担心数据泄露吗？网络安全防护必杀技了解一下！

近几年，互联网发生着翻天覆地的变化，尤其是我们一直习以为常的HTTP协议，在逐渐被HTTPS协议所取代，在浏览器、搜索引擎、CA机构、大型互联网企业的共同推动下，互联网迎来了“全网HTTPS加密新时代”企业站点目前已全面开启HTTPS模式, 就连个人博客、登陆 Apple App Store 的App和微信的小程序等，也已经启用了全站HTTPS。HTTPS将在未来的几年内全面取代HTTP成为传输协议的主流。

HTTP的高安全隐患

HTTP的传输特点是明文传输，任何经过HTTP协议传输的数据都是未加密，谁都能看到的传输数据。HTTP明文传输给页面劫持、页面篡改、数据泄露、mu马注入等黒客行为提供了便利，所以用户隐私泄露的风险非常高。

常见的几种危害比较大的中间内容劫持形式如下：

1、获取无线用户的手机号和搜索内容并私下通过电话广告骚扰用户。

2、获取用户账号cookie，盗取账号有用信息。

3、在用户目的网站返回的内容里添加第三方内容，比如广告、钓鱼链接、植入mu马等。

HTTPS加密了什么？

HTTPS（HypertextTransfer Protocol Secure）安全超文本传输协议，它是由Netscape开发并内置于其浏览器中，用于对数据进行加解密操作，并返回网络上传送回的结果。简单讲就是是HTTP的安全版，即HTTP下加入SSL层，在SSL层对请求数据进行加密。HTTPS安全通信模式（HTTP+SSL/TLS），即使用TLS加密传输所有的HTTP协议。

HTTPS提供了内容加密、身份认证和数据完整性3大功能，目的就是为了加密数据，用于安全的数据传输。具体为：

一、数据保密性。保证内容在传输过程中不会被第三方查看到。

二、数据完整性。及时发现被第三方篡改的传输内容。

三、身份认证。对网站服务器进行真实身份认证，保证数据到达用户期望的目的地。

HTTPS 的信任继承基于预先安装在浏览器中的证书颁发机构，简称 CA。浏览器默认都会内置一些 CA 机构的根证书，只有可信任的 CA 机构颁发的证书，浏览器才会信任。

部署 HTTPS 的好处？

① 提高网站搜索排名：HTTPS的网站在搜索引擎中的排名表现更好。谷歌和百度都明确表示优先收录HTTPS 的网站。

② 符合PCI DSS合规：SSL是PCI合规性的关键组成部分

③ 提升网页加载速度：在 Velocity 的一次会议上，Load Impact 和 Mozilla 报告说，互联网用户可以通过 HTTP/2 优化比 HTTP/1.1 上的网站性能要好 50-70％。但是想用 HTTP/2 的性能优势，必须要先部署 HTTPS。

④ 符合国家信息安全等级保护：等保2.0对密码技术的使用提出了更高要求，通信传输应采用密码技术保证通信过程中敏感信息字段或整个报文的保密性，应开启HTTPS协议,并通过这些加密方式传输鉴别信息。

⑤ 符合iOS ATS 要求：苹果为了推广HTTPS，在 WWDC 2017 上也宣布新的 App 必须要开启 APS (App Transport Security)安全特性。

⑥ 更高的安全性：HTTPS网站可以防止用户隐私信息如用户名、密码、交易记录、居住信息等被窃取和纂改，最终保障网站数据传输安全。安装SSL证书后，浏览器内置安全机制，实时查验证书状态，通过浏览器向用户展示网站认证信息，从而让用户轻松验证网站真实身份，防止中间人劫持，识别欺诈、钓鱼等假冒网站。

⑦ 提高公司品牌形象和可信度：安装SSL证书的网站，浏览器会出现安全(或小锁图案)，沒安裝SSL证书的网站会出现不安全的提示 。

如果部署的是EV SSL证书，还会显示绿色地址栏和单位名称，告诉用户其访问的是安全、可信的站点，可以大大提升企业的品牌形象和可信度。

使用HTTPS的顾虑

申请繁琐：很多人会觉得HTTPS实施有门槛，这个门槛在于需要权威CA颁发的SSL证书。从证书的选择、申请、购买到部署，比较耗时耗力。

HTTPS性能消耗大：与纯文本通信相比，加密通信会消耗更多的CPU及内存资源。如果每次通信都加密，会消耗相当多的资源，但事实并非如此，用户可以通过性能优化、把证书部署在SLB或CDN，来解决此问题。经过优化后的许多页面性能与HTTP持平甚至还有小幅提升。

HTTPS运维难题：SSL证书管理耗费时间和精力。HTTPS网站出现的不安全外链、SSL漏洞以及由于疏忽造成的证书过期等运维难题。

目前，诸如51SSL等市面上的证书管理平台可从自主在线下单到整个证书的全生命周期管理平台。覆盖SSL证书的全部使用环节，做到一站式申请，在线支付，审核，下发，部署，管理；

In recent years, great changes have taken place in the Internet, especially the HTTP protocol, which we have always been used to, has been gradually replaced by HTTPS protocol. Under the joint promotion of browsers, search engines, CA institutions and large Internet enterprises, the Internet ushered in the "new era of HTTPS encryption for the whole network" enterprise site, which has now fully opened the HTTPS mode, Even personal blogs, apps that log in to the Apple App store, and wechat apps have enabled HTTPS for the whole site. HTTPS will replace HTTP as the mainstream of transport protocol in the next few years.

