Mekameka Whakawhirinaki. CC BY-SA 4.0
Kei te piki haere te rongonui o te tirotiro i ngā waka SSL (te wetewete SSL/TLS, te tātari SSL, te DPI rānei) i roto i te rāngai umanga. Ko te whakaaro ki te wetewete i ngā waka e ahua whakahē ana i te ariā o te whakamunatanga. Heoi, ko te mea pono: kei te piki haere te maha o ngā kamupene e whakamahi ana i ngā hangarau DPI, me te kī he mea tika kia matawaihia ngā ihirangi mō ngā pūmanawa kino, ngā turuturu raraunga, me ērā atu mea.
Āe, ki te whakaae tātou me whakatinana taua hangarau, me whakaaro tātou ki ngā huarahi hei mahi i tēnā i roto i te huarahi tino haumaru me te whakahaere pai. Engari kaua e whakawhirinaki ki ngā tiwhikete, hei tauira, e whakaratohia ana e te kaiwhakarato pūnaha DPI.
Kotahi te āhuatanga o te whakatinanatanga kāore e mōhiotia ana e te katoa. Inaa, he tokomaha e tino miharo ana ina rongo rātou mōna. Koinei te mana tiwhikete tūmataiti (CA). Ka whakaputa tiwhikete hei wetewete me te whakamuna anō i ngā raraunga.
Engari i te whakawhirinaki ki ngā tiwhikete kua hainatia e koe anō, ki ngā tiwhikete rānei mai i ngā taputapu DPI, ka taea e koe te whakamahi i tētahi CA motuhake mai i tētahi CA tuatoru, pērā i a GlobalSign. Engari tuatahi, me titiro poto tātou ki te take.
He aha te tirotiro SSL, ā, he aha i whakamahia ai?
Kei te piki haere te maha o ngā paetukutuku tūmatanui e huri ana ki te HTTPS. Hei tauira, I te tīmatanga o Hepetema 2019, i eke te ōrau o ngā waka whakamuna i Rūhia ki te 83%.
Engari, kei te piki haere te whakamahinga o te whakamunatanga o ngā raraunga e ngā kaiwhakaeke, inā koa ka tohatoha aunoa a Let's Encrypt i ngā mano tini o ngā tiwhikete SSL kore utu. Nō reira, ka whakamahia te HTTPS ki ngā wāhi katoa, ā, kāore te raka i te pae wāhitau o te pūtirotiro e waiho hei tohu haumarutanga pono.
Koinei te huarahi e whakamahia ana e ngā kaihoko otinga DPI. Ka whakatinanahia ēnei i waenga i ngā kaiwhakamahi mutunga (arā, ko āu kaimahi e tirotiro ana i te tukutuku) me te ipurangi, hei tātari i ngā waka kino. He maha ngā hua pēnei kei te mākete i ēnei rā, engari he rite tonu ngā tukanga. Ka haere ngā waka HTTPS mā roto i tētahi taputapu tirotiro, ka wetewetehia, ka tirohia mō ngā pūmanawa kino.
Kia oti te manatoko, ka waihangahia e te pūrere tētahi wātū SSL hou me te kiritaki whakamutunga hei wetemuna me te whakamuna anō i te ihirangi.
He pēhea te mahi a te tukanga wetemunatanga/whakamunatanga anō?
Kia taea ai e te taputapu tirotiro SSL te wetemuna me te whakamuna anō i ngā mōkihi i mua i te tukunga atu ki ngā kaiwhakamahi mutunga, me taea e ia te tuku tiwhikete SSL i runga i te rere. Ko te tikanga me whai tiwhikete CA kua tāutahia.
He mea nui ki tētahi kamupene (ki tētahi atu tangata rānei kei waenganui) kia whakawhirinakihia ēnei tiwhikete SSL e ngā pūtirotiro (arā, kaua e whakaoho i ngā karere whakatūpato whakamataku pērā i te mea i raro nei). Nō reira, me noho te mekameka CA (te hierarki rānei) ki roto i te toa whakawhirinaki o te pūtirotiro. Nā te mea kāore ēnei tiwhikete i tukuna mai i ngā CA e whakawhirinakihia ana e te iwi whānui, me tohatoha ā-ringa te hierarki CA ki ngā kiritaki mutunga katoa.
