"伺服器難以抵禦 BEAST 攻擊。"
Browser Exploit Against SSL/TLS (BEAST) 攻擊影響 SSL 2.0、SSL 3.0 和 TLS 1.0 通訊協定,讓壞份子將網頁瀏覽器和網站之間的 SSL 加密或 TLS 加密的工作階段的內容解密。攻擊者會利用區塊式加密套件中的弱點。
這是用戶端側攻擊,其中的攻擊者需要控制"受害者"的瀏覽器。大多數瀏覽器難以抵禦 BEAST 攻擊。
在 BEAST 攻擊中,攻擊者扮演 man-in-the-middle (中間的男人),使用特別設計的純文字輸入,將網頁瀏覽器和網站之間的 SSL 加密或 TLS 加密的工作階段的內容解密。此類型的攻擊允許攻擊者復原敏感資料 (例如 HTTP 驗證 Cookie)。
在您伺服器的 SSL/TLS 組態中,停用所有區塊式加密套件。如果您無法在伺服器上和瀏覽器中啟用 TLS 1.2 或 TLS 1.3,僅限使用此因應措施。
DigiCert is the world's leading provider of scalable TLS/SSL, IoT and PKI solutions for identity and encryption. The most innovative companies, including 89% of the Fortune 500 and 97 of the 100 top global banks, choose DigiCert for its expertise in identity and encryption for web servers and Internet of Things devices. DigiCert supports TLS and other digital certificates for PKI deployments at any scale through its certificate lifecycle management solution, CertCentral®. The company is recognized for its enterprise-grade certificate management platform, fast and knowledgeable customer support, and market-leading security solutions. For the latest DigiCert news and updates, visit digicert.com or follow @digicert.
©2020 DigiCert, Inc. All rights reserved. DigiCert, its logo and CertCentral are registered trademarks of DigiCert, Inc. Norton and the Checkmark Logo are trademarks of NortonLifeLock Inc. used under license. Other names may be trademarks of their respective owners.