SlideShare a Scribd company logo

020618 Why Do we Need HTTPS

J
Jackio Kwok

專業資訊保安協會 (PISA) 楊和生先生

Education
1 of 23
Download to read offline
Why Do We Need HTTPS
Topics • Background of HTTPS • Discussion on SSL/TLS • Major Implementations and Issues • Digital Certificate • Advanced Configurations
Benefit of Using HTTPS Improve the network communication security Improve the ranking in Google Improve the branding
SSL & TLS • a protocol for establishing an encrypted connection between a client and a server • well-known version is SSL 3.0 • a legacy term Secure Sockets Layer (SSL) • improvement of SSL using stronger encryption algorithms • recent version is TLS 1.3 for better performance and security • secure sites are using TLS 1.2 or 1.1 at the moment Transport Layer Security (TLS)
Applications of SSL/TLS • Web (i.e. the HTTPS) • Email • POP3 over SSL/TLS (i.e. port 995) • IMAP4 over SSL/TLS (i.e. port 993) • SMTP over SSL/TLS (i.e. port 465) • Any applications that are encrypting the network traffic • antivirus software gets update from vendor’s server • mobile apps • syncing information between smartphone and manufacturer
SSL/TLS Implementations OpenSSL LibreSSL BoringSSL GnuTLS
Security of the SSL/TLS • Protocols Vulnerabilities • BEAST • CRIME • Heartbleed • POODLE • BREACH • FREAK • Logjam • NOMORE • DROWN • Bar Mitzvah • SWEET32 • Operations Risk • Patch Management • Trustworthy of Digital Certificates • Protection of Keys • Configuration of the Protocols (Cipher Suite) • Configuration of Servers • version, setting, patches
Cipher Suites Firefox 27, Chrome 30, IE 11 on Windows 7, Edge, Opera 17, Safari 9, Android 5.0, Java 8 Modern Compatibility Firefox 1, Chrome 1, IE 7, Opera 5, Safari 1, Windows XP IE8, Android 2.3, Java 7 Intermediate Compatibility Windows XP IE6, Java 6Old:
Mozilla SSL Configuration Generator https://mozilla.github.io/server-side- tls/ssl-config-generator/
Digital Certificate • is required to exchange information securely over the Internet using the Public Key Infrastructure (PKI)
How to Get a Certificate 1. Filling a Certificate Signing Request (CSR) 2. Submit to CA to validate our identity 3. CA send back the necessary file to configure the web server
Certificate Authorities •Symantec, GoDaddy, GlobalSign, GeoTrust, Rapid SSL, Thawte, DigiCert, Comodo, Hongkong Post, Let’s Encrypt … … •Self-signed
Distrust Symantec Certificates Browser Version Release Date Action Chrome 65 6 Mar 2018 Distrusts the certs issued before 1 Dec 2017 66 17 Apr 2018 Distrusts the certs issued before 1 Jun 2016 70 30 Aug 2018 Distrusts all certs signed with Symantec hierarchy Firefox 60 9 May 2018 Distrusts the certs issued before 1 Jun 2016 63 16 Oct 2018 Distrusts all certs signed with Symantec hierarchy Microsoft No Plan Yet Safari No Plan Yet
Action Required if …
Credibility of CAs • Mozilla removed CNNIC CA certificate in the Firefox 37 + • Google removed CAs StartCom and WoSign in the Chrome 56 +
Certificate Types by Trustworthiness • DV - Domain Validated • OV - Organization Validated • EV - Extended Validation
Certificate Types by Features • Wildcard Certificate • *.example.com • secure unlimited number of sub-domains with a single SSL certificate • Multi Domain SSL (SAN) Certificate • UCC Certificate • for Exchange Servers • Multiple Domains • Code Signing Certificate • Document Signing Certificate • Personal Certificate
How Does SSL/TLS Work (simplified) 1. Client makes a connection to Server 2. Server sends a certificate to Client 3. Client validates that the certificate: • signed by an organization it trusts • name is match • not expired • not in the blacklist 4. Then client generates a random key, encrypts it with the public key in the certificate, and sends it back to the server 5. Server decrypts the key and uses this shared secret to secure further communications
Test the HTTPS Configurations • Qualys SSL Labs tool: https://www.ssllabs.com/ssltest
Advanced Configuration - HSTS • HTTP Strict Transport Security • cache the certificate for a designated period in browsers • connect via HTTPS only • Support in Apache & Nginx Web Servers • Domain owners can submit to https://hstspreload.org
020618 Why Do we Need HTTPS
020618 Why Do we Need HTTPS