High security risks of HTTP

The transmission characteristic of HTTP is plaintext transmission. Any data transmitted through HTTP protocol is unencrypted and can be seen by anyone. HTTP plaintext transmission provides convenience for hackers' behaviors such as page hijacking, page tering, data disclosure, Mu horse injection, etc., so the risk of user privacy disclosure is very high.

The common forms of hijacking of intermediate content with great harm are as follows:

1. Obtain the mobile phone number and search content of wireless users and harass users privately through telephone advertisements.

2. Obtain the user account cookie and steal the useful information of the account.

3. Add third-party content to the content returned by the user's destination website, such as advertisement, fishing link, implantation of Mu horse, etc.

What does HTTPS encrypt?

HTTPS (Hypertext Transfer Protocol Secure) is a Secure Hypertext Transfer Protocol developed by Netscape and built into its browser. It is used to encrypt and decrypt data and return the results uploaded and returned by the network. Simply speaking, it is the secure version of HTTP, that is, SSL layer is added under HTTP to encrypt the request data in SSL layer. HTTPS secure communication mode (HTTP + SSL / TLS), which uses TLS encryption to transmit all HTTP protocols.

HTTPS provides three functions: content encryption, identity authentication and data integrity. The purpose is to encrypt data for secure data transmission. Specifically:

1、 Data confidentiality. Ensure that the content will not be viewed by a third party during transmission.

2、 Data integrity. Discover the transmission content tered by the third party in time.

3、 Authentication. To authenticate the real identity of the web server and ensure that the data reaches the desired destination.

The trust inheritance of HTTPS is based on the certification authority (CA) which is pre installed in the browser. By default, browsers will have built-in root certificates of some CA institutions. Only certificates issued by trusted CA institutions can browsers trust.

What are the benefits of deploying HTTPS?

① Improve website search ranking: HTTPS websites perform better in search engines. Google and Baidu both made it clear that they would give priority to HTTPS sites.

② PCI DSS compliance: SSL is a key part of PCI Compliance

③ Speed up Web loading: at a velocity conference, load impact and Mozilla reported that Internet users can perform 50-70% better through HTTP / 2 optimization than on HTTP / 1.1. But if you want to use the performance advantages of HTTP / 2, you must first deploy HTTPS.

④ In line with the national information security level protection: equal protection 2.0 puts forward higher requirements for the use of cryptographic technology. Cryptographic technology shall be used for communication transmission to ensure the confidentiality of sensitive information fields or the whole message in the communication process. HTTPS Protocol shall be opened and authentication information shall be transmitted through these encryption methods.

⑤ Meet the requirements of IOS ATS: in order to promote HTTPS, Apple also announced on WWDC 2017 that the new app must enable the APS (APP transport security) security feature.

⑥ Higher security: HTTPS website can prevent users' privacy information, such as user name, password, transaction record, residence information, etc., from being stolen and edited, and ultimately ensure the data transmission security of the website. After the SSL certificate is installed, the browser has built-in security mechanism to check the certificate status in real time, and display the website authentication information to users through the browser, so that users can easily verify the real identity of the website, prevent middleman hijacking, identify fraud, phishing and other fake websites.

⑦ Improve the brand image and credibility of the company: for the website with SSL certificate installed, the browser will show security (or small lock pattern), and the website without SSL certificate will show unsafe prompts.

If the EV SSL certificate is deployed, the green address bar and company name will be displayed to tell the user that they are visiting a secure and trusted site, which can greatly improve the brand image and credibility of the enterprise.

Concerns about using HTTPS

Cumbersome application: many people will feel that there is a threshold for HTTPS implementation. The threshold lies in the SSL certificate issued by an authoritative ca. From certificate selection, application, purchase to deployment, it is time-consuming and labor-consuming.

HTTPS consumes a lot of performance: compared with plain text communication, encrypted communication consumes more CPU and memory resources. If every communication is encrypted, a considerable amount of resources will be consumed, but this is not the case. Users can solve this problem by optimizing performance and deploying certificates in SLB or CDN. After optimization, the performance of many pages is equal to or even slightly improved with HTTP.

HTTPS operation and maintenance problem: SSL certificate management consumes time and energy. The operation and maintenance problems such as insecure external chain, SSL vulnerability and certificate expiration due to negligence of HTTPS website.

At present, the certificate management platform on the market, such as 51ssl, can go from independent online order to the whole certificate life cycle management platform. It covers all the use links of SSL certificate, achieving one-stop application, online payment, review, distribution, deployment and management;

--------------------------------------------------------------
主机参考，收集国内外VPS，VPS测评，主机测评，云服务器，虚拟主机，独立服务器，国内外服务器，高性价比建站主机相关优惠信息@zhujicankao.com
详细介绍和测评国外VPS主机,云服务器,国外服务器,国外主机的相关优惠信息,商家背景,网络带宽等等,也是目前国内最好的主机云服务器VPS参考测评资讯优惠信息分享平台

这几篇文章你可能也喜欢：

• 大数据时代如何保护信息安全？
• 安装ssl证书可以帮助企业抵御网络攻击(手机安装SSL证书后无法访问)。
• 网站数据是如何泄露的，如何保护网站数据安全？
• 密码立法:保障信息安全刻不容缓。
• 为什么学校教育机构容易受到网络攻击(学校会知道教育网上的投诉吗)

本文由主机参考刊发，转载请注明：担心数据泄露吗？网络安全防护必杀技了解一下！ https://zhujicankao.com/12891.html