The Berenstain Bears and the Truth
معرفی کتاب «The Berenstain Bears and the Truth» نوشتهٔ Ivan، Ristić و Berenstain, Stan; Berenstain, Jan، منتشرشده توسط نشر 2011 در سال 2011. این کتاب در فرمت pdf، زبان انگلیسی ارائه شده است.
SSL/TLS is the cornerstone of security on the Internet, but understanding it and using it are not simple tasks. Quite the contrary; mistakes are easy to make and can often fully compromise security. Bulletproof SSL and TLS is the first SSL book written with users in mind. It is the book you will want to read if you need to assess risks related to website encryption, manage keys and certificates, configure secure servers, and deploy secure web applications. Bulletproof SSL and TLS is based on several years of work researching SSL and how SSL is used in real life, implementing and supporting a comprehensive assessment tool running on the SSL Labs website ((https://www.ssllabs.com) https://www.ssllabs.com ), and assessing most of the public SSL servers on the Internet. The assessment tool helped many site owners identify and solve issues with their SSL deployments. The intent of this book is to provide a definitive reference for SSL deployment that is full of practical and relevant information. Table of Contents 4 Scope and Audience 17 Contents 18 SSL versus TLS 20 SSL Labs 20 Online Resources 21 Feedback 22 About the Author 22 Acknowledgments 22 Chapter 1: SSL, TLS, and Cryptography 24 Transport Layer Security 24 Networking Layers 25 Protocol History 26 Cryptography 27 Building Blocks 28 Symmetric Encryption 28 Stream Ciphers 30 Block Ciphers 31 Padding 32 Hash Functions 32 Message Authentication Codes 33 Block Cipher Modes 34 Electronic Codebook Mode 34 Cipher Block Chaining Mode 34 Asymmetric Encryption 35 Digital Signatures 36 Random Number Generation 37 Protocols 38 Attacking Cryptography 39 Measuring Strength 40 Man-in-the-Middle Attack 41 Gaining Access 42 Passive Attacks 43 Active Attacks 44 Chapter 2: Protocol 46 Record Protocol 47 Handshake Protocol 48 Full Handshake 49 ClientHello 51 ServerHello 52 Certificate 53 ServerKeyExchange 53 ServerHelloDone 54 ClientKeyExchange 54 ChangeCipherSpec 54 Finished 54 Client Authentication 55 CertificateRequest 56 CertificateVerify 57 Session Resumption 57 Key Exchange 58 RSA Key Exchange 61 Diffie-Hellman Key Exchange 61 Elliptic Curve Diffie-Hellman Key Exchange 63 Authentication 64 Encryption 65 Stream Encryption 65 Block Encryption 66 Authenticated Encryption 67 Renegotiation 68 Application Data Protocol 70 Alert Protocol 70 Connection Closure 70 Cryptographic Operations 71 Pseudorandom Function 71 Master Secret 71 Key Generation 72 Cipher Suites 72 Extensions 75 Application Layer Protocol Negotiation 76 Certificate Transparency 76 Elliptic Curve Capabilities 77 Heartbeat 78 Next Protocol Negotiation 79 Secure Renegotiation 80 Server Name Indication 80 Session Tickets 81 Signature Algorithms 82 OCSP Stapling 82 Protocol Limitations 83 Differences between Protocol Versions 83 SSL 3 83 TLS 1.0 84 TLS 1.1 84 TLS 1.2 85 Chapter 3: Public-Key Infrastructure 86 Internet PKI 86 Standards 88 Certificates 89 Certificate Fields 90 Certificate Extensions 91 Certificate Chains 94 Relying Parties 95 Certification Authorities 97 Certificate Lifecycle 97 Revocation 99 Weaknesses 99 Root Key Compromise 102 Ecosystem Measurements 103 Improvements 105 Chapter 4: Attacks against PKI 109 VeriSign Microsoft Code-Signing Certificate 109 Thawte login.live.com 110 StartCom Breach (2008) 111 CertStar (Comodo) Mozilla Certificate 111 RapidSSL Rogue CA Certificate 112 Chosen-Prefix Collision Attack 114 Construction of Colliding Certificates 114 Predicting the Prefix 116 What Happened Next 118 Comodo Resellers Breaches 118 StartCom Breach (2011) 120 DigiNotar 121 Public Discovery 121 Fall of a Certification Authority 121 Man-in-the-Middle Attacks 124 ComodoHacker Claims Responsibility 125 DigiCert Sdn. Bhd. 126 Flame 127 Flame against Windows Update 128 Flame against Windows