restrictionsserver
500InternalServerError 时间:2021-02-01 阅读:()
Server-GatedCryptographyPROVIDINGBETTERSECURITYFORMOREUSERS2Server-GatedCryptographyForwardThinking.
.
.
Withthewidespreadglobaladoptionofwirelesstechnologies,hundredsofmillionsofpeoplelivingdevelopingcountriesareloggingontotheinternetforthefirsttime.
Whilemanywillbedoingsowithnewcomputers,stillmanymorewillnodoubtberelyingonoutdatedsoftwaretosurftheWWW.
Manyofthemwillbenaveaboutthedangersthatlieandwaitincyberspace.
Astheenablersofsecureandglobalelectroniccommerceitisourdutytohelpcompaniesempowerandprotectthesenewcitizensoftheinternet.
Ifourtechnology,trustedservicesandproductscanhelpyoutoprotectevenoneuser,letalonethetensofmillionswhorequiresuchassistance,thenwehavedoneourduty.
ThisiswhatSGC-enabledSSLcertificatesareintendedtodo.
OverviewThisguidewillhelpyoutounderstandhowSGC-enabledSSLcertificatesworkandwhytheyaredifferentfromothercertificates,whythetechnologywasfirstintroducedinthelate90s,andwhythistechnologyremainsasrelevanttodayasitwasbackthen.
E-commercebusinessesusingServer-GatedCryptography-enabledSSLcertificatescanhelpassurecustomersofstrongerencryption,greaterprivacyandreducedrisksoffraudandidentitytheft.
Thisisnotoneperson'sororganization'sopinion.
Thisisafact-provenbytheYankeeGroupwhoconductedexhaustiveindependenttests(368tobeexact!
)toarriveatthisconclusion(1).
SGCtechnologymayhaveoriginatedinthelate90sbutitremainsasrelevanttodayasitdidwhenitwasfirstintroducedmorethansixyearsago.
Thewidespreadgrowthofbroadbandglobally(2)willnecessitatetheuseoftechnologiesthatareforwardthinkingandproactive.
SGCissuchatechnologybecause,unlikeotherSSLcertificatesthatrelyontheuser'sbrowserbeingabletomatchaserver'sciphersuite,SGChelpsusersattainmoresecureconnectionbyactuallysteppingupsomeusers'browsersinspecificsituations.
TheYankeeGroup'sstudyveryboldlyconcluded,"SGC-enabledcertificatesenablemoreWindows2000userstoconnectwith128-bitencryption.
Thisdifferencemeanstensofmillionsmoreinternetusersworldwidewouldget128-bitencryptionorhigherifalle-commercevendorsusedSGC-enabledcertificates.
"(1)Thefactthat75%ofUSbusinesses(3)believethatathreatfromunprotectedsystemsindevelopingcountriesposeagrowingthreattotheirdigitalsecurity,strengthenstheargumentsupportingusingproactivetechnologieslikeSGC-enabledSSLcertificates.
Theinternethasgivencompaniesacost-effectiveandextremelypowerfulmediumtoconnectwithcustomersanywhereintheworld.
Broadbandismakingitpossibleformorepeoplefromeverycorneroftheglobetogoshoppingincybermalls,unrestrictedbytimeandgeography.
Thesegreatnewopportunitiesthatawaite-businesseswhowanttoexpandgloballywilldemandproactivesecuritytoprotectboththee-businessresourcesanddatabases,aswellasprovideprotectionfornewcustomerswhomayberelyingonoutdatedsoftwaretoexploretheinternet.
1.
BuildingBlocksofTransparentWebSecurity:Server-GatedCryptography-TheYankeeGroup,September20052.
WorldBroadbandStatistics:Q32005-PointTopicLtd.
20053.
U.
S.
Businesses:CostofCybercrimeOvertakesPhysicalCrime-IBM,March20063AnArgumentforProactiveSecurityTheinternetistheembodimentofglobalization–itsgrowthfueledbythewidespreadglobaladoptionoffaster,always-onbroadbandADSLandwirelessservice,theglobalexpansionofmultinationalsandtheirmobilizedarmyofworkerswhotradeinformationanywhereandanytime.
Withtheinternet'sgrowthcomesanewopportunityformanysmallandlargebusinessesthatarenowabletotradefromalocationinonecorneroftheglobe,withanyonewhoisabletoaccesstheirwebsiteandmakecreditcardpayments.
Internetandelectronictradingknowsnotimeandhasnoborders.
But,asmanycompaniesreadythemselvesfortheonslaughtofnewcustomerscomingfromthefourcornersoftheglobe,securityexpertsareexpressingcaution.
Infact,manyUSbusinessesarealsoexpressingcautionandconcern.
InarecentsurveyconductedbyIBM(1)asmanyas75%oftheparticipatingcompaniesexpressedconcernforthegrowingcybercrimethreatthatwillcomefrommanyunprotectedcomputersinthedevelopingworld.
OutdatedsoftwareandunprotectedsystemsarearealthreatastheadoptionrateofbroadbandservicesstabilizesintheUSanddeclinesinAsia,whiletheMiddleEastandAfricaareshowingthehighestnewconnectionratesintheworldfortheseservices.
Whilemanycompaniesarerushingtocapitalizeonrapidglobalgrowthofbroadbandconnection,companiesmustheedthewarningsofmanyexpertswhoarecallingforproactivesecuritythatservestonotonlyprotectthevendor,butalso"thinks"fortheuserhelpingthemtoattainthebestpossiblesecurity.
Proactivesecuritywillnotonlycreateamoresecuredigitalenvironmentforeveryone,butitwillalsohelptobuildtrustamongstthemanynewusersoftheinternet.
Trustwillbuildconfidenceandconfidenceisgoodforbusiness.
Server-GatedCryptography:MakingtheDigitalWorldaMoreSecureSpace(1)Inthe1990s,theUSgovernmentimposedrestrictionsonexportingstrongcryptographytoothercountries.
