restrictionsserver
500InternalServerError 时间:2021-02-01 阅读:()
Server-GatedCryptographyPROVIDINGBETTERSECURITYFORMOREUSERS2Server-GatedCryptographyForwardThinking.
.
.
Withthewidespreadglobaladoptionofwirelesstechnologies,hundredsofmillionsofpeoplelivingdevelopingcountriesareloggingontotheinternetforthefirsttime.
Whilemanywillbedoingsowithnewcomputers,stillmanymorewillnodoubtberelyingonoutdatedsoftwaretosurftheWWW.
Manyofthemwillbenaveaboutthedangersthatlieandwaitincyberspace.
Astheenablersofsecureandglobalelectroniccommerceitisourdutytohelpcompaniesempowerandprotectthesenewcitizensoftheinternet.
Ifourtechnology,trustedservicesandproductscanhelpyoutoprotectevenoneuser,letalonethetensofmillionswhorequiresuchassistance,thenwehavedoneourduty.
ThisiswhatSGC-enabledSSLcertificatesareintendedtodo.
OverviewThisguidewillhelpyoutounderstandhowSGC-enabledSSLcertificatesworkandwhytheyaredifferentfromothercertificates,whythetechnologywasfirstintroducedinthelate90s,andwhythistechnologyremainsasrelevanttodayasitwasbackthen.
E-commercebusinessesusingServer-GatedCryptography-enabledSSLcertificatescanhelpassurecustomersofstrongerencryption,greaterprivacyandreducedrisksoffraudandidentitytheft.
Thisisnotoneperson'sororganization'sopinion.
Thisisafact-provenbytheYankeeGroupwhoconductedexhaustiveindependenttests(368tobeexact!
)toarriveatthisconclusion(1).
SGCtechnologymayhaveoriginatedinthelate90sbutitremainsasrelevanttodayasitdidwhenitwasfirstintroducedmorethansixyearsago.
Thewidespreadgrowthofbroadbandglobally(2)willnecessitatetheuseoftechnologiesthatareforwardthinkingandproactive.
SGCissuchatechnologybecause,unlikeotherSSLcertificatesthatrelyontheuser'sbrowserbeingabletomatchaserver'sciphersuite,SGChelpsusersattainmoresecureconnectionbyactuallysteppingupsomeusers'browsersinspecificsituations.
TheYankeeGroup'sstudyveryboldlyconcluded,"SGC-enabledcertificatesenablemoreWindows2000userstoconnectwith128-bitencryption.
Thisdifferencemeanstensofmillionsmoreinternetusersworldwidewouldget128-bitencryptionorhigherifalle-commercevendorsusedSGC-enabledcertificates.
"(1)Thefactthat75%ofUSbusinesses(3)believethatathreatfromunprotectedsystemsindevelopingcountriesposeagrowingthreattotheirdigitalsecurity,strengthenstheargumentsupportingusingproactivetechnologieslikeSGC-enabledSSLcertificates.
Theinternethasgivencompaniesacost-effectiveandextremelypowerfulmediumtoconnectwithcustomersanywhereintheworld.
Broadbandismakingitpossibleformorepeoplefromeverycorneroftheglobetogoshoppingincybermalls,unrestrictedbytimeandgeography.
Thesegreatnewopportunitiesthatawaite-businesseswhowanttoexpandgloballywilldemandproactivesecuritytoprotectboththee-businessresourcesanddatabases,aswellasprovideprotectionfornewcustomerswhomayberelyingonoutdatedsoftwaretoexploretheinternet.
1.
BuildingBlocksofTransparentWebSecurity:Server-GatedCryptography-TheYankeeGroup,September20052.
WorldBroadbandStatistics:Q32005-PointTopicLtd.
20053.
U.
S.
Businesses:CostofCybercrimeOvertakesPhysicalCrime-IBM,March20063AnArgumentforProactiveSecurityTheinternetistheembodimentofglobalization–itsgrowthfueledbythewidespreadglobaladoptionoffaster,always-onbroadbandADSLandwirelessservice,theglobalexpansionofmultinationalsandtheirmobilizedarmyofworkerswhotradeinformationanywhereandanytime.
Withtheinternet'sgrowthcomesanewopportunityformanysmallandlargebusinessesthatarenowabletotradefromalocationinonecorneroftheglobe,withanyonewhoisabletoaccesstheirwebsiteandmakecreditcardpayments.
Internetandelectronictradingknowsnotimeandhasnoborders.
But,asmanycompaniesreadythemselvesfortheonslaughtofnewcustomerscomingfromthefourcornersoftheglobe,securityexpertsareexpressingcaution.
Infact,manyUSbusinessesarealsoexpressingcautionandconcern.
InarecentsurveyconductedbyIBM(1)asmanyas75%oftheparticipatingcompaniesexpressedconcernforthegrowingcybercrimethreatthatwillcomefrommanyunprotectedcomputersinthedevelopingworld.
OutdatedsoftwareandunprotectedsystemsarearealthreatastheadoptionrateofbroadbandservicesstabilizesintheUSanddeclinesinAsia,whiletheMiddleEastandAfricaareshowingthehighestnewconnectionratesintheworldfortheseservices.
Whilemanycompaniesarerushingtocapitalizeonrapidglobalgrowthofbroadbandconnection,companiesmustheedthewarningsofmanyexpertswhoarecallingforproactivesecuritythatservestonotonlyprotectthevendor,butalso"thinks"fortheuserhelpingthemtoattainthebestpossiblesecurity.
Proactivesecuritywillnotonlycreateamoresecuredigitalenvironmentforeveryone,butitwillalsohelptobuildtrustamongstthemanynewusersoftheinternet.
Trustwillbuildconfidenceandconfidenceisgoodforbusiness.
Server-GatedCryptography:MakingtheDigitalWorldaMoreSecureSpace(1)Inthe1990s,theUSgovernmentimposedrestrictionsonexportingstrongcryptographytoothercountries.
TherestrictionmeantthatsoftwarethatimplementSSL,suchaswebbrowsers,operatingsystemsandwebservershadtolimitencryptiontoweakalgorithmsandshorterkeylengthsifitwasexportedoutsidetheUnitedStates.
