopeningyourcyberdoorstothesenewrevenueopportunities,considerthemanynewchallengesthesenewcustomerscouldposetoyourbusiness.
Manyofthesenewcustomerscouldposeasecurityrisktoyourbusiness.
ManymillionsofPCusersstillrelyonoldersoftwarelikeWindows2000systemsthathavenotbeenupdatedwiththelatestservicepacks.
Theseusersmayonlybeabletoconnecttoyoursecuree-commercewebsiteusingweak40and56-bitencryption,exposingnotonlythemselvesbutalsoyourbusinesstounnecessarysecurityrisks.
Toprotectinternetfinancialtransactions,expertsrecommendthataminimumof128-bitencryptionbeused.
SGC-enabledSSLcertificates,likeourSGCSuperCerts,aretheonlySSLcertificatesthathavetheuniqueabilitytostepupencryptionstrengthfromtheweakencryptiontothemuchstronger128-bitencryption.
InanindependentstudyconductedbytheYankeeGroupinSeptember2005itwasshownthatSGCenabledcertificatesenablemoreWindows2000userstoconnectwith128-bitencryption.
Thedifferencemeanstensofmillionsmoreusersworldwidewouldget128-bitencryption,ifalle-commercebusinessesusedSGC.
256-bitencryptioncanbeachievediftheuser'sbrowsercapabilityandtheciphersuiteinstalledonthewebserverareboth256-bitcompatible.
ThawteSGCSuperCertsprovide:Ahigherstrengthofencryptionforcertainolderversionsofexportbrowsers.
Confidenceintheintegrityandsecurityofyouronlinebusinessandnetworkinfrastructure.
CustomersarebecomingincreasinglyawareoftheadvantagesofSSLsecurityandwilloftennotpurchaseonlinefromnon-securestores.
AllmajorwebmerchantsuseSSLsecuritybackedbystrongwarrantiestoencouragecustomerstobuyonline.
Interoperabilityandsupportforstandardapplicationsandbrowsers,suchasMicrosoftInternetExplorerandNetscapeCommunicator.
Non-forgeableproofofyourwebsiteidentity.
Easeofuse.
ASGCSuperCertisastand-alonesolutionthatrequiresnoinstallationofextrasoftwareontheserverorthebrowser.
Peace-of-mindforthoseconductinginternationalonlinebusiness,knowingthatyourbusinessisforwardthinkingandproactiveinitsattitudeconcerningthesecurityofitscustomers.
TheValueofAuthenticationInformationisacriticalassettoyourbusiness.
Toensuretheintegrityandsafetyofyourinformation,itisimportanttoidentifywithwhomyouaredealing,andthedatayouarereceivingistrustworthy.
Authenticationcanhelpestablishtrustbetweenpartiesinvolvedinalltypesoftransactionsbyaddressingauniquesetofsecurityissuesincluding:SPOOFING:Thelowcostofwebsitedesignandtheeasewithwhichexistingpagescanbecopiedmakesitalltooeasytocreateillegitimatewebsitesthatappeartobepublishedbyestablishedorganizations.
Infact,conartistshaveillegallyobtainedcreditcardnumbersbysettingupprofessionallookingstorefrontsthatmimiclegitimatebusinesses.
6UNAUTHORIZEDACTION:Acompetitorordisgruntledcustomercanalteryourwebsitesothatitmalfunctionsorrefusestoservicepotentialclients.
UNAUTHORIZEDDISCLOSURE:Whentransactioninformationistransmitted"intheclear",hackerscaninterceptthetransmissionstoobtainsensitiveinformationfromyourcustomers.
DATAALTERATION:Thecontentofatransactioncanbeinterceptedandalteredenroute,eithermaliciouslyoraccidentally.
Usernames,creditcardnumbersandcurrencyamountssent"intheclear"areallvulnerabletoalteration.
UsefulURL'sFormoredetailonthawte'sSGCSuperCerts,pleasevisit:http://www.
thawte.
com/sgc/index.
htmlLearnmoreaboutSGCSuperCerts:http://www.
thawte.
com/ssl/sgc-supercerts-ssl-certificates/21-DayFreeTrialSSLCertificatehttps://www.
thawte.
com/ucgi/gothawte.
cgia=w62240062237049007BuySGCSuperCerts:http://www.
thawte.
com/buyAppendix:Why128-BitisStrongerthan40and56-BitEncryptionUnderstandingCryptographicStrengthCryptographicstrengthisexpressedinkeylengthorbitlength.