TherestrictionmeantthatsoftwarethatimplementSSL,suchaswebbrowsers,operatingsystemsandwebservershadtolimitencryptiontoweakalgorithmsandshorterkeylengthsifitwasexportedoutsidetheUnitedStates.
Lawmakersincludedanexceptionforfinancialtransactionstoensurethatcustomersworldwidecouldsafelytransactonlineusingstrongencryption.
SGCwascreatedasanextensiontoSSLforconsumerswithexportversionsofwebbrowsersoftwaretousestrongcryptographyforfinancialtransactions.
USexportlawswereupheldbyissuingSGCcertificatesonlytoeligiblefinancialinstitutions,creatinganenforcementpointattheserverwithoutanyimpacttotheclient.
Therestrictionsonexportofstrongencryptionhavesincebeenrelaxed,andnowSGCcertificatesmaybeissuedtoanyinstitution.
RestrictionsonencryptionareevidentinolderversionsofWindows2000runningInternetExplorerthatarestillinuse.
Consumersande-commercevendors,particularlythoseoutsidetheUnitedStates,arestillusingweakencryption,despitethefactthatsafer,strongeralternativesareavailable.
AlthoughnewerversionsofWindows2000providethesefeatures,millionsstilluseoldversions.
Userswhoarestillusingcertainolderbrowserversionsthatonlyprovideweak40-bitor56-bitencryptioncangainfull-strength128-bitencryptionwhenconductingbusinesswithSGC-enabledwebsites.
WithSGC,browserandoperatingsystemversions-whetherexportsordomestic-thatwouldotherwiseconnectwithweakencryptionareaffordedmuchstrongersecurity.
Untilolderversionsofbrowserandoperatingsystemsdisappearcompletely,SGCcertificatescanprotectthisportionoftheuserpopulation.
1.
U.
S.
Businesses:CostofCybercrimeOvertakesPhysicalCrime-IBM,March2006Alsosee:Stronggetsstronger-256-bitencryption(Appendix2)1.
AnextractfromTheYankeeGrouppaperentitledBuildingBlocksofTransparentWebSecurity:Server-GatedCryptography,September2005)4HowanSGC-EnabledSSLCertificateWorksTounderstandhowanSGC-enabledSSLsessiondiffersfromotherSSLsessions,wefirstneedtoexplainhowanormalSSLsessionworks.
AsimplifiedSSLsessionlookslikethis:1.
theclient/browsersendstheserveralistofsupportedciphers2.
theserverchoosesacipherandsendsthatcipheralongwithitscertificatebacktotheclient/browser3.
theclient/browserverifiestheserver'scertificateandextractstheserver'spublickey4.
theclient/browserencryptsasecretusingtheserver'spublickeyandsendsittotheserver5.
theserverdecryptsthesecretusingitsprivatekey.
Atthispointtheclient/browserandserverbothsharethesecretandcanbeconfidentthatnooneelseknowsit.
Theclient/browserandservercannowusethissecretandthechosenciphertohaveasecureconversation.
ThisisaverysimplifiedexplanationofaSSLhandshake.
WithSGCbasicallywhathappensiswhentheclient/browserreceivestheserver'scertificate(step3),theclientdiscoversthattheserverhasaSGC-enabledSSLcertificatetheclient/browserwillperformanewhandshake(oncethecurrenthandshakeisfinished)usingacompletelistofalltheciphersbeingsupportedincludingthestrong128-bitencryption,thusupgradingthecurrentsessiontostrongcryptography.
BuildingBlocksofTransparentWebSecurity:Server-GatedCryptographybytheYankeeGroup,September2005SecureSocketsLayer(SSL)isthedefactostandardforsecuringe-commercetransactions.
SSLencryptspersonalinformationsuchascreditcardnumbers,socialsecuritynumbers,passwords,namesandaddressessenttoane-commercevendorviaitswebsite.
Therefore,SSLisacriticalcomponentintheprotectionofconsumerprivacyandanecessitytoreducetherisksoffraudandidentitytheft.
YankeeGroupresearchshowsthatbetween1%and2%ofe-commercetransactionsarerelatedtofraud.
Lossestotaling$2billionin2004aregrowingatthesameratease-commercerevenueanderodingconsumerconfidence.
SSLencryptionisakeycomponentinprotectingconsumers'onlinetransactions.
Itstransparencytouserswillbeacriticalfactorinreducingfraud.
SSLlackstransparencyinakeyarea:thestrengthofencryptionusedforagivensession.
Browsers,webserversandoperatingsystemsallplayaroleindeterminingthelevelofencryptionused:40bit,56bitor128bit.
SomePCsystemscan'ttakeadvantageoffull128-bitSSLencryption.
Server-gatedcryptography(SGC)-enabledcertificatesaddressthisissue.
E-commercewebsitesusingSGCcanassurecustomersofstrongerencryption,greaterprivacyandreducedrisksoffraudandidentitytheft.
AspecialstudydonebyTheYankeeGrouptestedbothSGC–andnon-SGC-enabledcertificatesin92commonenvironmentstodetermineunderwhatconditionsusersbenefitfromstrongencryption.
TheYankeeGroup'sconclusion–"ThenumberofpeoplestillsubjecttoweakencryptionbecausetheyareusingolderversionsofWindowsandInternetExplorerisinthetensofmillions.
UsersrunningtheWindows2000operatingsystemwithoutServicePack4orthehigh-encryptionpackaremostlikelytobeaffected.
5"TestedbrowsersreleasedearlierthanMarch2000alsoreturnhigherratesofconnectionatlowencryptionlevels.
OurtestingresultsshowthatwhenusingSGCcertificates,virtuallyallcombinationsofWindowsoperatingsystem,InternetExplorerandserverareabletostepupto128-bitencryption.
Wide-scaledeploymentofSGC-enabledSSLcertificateswouldreducetheactualnumberofusersexposedbyweakerencryptiondramaticallyandmakeitpossibleforvirtuallyeveryinternetusertoenjoytheprotectionof128bitorstrongerencryption.
"IsThawte'sSGCSuperCertCertificateRightforMyBusinessWiththewidespreadglobaladoptionofbroadbandinternet,manye-commercebusinessesareconsideringexpandingtheirservicesintonewterritories.