Lawmakersincludedanexceptionforfinancialtransactionstoensurethatcustomersworldwidecouldsafelytransactonlineusingstrongencryption.
SGCwascreatedasanextensiontoSSLforconsumerswithexportversionsofwebbrowsersoftwaretousestrongcryptographyforfinancialtransactions.
USexportlawswereupheldbyissuingSGCcertificatesonlytoeligiblefinancialinstitutions,creatinganenforcementpointattheserverwithoutanyimpacttotheclient.
Therestrictionsonexportofstrongencryptionhavesincebeenrelaxed,andnowSGCcertificatesmaybeissuedtoanyinstitution.
RestrictionsonencryptionareevidentinolderversionsofWindows2000runningInternetExplorerthatarestillinuse.
Consumersande-commercevendors,particularlythoseoutsidetheUnitedStates,arestillusingweakencryption,despitethefactthatsafer,strongeralternativesareavailable.
AlthoughnewerversionsofWindows2000providethesefeatures,millionsstilluseoldversions.
Userswhoarestillusingcertainolderbrowserversionsthatonlyprovideweak40-bitor56-bitencryptioncangainfull-strength128-bitencryptionwhenconductingbusinesswithSGC-enabledwebsites.
WithSGC,browserandoperatingsystemversions-whetherexportsordomestic-thatwouldotherwiseconnectwithweakencryptionareaffordedmuchstrongersecurity.
Untilolderversionsofbrowserandoperatingsystemsdisappearcompletely,SGCcertificatescanprotectthisportionoftheuserpopulation.
1.
U.
S.
Businesses:CostofCybercrimeOvertakesPhysicalCrime-IBM,March2006Alsosee:Stronggetsstronger-256-bitencryption(Appendix2)1.
AnextractfromTheYankeeGrouppaperentitledBuildingBlocksofTransparentWebSecurity:Server-GatedCryptography,September2005)4HowanSGC-EnabledSSLCertificateWorksTounderstandhowanSGC-enabledSSLsessiondiffersfromotherSSLsessions,wefirstneedtoexplainhowanormalSSLsessionworks.
AsimplifiedSSLsessionlookslikethis:1.
theclient/browsersendstheserveralistofsupportedciphers2.
theserverchoosesacipherandsendsthatcipheralongwithitscertificatebacktotheclient/browser3.
theclient/browserverifiestheserver'scertificateandextractstheserver'spublickey4.
theclient/browserencryptsasecretusingtheserver'spublickeyandsendsittotheserver5.
theserverdecryptsthesecretusingitsprivatekey.
Atthispointtheclient/browserandserverbothsharethesecretandcanbeconfidentthatnooneelseknowsit.
Theclient/browserandservercannowusethissecretandthechosenciphertohaveasecureconversation.
ThisisaverysimplifiedexplanationofaSSLhandshake.
WithSGCbasicallywhathappensiswhentheclient/browserreceivestheserver'scertificate(step3),theclientdiscoversthattheserverhasaSGC-enabledSSLcertificatetheclient/browserwillperformanewhandshake(oncethecurrenthandshakeisfinished)usingacompletelistofalltheciphersbeingsupportedincludingthestrong128-bitencryption,thusupgradingthecurrentsessiontostrongcryptography.
BuildingBlocksofTransparentWebSecurity:Server-GatedCryptographybytheYankeeGroup,September2005SecureSocketsLayer(SSL)isthedefactostandardforsecuringe-commercetransactions.
SSLencryptspersonalinformationsuchascreditcardnumbers,socialsecuritynumbers,passwords,namesandaddressessenttoane-commercevendorviaitswebsite.
Therefore,SSLisacriticalcomponentintheprotectionofconsumerprivacyandanecessitytoreducetherisksoffraudandidentitytheft.
YankeeGroupresearchshowsthatbetween1%and2%ofe-commercetransactionsarerelatedtofraud.
Lossestotaling$2billionin2004aregrowingatthesameratease-commercerevenueanderodingconsumerconfidence.
SSLencryptionisakeycomponentinprotectingconsumers'onlinetransactions.
Itstransparencytouserswillbeacriticalfactorinreducingfraud.
SSLlackstransparencyinakeyarea:thestrengthofencryptionusedforagivensession.
Browsers,webserversandoperatingsystemsallplayaroleindeterminingthelevelofencryptionused:40bit,56bitor128bit.
SomePCsystemscan'ttakeadvantageoffull128-bitSSLencryption.
Server-gatedcryptography(SGC)-enabledcertificatesaddressthisissue.
E-commercewebsitesusingSGCcanassurecustomersofstrongerencryption,greaterprivacyandreducedrisksoffraudandidentitytheft.
AspecialstudydonebyTheYankeeGrouptestedbothSGC–andnon-SGC-enabledcertificatesin92commonenvironmentstodetermineunderwhatconditionsusersbenefitfromstrongencryption.
TheYankeeGroup'sconclusion–"ThenumberofpeoplestillsubjecttoweakencryptionbecausetheyareusingolderversionsofWindowsandInternetExplorerisinthetensofmillions.
UsersrunningtheWindows2000operatingsystemwithoutServicePack4orthehigh-encryptionpackaremostlikelytobeaffected.
5"TestedbrowsersreleasedearlierthanMarch2000alsoreturnhigherratesofconnectionatlowencryptionlevels.
OurtestingresultsshowthatwhenusingSGCcertificates,virtuallyallcombinationsofWindowsoperatingsystem,InternetExplorerandserverareabletostepupto128-bitencryption.
Wide-scaledeploymentofSGC-enabledSSLcertificateswouldreducetheactualnumberofusersexposedbyweakerencryptiondramaticallyandmakeitpossibleforvirtuallyeveryinternetusertoenjoytheprotectionof128bitorstrongerencryption.
"IsThawte'sSGCSuperCertCertificateRightforMyBusinessWiththewidespreadglobaladoptionofbroadbandinternet,manye-commercebusinessesareconsideringexpandingtheirservicesintonewterritories.
