Alexa-ning eng yaxshi saytlaridan biri (markaziy doira), HTTPS bilan himoyalangan, subdomenlar (kulrang) va bog'liqliklar (oq), ular orasida zaiflari ham bor (chiziqli soya)
Hozirgi vaqtda HTTPS xavfsiz ulanish belgisi har qanday jiddiy saytning standart va hatto zarur atributiga aylandi. Agar yo'qolgan, deyarli barcha so'nggi brauzerlar bu haqda ogohlantirishni ko'rsatadi va unga maxfiy ma'lumotlarni o'tkazishni tavsiya etmang.
Ammo ma'lum bo'lishicha, manzil satrida "qulf" mavjudligi har doim ham himoyani kafolatlamaydi. reytingdan Alexa ko'rsatdiki, ularning ko'pchiligi SSL / TLS protokollarida, odatda subdomenlar yoki bog'liqliklar orqali muhim zaifliklarga duchor bo'lishadi. Tadqiqot mualliflarining fikricha, zamonaviy veb-ilovalarning murakkabligi hujum sirtini ancha oshiradi.
Tadqiqot natijalari
Tadqiqot Venetsiya Ka Foskari universiteti (Italiya) va Vena texnika universiteti mutaxassislari tomonidan olib borildi. Ular 40-yil 20-22-may kunlari San-Frantsiskoda boʻlib oʻtadigan 2019-chi IEEE xavfsizlik va maxfiylik simpoziumida batafsil hisobot taqdim etadilar.
Alexa roʻyxatidagi eng yaxshi 10 000 ta HTTPS saytlari va 90 816 ta tegishli xostlar sinovdan oʻtkazildi. 5574 ta xostda zaif kriptografik konfiguratsiyalar aniqlandi, ya'ni umumiy sonining taxminan 5,5%:
- 4818 MITM uchun zaif
- 733 to'liq TLS shifrlashdan himoyasiz
- 912 qisman TLS shifrlashdan himoyasiz
898 ta sayt buzg'unchilikka to'liq ochiq, ya'ni ular begona skriptlarni kiritish imkonini beradi va 977 ta sayt tajovuzkor o'zaro aloqada bo'lishi mumkin bo'lgan yomon himoyalangan sahifalardan tarkibni yuklaydi.
Tadqiqotchilarning ta'kidlashicha, 898 ta "to'liq buzilgan" manbalar orasida onlayn-do'konlar, moliyaviy xizmatlar va boshqa yirik saytlar mavjud. 660 ta saytdan 898 tasi zaif xostlardan tashqi skriptlarni yuklab oladi: bu xavfning asosiy manbai. Mualliflarning fikriga ko'ra, zamonaviy veb-ilovalarning murakkabligi hujum yuzasini sezilarli darajada oshiradi.
Boshqa muammolar ham aniqlandi: avtorizatsiya shakllarining 10 foizida parollar sizib chiqishi bilan tahdid qiluvchi maʼlumotlarning xavfsiz uzatilishi bilan bogʻliq muammolar mavjud, 412 ta sayt cookie-fayllarni ushlash va seanslarni oʻgʻirlash imkonini beradi, 543 ta sayt cookie fayllari yaxlitligiga (subdomainlar orqali) hujumlarga duchor boʻladi. .
Muammo shundaki, so'nggi yillarda SSL / TLS protokollari va dasturiy ta'minot : POODLE (CVE-2014-3566), BEAST (CVE-2011-3389), JINOYAT (CVE-2012-4929), BREACH (CVE-2013-3587) va Heartbleed (CVE-2014-0160). Ulardan himoyalanish uchun eski zaif versiyalardan foydalanmaslik uchun server va mijoz tomonida bir qator sozlamalar talab qilinadi. Ammo bu juda ahamiyatsiz protsedura, chunki bunday sozlamalar tushunish juda qiyin bo'lgan keng qamrovli shifrlar va protokollar to'plamidan tanlashni o'z ichiga oladi. Qaysi shifrlar to'plami va protokollari "etarlicha xavfsiz" deb hisoblanishi har doim ham aniq emas.