However,beforeyourushintoopeningyourcyberdoorstothesenewrevenueopportunities,considerthemanynewchallengesthesenewcustomerscouldposetoyourbusiness.
Manyofthesenewcustomerscouldposeasecurityrisktoyourbusiness.
ManymillionsofPCusersstillrelyonoldersoftwarelikeWindows2000systemsthathavenotbeenupdatedwiththelatestservicepacks.
Theseusersmayonlybeabletoconnecttoyoursecuree-commercewebsiteusingweak40and56-bitencryption,exposingnotonlythemselvesbutalsoyourbusinesstounnecessarysecurityrisks.
Toprotectinternetfinancialtransactions,expertsrecommendthataminimumof128-bitencryptionbeused.
SGC-enabledSSLcertificates,likeourSGCSuperCerts,aretheonlySSLcertificatesthathavetheuniqueabilitytostepupencryptionstrengthfromtheweakencryptiontothemuchstronger128-bitencryption.
InanindependentstudyconductedbytheYankeeGroupinSeptember2005itwasshownthatSGCenabledcertificatesenablemoreWindows2000userstoconnectwith128-bitencryption.
Thedifferencemeanstensofmillionsmoreusersworldwidewouldget128-bitencryption,ifalle-commercebusinessesusedSGC.
256-bitencryptioncanbeachievediftheuser'sbrowsercapabilityandtheciphersuiteinstalledonthewebserverareboth256-bitcompatible.
ThawteSGCSuperCertsprovide:Ahigherstrengthofencryptionforcertainolderversionsofexportbrowsers.
Confidenceintheintegrityandsecurityofyouronlinebusinessandnetworkinfrastructure.
CustomersarebecomingincreasinglyawareoftheadvantagesofSSLsecurityandwilloftennotpurchaseonlinefromnon-securestores.
AllmajorwebmerchantsuseSSLsecuritybackedbystrongwarrantiestoencouragecustomerstobuyonline.
Interoperabilityandsupportforstandardapplicationsandbrowsers,suchasMicrosoftInternetExplorerandNetscapeCommunicator.
Non-forgeableproofofyourwebsiteidentity.
Easeofuse.
ASGCSuperCertisastand-alonesolutionthatrequiresnoinstallationofextrasoftwareontheserverorthebrowser.
Peace-of-mindforthoseconductinginternationalonlinebusiness,knowingthatyourbusinessisforwardthinkingandproactiveinitsattitudeconcerningthesecurityofitscustomers.
TheValueofAuthenticationInformationisacriticalassettoyourbusiness.
Toensuretheintegrityandsafetyofyourinformation,itisimportanttoidentifywithwhomyouaredealing,andthedatayouarereceivingistrustworthy.
Authenticationcanhelpestablishtrustbetweenpartiesinvolvedinalltypesoftransactionsbyaddressingauniquesetofsecurityissuesincluding:SPOOFING:Thelowcostofwebsitedesignandtheeasewithwhichexistingpagescanbecopiedmakesitalltooeasytocreateillegitimatewebsitesthatappeartobepublishedbyestablishedorganizations.
Infact,conartistshaveillegallyobtainedcreditcardnumbersbysettingupprofessionallookingstorefrontsthatmimiclegitimatebusinesses.
6UNAUTHORIZEDACTION:Acompetitorordisgruntledcustomercanalteryourwebsitesothatitmalfunctionsorrefusestoservicepotentialclients.
UNAUTHORIZEDDISCLOSURE:Whentransactioninformationistransmitted"intheclear",hackerscaninterceptthetransmissionstoobtainsensitiveinformationfromyourcustomers.
DATAALTERATION:Thecontentofatransactioncanbeinterceptedandalteredenroute,eithermaliciouslyoraccidentally.
Usernames,creditcardnumbersandcurrencyamountssent"intheclear"areallvulnerabletoalteration.
UsefulURL'sFormoredetailonthawte'sSGCSuperCerts,pleasevisit:http://www.
thawte.
com/sgc/index.
htmlLearnmoreaboutSGCSuperCerts:http://www.
thawte.
com/ssl/sgc-supercerts-ssl-certificates/21-DayFreeTrialSSLCertificatehttps://www.
thawte.
com/ucgi/gothawte.
cgia=w62240062237049007BuySGCSuperCerts:http://www.
thawte.
com/buyAppendix:Why128-BitisStrongerthan40and56-BitEncryptionUnderstandingCryptographicStrengthCryptographicstrengthisexpressedinkeylengthorbitlength.
Keyscomeinavarietyoflengths(e.
g.
40-bit,56-bitand128-bit).
Assuminganinherentstrengthintheencryptionalgorithm,alongerkey/bitlengthwillmakeithardertocrackanencryptedmessage.
Werefertobitlengthasthisspecifiesthenumberofbitsrequiredtowritethenumberofpossiblekeysinbinary.
Keylengthshaveincreaseovertimetocounteractadvancesincomputingpowerwhichmakethecrackingofencryptedmessageseasier.
KeyLengthApproximateNumberofKeys40-bit1,099,511,627,77656-bit72,057,594,037,927,900128-bit340,282,366,920,938,000,000,000,000,000,000,000,000Consumersande-commercevendorsoftenviewencryptionastoocomplexfortheaveragehackertoexploit.
Surelyanysortofencryptionprovidesenoughsecuritytodoonlinebankingandshopping,rightUnfortunately,theanswerisno.
Low-levelencryption,using56bitsorless,isuniversallydeemedtooweakforsafefinancialtransactions.
Withthecomputingpoweravailabletoday,it'snotcostprohibitiveforhackerstoattack56-bitencryptionusingbruteforce,whichinvolvestryingeverypossiblekeycombinationuntiltheyfindtheonethatconvertsciphertextintoplaintext.
Thedifferenceinsecuritybetween40bit,56bitand128bitissignificant.
Theprogressmadeincomputingtechnologymeansthatweakerencryptionusing40-bitor56-bitkeyscanbeattackedbybruteforceandbrokeninamatterofhoursusinganaverage-speedPC.