However,beforeyourushintoopeningyourcyberdoorstothesenewrevenueopportunities,considerthemanynewchallengesthesenewcustomerscouldposetoyourbusiness.
Manyofthesenewcustomerscouldposeasecurityrisktoyourbusiness.
ManymillionsofPCusersstillrelyonoldersoftwarelikeWindows2000systemsthathavenotbeenupdatedwiththelatestservicepacks.
Theseusersmayonlybeabletoconnecttoyoursecuree-commercewebsiteusingweak40and56-bitencryption,exposingnotonlythemselvesbutalsoyourbusinesstounnecessarysecurityrisks.
Toprotectinternetfinancialtransactions,expertsrecommendthataminimumof128-bitencryptionbeused.
SGC-enabledSSLcertificates,likeourSGCSuperCerts,aretheonlySSLcertificatesthathavetheuniqueabilitytostepupencryptionstrengthfromtheweakencryptiontothemuchstronger128-bitencryption.
InanindependentstudyconductedbytheYankeeGroupinSeptember2005itwasshownthatSGCenabledcertificatesenablemoreWindows2000userstoconnectwith128-bitencryption.
Thedifferencemeanstensofmillionsmoreusersworldwidewouldget128-bitencryption,ifalle-commercebusinessesusedSGC.
256-bitencryptioncanbeachievediftheuser'sbrowsercapabilityandtheciphersuiteinstalledonthewebserverareboth256-bitcompatible.
ThawteSGCSuperCertsprovide:Ahigherstrengthofencryptionforcertainolderversionsofexportbrowsers.
Confidenceintheintegrityandsecurityofyouronlinebusinessandnetworkinfrastructure.
CustomersarebecomingincreasinglyawareoftheadvantagesofSSLsecurityandwilloftennotpurchaseonlinefromnon-securestores.
AllmajorwebmerchantsuseSSLsecuritybackedbystrongwarrantiestoencouragecustomerstobuyonline.
Interoperabilityandsupportforstandardapplicationsandbrowsers,suchasMicrosoftInternetExplorerandNetscapeCommunicator.
Non-forgeableproofofyourwebsiteidentity.
Easeofuse.
ASGCSuperCertisastand-alonesolutionthatrequiresnoinstallationofextrasoftwareontheserverorthebrowser.
Peace-of-mindforthoseconductinginternationalonlinebusiness,knowingthatyourbusinessisforwardthinkingandproactiveinitsattitudeconcerningthesecurityofitscustomers.
TheValueofAuthenticationInformationisacriticalassettoyourbusiness.
Toensuretheintegrityandsafetyofyourinformation,itisimportanttoidentifywithwhomyouaredealing,andthedatayouarereceivingistrustworthy.
Authenticationcanhelpestablishtrustbetweenpartiesinvolvedinalltypesoftransactionsbyaddressingauniquesetofsecurityissuesincluding:SPOOFING:Thelowcostofwebsitedesignandtheeasewithwhichexistingpagescanbecopiedmakesitalltooeasytocreateillegitimatewebsitesthatappeartobepublishedbyestablishedorganizations.
Infact,conartistshaveillegallyobtainedcreditcardnumbersbysettingupprofessionallookingstorefrontsthatmimiclegitimatebusinesses.
6UNAUTHORIZEDACTION:Acompetitorordisgruntledcustomercanalteryourwebsitesothatitmalfunctionsorrefusestoservicepotentialclients.
UNAUTHORIZEDDISCLOSURE:Whentransactioninformationistransmitted"intheclear",hackerscaninterceptthetransmissionstoobtainsensitiveinformationfromyourcustomers.
DATAALTERATION:Thecontentofatransactioncanbeinterceptedandalteredenroute,eithermaliciouslyoraccidentally.
Usernames,creditcardnumbersandcurrencyamountssent"intheclear"areallvulnerabletoalteration.
UsefulURL'sFormoredetailonthawte'sSGCSuperCerts,pleasevisit:http://www.
thawte.
com/sgc/index.
htmlLearnmoreaboutSGCSuperCerts:http://www.
thawte.
com/ssl/sgc-supercerts-ssl-certificates/21-DayFreeTrialSSLCertificatehttps://www.
thawte.
com/ucgi/gothawte.
cgia=w62240062237049007BuySGCSuperCerts:http://www.
thawte.
com/buyAppendix:Why128-BitisStrongerthan40and56-BitEncryptionUnderstandingCryptographicStrengthCryptographicstrengthisexpressedinkeylengthorbitlength.
Keyscomeinavarietyoflengths(e.
g.
40-bit,56-bitand128-bit).
Assuminganinherentstrengthintheencryptionalgorithm,alongerkey/bitlengthwillmakeithardertocrackanencryptedmessage.
Werefertobitlengthasthisspecifiesthenumberofbitsrequiredtowritethenumberofpossiblekeysinbinary.
Keylengthshaveincreaseovertimetocounteractadvancesincomputingpowerwhichmakethecrackingofencryptedmessageseasier.
KeyLengthApproximateNumberofKeys40-bit1,099,511,627,77656-bit72,057,594,037,927,900128-bit340,282,366,920,938,000,000,000,000,000,000,000,000Consumersande-commercevendorsoftenviewencryptionastoocomplexfortheaveragehackertoexploit.
Surelyanysortofencryptionprovidesenoughsecuritytodoonlinebankingandshopping,rightUnfortunately,theanswerisno.
Low-levelencryption,using56bitsorless,isuniversallydeemedtooweakforsafefinancialtransactions.
Withthecomputingpoweravailabletoday,it'snotcostprohibitiveforhackerstoattack56-bitencryptionusingbruteforce,whichinvolvestryingeverypossiblekeycombinationuntiltheyfindtheonethatconvertsciphertextintoplaintext.
Thedifferenceinsecuritybetween40bit,56bitand128bitissignificant.
Theprogressmadeincomputingtechnologymeansthatweakerencryptionusing40-bitor56-bitkeyscanbeattackedbybruteforceandbrokeninamatterofhoursusinganaverage-speedPC.