Recommended

OpenSSL
OpenSSLOpenSSL
OpenSSLTimbal Mayank
 
Credential store using HashiCorp Vault
Credential store using HashiCorp VaultCredential store using HashiCorp Vault
Credential store using HashiCorp VaultMayank Patel
 
Webservice security considerations and measures
Webservice security considerations and measuresWebservice security considerations and measures
Webservice security considerations and measuresMaarten Smeets
 
Hashitalks 2021 - How the Dynamic Duo of Vault and Puppet Tame SSL Certificates
Hashitalks 2021 - How the Dynamic Duo of Vault and Puppet Tame SSL CertificatesHashitalks 2021 - How the Dynamic Duo of Vault and Puppet Tame SSL Certificates
Hashitalks 2021 - How the Dynamic Duo of Vault and Puppet Tame SSL CertificatesNick Maludy
 
Web security
Web securityWeb security
Web securityGreater Noida Institute Of Technology
 
e-Xpert Gate / Reverse Proxy - WAF 1ere génération
e-Xpert Gate / Reverse Proxy - WAF 1ere génératione-Xpert Gate / Reverse Proxy - WAF 1ere génération
e-Xpert Gate / Reverse Proxy - WAF 1ere générationSylvain Maret
 
SSl/TLS Analysis
SSl/TLS AnalysisSSl/TLS Analysis
SSl/TLS AnalysisDuduman Bogdan Vlad
 
Deep Dive In To Kerberos
Deep Dive In To KerberosDeep Dive In To Kerberos
Deep Dive In To KerberosIshan A B Ambanwela
 

Recommended

OpenSSL
OpenSSLOpenSSL
OpenSSLTimbal Mayank
 
Credential store using HashiCorp Vault
Credential store using HashiCorp VaultCredential store using HashiCorp Vault
Credential store using HashiCorp VaultMayank Patel
 
Webservice security considerations and measures
Webservice security considerations and measuresWebservice security considerations and measures
Webservice security considerations and measuresMaarten Smeets
 
Hashitalks 2021 - How the Dynamic Duo of Vault and Puppet Tame SSL Certificates
Hashitalks 2021 - How the Dynamic Duo of Vault and Puppet Tame SSL CertificatesHashitalks 2021 - How the Dynamic Duo of Vault and Puppet Tame SSL Certificates
Hashitalks 2021 - How the Dynamic Duo of Vault and Puppet Tame SSL CertificatesNick Maludy
 
Web security
Web securityWeb security
Web securityGreater Noida Institute Of Technology
 
e-Xpert Gate / Reverse Proxy - WAF 1ere génération
e-Xpert Gate / Reverse Proxy - WAF 1ere génératione-Xpert Gate / Reverse Proxy - WAF 1ere génération
e-Xpert Gate / Reverse Proxy - WAF 1ere générationSylvain Maret
 
SSl/TLS Analysis
SSl/TLS AnalysisSSl/TLS Analysis
SSl/TLS AnalysisDuduman Bogdan Vlad
 
Deep Dive In To Kerberos
Deep Dive In To KerberosDeep Dive In To Kerberos
Deep Dive In To KerberosIshan A B Ambanwela
 
Toronto MuleSoft Meetup: Virtual Meetup #3
Toronto MuleSoft Meetup: Virtual Meetup #3Toronto MuleSoft Meetup: Virtual Meetup #3
Toronto MuleSoft Meetup: Virtual Meetup #3Alexandra N. Martinez
 
SSL Secure socket layer
SSL Secure socket layerSSL Secure socket layer
SSL Secure socket layerAhmed Elnaggar
 
12 web security
12 web security12 web security
12 web securityStephenKardian
 
Let's get started with passwordless authentication using windows hello in you...
Let's get started with passwordless authentication using windows hello in you...Let's get started with passwordless authentication using windows hello in you...
Let's get started with passwordless authentication using windows hello in you...Chris Ryu
 