Asrecentlyas1997,thesameexercisewouldhavetakendaysandrequiredtheeffortofmultiplecomputersandpeople.
Atcurrentcomputingspeeds,128-bitencryptionwilltakemorethanatrillionyearstoattackusingbruteforce,anobstaclethatwoulddeteranyfinanciallymotivatedattacker.
Bycontrast,breakingshorter40-bitor56-bitencryptedsessionsisarelativelysmallinvestmentforattackersharvestingpersonalinformation.
ThereisacommonmisconceptionthatdigitalcertificatesdeterminethestrengthofencryptionandthisisreinforcedbymanyCertificationAuthoritiesthatreferto40-bitor128-bitcertificates.
Itisimportanttounderstandthatencryptionstrengthisnormallydeterminedbynegotiationbetweenthebrowser,operatingsystemandawebserverbeforeasecuresessionisestablished.
72013Thawte,Inc.
Allrightsreserved.
Thawte,thethawtelogo,andothertrademarks,servicemarks,anddesignsareregisteredorunregisteredtrademarksofThawte,Inc.
anditssubsidiariesandafliatesintheUnitedStatesandinforeigncountries.
Allothertrademarksarepropertyoftheirrespectiveowners.
OnlydigitalcertificatesenabledwithSGCtechnologyarecapableofinfluencingtheencryptionstrengthofasessionbeyondwhatisagreedbetweenthebrowser,operatingsystemandserver(morethislater).
StrongGetsStronger-256-BitEncryptionAlthoughencryptionstrengthisdependentonthenatureofthebrowseraswellasthesoftwareonthewebservertowhichthebrowserisconnecting,256-bitencryptionisthehighestlevelofencryptioncurrentlypossible.
Whilesomebrowserssupportthislevelofencryption,thisdoesnotguaranteethatasecureinternetsessionwilloccuratthislevel.
Thelevelofencryptionusedtosecureaninternetconnectiondependsontwofactors-firstlythecapacityoftheciphersuiteinstalledonthewebserverbeingaccessed,andsecondlythecapabilityofthewebbrowserbeingusedtoestablishtheconnection.
Aciphersuiteisessentiallyanencryptionalgorithm,whichawebserverwillusetonegotiateanencryptedinternetsession.
Toestablisha256-bitencryptionsessiontheciphersuitemustbecapableofdeliveringthislevelofencryption.
Theencryptionlevelthatwillbeusedtoestablishasecureinternetconnectionisdeterminedthroughanegotiationthatoccurswhentheinternetbrowserandwebserverperformtheirhandshake.
Duringthishandshakesessiontheinternetbrowsersendsitslistofciphersuitestothewebserver,whichtheserverusestodeterminethehighestorstrongestencryptionthatcanbeusedfortheencryptedsession.
Differentbrowseranddifferentbrowserversionwillofferdifferentlevelsofencryption.
Some(olderversionsofNetscapeandInternetExplorer)willevenberestrictedtoofferingonlyweakencryption,unlesstheyareconnectingtoserversusingServer-GatedCryptographyenabledSSLcertificate.
So,dependingonthebrowser'svendorandversion,somewillonlybecapableofencryptingat40or56-bitencryption,whilemorerecentbrowserversionsarecapableof128andeven256-bitencryption.
Anothergroupofbrowserswillonlybecapableof40or56-bitencryptionuntilithasbeenestablishedthattheserverinvolvedhasanSGC-enabledSSLcertificateinstalled.
Thesebrowserswillthenbecapable,withhelpfromtheserver,of128-bitencryption.
Notallciphersuitesarethesameeither.
OnlynewerciphersuitessuchasAdvancedEncryptionStandardarecapableofmanaging256-bitencryptionrates.
HowCanyouEstablishWhen256-BitEncryptionWillbeUsedWhenConnectingtoaSecureServerFirstly,ensurethatthebrowseryouareusingis256-bitencryptioncapable.
Secondly,checkwiththeserveradministratoriftheserveronwhichthewebsiteishostedhasa256-bitciphersuiteinstalled.
Whenbothcriteriahavebeenmetyoushouldbeestablishinga256-bitencryptionsecureconnectionwiththatwebsite.
Thiscaneasilybeverifiedbyhoveringyourmousecursorovertheinternetbrowser'sclosedpadlock.
Viaphone––UStoll-free:+18884842983––UK:+442034505486––SouthAfrica:+27218192800––Germany:+4969380789081––France:+33157324268Emailsales@thawte.
comVisitourwebsiteathttps://www.
thawte.
com/log-inTolearnmore,contactoursalesadvisors:Protectyourbusinessandtranslatetrusttoyourcustomerswithhigh-assurancedigitalcertificatesfromThawte,theworld'sfirstinternationalspecialistinonlinesecurity.
Backedbya17-yeartrackrecordofstabilityandreliability,aproveninfrastructure,andworld-classcustomersupport,Thawteistheinternationalpartnerofchoiceforbusinessesworldwide.
.
.
Withthewidespreadglobaladoptionofwirelesstechnologies,hundredsofmillionsofpeoplelivingdevelopingcountriesareloggingontotheinternetforthefirsttime.
Whilemanywillbedoingsowithnewcomputers,stillmanymorewillnodoubtberelyingonoutdatedsoftwaretosurftheWWW.
Manyofthemwillbenaveaboutthedangersthatlieandwaitincyberspace.
Astheenablersofsecureandglobalelectroniccommerceitisourdutytohelpcompaniesempowerandprotectthesenewcitizensoftheinternet.
Ifourtechnology,trustedservicesandproductscanhelpyoutoprotectevenoneuser,letalonethetensofmillionswhorequiresuchassistance,thenwehavedoneourduty.
ThisiswhatSGC-enabledSSLcertificatesareintendedtodo.
OverviewThisguidewillhelpyoutounderstandhowSGC-enabledSSLcertificatesworkandwhytheyaredifferentfromothercertificates,whythetechnologywasfirstintroducedinthelate90s,andwhythistechnologyremainsasrelevanttodayasitwasbackthen.