Asrecentlyas1997,thesameexercisewouldhavetakendaysandrequiredtheeffortofmultiplecomputersandpeople.
Atcurrentcomputingspeeds,128-bitencryptionwilltakemorethanatrillionyearstoattackusingbruteforce,anobstaclethatwoulddeteranyfinanciallymotivatedattacker.
Bycontrast,breakingshorter40-bitor56-bitencryptedsessionsisarelativelysmallinvestmentforattackersharvestingpersonalinformation.
ThereisacommonmisconceptionthatdigitalcertificatesdeterminethestrengthofencryptionandthisisreinforcedbymanyCertificationAuthoritiesthatreferto40-bitor128-bitcertificates.
Itisimportanttounderstandthatencryptionstrengthisnormallydeterminedbynegotiationbetweenthebrowser,operatingsystemandawebserverbeforeasecuresessionisestablished.
72013Thawte,Inc.
Allrightsreserved.
Thawte,thethawtelogo,andothertrademarks,servicemarks,anddesignsareregisteredorunregisteredtrademarksofThawte,Inc.
anditssubsidiariesandafliatesintheUnitedStatesandinforeigncountries.
Allothertrademarksarepropertyoftheirrespectiveowners.
OnlydigitalcertificatesenabledwithSGCtechnologyarecapableofinfluencingtheencryptionstrengthofasessionbeyondwhatisagreedbetweenthebrowser,operatingsystemandserver(morethislater).
StrongGetsStronger-256-BitEncryptionAlthoughencryptionstrengthisdependentonthenatureofthebrowseraswellasthesoftwareonthewebservertowhichthebrowserisconnecting,256-bitencryptionisthehighestlevelofencryptioncurrentlypossible.
Whilesomebrowserssupportthislevelofencryption,thisdoesnotguaranteethatasecureinternetsessionwilloccuratthislevel.
Thelevelofencryptionusedtosecureaninternetconnectiondependsontwofactors-firstlythecapacityoftheciphersuiteinstalledonthewebserverbeingaccessed,andsecondlythecapabilityofthewebbrowserbeingusedtoestablishtheconnection.
Aciphersuiteisessentiallyanencryptionalgorithm,whichawebserverwillusetonegotiateanencryptedinternetsession.
Toestablisha256-bitencryptionsessiontheciphersuitemustbecapableofdeliveringthislevelofencryption.
Theencryptionlevelthatwillbeusedtoestablishasecureinternetconnectionisdeterminedthroughanegotiationthatoccurswhentheinternetbrowserandwebserverperformtheirhandshake.
Duringthishandshakesessiontheinternetbrowsersendsitslistofciphersuitestothewebserver,whichtheserverusestodeterminethehighestorstrongestencryptionthatcanbeusedfortheencryptedsession.
Differentbrowseranddifferentbrowserversionwillofferdifferentlevelsofencryption.
Some(olderversionsofNetscapeandInternetExplorer)willevenberestrictedtoofferingonlyweakencryption,unlesstheyareconnectingtoserversusingServer-GatedCryptographyenabledSSLcertificate.
So,dependingonthebrowser'svendorandversion,somewillonlybecapableofencryptingat40or56-bitencryption,whilemorerecentbrowserversionsarecapableof128andeven256-bitencryption.
Anothergroupofbrowserswillonlybecapableof40or56-bitencryptionuntilithasbeenestablishedthattheserverinvolvedhasanSGC-enabledSSLcertificateinstalled.
Thesebrowserswillthenbecapable,withhelpfromtheserver,of128-bitencryption.
Notallciphersuitesarethesameeither.
OnlynewerciphersuitessuchasAdvancedEncryptionStandardarecapableofmanaging256-bitencryptionrates.
HowCanyouEstablishWhen256-BitEncryptionWillbeUsedWhenConnectingtoaSecureServerFirstly,ensurethatthebrowseryouareusingis256-bitencryptioncapable.
Secondly,checkwiththeserveradministratoriftheserveronwhichthewebsiteishostedhasa256-bitciphersuiteinstalled.
Whenbothcriteriahavebeenmetyoushouldbeestablishinga256-bitencryptionsecureconnectionwiththatwebsite.
Thiscaneasilybeverifiedbyhoveringyourmousecursorovertheinternetbrowser'sclosedpadlock.
Viaphone––UStoll-free:+18884842983––UK:+442034505486––SouthAfrica:+27218192800––Germany:+4969380789081––France:+33157324268Emailsales@thawte.
comVisitourwebsiteathttps://www.
thawte.
com/log-inTolearnmore,contactoursalesadvisors:Protectyourbusinessandtranslatetrusttoyourcustomerswithhigh-assurancedigitalcertificatesfromThawte,theworld'sfirstinternationalspecialistinonlinesecurity.
Backedbya17-yeartrackrecordofstabilityandreliability,aproveninfrastructure,andworld-classcustomersupport,Thawteistheinternationalpartnerofchoiceforbusinessesworldwide.
.
.
Withthewidespreadglobaladoptionofwirelesstechnologies,hundredsofmillionsofpeoplelivingdevelopingcountriesareloggingontotheinternetforthefirsttime.
Whilemanywillbedoingsowithnewcomputers,stillmanymorewillnodoubtberelyingonoutdatedsoftwaretosurftheWWW.
Manyofthemwillbenaveaboutthedangersthatlieandwaitincyberspace.
Astheenablersofsecureandglobalelectroniccommerceitisourdutytohelpcompaniesempowerandprotectthesenewcitizensoftheinternet.
Ifourtechnology,trustedservicesandproductscanhelpyoutoprotectevenoneuser,letalonethetensofmillionswhorequiresuchassistance,thenwehavedoneourduty.
ThisiswhatSGC-enabledSSLcertificatesareintendedtodo.
OverviewThisguidewillhelpyoutounderstandhowSGC-enabledSSLcertificatesworkandwhytheyaredifferentfromothercertificates,whythetechnologywasfirstintroducedinthelate90s,andwhythistechnologyremainsasrelevanttodayasitwasbackthen.