SSL/TLS
SSL/TLSSSL/TLS
SSL/TLSpavansmiles
 
SSL overview
SSL overviewSSL overview
SSL overviewTodd Benson (I.T. SPECIALIST and I.T. SECURITY)
 
Basics of ssl
Basics of sslBasics of ssl
Basics of ssln|u - The Open Security Community
 
Secure Gate / Reverse Proxy - WAF 1ere génération / Datelec
Secure Gate / Reverse Proxy - WAF 1ere génération / DatelecSecure Gate / Reverse Proxy - WAF 1ere génération / Datelec
Secure Gate / Reverse Proxy - WAF 1ere génération / DatelecSylvain Maret
 
Ethereum Development Tools
Ethereum Development ToolsEthereum Development Tools
Ethereum Development ToolsNagesh Subrahmanyam
 
The Rise of Secrets Management
The Rise of Secrets ManagementThe Rise of Secrets Management
The Rise of Secrets ManagementAkeyless
 
Token, token... From SAML to OIDC
Token, token... From SAML to OIDCToken, token... From SAML to OIDC
Token, token... From SAML to OIDCShiu-Fun Poon
 
Ihor Bliumental - WebSockets
Ihor Bliumental - WebSocketsIhor Bliumental - WebSockets
Ihor Bliumental - WebSocketsOWASP Kyiv
 
ITProceed 2015 - Securing Sensitive Data with Azure Key Vault
ITProceed 2015 - Securing Sensitive Data with Azure Key VaultITProceed 2015 - Securing Sensitive Data with Azure Key Vault
ITProceed 2015 - Securing Sensitive Data with Azure Key VaultTom Kerkhove
 
SSL Certificates and Operations
SSL Certificates and OperationsSSL Certificates and Operations
SSL Certificates and OperationsNisheed KM
 
Proxy server
Proxy serverProxy server
Proxy serverDlovan Salih
 
Alfresco DevCon 2019: Encryption at-rest and in-transit
Alfresco DevCon 2019: Encryption at-rest and in-transitAlfresco DevCon 2019: Encryption at-rest and in-transit
Alfresco DevCon 2019: Encryption at-rest and in-transitToni de la Fuente
 
Securing sensitive data with Azure Key Vault
Securing sensitive data with Azure Key VaultSecuring sensitive data with Azure Key Vault
Securing sensitive data with Azure Key VaultTom Kerkhove
 
WordCamp Raleigh 2017 - Move from HTTP to HTTPS or become irrelevant - Peter ...
WordCamp Raleigh 2017 - Move from HTTP to HTTPS or become irrelevant - Peter ...WordCamp Raleigh 2017 - Move from HTTP to HTTPS or become irrelevant - Peter ...
WordCamp Raleigh 2017 - Move from HTTP to HTTPS or become irrelevant - Peter ...Peter LaFond
 
All you need to know about transport layer security
All you need to know about transport layer securityAll you need to know about transport layer security
All you need to know about transport layer securityMaarten Smeets
 
Certificate pinning in android applications
Certificate pinning in android applicationsCertificate pinning in android applications
Certificate pinning in android applicationsArash Ramez
 
Webinar SSL English
Webinar SSL EnglishWebinar SSL English
Webinar SSL EnglishSSL247®
 
#MoreCrypto : Introduction to TLS
#MoreCrypto : Introduction to TLS#MoreCrypto : Introduction to TLS
#MoreCrypto : Introduction to TLSOlle E Johansson
 

More Related Content

What's hot

Toronto MuleSoft Meetup: Virtual Meetup #3
Toronto MuleSoft Meetup: Virtual Meetup #3Toronto MuleSoft Meetup: Virtual Meetup #3
Toronto MuleSoft Meetup: Virtual Meetup #3Alexandra N. Martinez
 
SSL Secure socket layer
SSL Secure socket layerSSL Secure socket layer
SSL Secure socket layerAhmed Elnaggar
 