Terminal Services 129 Flame against MD5 129 TURKTRUST 131 ANSSI 132 Widespread SSL Interception 133 Gogo 133 Superfish and Friends 134 Chapter 5: HTTP and Browser Issues 136 Sidejacking 136 Cookie Stealing 138 Cookie Manipulation 139 Understanding HTTP Cookies 140 Cookie Manipulation Attacks 141 Cookie Eviction 141 Direct Cookie Injection 142 Cookie Injection From Related Hostnames 142 Getting the First Cookie 143 Overwriting Cookies Using Related Hostnames 144 Overwriting Cookies Using Fake Related Hostnames 144 Impact 145 Mitigation 145 SSL Stripping 146 MITM Certificates 148 Certificate Warnings 149 Why So Many Invalid Certificates? 150 Effectiveness of Certificate Warnings 152 Click-Through Warnings versus Exceptions 153 Mitigation 154 Security Indicators 154 Mixed Content 156 Root Causes 157 Impact 159 Browser Treatment 159 Prevalence of Mixed Content 161 Mitigation 162 Extended Validation Certificates 163 Certificate Revocation 164 Inadequate Client-Side Support 164 Key Issues with Revocation-Checking Standards 165 Certificate Revocation Lists 166 Issues with CRL Size 166 Client-Side Support for CRLs 167 CRL Freshness 168 Online Certificate Status Protocol 169 OCSP Replay Attacks 169 OCSP Response Suppression 169 Client-Side OCSP Support 170 Responder Availability and Performance 170 Chapter 6: Implementation Issues 173 Certificate Validation Flaws 174 Library and Platform Validation Failures 174 Application Validation Failures 177 Hostname Validation Issues 178 Random Number Generation 180 Netscape Navigator (1994) 180 Debian (2006) 181 Insufficient Entropy on Embedded Devices 182 Heartbleed 184 Impact 185 Mitigation 186 FREAK 187 Export Cryptography 188 Attack 188 Impact and Mitigation 191 Protocol Downgrade Attacks 192 Rollback Protection in SSL 3 193 Interoperability Problems 194 Version Intolerance 194 Extension Intolerance 195 Other Interoperability Problems 195 Voluntary Protocol Downgrade 196 Rollback Protection in TLS 1.0 and Better 198 Attacking Voluntary Protocol Downgrade 199 Modern Rollback Defenses 199 Truncation Attacks 201 Truncation Attack History 202 Cookie Cutting 202 Deployment Weaknesses 204 Virtual Host Confusion 205 TLS Session Cache Sharing 206 Chapter 7: Protocol Attacks 207 Insecure Renegotiation 207 Why Was Renegotiation Insecure? 208 Triggering the Weakness 209 Attacks against HTTP 210 Execution of Arbitrary GET Requests 210 Credentials Theft 211 User Redirection 212 Cross-Site Scripting 213 Attacks against Other Protocols 213 Insecure Renegotiation Issues Introduced by Architecture 214 Impact 214 Mitigation 214 Discovery and Remediation Timeline 215 BEAST 217 How the Attack Works 217 ECB Oracle 218 CBC with Predictable IV 218 Practical Attack 220 Client-Side Mitigation 221 Server-Side Mitigation 223 History 224 Impact 225 Compression Side Channel Attacks 227 How the Compression Oracle Works 227 History of Attacks 229 CRIME 230 TIME 231 BREACH 233 Attack Details 234 Impact against TLS Compression and SPDY 236 Impact against HTTP Response Compression 237 Mitigation of Attacks against TLS and SPDY 238 Mitigation of Attacks against HTTP Compression 239 Lucky 13 240 What Is a Padding Oracle? 240 Attacks against TLS 241 Impact 242 Mitigation 243 RC4 Weaknesses 244 Key Scheduling Weaknesses 244 Early Single-Byte Biases 245 Biases across the First 256 Bytes 246 Double-Byte Biases 248 Improved Attacks against Passwords 249 Mitigation: RC4 versus BEAST, Lucky 13, and POODLE 249 Triple Handshake Attack 250 The Attack 251 Step 1: Unknown Key-Share Weakness 251 Step 2: Full Synchronization 253 Step 3: Impersonation 254 Impact 254 Prerequisites 255 Mitigation 256 POODLE 257 Practical Attack 260 Impact 261 Mitigation 262 Bullrun 263 Dual Elliptic Curve Deterministic Random Bit Generator 264 Chapter 8: Deployment 266 Key 266 Key Algorithm 266 Key Size 267 Key Management 268 Certificate 269 Certificate Type 269 Certificate Hostnames 270 Certificate Sharing 270 Signature Algorithm 271 Certificate Chain 272 