E-commercebusinessesusingServer-GatedCryptography-enabledSSLcertificatescanhelpassurecustomersofstrongerencryption,greaterprivacyandreducedrisksoffraudandidentitytheft.
Thisisnotoneperson'sororganization'sopinion.
Thisisafact-provenbytheYankeeGroupwhoconductedexhaustiveindependenttests(368tobeexact!
)toarriveatthisconclusion(1).
SGCtechnologymayhaveoriginatedinthelate90sbutitremainsasrelevanttodayasitdidwhenitwasfirstintroducedmorethansixyearsago.
Thewidespreadgrowthofbroadbandglobally(2)willnecessitatetheuseoftechnologiesthatareforwardthinkingandproactive.
SGCissuchatechnologybecause,unlikeotherSSLcertificatesthatrelyontheuser'sbrowserbeingabletomatchaserver'sciphersuite,SGChelpsusersattainmoresecureconnectionbyactuallysteppingupsomeusers'browsersinspecificsituations.
TheYankeeGroup'sstudyveryboldlyconcluded,"SGC-enabledcertificatesenablemoreWindows2000userstoconnectwith128-bitencryption.
Thisdifferencemeanstensofmillionsmoreinternetusersworldwidewouldget128-bitencryptionorhigherifalle-commercevendorsusedSGC-enabledcertificates.
"(1)Thefactthat75%ofUSbusinesses(3)believethatathreatfromunprotectedsystemsindevelopingcountriesposeagrowingthreattotheirdigitalsecurity,strengthenstheargumentsupportingusingproactivetechnologieslikeSGC-enabledSSLcertificates.
Theinternethasgivencompaniesacost-effectiveandextremelypowerfulmediumtoconnectwithcustomersanywhereintheworld.
Broadbandismakingitpossibleformorepeoplefromeverycorneroftheglobetogoshoppingincybermalls,unrestrictedbytimeandgeography.
Thesegreatnewopportunitiesthatawaite-businesseswhowanttoexpandgloballywilldemandproactivesecuritytoprotectboththee-businessresourcesanddatabases,aswellasprovideprotectionfornewcustomerswhomayberelyingonoutdatedsoftwaretoexploretheinternet.
1.
BuildingBlocksofTransparentWebSecurity:Server-GatedCryptography-TheYankeeGroup,September20052.
WorldBroadbandStatistics:Q32005-PointTopicLtd.
20053.
U.
S.
Businesses:CostofCybercrimeOvertakesPhysicalCrime-IBM,March20063AnArgumentforProactiveSecurityTheinternetistheembodimentofglobalization–itsgrowthfueledbythewidespreadglobaladoptionoffaster,always-onbroadbandADSLandwirelessservice,theglobalexpansionofmultinationalsandtheirmobilizedarmyofworkerswhotradeinformationanywhereandanytime.
Withtheinternet'sgrowthcomesanewopportunityformanysmallandlargebusinessesthatarenowabletotradefromalocationinonecorneroftheglobe,withanyonewhoisabletoaccesstheirwebsiteandmakecreditcardpayments.
Internetandelectronictradingknowsnotimeandhasnoborders.
But,asmanycompaniesreadythemselvesfortheonslaughtofnewcustomerscomingfromthefourcornersoftheglobe,securityexpertsareexpressingcaution.
Infact,manyUSbusinessesarealsoexpressingcautionandconcern.
InarecentsurveyconductedbyIBM(1)asmanyas75%oftheparticipatingcompaniesexpressedconcernforthegrowingcybercrimethreatthatwillcomefrommanyunprotectedcomputersinthedevelopingworld.
OutdatedsoftwareandunprotectedsystemsarearealthreatastheadoptionrateofbroadbandservicesstabilizesintheUSanddeclinesinAsia,whiletheMiddleEastandAfricaareshowingthehighestnewconnectionratesintheworldfortheseservices.
Whilemanycompaniesarerushingtocapitalizeonrapidglobalgrowthofbroadbandconnection,companiesmustheedthewarningsofmanyexpertswhoarecallingforproactivesecuritythatservestonotonlyprotectthevendor,butalso"thinks"fortheuserhelpingthemtoattainthebestpossiblesecurity.
Proactivesecuritywillnotonlycreateamoresecuredigitalenvironmentforeveryone,butitwillalsohelptobuildtrustamongstthemanynewusersoftheinternet.
Trustwillbuildconfidenceandconfidenceisgoodforbusiness.
Server-GatedCryptography:MakingtheDigitalWorldaMoreSecureSpace(1)Inthe1990s,theUSgovernmentimposedrestrictionsonexportingstrongcryptographytoothercountries.
TherestrictionmeantthatsoftwarethatimplementSSL,suchaswebbrowsers,operatingsystemsandwebservershadtolimitencryptiontoweakalgorithmsandshorterkeylengthsifitwasexportedoutsidetheUnitedStates.
Lawmakersincludedanexceptionforfinancialtransactionstoensurethatcustomersworldwidecouldsafelytransactonlineusingstrongencryption.
SGCwascreatedasanextensiontoSSLforconsumerswithexportversionsofwebbrowsersoftwaretousestrongcryptographyforfinancialtransactions.
USexportlawswereupheldbyissuingSGCcertificatesonlytoeligiblefinancialinstitutions,creatinganenforcementpointattheserverwithoutanyimpacttotheclient.
Therestrictionsonexportofstrongencryptionhavesincebeenrelaxed,andnowSGCcertificatesmaybeissuedtoanyinstitution.
RestrictionsonencryptionareevidentinolderversionsofWindows2000runningInternetExplorerthatarestillinuse.
Consumersande-commercevendors,particularlythoseoutsidetheUnitedStates,arestillusingweakencryption,despitethefactthatsafer,strongeralternativesareavailable.
AlthoughnewerversionsofWindows2000providethesefeatures,millionsstilluseoldversions.
Userswhoarestillusingcertainolderbrowserversionsthatonlyprovideweak40-bitor56-bitencryptioncangainfull-strength128-bitencryptionwhenconductingbusinesswithSGC-enabledwebsites.