He karere whakatūpato mō tētahi tiwhikete kua hainatia e koe anō i roto i te Chrome. Puna:
На компьютерах с Windows можно задействовать Active Directory и групповые политики, но для мобильных устройств процедура сложнее.
Ka nui ake te uaua o te āhuatanga ina tautokona ētahi atu tiwhikete pūtake i roto i te taiao umanga, pērā i ngā mea mai i a Microsoft, i ngā mea rānei e hangai ana ki te OpenSSL. Hei tāpiri, me tiaki me te whakahaere i ngā kī tūmataiti hei ārai i tētahi paunga ohorere.
Kōwhiringa Pai: He tiwhikete pakiaka tūmataiti, motuhake mai i tētahi CA tuatoru
Mena kāore e pai ana te whakahaere i ngā pūtake maha, i ngā tiwhikete kua hainatia e koe anō rānei, he kōwhiringa anō tēnei: te whakawhirinaki ki tētahi CA tuatoru. I tēnei wā, ka tukuna ngā tiwhikete mai i tūmataiti he mana tiwhikete e hono ana i roto i te mekameka whakawhirinaki ki tētahi mana tiwhikete taketake motuhake, motuhake i hangaia mō te kamupene anake.
He hoahoa māmā ake mō ngā tiwhikete pakiaka kiritaki motuhake
Mā tēnei tatūnga ka whakakorea ētahi o ngā take i whakahuatia i mua ake nei: i te iti rawa, ka whakaitihia te maha o ngā pakiaka e tika ana kia whakahaerea. I konei, ka taea te whakamahi i tētahi mana pakiaka tūmataiti kotahi mō ngā hiahia PKI ā-roto katoa, me te maha o ngā CA takawaenga. Hei tauira, e whakaatu ana te hoahoa i runga ake nei i tētahi hiranga maha-taumata e whakamahia ana tētahi CA takawaenga mō te manatoko/wetewete SSL, me tētahi atu mō ngā rorohiko ā-roto (rorohiko, tūmau, papamahi, me ētahi atu).
Mā tēnei hoahoa ka kore e hiahiatia te manaaki i tētahi CA mō ngā kiritaki katoa nā te mea ko GlobalSign te kaiwhakahaere o te CA taumata-runga, e whakatau ana i ngā take haumarutanga kī tūmataiti me te paunga.
Ko tētahi atu painga o tēnei huarahi ko te kaha ki te whakakore i te CA tirotiro SSL mō tetahi take. Ka hangaia he mea hou hei whakakapi, ka honoa ki tō pūtake tūmataiti taketake, ā, ka taea te whakamahi tonu.
Ahakoa ngā tautohe katoa, kei te piki haere te whakatinanatanga o te tirotiro waka SSL e ngā umanga hei wāhanga o ā rātou hanganga PKI ā-roto, ā-motuhake rānei. Ko ētahi atu whakamahinga mō te PKI tūmataiti ko te tuku tiwhikete mō te manatoko taputapu, kaiwhakamahi rānei, SSL mō ngā tūmau ā-roto, me ngā whirihoranga rerekē kāore e whakaaetia i roto i ngā tiwhikete whakawhirinaki tūmatanui, e ai ki ngā whakaritenga a te CA/Browser Forum.
Kei te whawhai whakamuri ngā pūtirotiro
He mea tika kia mōhiotia kei te ngana ngā kaiwhakawhanake pūtirotiro ki te ārai i tēnei ia, me te tiaki i ngā kaiwhakamahi mutunga mai i te MiTM. Hei tauira, i ētahi rā kua pahure ake nei, i… Whakahohehia te kawa DoH (DNS-over-HTTPS) mā te taunoa i roto i tētahi o ngā putanga pūtirotiro e whai ake nei i roto i a Firefox. Ka huna e te kawa DoH ngā tono DNS mai i te pūnaha DPI, ka uaua ake te tirotiro SSL.
Mō ngā mahere ōrite i te 10 o Hepetema, 2019 Google mō te pūtirotiro Chrome.
Ko nga kaiwhakamahi kua rehita anake ka uru ki te rangahau. tēnā.
Ki tō whakaaro, he tika tā te kamupene ki te tirotiro i te rerenga SSL a āna kaimahi?
Āe, me tā rātou whakaae
Kāo, he ture kore, he tikanga kore rānei te tono mō taua whakaaetanga.
122 nga kaiwhakamahi i pooti. 15 nga kaiwhakamahi i aukati.
Source: will.com