Revocation 273 Choosing the Right Certificate Authority 273 Protocol Configuration 274 Cipher Suite Configuration 275 Server cipher suite preference 275 Cipher Strength 276 Forward Secrecy 276 Performance 277 Interoperability 277 Server Configuration and Architecture 278 Shared Environments 278 Virtual Secure Hosting 278 Session Caching 279 Complex Architectures 279 Issue Mitigation 281 Renegotiation 281 BEAST (HTTP) 281 CRIME (HTTP) 281 Lucky 13 282 RC4 282 TIME and BREACH (HTTP) 283 Triple Handshake Attack 284 Heartbleed 284 Pinning 285 HTTP 285 Making Full Use of Encryption 285 Cookie Security 286 Backend Certificate and Hostname Validation 286 HTTP Strict Transport Security 286 Content Security Policy 287 Protocol Downgrade Protection 287 Chapter 9: Performance Optimization 288 Latency and Connection Management 289 TCP Optimization 290 Initial Congestion Window Tuning 291 Preventing Slow Start When Idle 291 Connection Persistence 291 SPDY, HTTP 2.0, and Beyond 293 Content Delivery Networks 294 TLS Protocol Optimization 296 Key Exchange 296 Certificates 300 Revocation Checking 301 Session Resumption 302 Transport Overhead 303 Symmetric Encryption 305 TLS Record Buffering Latency 307 Interoperability 309 Hardware Acceleration 309 Denial of Service Attacks 310 Key Exchange and Encryption CPU Costs 311 Client-Initiated Renegotiation 312 Optimized TLS Denial of Service Attacks 312 Chapter 10: HSTS, CSP, and Pinning 314 HTTP Strict Transport Security 314 Configuring HSTS 315 Ensuring Hostname Coverage 316 Cookie Security 317 Attack Vectors 318 Robust Deployment Checklist 319 Browser Support 321 Privacy Implications 322 Content Security Policy 322 Preventing Mixed Content Issues 323 Policy Testing 324 Reporting 325 Browser Support 325 Pinning 326 What to Pin? 327 Where to Pin? 328 Should You Use Pinning? 329 Pinning in Native Applications 330 Private Backends 330 Public Backends 331 Chrome Public Key Pinning 331 Microsoft Enhanced Mitigation Experience Toolkit 333 Public Key Pinning Extension for HTTP 333 Reporting 334 Deployment without Enforcement 335 DANE 335 DANE Use Cases 336 Implementation 337 Certificate Usage 337 Selector 337 Matching Type 338 Certificate Association Data 338 Deployment 338 Application Support 339 Trust Assertions for Certificate Keys (TACK) 339 Certification Authority Authorization 340 Chapter 11: OpenSSL 342 Getting Started 343 Determine OpenSSL Version and Configuration 343 Building OpenSSL 344 Examine Available Commands 345 Building a Trust Store 347 Conversion Using Perl 347 Conversion Using Go 348 Key and Certificate Management 348 Key Generation 349 Creating Certificate Signing Requests 352 Creating CSRs from Existing Certificates 354 Unattended CSR Generation 354 Signing Your Own Certificates 355 Creating Certificates Valid for Multiple Hostnames 355 Examining Certificates 356 Key and Certificate Conversion 359 PEM and DER Conversion 360 PKCS#12 (PFX) Conversion 360 PKCS#7 Conversion 362 Configuration 362 Cipher Suite Selection 362 Obtaining the List of Supported Suites 362 Keywords 364 Combining Keywords 367 Building Cipher Suite Lists 367 Keyword Modifiers 368 Sorting 368 Handling Errors 369 Putting It All Together 369 Recommended Configuration 372 Performance 374 Creating a Private Certification Authority 377 Features and Limitations 377 Creating a Root CA 378 Root CA Configuration 378 Root CA Directory Structure 381 Root CA Generation 382 Structure of the Database File 382 Root CA Operations 382 Create a Certificate for OCSP Signing 383 Creating a Subordinate CA 384 Subordinate CA Configuration 384 Subordinate CA Generation 386 Subordinate CA Operations 386 Chapter 12: Testing with OpenSSL 388 Connecting to SSL Services 388 Testing Protocols that Upgrade to SSL 393 Using Different Handshake Formats 393 Extracting Remote Certificates 393 Testing Protocol Support 394 Testing Cipher Suite Support 395 Testing Servers that Require SNI 396 Testing Session Reuse 396 Checking OCSP Revocation 