WithSGC,browserandoperatingsystemversions-whetherexportsordomestic-thatwouldotherwiseconnectwithweakencryptionareaffordedmuchstrongersecurity.
Untilolderversionsofbrowserandoperatingsystemsdisappearcompletely,SGCcertificatescanprotectthisportionoftheuserpopulation.
1.
U.
S.
Businesses:CostofCybercrimeOvertakesPhysicalCrime-IBM,March2006Alsosee:Stronggetsstronger-256-bitencryption(Appendix2)1.
AnextractfromTheYankeeGrouppaperentitledBuildingBlocksofTransparentWebSecurity:Server-GatedCryptography,September2005)4HowanSGC-EnabledSSLCertificateWorksTounderstandhowanSGC-enabledSSLsessiondiffersfromotherSSLsessions,wefirstneedtoexplainhowanormalSSLsessionworks.
AsimplifiedSSLsessionlookslikethis:1.
theclient/browsersendstheserveralistofsupportedciphers2.
theserverchoosesacipherandsendsthatcipheralongwithitscertificatebacktotheclient/browser3.
theclient/browserverifiestheserver'scertificateandextractstheserver'spublickey4.
theclient/browserencryptsasecretusingtheserver'spublickeyandsendsittotheserver5.
theserverdecryptsthesecretusingitsprivatekey.
Atthispointtheclient/browserandserverbothsharethesecretandcanbeconfidentthatnooneelseknowsit.
Theclient/browserandservercannowusethissecretandthechosenciphertohaveasecureconversation.
ThisisaverysimplifiedexplanationofaSSLhandshake.
WithSGCbasicallywhathappensiswhentheclient/browserreceivestheserver'scertificate(step3),theclientdiscoversthattheserverhasaSGC-enabledSSLcertificatetheclient/browserwillperformanewhandshake(oncethecurrenthandshakeisfinished)usingacompletelistofalltheciphersbeingsupportedincludingthestrong128-bitencryption,thusupgradingthecurrentsessiontostrongcryptography.
BuildingBlocksofTransparentWebSecurity:Server-GatedCryptographybytheYankeeGroup,September2005SecureSocketsLayer(SSL)isthedefactostandardforsecuringe-commercetransactions.
SSLencryptspersonalinformationsuchascreditcardnumbers,socialsecuritynumbers,passwords,namesandaddressessenttoane-commercevendorviaitswebsite.
Therefore,SSLisacriticalcomponentintheprotectionofconsumerprivacyandanecessitytoreducetherisksoffraudandidentitytheft.
YankeeGroupresearchshowsthatbetween1%and2%ofe-commercetransactionsarerelatedtofraud.
Lossestotaling$2billionin2004aregrowingatthesameratease-commercerevenueanderodingconsumerconfidence.
SSLencryptionisakeycomponentinprotectingconsumers'onlinetransactions.
Itstransparencytouserswillbeacriticalfactorinreducingfraud.
SSLlackstransparencyinakeyarea:thestrengthofencryptionusedforagivensession.
Browsers,webserversandoperatingsystemsallplayaroleindeterminingthelevelofencryptionused:40bit,56bitor128bit.
SomePCsystemscan'ttakeadvantageoffull128-bitSSLencryption.
Server-gatedcryptography(SGC)-enabledcertificatesaddressthisissue.
E-commercewebsitesusingSGCcanassurecustomersofstrongerencryption,greaterprivacyandreducedrisksoffraudandidentitytheft.
AspecialstudydonebyTheYankeeGrouptestedbothSGC–andnon-SGC-enabledcertificatesin92commonenvironmentstodetermineunderwhatconditionsusersbenefitfromstrongencryption.
TheYankeeGroup'sconclusion–"ThenumberofpeoplestillsubjecttoweakencryptionbecausetheyareusingolderversionsofWindowsandInternetExplorerisinthetensofmillions.
UsersrunningtheWindows2000operatingsystemwithoutServicePack4orthehigh-encryptionpackaremostlikelytobeaffected.
5"TestedbrowsersreleasedearlierthanMarch2000alsoreturnhigherratesofconnectionatlowencryptionlevels.
OurtestingresultsshowthatwhenusingSGCcertificates,virtuallyallcombinationsofWindowsoperatingsystem,InternetExplorerandserverareabletostepupto128-bitencryption.
Wide-scaledeploymentofSGC-enabledSSLcertificateswouldreducetheactualnumberofusersexposedbyweakerencryptiondramaticallyandmakeitpossibleforvirtuallyeveryinternetusertoenjoytheprotectionof128bitorstrongerencryption.
"IsThawte'sSGCSuperCertCertificateRightforMyBusinessWiththewidespreadglobaladoptionofbroadbandinternet,manye-commercebusinessesareconsideringexpandingtheirservicesintonewterritories.
However,beforeyourushintoopeningyourcyberdoorstothesenewrevenueopportunities,considerthemanynewchallengesthesenewcustomerscouldposetoyourbusiness.
Manyofthesenewcustomerscouldposeasecurityrisktoyourbusiness.
ManymillionsofPCusersstillrelyonoldersoftwarelikeWindows2000systemsthathavenotbeenupdatedwiththelatestservicepacks.
Theseusersmayonlybeabletoconnecttoyoursecuree-commercewebsiteusingweak40and56-bitencryption,exposingnotonlythemselvesbutalsoyourbusinesstounnecessarysecurityrisks.
Toprotectinternetfinancialtransactions,expertsrecommendthataminimumof128-bitencryptionbeused.
SGC-enabledSSLcertificates,likeourSGCSuperCerts,aretheonlySSLcertificatesthathavetheuniqueabilitytostepupencryptionstrengthfromtheweakencryptiontothemuchstronger128-bitencryption.
InanindependentstudyconductedbytheYankeeGroupinSeptember2005itwasshownthatSGCenabledcertificatesenablemoreWindows2000userstoconnectwith128-bitencryption.
Thedifferencemeanstensofmillionsmoreusersworldwidewouldget128-bitencryption,ifalle-commercebusinessesusedSGC.
