Salah sawijining situs paling dhuwur Alexa (bunderan tengah), diamanake dening HTTPS, kanthi subdomain (abu-abu) lan dependensi (putih), ing antarane ana sing rawan (shading putus-putus)
Saiki, lambang sambungan aman HTTPS wis dadi standar lan malah atribut sing dibutuhake kanggo situs sing serius. Yen ilang, meh kabeh browser anyar nuduhake bebaya sing lan ora nyaranake nransfer informasi rahasia menyang.
Nanging ternyata ana "kunci" ing bilah alamat ora tansah njamin pangayoman. saka rating, Alexa nuduhake yen akeh sing tundhuk kerentanan kritis ing protokol SSL / TLS, biasane liwat subdomain utawa dependensi. Miturut penulis panliten kasebut, kerumitan aplikasi web modern nambah banget permukaan serangan.
Asil riset
Panaliten kasebut ditindakake dening para ahli saka Universitas Venice Ca' Foscari (Italia) lan Universitas Teknik Wina. Dheweke bakal nampilake laporan rinci ing Simposium IEEE kaping 40 babagan Keamanan lan Privasi, sing bakal dianakake 20-22 Mei 2019 ing San Francisco.
Top 10 Alexa dhaftar situs HTTPS lan 000 host related padha dites. Konfigurasi kriptografi sing rawan dideteksi ing 90 host, yaiku, kira-kira 816% saka total:
- 4818 rentan kanggo MITM
- 733 rentan kanggo dekripsi TLS lengkap
- 912 rentan kanggo dekripsi TLS parsial
Situs 898 mbukak kanggo peretasan, yaiku, ngidini injeksi skrip asing, lan 977 situs ngemot konten saka kaca sing ora dilindhungi sing bisa diinteraksi karo penyerang.
Para panaliti nandheske yen ing antarane 898 "rampung kompromi" sumber daya yaiku toko online, layanan finansial lan situs gedhe liyane. 660 saka 898 situs ndownload skrip eksternal saka host sing rawan: iki minangka sumber utama bebaya. Miturut penulis, kerumitan aplikasi web modern banget nambah permukaan serangan.
Masalah liyane uga ditemokake: 10% formulir wewenang duwe masalah karo transmisi informasi sing aman, sing ngancam bakal bocor sandhi, situs 412 ngidini nyegat cookie lan pembajakan sesi, lan situs 543 kena serangan ing integritas cookie (liwat subdomain). .
Masalahe yaiku ing taun-taun pungkasan ing protokol lan piranti lunak SSL / TLS : POODLE (CVE-2014-3566), BEAST (CVE-2011-3389), CRIME (CVE-2012-4929), BREACH (CVE-2013-3587), lan Heartbleed (CVE-2014-0160). Kanggo nglindhungi saka wong-wong mau, sawetara setelan dibutuhake ing sisih server lan klien supaya ora nggunakake versi lawas sing rawan. Nanging iki prosedur rada non-trivial, amarga setelan kuwi melu milih saka pesawat ekstensif ciphers lan protokol, kang cukup angel kanggo ngerti. Ora mesthi cetha apa suite lan protokol cipher sing dianggep "cukup aman".
Setelan sing disaranake
Ora ana sing disetujoni lan disetujoni kanthi resmi dhaptar setelan HTTPS sing disaranake. Dadi, nawakake sawetara opsi konfigurasi, gumantung ing tingkat pangayoman dibutuhake. Contone, ing ngisor iki setelan sing disaranake kanggo server nginx 1.14.0:
Mode Modern
Klien sing paling tuwa sing didhukung: Firefox 27, Chrome 30, IE 11 ing Windows 7, Edge, Opera 17, Safari 9, Android 5.0, lan Java 8
server {
listen 80 default_server;
listen [::]:80 default_server;