398 Testing OCSP Stapling 400 Checking CRL Revocation 401 Testing Renegotiation 403 Testing for the BEAST Vulnerability 405 Testing for Heartbleed 406 Chapter 13: Configuring Apache 410 Installing Apache with Static OpenSSL 411 Enabling TLS 412 Configuring TLS Protocol 413 Configuring Keys and Certificates 414 Configuring Multiple Keys 415 Wildcard and Multisite Certificates 416 Virtual Secure Hosting 417 Reserving Default Sites for Error Messages 419 Forward Secrecy 420 OCSP Stapling 421 Configuring OCSP Stapling 421 Handling Errors 422 Using a Custom OCSP Responder 423 Configuring Ephemeral DH Key Exchange 423 TLS Session Management 424 Standalone Session Cache 424 Standalone Session Tickets 425 Distributed Session Caching 426 Distributed Session Tickets 428 Disabling Session Tickets 428 Client Authentication 430 Mitigating Protocol Issues 431 Insecure Renegotiation 431 BEAST 432 CRIME 432 Deploying HTTP Strict Transport Security 432 Monitoring Session Cache Status 433 Logging Negotiated TLS Parameters 434 Advanced Logging with mod_sslhaf 435 Chapter 14: Configuring Java and Tomcat 438 Java Cryptography Components 438 Strong and Unlimited Encryption 439 Provider Configuration 440 Features Overview 440 Protocol Vulnerabilities 441 Interoperability Issues 442 Tuning via Properties 443 Common Error Messages 446 Certificate Chain Issues 446 Server Hostname Mismatch 447 Client Diffie-Hellman Limitations 447 Server Name Indication Intolerance 448 Strict Secure Renegotiation Failures 448 Protocol Negotiation Failure 448 Handshake Format Incompatibility 449 Securing Java Web Applications 449 Enforcing Encryption 449 Securing Web Application Cookies 450 Securing Web Session Cookies 450 Deploying HTTP Strict Transport Security 451 Using Strong Protocols on the Client Side 451 Revocation Checking 454 Common Keystore Operations 454 Keystore Layout 454 Creating a Key and a Self-Signed Certificate 455 Creating a Certificate Signing Request 457 Importing Certificates 457 Converting Existing Certificates 458 Importing Client Root Certificates 459 Tomcat 459 Configuring TLS Handling 463 External TLS Termination 464 JSSE Configuration 465 Forward Secrecy 467 Configuration with Java 8 467 APR and OpenSSL Configuration 468 Global OpenSSL Configuration 469 Chapter 15: Configuring Microsoft Windows and IIS 471 Schannel 471 Features Overview 471 Protocol Vulnerabilities 473 Interoperability Issues 474 Microsoft Root Certificate Program 476 Managing System Trust Stores 476 Importing a Trusted Certificate 477 Blacklisting Trusted Certificates 477 Disabling the Auto-Update of Root Certificates 477 Configuration 478 Schannel Configuration 478 Protocol Configuration 478 Cipher Suite Algorithm Selection 479 Cipher Suite Configuration 480 Key and Signature Restrictions 482 Using CertUtil to Manipulate Cryptographic Policy 485 Recording Weak Certificate Chains 486 Complete Policy Example 487 Configuring Renegotiation 488 Configuring Session Caching 489 Monitoring Session Caching 490 FIPS 140-2 491 Configuring FIPS 492 Third-Party Utilities 493 Securing ASP.NET Web Applications 494 Enforcing SSL Usage 494 Securing Cookies 495 Securing Session Cookies and Forms Authentication 495 Deploying HTTP Strict Transport Security 496 Internet Information Server 497 Managing Keys and Certificates 498 Creating a Custom IIS Management Console 498 IIS Certificate Management 499 Creating a Self-Signed Certificate 500 Importing a Certificate 500 Requesting Certificates from a Public CA 500 Completing Certificate Signing Requests 501 Configuring SSL Sites 501 Advanced Options 502 Chapter 16: Configuring Nginx 504 Installing Nginx with Static OpenSSL 505 Enabling TLS 505 Configuring TLS Protocol 506 Configuring Keys and Certificates 506 Configuring Multiple Keys 507 Wildcard and Multisite Certificates 507 Virtual Secure Hosting 508 Reserving Default Sites for Error Messages 509 Forward Secrecy 510 OCSP Stapling 510 Configuring OCSP Stapling 511 Using a Custom OCSP Responder 