Let's get started with passwordless authentication using windows hello in you...
Let's get started with passwordless authentication using windows hello in you...Let's get started with passwordless authentication using windows hello in you...
Let's get started with passwordless authentication using windows hello in you...Chris Ryu
 
Secure Gate / Reverse Proxy - WAF 1ere génération / Datelec
Secure Gate / Reverse Proxy - WAF 1ere génération / DatelecSecure Gate / Reverse Proxy - WAF 1ere génération / Datelec
Secure Gate / Reverse Proxy - WAF 1ere génération / DatelecSylvain Maret
 
The Rise of Secrets Management
The Rise of Secrets ManagementThe Rise of Secrets Management
The Rise of Secrets ManagementAkeyless
 
Token, token... From SAML to OIDC
Token, token... From SAML to OIDCToken, token... From SAML to OIDC
Token, token... From SAML to OIDCShiu-Fun Poon
 
Ihor Bliumental - WebSockets
Ihor Bliumental - WebSocketsIhor Bliumental - WebSockets
Ihor Bliumental - WebSocketsOWASP Kyiv
 
ITProceed 2015 - Securing Sensitive Data with Azure Key Vault
ITProceed 2015 - Securing Sensitive Data with Azure Key VaultITProceed 2015 - Securing Sensitive Data with Azure Key Vault
ITProceed 2015 - Securing Sensitive Data with Azure Key VaultTom Kerkhove
 
SSL Certificates and Operations
SSL Certificates and OperationsSSL Certificates and Operations
SSL Certificates and OperationsNisheed KM
 
Alfresco DevCon 2019: Encryption at-rest and in-transit
Alfresco DevCon 2019: Encryption at-rest and in-transitAlfresco DevCon 2019: Encryption at-rest and in-transit
Alfresco DevCon 2019: Encryption at-rest and in-transitToni de la Fuente
 
Securing sensitive data with Azure Key Vault
Securing sensitive data with Azure Key VaultSecuring sensitive data with Azure Key Vault
Securing sensitive data with Azure Key VaultTom Kerkhove
 
WordCamp Raleigh 2017 - Move from HTTP to HTTPS or become irrelevant - Peter ...
WordCamp Raleigh 2017 - Move from HTTP to HTTPS or become irrelevant - Peter ...WordCamp Raleigh 2017 - Move from HTTP to HTTPS or become irrelevant - Peter ...
WordCamp Raleigh 2017 - Move from HTTP to HTTPS or become irrelevant - Peter ...Peter LaFond
 

What's hot (18)

Toronto MuleSoft Meetup: Virtual Meetup #3
Toronto MuleSoft Meetup: Virtual Meetup #3Toronto MuleSoft Meetup: Virtual Meetup #3
Toronto MuleSoft Meetup: Virtual Meetup #3
 
SSL Secure socket layer
SSL Secure socket layerSSL Secure socket layer
SSL Secure socket layer
 
12 web security
12 web security12 web security
12 web security
 
Let's get started with passwordless authentication using windows hello in you...
Let's get started with passwordless authentication using windows hello in you...Let's get started with passwordless authentication using windows hello in you...
Let's get started with passwordless authentication using windows hello in you...
 
SSL/TLS
SSL/TLSSSL/TLS
SSL/TLS
 
SSL overview
SSL overviewSSL overview
SSL overview
 
Basics of ssl
Basics of sslBasics of ssl
Basics of ssl
 
Secure Gate / Reverse Proxy - WAF 1ere génération / Datelec
Secure Gate / Reverse Proxy - WAF 1ere génération / DatelecSecure Gate / Reverse Proxy - WAF 1ere génération / Datelec
Secure Gate / Reverse Proxy - WAF 1ere génération / Datelec
 
Ethereum Development Tools
Ethereum Development ToolsEthereum Development Tools
Ethereum Development Tools
 
The Rise of Secrets Management
The Rise of Secrets ManagementThe Rise of Secrets Management
The Rise of Secrets Management
 
Token, token... From SAML to OIDC
Token, token... From SAML to OIDCToken, token... From SAML to OIDC
Token, token... From SAML to OIDC
 
Ihor Bliumental - WebSockets
Ihor Bliumental - WebSocketsIhor Bliumental - WebSockets
Ihor Bliumental - WebSockets
 