E-commercebusinessesusingServer-GatedCryptography-enabledSSLcertificatescanhelpassurecustomersofstrongerencryption,greaterprivacyandreducedrisksoffraudandidentitytheft.
Thisisnotoneperson'sororganization'sopinion.
Thisisafact-provenbytheYankeeGroupwhoconductedexhaustiveindependenttests(368tobeexact!
)toarriveatthisconclusion(1).
SGCtechnologymayhaveoriginatedinthelate90sbutitremainsasrelevanttodayasitdidwhenitwasfirstintroducedmorethansixyearsago.
Thewidespreadgrowthofbroadbandglobally(2)willnecessitatetheuseoftechnologiesthatareforwardthinkingandproactive.
SGCissuchatechnologybecause,unlikeotherSSLcertificatesthatrelyontheuser'sbrowserbeingabletomatchaserver'sciphersuite,SGChelpsusersattainmoresecureconnectionbyactuallysteppingupsomeusers'browsersinspecificsituations.
TheYankeeGroup'sstudyveryboldlyconcluded,"SGC-enabledcertificatesenablemoreWindows2000userstoconnectwith128-bitencryption.
Thisdifferencemeanstensofmillionsmoreinternetusersworldwidewouldget128-bitencryptionorhigherifalle-commercevendorsusedSGC-enabledcertificates.
"(1)Thefactthat75%ofUSbusinesses(3)believethatathreatfromunprotectedsystemsindevelopingcountriesposeagrowingthreattotheirdigitalsecurity,strengthenstheargumentsupportingusingproactivetechnologieslikeSGC-enabledSSLcertificates.
Theinternethasgivencompaniesacost-effectiveandextremelypowerfulmediumtoconnectwithcustomersanywhereintheworld.
Broadbandismakingitpossibleformorepeoplefromeverycorneroftheglobetogoshoppingincybermalls,unrestrictedbytimeandgeography.
Thesegreatnewopportunitiesthatawaite-businesseswhowanttoexpandgloballywilldemandproactivesecuritytoprotectboththee-businessresourcesanddatabases,aswellasprovideprotectionfornewcustomerswhomayberelyingonoutdatedsoftwaretoexploretheinternet.
1.
BuildingBlocksofTransparentWebSecurity:Server-GatedCryptography-TheYankeeGroup,September20052.
WorldBroadbandStatistics:Q32005-PointTopicLtd.
20053.
U.
S.
Businesses:CostofCybercrimeOvertakesPhysicalCrime-IBM,March20063AnArgumentforProactiveSecurityTheinternetistheembodimentofglobalization–itsgrowthfueledbythewidespreadglobaladoptionoffaster,always-onbroadbandADSLandwirelessservice,theglobalexpansionofmultinationalsandtheirmobilizedarmyofworkerswhotradeinformationanywhereandanytime.
Withtheinternet'sgrowthcomesanewopportunityformanysmallandlargebusinessesthatarenowabletotradefromalocationinonecorneroftheglobe,withanyonewhoisabletoaccesstheirwebsiteandmakecreditcardpayments.
Internetandelectronictradingknowsnotimeandhasnoborders.
But,asmanycompaniesreadythemselvesfortheonslaughtofnewcustomerscomingfromthefourcornersoftheglobe,securityexpertsareexpressingcaution.
Infact,manyUSbusinessesarealsoexpressingcautionandconcern.
InarecentsurveyconductedbyIBM(1)asmanyas75%oftheparticipatingcompaniesexpressedconcernforthegrowingcybercrimethreatthatwillcomefrommanyunprotectedcomputersinthedevelopingworld.
OutdatedsoftwareandunprotectedsystemsarearealthreatastheadoptionrateofbroadbandservicesstabilizesintheUSanddeclinesinAsia,whiletheMiddleEastandAfricaareshowingthehighestnewconnectionratesintheworldfortheseservices.
Whilemanycompaniesarerushingtocapitalizeonrapidglobalgrowthofbroadbandconnection,companiesmustheedthewarningsofmanyexpertswhoarecallingforproactivesecuritythatservestonotonlyprotectthevendor,butalso"thinks"fortheuserhelpingthemtoattainthebestpossiblesecurity.
Proactivesecuritywillnotonlycreateamoresecuredigitalenvironmentforeveryone,butitwillalsohelptobuildtrustamongstthemanynewusersoftheinternet.
Trustwillbuildconfidenceandconfidenceisgoodforbusiness.
Server-GatedCryptography:MakingtheDigitalWorldaMoreSecureSpace(1)Inthe1990s,theUSgovernmentimposedrestrictionsonexportingstrongcryptographytoothercountries.
TherestrictionmeantthatsoftwarethatimplementSSL,suchaswebbrowsers,operatingsystemsandwebservershadtolimitencryptiontoweakalgorithmsandshorterkeylengthsifitwasexportedoutsidetheUnitedStates.
Lawmakersincludedanexceptionforfinancialtransactionstoensurethatcustomersworldwidecouldsafelytransactonlineusingstrongencryption.
SGCwascreatedasanextensiontoSSLforconsumerswithexportversionsofwebbrowsersoftwaretousestrongcryptographyforfinancialtransactions.
USexportlawswereupheldbyissuingSGCcertificatesonlytoeligiblefinancialinstitutions,creatinganenforcementpointattheserverwithoutanyimpacttotheclient.
Therestrictionsonexportofstrongencryptionhavesincebeenrelaxed,andnowSGCcertificatesmaybeissuedtoanyinstitution.
RestrictionsonencryptionareevidentinolderversionsofWindows2000runningInternetExplorerthatarestillinuse.
Consumersande-commercevendors,particularlythoseoutsidetheUnitedStates,arestillusingweakencryption,despitethefactthatsafer,strongeralternativesareavailable.
AlthoughnewerversionsofWindows2000providethesefeatures,millionsstilluseoldversions.
Userswhoarestillusingcertainolderbrowserversionsthatonlyprovideweak40-bitor56-bitencryptioncangainfull-strength128-bitencryptionwhenconductingbusinesswithSGC-enabledwebsites.