Keyscomeinavarietyoflengths(e.
g.
40-bit,56-bitand128-bit).
Assuminganinherentstrengthintheencryptionalgorithm,alongerkey/bitlengthwillmakeithardertocrackanencryptedmessage.
Werefertobitlengthasthisspecifiesthenumberofbitsrequiredtowritethenumberofpossiblekeysinbinary.
Keylengthshaveincreaseovertimetocounteractadvancesincomputingpowerwhichmakethecrackingofencryptedmessageseasier.
KeyLengthApproximateNumberofKeys40-bit1,099,511,627,77656-bit72,057,594,037,927,900128-bit340,282,366,920,938,000,000,000,000,000,000,000,000Consumersande-commercevendorsoftenviewencryptionastoocomplexfortheaveragehackertoexploit.
Surelyanysortofencryptionprovidesenoughsecuritytodoonlinebankingandshopping,rightUnfortunately,theanswerisno.
Low-levelencryption,using56bitsorless,isuniversallydeemedtooweakforsafefinancialtransactions.
Withthecomputingpoweravailabletoday,it'snotcostprohibitiveforhackerstoattack56-bitencryptionusingbruteforce,whichinvolvestryingeverypossiblekeycombinationuntiltheyfindtheonethatconvertsciphertextintoplaintext.
Thedifferenceinsecuritybetween40bit,56bitand128bitissignificant.
Theprogressmadeincomputingtechnologymeansthatweakerencryptionusing40-bitor56-bitkeyscanbeattackedbybruteforceandbrokeninamatterofhoursusinganaverage-speedPC.
Asrecentlyas1997,thesameexercisewouldhavetakendaysandrequiredtheeffortofmultiplecomputersandpeople.
Atcurrentcomputingspeeds,128-bitencryptionwilltakemorethanatrillionyearstoattackusingbruteforce,anobstaclethatwoulddeteranyfinanciallymotivatedattacker.
Bycontrast,breakingshorter40-bitor56-bitencryptedsessionsisarelativelysmallinvestmentforattackersharvestingpersonalinformation.
ThereisacommonmisconceptionthatdigitalcertificatesdeterminethestrengthofencryptionandthisisreinforcedbymanyCertificationAuthoritiesthatreferto40-bitor128-bitcertificates.
Itisimportanttounderstandthatencryptionstrengthisnormallydeterminedbynegotiationbetweenthebrowser,operatingsystemandawebserverbeforeasecuresessionisestablished.
72013Thawte,Inc.
Allrightsreserved.
Thawte,thethawtelogo,andothertrademarks,servicemarks,anddesignsareregisteredorunregisteredtrademarksofThawte,Inc.
anditssubsidiariesandafliatesintheUnitedStatesandinforeigncountries.
Allothertrademarksarepropertyoftheirrespectiveowners.
OnlydigitalcertificatesenabledwithSGCtechnologyarecapableofinfluencingtheencryptionstrengthofasessionbeyondwhatisagreedbetweenthebrowser,operatingsystemandserver(morethislater).
StrongGetsStronger-256-BitEncryptionAlthoughencryptionstrengthisdependentonthenatureofthebrowseraswellasthesoftwareonthewebservertowhichthebrowserisconnecting,256-bitencryptionisthehighestlevelofencryptioncurrentlypossible.
Whilesomebrowserssupportthislevelofencryption,thisdoesnotguaranteethatasecureinternetsessionwilloccuratthislevel.
Thelevelofencryptionusedtosecureaninternetconnectiondependsontwofactors-firstlythecapacityoftheciphersuiteinstalledonthewebserverbeingaccessed,andsecondlythecapabilityofthewebbrowserbeingusedtoestablishtheconnection.
Aciphersuiteisessentiallyanencryptionalgorithm,whichawebserverwillusetonegotiateanencryptedinternetsession.
Toestablisha256-bitencryptionsessiontheciphersuitemustbecapableofdeliveringthislevelofencryption.
Theencryptionlevelthatwillbeusedtoestablishasecureinternetconnectionisdeterminedthroughanegotiationthatoccurswhentheinternetbrowserandwebserverperformtheirhandshake.
Duringthishandshakesessiontheinternetbrowsersendsitslistofciphersuitestothewebserver,whichtheserverusestodeterminethehighestorstrongestencryptionthatcanbeusedfortheencryptedsession.
Differentbrowseranddifferentbrowserversionwillofferdifferentlevelsofencryption.