ITProceed 2015 - Securing Sensitive Data with Azure Key Vault
ITProceed 2015 - Securing Sensitive Data with Azure Key VaultITProceed 2015 - Securing Sensitive Data with Azure Key Vault
ITProceed 2015 - Securing Sensitive Data with Azure Key Vault
 
SSL Certificates and Operations
SSL Certificates and OperationsSSL Certificates and Operations
SSL Certificates and Operations
 
Proxy server
Proxy serverProxy server
Proxy server
 
Alfresco DevCon 2019: Encryption at-rest and in-transit
Alfresco DevCon 2019: Encryption at-rest and in-transitAlfresco DevCon 2019: Encryption at-rest and in-transit
Alfresco DevCon 2019: Encryption at-rest and in-transit
 
Securing sensitive data with Azure Key Vault
Securing sensitive data with Azure Key VaultSecuring sensitive data with Azure Key Vault
Securing sensitive data with Azure Key Vault
 
WordCamp Raleigh 2017 - Move from HTTP to HTTPS or become irrelevant - Peter ...
WordCamp Raleigh 2017 - Move from HTTP to HTTPS or become irrelevant - Peter ...WordCamp Raleigh 2017 - Move from HTTP to HTTPS or become irrelevant - Peter ...
WordCamp Raleigh 2017 - Move from HTTP to HTTPS or become irrelevant - Peter ...
 

Similar to 020618 Why Do we Need HTTPS

All you need to know about transport layer security
All you need to know about transport layer securityAll you need to know about transport layer security
All you need to know about transport layer securityMaarten Smeets
 
Certificate pinning in android applications
Certificate pinning in android applicationsCertificate pinning in android applications
Certificate pinning in android applicationsArash Ramez
 
Webinar SSL English
Webinar SSL EnglishWebinar SSL English
Webinar SSL EnglishSSL247®
 
#MoreCrypto : Introduction to TLS
#MoreCrypto : Introduction to TLS#MoreCrypto : Introduction to TLS
#MoreCrypto : Introduction to TLSOlle E Johansson
 
Certificates, PKI, and SSL/TLS for infrastructure builders and operators
Certificates, PKI, and SSL/TLS for infrastructure builders and operatorsCertificates, PKI, and SSL/TLS for infrastructure builders and operators
Certificates, PKI, and SSL/TLS for infrastructure builders and operatorsDavid Ochel
 
SSL certificates in the Oracle Database without surprises
SSL certificates in the Oracle Database without surprisesSSL certificates in the Oracle Database without surprises
SSL certificates in the Oracle Database without surprisesNelson Calero
 
presentation2-151203145018-lva1-app6891.pdf
presentation2-151203145018-lva1-app6891.pdfpresentation2-151203145018-lva1-app6891.pdf
presentation2-151203145018-lva1-app6891.pdfGumanSingh10
 
HTTPS presentation at Port80 Sydney meetup March 2016
HTTPS presentation at Port80 Sydney meetup March 2016HTTPS presentation at Port80 Sydney meetup March 2016
HTTPS presentation at Port80 Sydney meetup March 2016Jason Stangroome
 
15 intro to ssl certificate & pki concept
15 intro to ssl certificate & pki concept15 intro to ssl certificate & pki concept
15 intro to ssl certificate & pki conceptMostafa El Lathy
 
Dr. Omar Ali Alibrahim - Ssl talk
Dr. Omar Ali Alibrahim - Ssl talkDr. Omar Ali Alibrahim - Ssl talk
Dr. Omar Ali Alibrahim - Ssl talkpromediakw
 
An Introduction to DANE - Securing TLS using DNSSEC
An Introduction to DANE - Securing TLS using DNSSECAn Introduction to DANE - Securing TLS using DNSSEC
An Introduction to DANE - Securing TLS using DNSSECCarlos Martinez Cagnazzo
 
ch1 eriht eriotery erogyteip ergy7.ppt
ch1 eriht eriotery erogyteip ergy7.pptch1 eriht eriotery erogyteip ergy7.ppt
ch1 eriht eriotery erogyteip ergy7.pptSonukumarRawat
 