WithSGC,browserandoperatingsystemversions-whetherexportsordomestic-thatwouldotherwiseconnectwithweakencryptionareaffordedmuchstrongersecurity.
Untilolderversionsofbrowserandoperatingsystemsdisappearcompletely,SGCcertificatescanprotectthisportionoftheuserpopulation.
1.
U.
S.
Businesses:CostofCybercrimeOvertakesPhysicalCrime-IBM,March2006Alsosee:Stronggetsstronger-256-bitencryption(Appendix2)1.
AnextractfromTheYankeeGrouppaperentitledBuildingBlocksofTransparentWebSecurity:Server-GatedCryptography,September2005)4HowanSGC-EnabledSSLCertificateWorksTounderstandhowanSGC-enabledSSLsessiondiffersfromotherSSLsessions,wefirstneedtoexplainhowanormalSSLsessionworks.
AsimplifiedSSLsessionlookslikethis:1.
theclient/browsersendstheserveralistofsupportedciphers2.
theserverchoosesacipherandsendsthatcipheralongwithitscertificatebacktotheclient/browser3.
theclient/browserverifiestheserver'scertificateandextractstheserver'spublickey4.
theclient/browserencryptsasecretusingtheserver'spublickeyandsendsittotheserver5.
theserverdecryptsthesecretusingitsprivatekey.
Atthispointtheclient/browserandserverbothsharethesecretandcanbeconfidentthatnooneelseknowsit.
Theclient/browserandservercannowusethissecretandthechosenciphertohaveasecureconversation.
ThisisaverysimplifiedexplanationofaSSLhandshake.
WithSGCbasicallywhathappensiswhentheclient/browserreceivestheserver'scertificate(step3),theclientdiscoversthattheserverhasaSGC-enabledSSLcertificatetheclient/browserwillperformanewhandshake(oncethecurrenthandshakeisfinished)usingacompletelistofalltheciphersbeingsupportedincludingthestrong128-bitencryption,thusupgradingthecurrentsessiontostrongcryptography.
BuildingBlocksofTransparentWebSecurity:Server-GatedCryptographybytheYankeeGroup,September2005SecureSocketsLayer(SSL)isthedefactostandardforsecuringe-commercetransactions.
SSLencryptspersonalinformationsuchascreditcardnumbers,socialsecuritynumbers,passwords,namesandaddressessenttoane-commercevendorviaitswebsite.
Therefore,SSLisacriticalcomponentintheprotectionofconsumerprivacyandanecessitytoreducetherisksoffraudandidentitytheft.
YankeeGroupresearchshowsthatbetween1%and2%ofe-commercetransactionsarerelatedtofraud.
Lossestotaling$2billionin2004aregrowingatthesameratease-commercerevenueanderodingconsumerconfidence.
SSLencryptionisakeycomponentinprotectingconsumers'onlinetransactions.
Itstransparencytouserswillbeacriticalfactorinreducingfraud.
SSLlackstransparencyinakeyarea:thestrengthofencryptionusedforagivensession.
Browsers,webserversandoperatingsystemsallplayaroleindeterminingthelevelofencryptionused:40bit,56bitor128bit.
SomePCsystemscan'ttakeadvantageoffull128-bitSSLencryption.
Server-gatedcryptography(SGC)-enabledcertificatesaddressthisissue.
E-commercewebsitesusingSGCcanassurecustomersofstrongerencryption,greaterprivacyandreducedrisksoffraudandidentitytheft.
AspecialstudydonebyTheYankeeGrouptestedbothSGC–andnon-SGC-enabledcertificatesin92commonenvironmentstodetermineunderwhatconditionsusersbenefitfromstrongencryption.
TheYankeeGroup'sconclusion–"ThenumberofpeoplestillsubjecttoweakencryptionbecausetheyareusingolderversionsofWindowsandInternetExplorerisinthetensofmillions.
UsersrunningtheWindows2000operatingsystemwithoutServicePack4orthehigh-encryptionpackaremostlikelytobeaffected.
5"TestedbrowsersreleasedearlierthanMarch2000alsoreturnhigherratesofconnectionatlowencryptionlevels.
OurtestingresultsshowthatwhenusingSGCcertificates,virtuallyallcombinationsofWindowsoperatingsystem,InternetExplorerandserverareabletostepupto128-bitencryption.
Wide-scaledeploymentofSGC-enabledSSLcertificateswouldreducetheactualnumberofusersexposedbyweakerencryptiondramaticallyandmakeitpossibleforvirtuallyeveryinternetusertoenjoytheprotectionof128bitorstrongerencryption.
"IsThawte'sSGCSuperCertCertificateRightforMyBusinessWiththewidespreadglobaladoptionofbroadbandinternet,manye-commercebusinessesareconsideringexpandingtheirservicesintonewterritories.
However,beforeyourushintoopeningyourcyberdoorstothesenewrevenueopportunities,considerthemanynewchallengesthesenewcustomerscouldposetoyourbusiness.
Manyofthesenewcustomerscouldposeasecurityrisktoyourbusiness.
ManymillionsofPCusersstillrelyonoldersoftwarelikeWindows2000systemsthathavenotbeenupdatedwiththelatestservicepacks.
Theseusersmayonlybeabletoconnecttoyoursecuree-commercewebsiteusingweak40and56-bitencryption,exposingnotonlythemselvesbutalsoyourbusinesstounnecessarysecurityrisks.
Toprotectinternetfinancialtransactions,expertsrecommendthataminimumof128-bitencryptionbeused.
SGC-enabledSSLcertificates,likeourSGCSuperCerts,aretheonlySSLcertificatesthathavetheuniqueabilitytostepupencryptionstrengthfromtheweakencryptiontothemuchstronger128-bitencryption.
InanindependentstudyconductedbytheYankeeGroupinSeptember2005itwasshownthatSGCenabledcertificatesenablemoreWindows2000userstoconnectwith128-bitencryption.
Thedifferencemeanstensofmillionsmoreusersworldwidewouldget128-bitencryption,ifalle-commercebusinessesusedSGC.