Some(olderversionsofNetscapeandInternetExplorer)willevenberestrictedtoofferingonlyweakencryption,unlesstheyareconnectingtoserversusingServer-GatedCryptographyenabledSSLcertificate.
So,dependingonthebrowser'svendorandversion,somewillonlybecapableofencryptingat40or56-bitencryption,whilemorerecentbrowserversionsarecapableof128andeven256-bitencryption.
Anothergroupofbrowserswillonlybecapableof40or56-bitencryptionuntilithasbeenestablishedthattheserverinvolvedhasanSGC-enabledSSLcertificateinstalled.
Thesebrowserswillthenbecapable,withhelpfromtheserver,of128-bitencryption.
Notallciphersuitesarethesameeither.
OnlynewerciphersuitessuchasAdvancedEncryptionStandardarecapableofmanaging256-bitencryptionrates.
HowCanyouEstablishWhen256-BitEncryptionWillbeUsedWhenConnectingtoaSecureServerFirstly,ensurethatthebrowseryouareusingis256-bitencryptioncapable.
Secondly,checkwiththeserveradministratoriftheserveronwhichthewebsiteishostedhasa256-bitciphersuiteinstalled.
Whenbothcriteriahavebeenmetyoushouldbeestablishinga256-bitencryptionsecureconnectionwiththatwebsite.
Thiscaneasilybeverifiedbyhoveringyourmousecursorovertheinternetbrowser'sclosedpadlock.
Viaphone––UStoll-free:+18884842983––UK:+442034505486––SouthAfrica:+27218192800––Germany:+4969380789081––France:+33157324268Emailsales@thawte.
comVisitourwebsiteathttps://www.
thawte.
com/log-inTolearnmore,contactoursalesadvisors:Protectyourbusinessandtranslatetrusttoyourcustomerswithhigh-assurancedigitalcertificatesfromThawte,theworld'sfirstinternationalspecialistinonlinesecurity.
Backedbya17-yeartrackrecordofstabilityandreliability,aproveninfrastructure,andworld-classcustomersupport,Thawteistheinternationalpartnerofchoiceforbusinessesworldwide.
- restrictionsserver相关文档
- contentinternal
- Netscapeinternal
- 数据internal
- sink500
IntoVPS:按小时计费KVM月费5美元起($0.0075/小时),6个机房可选
IntoVPS是成立于2004年的Hosterion SRL旗下于2009年推出的无管理型VPS主机品牌,商家提供基于OpenStack构建的VPS产品,支持小时计费是他的一大特色,VPS可选数据中心包括美国弗里蒙特、达拉斯、英国伦敦、荷兰和罗马尼亚等6个地区机房。商家VPS主机基于KVM架构,最低每小时0.0075美元起($5/月)。下面列出几款VPS主机配置信息。CPU:1core内存:2GB...
BeerVM1GB内存/VDSps端口1GB,350元/月
beervm是一家国人商家,主要提供国内KVM VPS,有河南移动、广州移动等。现在预售湖南长沙联通vds,性价比高。湖南长沙vps(长沙vds),1GB内存/7GB SSD空间/10TB流量/1Gbps端口/独立IP/KVM,350元/月,有需要的可以关注一下。Beervm长沙联通vps套餐:长沙联通1G青春版(预售)长沙联通3G标准版(预售)长沙联通3G(预售)vCPU:1vCPU:2vCPU...
无忧云-河南洛阳BGP,CEPH集群分布式存储,数据安全可靠,活动期间月付大优惠!
无忧云怎么样?无忧云服务器好不好?无忧云值不值得购买?无忧云是一家成立于2017年的老牌商家旗下的服务器销售品牌,现由深圳市云上无忧网络科技有限公司运营,是正规持证IDC/ISP/IRCS商家,主要销售国内、中国香港、国外服务器产品,线路有腾讯云国外线路、自营香港CN2线路等,都是中国大陆直连线路,非常适合免备案建站业务需求和各种负载较高的项目,同时国内服务器也有多个BGP以及高防节点...
500InternalServerError为你推荐
-
青岛市建设工程电子交易系统formgraph点击ipad支持ipadC1:山东品牌商品馆用itunes备份如何用iTunes备份iPhone数据fusionchartsfusioncharts曲线图怎么默认显示数量联通iphone4联通iphone4合约联通iphone4iphone4想换联通的卡 是普通联通的卡都能开通3G么 还是得换联通3G卡 联通都有什么套餐 我是北京的win7勒索病毒补丁我的电脑是windows7系统,为什么打不了针对勒索病毒的补丁(杀毒软件显