Tavsiya etilgan sozlamalar
Tavsiya etilgan HTTPS sozlamalarining rasman tasdiqlangan va kelishilgan roʻyxati yoʻq. Shunday qilib, zarur himoya darajasiga qarab bir nechta konfiguratsiya variantlarini taklif etadi. Masalan, nginx 1.14.0 serveri uchun tavsiya etilgan sozlamalar:
Zamonaviy rejim
Eng qadimgi qo'llab-quvvatlanadigan mijozlar: Windows 27, Edge, Opera 30, Safari 11, Android 7 va Java 17 da Firefox 9, Chrome 5.0, IE 8
server {
listen 80 default_server;
listen [::]:80 default_server;
# Redirect all HTTP requests to HTTPS with a 301 Moved Permanently response.
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
# certs sent to the client in SERVER HELLO are concatenated in ssl_certificate
ssl_certificate /path/to/signed_cert_plus_intermediates;
ssl_certificate_key /path/to/private_key;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
# modern configuration. tweak to your needs.
ssl_protocols TLSv1.2;
ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
ssl_prefer_server_ciphers on;
# HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)
add_header Strict-Transport-Security max-age=15768000;
# OCSP Stapling ---
# fetch OCSP records from URL in ssl_certificate and cache them
ssl_stapling on;
ssl_stapling_verify on;
## verify chain of trust of OCSP response using Root CA and Intermediate certs
ssl_trusted_certificate /path/to/root_CA_cert_plus_intermediates;
resolver <IP DNS resolver>;
....
}O'rtacha qo'llab-quvvatlash
Eng qadimgi qo'llab-quvvatlanadigan mijozlar: Firefox 1, Chrome 1, IE 7, Opera 5, Safari 1, Windows XP IE8, Android 2.3, Java 7
server {
listen 80 default_server;
listen [::]:80 default_server;
# Redirect all HTTP requests to HTTPS with a 301 Moved Permanently response.
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
# certs sent to the client in SERVER HELLO are concatenated in ssl_certificate
ssl_certificate /path/to/signed_cert_plus_intermediates;
ssl_certificate_key /path/to/private_key;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
# Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
ssl_dhparam /path/to/dhparam.pem;
# intermediate configuration. tweak to your needs.
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
ssl_prefer_server_ciphers on;
# HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)
add_header Strict-Transport-Security max-age=15768000;
# OCSP Stapling ---
# fetch OCSP records from URL in ssl_certificate and cache them
ssl_stapling on;
ssl_stapling_verify on;
## verify chain of trust of OCSP response using Root CA and Intermediate certs
ssl_trusted_certificate /path/to/root_CA_cert_plus_intermediates;
resolver <IP DNS resolver>;
....
}Eski qo'llab-quvvatlash
Eng qadimgi qo'llab-quvvatlanadigan mijozlar: Windows XP IE6, Java 6
server {
listen 80 default_server;
listen [::]:80 default_server;
# Redirect all HTTP requests to HTTPS with a 301 Moved Permanently response.
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
# certs sent to the client in SERVER HELLO are concatenated in ssl_certificate
ssl_certificate /path/to/signed_cert_plus_intermediates;
ssl_certificate_key /path/to/private_key;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
# Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
ssl_dhparam /path/to/dhparam.pem;
# old configuration. tweak to your needs.
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:DES-CBC3-SHA:HIGH:SEED:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!RSAPSK:!aDH:!aECDH:!EDH-DSS-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!SRP';
ssl_prefer_server_ciphers on;
# HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)
add_header Strict-Transport-Security max-age=15768000;
# OCSP Stapling ---
# fetch OCSP records from URL in ssl_certificate and cache them
ssl_stapling on;
ssl_stapling_verify on;
## verify chain of trust of OCSP response using Root CA and Intermediate certs
ssl_trusted_certificate /path/to/root_CA_cert_plus_intermediates;
resolver <IP DNS resolver>;
....
}Har doim to'liq shifrlar to'plamidan va OpenSSLning eng so'nggi versiyasidan foydalanish tavsiya etiladi. Server sozlamalaridagi shifrlar to'plami mijoz sozlamalariga qarab, ulardan foydalanish ustuvorligini belgilaydi.
Tadqiqotlar shuni ko'rsatadiki, faqat HTTPS sertifikatini o'rnatish etarli emas. "Biz 2005 yildagidek cookie-fayllar bilan ishlamasak-da va "odobli TLS" odatiy holga aylangan bo'lsa-da, bu asosiy narsalar hayratlanarli darajada ko'p sonli juda mashhur saytlarni himoya qilish uchun etarli emasligi ma'lum bo'ldi." asar mualliflari. Server va mijoz o'rtasidagi kanalni ishonchli himoya qilish uchun siz o'zingizning subdomenlaringiz va sayt uchun kontent taqdim etiladigan uchinchi tomon xostlari infratuzilmasini diqqat bilan kuzatib borishingiz kerak. Ehtimol, axborot xavfsizligiga ixtisoslashgan ba'zi uchinchi tomon kompaniyasidan auditga buyurtma berish mantiqiydir.
Manba: www.habr.com