256-bitencryptioncanbeachievediftheuser'sbrowsercapabilityandtheciphersuiteinstalledonthewebserverareboth256-bitcompatible.
ThawteSGCSuperCertsprovide:Ahigherstrengthofencryptionforcertainolderversionsofexportbrowsers.
Confidenceintheintegrityandsecurityofyouronlinebusinessandnetworkinfrastructure.
CustomersarebecomingincreasinglyawareoftheadvantagesofSSLsecurityandwilloftennotpurchaseonlinefromnon-securestores.
AllmajorwebmerchantsuseSSLsecuritybackedbystrongwarrantiestoencouragecustomerstobuyonline.
Interoperabilityandsupportforstandardapplicationsandbrowsers,suchasMicrosoftInternetExplorerandNetscapeCommunicator.
Non-forgeableproofofyourwebsiteidentity.
Easeofuse.
ASGCSuperCertisastand-alonesolutionthatrequiresnoinstallationofextrasoftwareontheserverorthebrowser.
Peace-of-mindforthoseconductinginternationalonlinebusiness,knowingthatyourbusinessisforwardthinkingandproactiveinitsattitudeconcerningthesecurityofitscustomers.
TheValueofAuthenticationInformationisacriticalassettoyourbusiness.
Toensuretheintegrityandsafetyofyourinformation,itisimportanttoidentifywithwhomyouaredealing,andthedatayouarereceivingistrustworthy.
Authenticationcanhelpestablishtrustbetweenpartiesinvolvedinalltypesoftransactionsbyaddressingauniquesetofsecurityissuesincluding:SPOOFING:Thelowcostofwebsitedesignandtheeasewithwhichexistingpagescanbecopiedmakesitalltooeasytocreateillegitimatewebsitesthatappeartobepublishedbyestablishedorganizations.
Infact,conartistshaveillegallyobtainedcreditcardnumbersbysettingupprofessionallookingstorefrontsthatmimiclegitimatebusinesses.
6UNAUTHORIZEDACTION:Acompetitorordisgruntledcustomercanalteryourwebsitesothatitmalfunctionsorrefusestoservicepotentialclients.
UNAUTHORIZEDDISCLOSURE:Whentransactioninformationistransmitted"intheclear",hackerscaninterceptthetransmissionstoobtainsensitiveinformationfromyourcustomers.
DATAALTERATION:Thecontentofatransactioncanbeinterceptedandalteredenroute,eithermaliciouslyoraccidentally.
Usernames,creditcardnumbersandcurrencyamountssent"intheclear"areallvulnerabletoalteration.
UsefulURL'sFormoredetailonthawte'sSGCSuperCerts,pleasevisit:http://www.
thawte.
com/sgc/index.
htmlLearnmoreaboutSGCSuperCerts:http://www.
thawte.
com/ssl/sgc-supercerts-ssl-certificates/21-DayFreeTrialSSLCertificatehttps://www.
thawte.
com/ucgi/gothawte.
cgia=w62240062237049007BuySGCSuperCerts:http://www.
thawte.
com/buyAppendix:Why128-BitisStrongerthan40and56-BitEncryptionUnderstandingCryptographicStrengthCryptographicstrengthisexpressedinkeylengthorbitlength.
Keyscomeinavarietyoflengths(e.
g.
40-bit,56-bitand128-bit).
Assuminganinherentstrengthintheencryptionalgorithm,alongerkey/bitlengthwillmakeithardertocrackanencryptedmessage.
Werefertobitlengthasthisspecifiesthenumberofbitsrequiredtowritethenumberofpossiblekeysinbinary.
Keylengthshaveincreaseovertimetocounteractadvancesincomputingpowerwhichmakethecrackingofencryptedmessageseasier.
KeyLengthApproximateNumberofKeys40-bit1,099,511,627,77656-bit72,057,594,037,927,900128-bit340,282,366,920,938,000,000,000,000,000,000,000,000Consumersande-commercevendorsoftenviewencryptionastoocomplexfortheaveragehackertoexploit.
Surelyanysortofencryptionprovidesenoughsecuritytodoonlinebankingandshopping,rightUnfortunately,theanswerisno.
Low-levelencryption,using56bitsorless,isuniversallydeemedtooweakforsafefinancialtransactions.
Withthecomputingpoweravailabletoday,it'snotcostprohibitiveforhackerstoattack56-bitencryptionusingbruteforce,whichinvolvestryingeverypossiblekeycombinationuntiltheyfindtheonethatconvertsciphertextintoplaintext.
Thedifferenceinsecuritybetween40bit,56bitand128bitissignificant.
Theprogressmadeincomputingtechnologymeansthatweakerencryptionusing40-bitor56-bitkeyscanbeattackedbybruteforceandbrokeninamatterofhoursusinganaverage-speedPC.
Asrecentlyas1997,thesameexercisewouldhavetakendaysandrequiredtheeffortofmultiplecomputersandpeople.
Atcurrentcomputingspeeds,128-bitencryptionwilltakemorethanatrillionyearstoattackusingbruteforce,anobstaclethatwoulddeteranyfinanciallymotivatedattacker.
Bycontrast,breakingshorter40-bitor56-bitencryptedsessionsisarelativelysmallinvestmentforattackersharvestingpersonalinformation.
ThereisacommonmisconceptionthatdigitalcertificatesdeterminethestrengthofencryptionandthisisreinforcedbymanyCertificationAuthoritiesthatreferto40-bitor128-bitcertificates.
Itisimportanttounderstandthatencryptionstrengthisnormallydeterminedbynegotiationbetweenthebrowser,operatingsystemandawebserverbeforeasecuresessionisestablished.
72013Thawte,Inc.
Allrightsreserved.
Thawte,thethawtelogo,andothertrademarks,servicemarks,anddesignsareregisteredorunregisteredtrademarksofThawte,Inc.
anditssubsidiariesandafliatesintheUnitedStatesandinforeigncountries.
Allothertrademarksarepropertyoftheirrespectiveowners.