256-bitencryptioncanbeachievediftheuser'sbrowsercapabilityandtheciphersuiteinstalledonthewebserverareboth256-bitcompatible.
ThawteSGCSuperCertsprovide:Ahigherstrengthofencryptionforcertainolderversionsofexportbrowsers.
Confidenceintheintegrityandsecurityofyouronlinebusinessandnetworkinfrastructure.
CustomersarebecomingincreasinglyawareoftheadvantagesofSSLsecurityandwilloftennotpurchaseonlinefromnon-securestores.
AllmajorwebmerchantsuseSSLsecuritybackedbystrongwarrantiestoencouragecustomerstobuyonline.
Interoperabilityandsupportforstandardapplicationsandbrowsers,suchasMicrosoftInternetExplorerandNetscapeCommunicator.
Non-forgeableproofofyourwebsiteidentity.
Easeofuse.
ASGCSuperCertisastand-alonesolutionthatrequiresnoinstallationofextrasoftwareontheserverorthebrowser.
Peace-of-mindforthoseconductinginternationalonlinebusiness,knowingthatyourbusinessisforwardthinkingandproactiveinitsattitudeconcerningthesecurityofitscustomers.
TheValueofAuthenticationInformationisacriticalassettoyourbusiness.
Toensuretheintegrityandsafetyofyourinformation,itisimportanttoidentifywithwhomyouaredealing,andthedatayouarereceivingistrustworthy.
Authenticationcanhelpestablishtrustbetweenpartiesinvolvedinalltypesoftransactionsbyaddressingauniquesetofsecurityissuesincluding:SPOOFING:Thelowcostofwebsitedesignandtheeasewithwhichexistingpagescanbecopiedmakesitalltooeasytocreateillegitimatewebsitesthatappeartobepublishedbyestablishedorganizations.
Infact,conartistshaveillegallyobtainedcreditcardnumbersbysettingupprofessionallookingstorefrontsthatmimiclegitimatebusinesses.
6UNAUTHORIZEDACTION:Acompetitorordisgruntledcustomercanalteryourwebsitesothatitmalfunctionsorrefusestoservicepotentialclients.
UNAUTHORIZEDDISCLOSURE:Whentransactioninformationistransmitted"intheclear",hackerscaninterceptthetransmissionstoobtainsensitiveinformationfromyourcustomers.
DATAALTERATION:Thecontentofatransactioncanbeinterceptedandalteredenroute,eithermaliciouslyoraccidentally.
Usernames,creditcardnumbersandcurrencyamountssent"intheclear"areallvulnerabletoalteration.
UsefulURL'sFormoredetailonthawte'sSGCSuperCerts,pleasevisit:http://www.
thawte.
com/sgc/index.
htmlLearnmoreaboutSGCSuperCerts:http://www.
thawte.
com/ssl/sgc-supercerts-ssl-certificates/21-DayFreeTrialSSLCertificatehttps://www.
thawte.
com/ucgi/gothawte.
cgia=w62240062237049007BuySGCSuperCerts:http://www.
thawte.
com/buyAppendix:Why128-BitisStrongerthan40and56-BitEncryptionUnderstandingCryptographicStrengthCryptographicstrengthisexpressedinkeylengthorbitlength.
Keyscomeinavarietyoflengths(e.
g.
40-bit,56-bitand128-bit).
Assuminganinherentstrengthintheencryptionalgorithm,alongerkey/bitlengthwillmakeithardertocrackanencryptedmessage.
Werefertobitlengthasthisspecifiesthenumberofbitsrequiredtowritethenumberofpossiblekeysinbinary.
Keylengthshaveincreaseovertimetocounteractadvancesincomputingpowerwhichmakethecrackingofencryptedmessageseasier.
KeyLengthApproximateNumberofKeys40-bit1,099,511,627,77656-bit72,057,594,037,927,900128-bit340,282,366,920,938,000,000,000,000,000,000,000,000Consumersande-commercevendorsoftenviewencryptionastoocomplexfortheaveragehackertoexploit.
Surelyanysortofencryptionprovidesenoughsecuritytodoonlinebankingandshopping,rightUnfortunately,theanswerisno.
Low-levelencryption,using56bitsorless,isuniversallydeemedtooweakforsafefinancialtransactions.
Withthecomputingpoweravailabletoday,it'snotcostprohibitiveforhackerstoattack56-bitencryptionusingbruteforce,whichinvolvestryingeverypossiblekeycombinationuntiltheyfindtheonethatconvertsciphertextintoplaintext.
Thedifferenceinsecuritybetween40bit,56bitand128bitissignificant.
Theprogressmadeincomputingtechnologymeansthatweakerencryptionusing40-bitor56-bitkeyscanbeattackedbybruteforceandbrokeninamatterofhoursusinganaverage-speedPC.
Asrecentlyas1997,thesameexercisewouldhavetakendaysandrequiredtheeffortofmultiplecomputersandpeople.
Atcurrentcomputingspeeds,128-bitencryptionwilltakemorethanatrillionyearstoattackusingbruteforce,anobstaclethatwoulddeteranyfinanciallymotivatedattacker.
Bycontrast,breakingshorter40-bitor56-bitencryptedsessionsisarelativelysmallinvestmentforattackersharvestingpersonalinformation.
ThereisacommonmisconceptionthatdigitalcertificatesdeterminethestrengthofencryptionandthisisreinforcedbymanyCertificationAuthoritiesthatreferto40-bitor128-bitcertificates.
Itisimportanttounderstandthatencryptionstrengthisnormallydeterminedbynegotiationbetweenthebrowser,operatingsystemandawebserverbeforeasecuresessionisestablished.
72013Thawte,Inc.
Allrightsreserved.
Thawte,thethawtelogo,andothertrademarks,servicemarks,anddesignsareregisteredorunregisteredtrademarksofThawte,Inc.
anditssubsidiariesandafliatesintheUnitedStatesandinforeigncountries.
Allothertrademarksarepropertyoftheirrespectiveowners.