Secure socket layer
Secure socket layerSecure socket layer
Secure socket layerBU
 
Securing TCP connections using SSL
Securing TCP connections using SSLSecuring TCP connections using SSL
Securing TCP connections using SSLSagar Mali
 

Similar to 020618 Why Do we Need HTTPS (20)

All you need to know about transport layer security
All you need to know about transport layer securityAll you need to know about transport layer security
All you need to know about transport layer security
 
Certificate pinning in android applications
Certificate pinning in android applicationsCertificate pinning in android applications
Certificate pinning in android applications
 
Webinar SSL English
Webinar SSL EnglishWebinar SSL English
Webinar SSL English
 
#MoreCrypto : Introduction to TLS
#MoreCrypto : Introduction to TLS#MoreCrypto : Introduction to TLS
#MoreCrypto : Introduction to TLS
 
SSL Everywhere!
SSL Everywhere!SSL Everywhere!
SSL Everywhere!
 
Certificates, PKI, and SSL/TLS for infrastructure builders and operators
Certificates, PKI, and SSL/TLS for infrastructure builders and operatorsCertificates, PKI, and SSL/TLS for infrastructure builders and operators
Certificates, PKI, and SSL/TLS for infrastructure builders and operators
 
Symantec SSL Explained
Symantec SSL ExplainedSymantec SSL Explained
Symantec SSL Explained
 
SSL certificates in the Oracle Database without surprises
SSL certificates in the Oracle Database without surprisesSSL certificates in the Oracle Database without surprises
SSL certificates in the Oracle Database without surprises
 
SSL
SSLSSL
SSL
 
presentation2-151203145018-lva1-app6891.pdf
presentation2-151203145018-lva1-app6891.pdfpresentation2-151203145018-lva1-app6891.pdf
presentation2-151203145018-lva1-app6891.pdf
 
HTTPS presentation at Port80 Sydney meetup March 2016
HTTPS presentation at Port80 Sydney meetup March 2016HTTPS presentation at Port80 Sydney meetup March 2016
HTTPS presentation at Port80 Sydney meetup March 2016
 
15 intro to ssl certificate & pki concept
15 intro to ssl certificate & pki concept15 intro to ssl certificate & pki concept
15 intro to ssl certificate & pki concept
 
Dr. Omar Ali Alibrahim - Ssl talk
Dr. Omar Ali Alibrahim - Ssl talkDr. Omar Ali Alibrahim - Ssl talk
Dr. Omar Ali Alibrahim - Ssl talk
 
An Introduction to DANE - Securing TLS using DNSSEC
An Introduction to DANE - Securing TLS using DNSSECAn Introduction to DANE - Securing TLS using DNSSEC
An Introduction to DANE - Securing TLS using DNSSEC
 
CRYPTOGRAPHY AND NETWORK SECURITY- Transport-level Security
CRYPTOGRAPHY AND NETWORK SECURITY- Transport-level SecurityCRYPTOGRAPHY AND NETWORK SECURITY- Transport-level Security
CRYPTOGRAPHY AND NETWORK SECURITY- Transport-level Security
 
Unit -- 5.ppt
Unit -- 5.pptUnit -- 5.ppt
Unit -- 5.ppt
 
Web security
Web securityWeb security
Web security
 
ch1 eriht eriotery erogyteip ergy7.ppt
ch1 eriht eriotery erogyteip ergy7.pptch1 eriht eriotery erogyteip ergy7.ppt
ch1 eriht eriotery erogyteip ergy7.ppt
 
Secure socket layer
Secure socket layerSecure socket layer
Secure socket layer
 
Securing TCP connections using SSL
Securing TCP connections using SSLSecuring TCP connections using SSL
Securing TCP connections using SSL
 

Recently uploaded

Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon ACrayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon AUnboundStockton
 
Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Sakshi Ghasle
 
Final demo Grade 9 for demo Plan dessert.pptx
Final demo Grade 9 for demo Plan dessert.pptxFinal demo Grade 9 for demo Plan dessert.pptx
Final demo Grade 9 for demo Plan dessert.pptxAvyJaneVismanos
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformChameera Dedduwage
 