# Redirect all HTTP requests to HTTPS with a 301 Moved Permanently response.
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
# certs sent to the client in SERVER HELLO are concatenated in ssl_certificate
ssl_certificate /path/to/signed_cert_plus_intermediates;
ssl_certificate_key /path/to/private_key;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
# modern configuration. tweak to your needs.
ssl_protocols TLSv1.2;
ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
ssl_prefer_server_ciphers on;
# HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)
add_header Strict-Transport-Security max-age=15768000;
# OCSP Stapling ---
# fetch OCSP records from URL in ssl_certificate and cache them
ssl_stapling on;
ssl_stapling_verify on;
## verify chain of trust of OCSP response using Root CA and Intermediate certs
ssl_trusted_certificate /path/to/root_CA_cert_plus_intermediates;
resolver <IP DNS resolver>;
....
}Dhukungan medium
Klien sing paling tuwa sing didhukung: Firefox 1, Chrome 1, IE 7, Opera 5, Safari 1, Windows XP IE8, Android 2.3, Java 7
server {
listen 80 default_server;
listen [::]:80 default_server;
# Redirect all HTTP requests to HTTPS with a 301 Moved Permanently response.
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
# certs sent to the client in SERVER HELLO are concatenated in ssl_certificate
ssl_certificate /path/to/signed_cert_plus_intermediates;
ssl_certificate_key /path/to/private_key;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
# Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
ssl_dhparam /path/to/dhparam.pem;
# intermediate configuration. tweak to your needs.
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
ssl_prefer_server_ciphers on;
# HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)
add_header Strict-Transport-Security max-age=15768000;
# OCSP Stapling ---
# fetch OCSP records from URL in ssl_certificate and cache them
ssl_stapling on;
ssl_stapling_verify on;
## verify chain of trust of OCSP response using Root CA and Intermediate certs
ssl_trusted_certificate /path/to/root_CA_cert_plus_intermediates;
resolver <IP DNS resolver>;
....
}Dhukungan lawas
Klien sing paling tuwa sing didhukung: Windows XP IE6, Java 6
server {
listen 80 default_server;
listen [::]:80 default_server;
# Redirect all HTTP requests to HTTPS with a 301 Moved Permanently response.
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
# certs sent to the client in SERVER HELLO are concatenated in ssl_certificate
ssl_certificate /path/to/signed_cert_plus_intermediates;
ssl_certificate_key /path/to/private_key;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
# Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
ssl_dhparam /path/to/dhparam.pem;
# old configuration. tweak to your needs.
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:DES-CBC3-SHA:HIGH:SEED:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!RSAPSK:!aDH:!aECDH:!EDH-DSS-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!SRP';
ssl_prefer_server_ciphers on;
# HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)
add_header Strict-Transport-Security max-age=15768000;
# OCSP Stapling ---
# fetch OCSP records from URL in ssl_certificate and cache them
ssl_stapling on;
ssl_stapling_verify on;
## verify chain of trust of OCSP response using Root CA and Intermediate certs
ssl_trusted_certificate /path/to/root_CA_cert_plus_intermediates;
resolver <IP DNS resolver>;
....
}Disaranake sampeyan tansah nggunakake Suite cipher lengkap lan versi paling anyar saka OpenSSL. Suite cipher ing setelan server nemtokake prioritas sing bakal digunakake, gumantung saka setelan klien.
Riset nuduhake yen ora cukup mung nginstal sertifikat HTTPS. "Sanadyan kita ora nangani cookie kaya ing 2005, lan 'TLS prayoga' wis dadi umum, pranyata bab dhasar iki ora cukup kanggo ngamanake nomer kaget akeh situs populer banget," para panulis karya. Kanggo andal nglindhungi saluran ing antarane server lan klien, sampeyan kudu ngawasi kanthi ati-ati infrastruktur saka subdomain dhewe lan host pihak katelu saka ngendi isi situs kasebut diwenehake. Bisa uga ana gunane supaya audit saka sawetara perusahaan pihak katelu sing duwe spesialisasi ing keamanan informasi.
Source: www.habr.com