OnlydigitalcertificatesenabledwithSGCtechnologyarecapableofinfluencingtheencryptionstrengthofasessionbeyondwhatisagreedbetweenthebrowser,operatingsystemandserver(morethislater).
StrongGetsStronger-256-BitEncryptionAlthoughencryptionstrengthisdependentonthenatureofthebrowseraswellasthesoftwareonthewebservertowhichthebrowserisconnecting,256-bitencryptionisthehighestlevelofencryptioncurrentlypossible.
Whilesomebrowserssupportthislevelofencryption,thisdoesnotguaranteethatasecureinternetsessionwilloccuratthislevel.
Thelevelofencryptionusedtosecureaninternetconnectiondependsontwofactors-firstlythecapacityoftheciphersuiteinstalledonthewebserverbeingaccessed,andsecondlythecapabilityofthewebbrowserbeingusedtoestablishtheconnection.
Aciphersuiteisessentiallyanencryptionalgorithm,whichawebserverwillusetonegotiateanencryptedinternetsession.
Toestablisha256-bitencryptionsessiontheciphersuitemustbecapableofdeliveringthislevelofencryption.
Theencryptionlevelthatwillbeusedtoestablishasecureinternetconnectionisdeterminedthroughanegotiationthatoccurswhentheinternetbrowserandwebserverperformtheirhandshake.
Duringthishandshakesessiontheinternetbrowsersendsitslistofciphersuitestothewebserver,whichtheserverusestodeterminethehighestorstrongestencryptionthatcanbeusedfortheencryptedsession.
Differentbrowseranddifferentbrowserversionwillofferdifferentlevelsofencryption.
Some(olderversionsofNetscapeandInternetExplorer)willevenberestrictedtoofferingonlyweakencryption,unlesstheyareconnectingtoserversusingServer-GatedCryptographyenabledSSLcertificate.
So,dependingonthebrowser'svendorandversion,somewillonlybecapableofencryptingat40or56-bitencryption,whilemorerecentbrowserversionsarecapableof128andeven256-bitencryption.
Anothergroupofbrowserswillonlybecapableof40or56-bitencryptionuntilithasbeenestablishedthattheserverinvolvedhasanSGC-enabledSSLcertificateinstalled.
Thesebrowserswillthenbecapable,withhelpfromtheserver,of128-bitencryption.
Notallciphersuitesarethesameeither.
OnlynewerciphersuitessuchasAdvancedEncryptionStandardarecapableofmanaging256-bitencryptionrates.
HowCanyouEstablishWhen256-BitEncryptionWillbeUsedWhenConnectingtoaSecureServerFirstly,ensurethatthebrowseryouareusingis256-bitencryptioncapable.
Secondly,checkwiththeserveradministratoriftheserveronwhichthewebsiteishostedhasa256-bitciphersuiteinstalled.
Whenbothcriteriahavebeenmetyoushouldbeestablishinga256-bitencryptionsecureconnectionwiththatwebsite.
Thiscaneasilybeverifiedbyhoveringyourmousecursorovertheinternetbrowser'sclosedpadlock.
Viaphone––UStoll-free:+18884842983––UK:+442034505486––SouthAfrica:+27218192800––Germany:+4969380789081––France:+33157324268Emailsales@thawte.
comVisitourwebsiteathttps://www.
thawte.
com/log-inTolearnmore,contactoursalesadvisors:Protectyourbusinessandtranslatetrusttoyourcustomerswithhigh-assurancedigitalcertificatesfromThawte,theworld'sfirstinternationalspecialistinonlinesecurity.
Backedbya17-yeartrackrecordofstabilityandreliability,aproveninfrastructure,andworld-classcustomersupport,Thawteistheinternationalpartnerofchoiceforbusinessesworldwide.
- restrictionsserver相关文档
- contentinternal
- Netscapeinternal
- 数据internal
- sink500
欧路云:美国CUVIP线路10G防御,8折优惠,19元/月起
欧路云新上了美国洛杉矶cera机房的云服务器,具备弹性云特征(可自定义需要的资源配置:E5-2660 V3、内存、硬盘、流量、带宽),直连网络(联通CUVIP线路),KVM虚拟,自带一个IP,支持购买多个IP,10G的DDoS防御。付款方式:PayPal、支付宝、微信、数字货币(BTC USDT LTC ETH)测试IP:23.224.49.126云服务器 全场8折 优惠码:zhujiceping...
JustHost,最新高性价比超便宜俄罗斯CN2 VPS云服务器终身8折优惠,最低仅8元/月起,200Mbps带宽不限流量,五大机房自助自由切换,免费更换IP,俄罗斯cn2vps怎么样,justhost云服务器速度及综合性能详细测评报告
主机参考最新消息:JustHost怎么样?JustHost服务器好不好?JustHost好不好?JustHost是一家成立于2006年的俄罗斯服务器提供商,支持支付宝付款,服务器价格便宜,200Mbps大带宽不限流量,支持免费更换5次IP,支持控制面板自由切换机房,目前JustHost有俄罗斯5个机房可以自由切换选择,最重要的还是价格真的特别便宜,最低只需要87卢布/月,约8.5元/月起!just...
月神科技-美国CERA 5折半价倒计时,上新华中100G高防云59起!
官方网站:点击访问月神科技官网优惠码:美国优惠方案:CPU:E5-2696V2,机房:国人热衷的优质 CeraNetworks机房,优惠码:3wuZD43F 【过期时间:5.31,季付年付均可用】活动方案:1、美国机房:洛杉矶CN2-GIA,100%高性能核心:2核CPU内存:2GB硬盘:50GB流量:Unmilited端口:10Mbps架构:KVM折后价:15元/月、150元/年传送:购买链接洛...
500InternalServerError为你推荐
-
HALLMARK_PANCREAS_BETA_CELLSios11程序微信5支出127伺服器win7支持ipadpreviouslybit支持ipadcss下拉菜单如何使用HTML和CSS制作下拉菜单fusioncharts如何自定义FusionCharts图表上的工具提示?ms17-010win1038度古贝春珍藏10价格?