ENGLISH5 QUARTER4 MODULE1 WEEK1-3 How Visual and Multimedia Elements.pptx
ENGLISH5 QUARTER4 MODULE1 WEEK1-3 How Visual and Multimedia Elements.pptxENGLISH5 QUARTER4 MODULE1 WEEK1-3 How Visual and Multimedia Elements.pptx
ENGLISH5 QUARTER4 MODULE1 WEEK1-3 How Visual and Multimedia Elements.pptxAnaBeatriceAblay2
 
internship ppt on smartinternz platform as salesforce developer
internship ppt on smartinternz platform as salesforce developerinternship ppt on smartinternz platform as salesforce developer
internship ppt on smartinternz platform as salesforce developerunnathinaik
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxNirmalaLoungPoorunde1
 
Mastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionMastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionSafetyChain Software
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Krashi Coaching
 
Blooming Together_ Growing a Community Garden Worksheet.docx
Blooming Together_ Growing a Community Garden Worksheet.docxBlooming Together_ Growing a Community Garden Worksheet.docx
Blooming Together_ Growing a Community Garden Worksheet.docxUnboundStockton
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)eniolaolutunde
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxmanuelaromero2013
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13Steve Thomason
 
History Class XII Ch. 3 Kinship, Caste and Class (1).pptx
History Class XII Ch. 3 Kinship, Caste and Class (1).pptxHistory Class XII Ch. 3 Kinship, Caste and Class (1).pptx
History Class XII Ch. 3 Kinship, Caste and Class (1).pptxsocialsciencegdgrohi
 
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
Pharmacognosy Flower 3. Compositae 2023.pdf
Pharmacognosy Flower 3. Compositae 2023.pdfPharmacognosy Flower 3. Compositae 2023.pdf
Pharmacognosy Flower 3. Compositae 2023.pdfMahmoud M. Sallam
 
Proudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxProudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxthorishapillay1
 

Recently uploaded (20)

Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon ACrayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon A
 
Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application )
 
Final demo Grade 9 for demo Plan dessert.pptx
Final demo Grade 9 for demo Plan dessert.pptxFinal demo Grade 9 for demo Plan dessert.pptx
Final demo Grade 9 for demo Plan dessert.pptx
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy Reform
 
Staff of Color (SOC) Retention Efforts DDSD
Staff of Color (SOC) Retention Efforts DDSDStaff of Color (SOC) Retention Efforts DDSD
Staff of Color (SOC) Retention Efforts DDSD
 
ENGLISH5 QUARTER4 MODULE1 WEEK1-3 How Visual and Multimedia Elements.pptx
ENGLISH5 QUARTER4 MODULE1 WEEK1-3 How Visual and Multimedia Elements.pptxENGLISH5 QUARTER4 MODULE1 WEEK1-3 How Visual and Multimedia Elements.pptx
ENGLISH5 QUARTER4 MODULE1 WEEK1-3 How Visual and Multimedia Elements.pptx
 
internship ppt on smartinternz platform as salesforce developer
internship ppt on smartinternz platform as salesforce developerinternship ppt on smartinternz platform as salesforce developer
internship ppt on smartinternz platform as salesforce developer
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptx
 
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
 
Mastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionMastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory Inspection
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
 
Blooming Together_ Growing a Community Garden Worksheet.docx
Blooming Together_ Growing a Community Garden Worksheet.docxBlooming Together_ Growing a Community Garden Worksheet.docx
Blooming Together_ Growing a Community Garden Worksheet.docx
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptx
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13
 
History Class XII Ch. 3 Kinship, Caste and Class (1).pptx
History Class XII Ch. 3 Kinship, Caste and Class (1).pptxHistory Class XII Ch. 3 Kinship, Caste and Class (1).pptx
History Class XII Ch. 3 Kinship, Caste and Class (1).pptx
 
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
 
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
 
Pharmacognosy Flower 3. Compositae 2023.pdf
Pharmacognosy Flower 3. Compositae 2023.pdfPharmacognosy Flower 3. Compositae 2023.pdf
Pharmacognosy Flower 3. Compositae 2023.pdf
 
Proudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxProudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptx
 