OnlydigitalcertificatesenabledwithSGCtechnologyarecapableofinfluencingtheencryptionstrengthofasessionbeyondwhatisagreedbetweenthebrowser,operatingsystemandserver(morethislater).
StrongGetsStronger-256-BitEncryptionAlthoughencryptionstrengthisdependentonthenatureofthebrowseraswellasthesoftwareonthewebservertowhichthebrowserisconnecting,256-bitencryptionisthehighestlevelofencryptioncurrentlypossible.
Whilesomebrowserssupportthislevelofencryption,thisdoesnotguaranteethatasecureinternetsessionwilloccuratthislevel.
Thelevelofencryptionusedtosecureaninternetconnectiondependsontwofactors-firstlythecapacityoftheciphersuiteinstalledonthewebserverbeingaccessed,andsecondlythecapabilityofthewebbrowserbeingusedtoestablishtheconnection.
Aciphersuiteisessentiallyanencryptionalgorithm,whichawebserverwillusetonegotiateanencryptedinternetsession.
Toestablisha256-bitencryptionsessiontheciphersuitemustbecapableofdeliveringthislevelofencryption.
Theencryptionlevelthatwillbeusedtoestablishasecureinternetconnectionisdeterminedthroughanegotiationthatoccurswhentheinternetbrowserandwebserverperformtheirhandshake.
Duringthishandshakesessiontheinternetbrowsersendsitslistofciphersuitestothewebserver,whichtheserverusestodeterminethehighestorstrongestencryptionthatcanbeusedfortheencryptedsession.
Differentbrowseranddifferentbrowserversionwillofferdifferentlevelsofencryption.
Some(olderversionsofNetscapeandInternetExplorer)willevenberestrictedtoofferingonlyweakencryption,unlesstheyareconnectingtoserversusingServer-GatedCryptographyenabledSSLcertificate.
So,dependingonthebrowser'svendorandversion,somewillonlybecapableofencryptingat40or56-bitencryption,whilemorerecentbrowserversionsarecapableof128andeven256-bitencryption.
Anothergroupofbrowserswillonlybecapableof40or56-bitencryptionuntilithasbeenestablishedthattheserverinvolvedhasanSGC-enabledSSLcertificateinstalled.
Thesebrowserswillthenbecapable,withhelpfromtheserver,of128-bitencryption.
Notallciphersuitesarethesameeither.
OnlynewerciphersuitessuchasAdvancedEncryptionStandardarecapableofmanaging256-bitencryptionrates.
HowCanyouEstablishWhen256-BitEncryptionWillbeUsedWhenConnectingtoaSecureServerFirstly,ensurethatthebrowseryouareusingis256-bitencryptioncapable.
Secondly,checkwiththeserveradministratoriftheserveronwhichthewebsiteishostedhasa256-bitciphersuiteinstalled.
Whenbothcriteriahavebeenmetyoushouldbeestablishinga256-bitencryptionsecureconnectionwiththatwebsite.
Thiscaneasilybeverifiedbyhoveringyourmousecursorovertheinternetbrowser'sclosedpadlock.
Viaphone––UStoll-free:+18884842983––UK:+442034505486––SouthAfrica:+27218192800––Germany:+4969380789081––France:+33157324268Emailsales@thawte.
comVisitourwebsiteathttps://www.
thawte.
com/log-inTolearnmore,contactoursalesadvisors:Protectyourbusinessandtranslatetrusttoyourcustomerswithhigh-assurancedigitalcertificatesfromThawte,theworld'sfirstinternationalspecialistinonlinesecurity.
Backedbya17-yeartrackrecordofstabilityandreliability,aproveninfrastructure,andworld-classcustomersupport,Thawteistheinternationalpartnerofchoiceforbusinessesworldwide.
- restrictionsserver相关文档
- contentinternal
- Netscapeinternal
- 数据internal
- sink500
Sharktech鲨鱼服务器商提供洛杉矶独立服务器促销 不限流量月99美元
Sharktech(鲨鱼服务器商)我们还是比较懂的,有提供独立服务器和高防服务器,而且性价比都还算是不错,而且我们看到有一些主机商的服务器也是走这个商家渠道分销的。这不看到鲨鱼服务器商家洛杉矶独立服务器纷纷促销,不限制流量的独立服务器起步99美元,这个还未曾有过。第一、鲨鱼机房服务器方案洛杉矶机房,默认1Gbps带宽,不限流量,自带5个IPv4,免费60Gbps / 48Mpps DDoS防御。C...
香港 1核 1G 5M 22元/月 美国 1核 512M 15M 19.36元/月 轻云互联
轻云互联成立于2018年的国人商家,广州轻云互联网络科技有限公司旗下品牌,主要从事VPS、虚拟主机等云计算产品业务,适合建站、新手上车的值得选择,香港三网直连(电信CN2GIA联通移动CN2直连);美国圣何塞(回程三网CN2GIA)线路,所有产品均采用KVM虚拟技术架构,高效售后保障,稳定多年,高性能可用,网络优质,为您的业务保驾护航。官方网站:点击进入广州轻云网络科技有限公司活动规则:用户购买任...
JustHost俄罗斯VPS有HDD、SSD、NVMe SSD,不限流量低至约9.6元/月
justhost怎么样?justhost服务器好不好?JustHost是一家成立于2006年的俄罗斯服务器提供商,支持支付宝付款,服务器价格便宜,200Mbps大带宽不限流量,支持免费更换5次IP,支持控制面板自由切换机房,目前JustHost有俄罗斯6个机房可以自由切换选择,最重要的还是价格真的特别便宜,最低只需要87卢布/月,约8.5元/月起!总体来说,性价比很高,性价比不错,有需要的朋友可以...
500InternalServerError为你推荐
-
漏洞chrome回收卡巴斯基设置win7支持ipadcss3圆角如何用CSS实现圆角矩形?css下拉菜单css下拉菜单代码x-routerx-0.4x等于多少?ms17-010win10华为 slatl10是什么型号联通版iphone4s苹果4s是联通版,或移动版,或全网通如何知道?重庆电信宽带管家重庆电信宽带多少钱一个月