512 Manual Configuration of OCSP Responses 512 Configuring Ephemeral DH Key Exchange 513 Configuring Ephemeral ECDH Key Exchange 514 TLS Session Management 514 Standalone Session Cache 514 Standalone Session Tickets 515 Distributed Session Cache 516 Distributed Session Tickets 516 Disabling Session Tickets 517 Client Authentication 518 Mitigating Protocol Issues 519 Insecure Renegotiation 519 BEAST 519 CRIME 520 Deploying HTTP Strict Transport Security 520 Tuning TLS Buffers 521 Logging 521 Chapter 17: Summary 523 Index 524 Bulletproof SSL and TLS is a complete guide to using SSL and TLS encryption to deploy secure servers and web applications. Written by Ivan Ristic, the author of the popular SSL Labs web site, this book will teach you everything you need to know to protect your systems from eavesdropping and impersonation attacks.In this book, you'll find just the right mix of theory, protocol detail, vulnerability and weakness information, and deployment advice to get your job done:* Comprehensive coverage of the ever-changing field of SSL/TLS and Internet PKI, with updates to the digital version * For IT security professionals, help to understand the risks * For system administrators, help to deploy systems securely * For developers, help to design and implement secure web applications * Practical and concise, with added depth when details are relevant * Introduction to cryptography and the latest TLS protocol version * Discussion of weaknesses at every level, covering implementation issues, HTTP and browser problems, and protocol vulnerabilities * Coverage of the latest attacks, such as BEAST, CRIME, BREACH, Lucky 13, RC4 biases, Triple Handshake Attack, and Heartbleed * Thorough deployment advice, including advanced technologies, such as Strict Transport Security, Content Security Policy, and pinning * Guide to using OpenSSL to generate keys and certificates and to create and run a private certification authority * Guide to using OpenSSL to test servers for vulnerabilities * Practical advice for secure server configuration using Apache httpd, IIS, Java, Nginx, Microsoft Windows, and Tomcat This book is available in paperback and a variety of digital formats without DRM. **Digital version of Bulletproof SSL and TLS can be obtained directly from the author, at feistyduck.com.** " Bulletproof SSL and TLS is a complete guide to using SSL and TLS encryption to deploy secure servers and web applications. Written by Ivan Ristic, the author of the popular SSL Labs web site, this book will teach you everything you need to know to protect your systems from eavesdropping and impersonation attacks. In this book, you'll find just the right mix of theory, protocol detail, vulnerability and weakness information, and deployment advice to get your job done: Comprehensive coverage of the ever-changing field of SSL/TLS and Internet PKI, with updates to the digital version; For IT security professionals, help to understand the risks; For system administrators, help to deploy systems securely; For developers, help to design and implement secure web applications; Practical and concise, with added depth when details are relevant; Introduction to cryptography and the latest TLS protocol version; Discussion of weaknesses at every level, covering implementation issues, HTTP and browser problems, and protocol vulnerabilities; Coverage of the latest attacks, such as BEAST, CRIME, BREACH, Lucky 13, RC4 biases, Triple Handshake Attack, and Heartbleed; Thorough deployment advice, including advanced technologies, such as Strict Transport Security, Content Security Policy, and pinning; Guide to using OpenSSL to generate keys and certificates and to create and run a private certification authority; Guide to using OpenSSL to test servers for vulnerabilities; Practical advice for secure server configuration using Apache httpd, IIS, Java, Nginx, Microsoft Windows, and Tomcat"--Publisher's description
دانلود کتاب The Berenstain Bears and the Truth