020618 Why Do we Need HTTPS

  • 2. Topics • Background of HTTPS • Discussion on SSL/TLS • Major Implementations and Issues • Digital Certificate • Advanced Configurations
  • 3. Benefit of Using HTTPS Improve the network communication security Improve the ranking in Google Improve the branding
  • 4.
  • 5. SSL & TLS • a protocol for establishing an encrypted connection between a client and a server • well-known version is SSL 3.0 • a legacy term Secure Sockets Layer (SSL) • improvement of SSL using stronger encryption algorithms • recent version is TLS 1.3 for better performance and security • secure sites are using TLS 1.2 or 1.1 at the moment Transport Layer Security (TLS)
  • 6. Applications of SSL/TLS • Web (i.e. the HTTPS) • Email • POP3 over SSL/TLS (i.e. port 995) • IMAP4 over SSL/TLS (i.e. port 993) • SMTP over SSL/TLS (i.e. port 465) • Any applications that are encrypting the network traffic • antivirus software gets update from vendor’s server • mobile apps • syncing information between smartphone and manufacturer
  • 8. Security of the SSL/TLS • Protocols Vulnerabilities • BEAST • CRIME • Heartbleed • POODLE • BREACH • FREAK • Logjam • NOMORE • DROWN • Bar Mitzvah • SWEET32 • Operations Risk • Patch Management • Trustworthy of Digital Certificates • Protection of Keys • Configuration of the Protocols (Cipher Suite) • Configuration of Servers • version, setting, patches
  • 9. Cipher Suites Firefox 27, Chrome 30, IE 11 on Windows 7, Edge, Opera 17, Safari 9, Android 5.0, Java 8 Modern Compatibility Firefox 1, Chrome 1, IE 7, Opera 5, Safari 1, Windows XP IE8, Android 2.3, Java 7 Intermediate Compatibility Windows XP IE6, Java 6Old:
  • 11. Digital Certificate • is required to exchange information securely over the Internet using the Public Key Infrastructure (PKI)
  • 12. How to Get a Certificate 1. Filling a Certificate Signing Request (CSR) 2. Submit to CA to validate our identity 3. CA send back the necessary file to configure the web server
  • 13. Certificate Authorities •Symantec, GoDaddy, GlobalSign, GeoTrust, Rapid SSL, Thawte, DigiCert, Comodo, Hongkong Post, Let’s Encrypt … … •Self-signed
  • 14. Distrust Symantec Certificates Browser Version Release Date Action Chrome 65 6 Mar 2018 Distrusts the certs issued before 1 Dec 2017 66 17 Apr 2018 Distrusts the certs issued before 1 Jun 2016 70 30 Aug 2018 Distrusts all certs signed with Symantec hierarchy Firefox 60 9 May 2018 Distrusts the certs issued before 1 Jun 2016 63 16 Oct 2018 Distrusts all certs signed with Symantec hierarchy Microsoft No Plan Yet Safari No Plan Yet
  • 16. Credibility of CAs • Mozilla removed CNNIC CA certificate in the Firefox 37 + • Google removed CAs StartCom and WoSign in the Chrome 56 +
  • 17. Certificate Types by Trustworthiness • DV - Domain Validated • OV - Organization Validated • EV - Extended Validation
  • 18. Certificate Types by Features • Wildcard Certificate • *.example.com • secure unlimited number of sub-domains with a single SSL certificate • Multi Domain SSL (SAN) Certificate • UCC Certificate • for Exchange Servers • Multiple Domains • Code Signing Certificate • Document Signing Certificate • Personal Certificate
  • 19. How Does SSL/TLS Work (simplified) 1. Client makes a connection to Server 2. Server sends a certificate to Client 3. Client validates that the certificate: • signed by an organization it trusts • name is match • not expired • not in the blacklist 4. Then client generates a random key, encrypts it with the public key in the certificate, and sends it back to the server 5. Server decrypts the key and uses this shared secret to secure further communications
  • 20. Test the HTTPS Configurations • Qualys SSL Labs tool: https://www.ssllabs.com/ssltest
  • 21. Advanced Configuration - HSTS • HTTP Strict Transport Security • cache the certificate for a designated period in browsers • connect via HTTPS only • Support in Apache & Nginx Web Servers • Domain owners can submit to https://hstspreload.org