Shulou(Shulou.com)06/01 Report--

It is believed that many people have encountered the right domain name, but ended up on a phishing website, where security incidents such as user data leakage, traffic hijacking, page tampering and so on occur frequently.

In the face of such a situation, use IIS7 website monitoring to check the domain name input to see if there is hijacking and DNS contamination. It is necessary to use this method for real-time inspection.

After Baidu enabled HTTPS encryption on the whole site, Tmall Mall, a Taobao website under Alibaba, also enabled HTTPS on the whole site. In the past few years, Google has changed Google search, Gmail, YouTube and other products from HTTP protocol to encrypted HTTPS version protocol. In December 2015, it announced that it will adjust the index system of Google search, and the adjusted index system will make HTTPS web pages the priority index object. Why can the HTTPS of the whole station achieve the effect of anti-hijacking and tampering? what are the advantages?

What is HTTPS? let's simply popularize it first. Please skim over what you know.

HTTPS (Secure Hypertext Transfer Protocol) secure Hypertext transfer Protocol is a secure communication channel developed based on HTTP for exchanging information between client computers and servers. It uses secure Sockets layer (SSL) for information exchange. To put it simply, it is the secure version of HTTP, the HTTP protocol encrypted using TLS/SSL.

HTTP protocol uses plaintext to transmit information, and there is a risk of information eavesdropping, information tampering and information hijacking, while the protocol TLS/SSL has the functions of identity authentication, information encryption and integrity check, which can avoid such problems.

TLS/SSL, the full name of secure Transport layer Protocol (Transport Layer Security), is a layer of security protocol between TCP and HTTP, which does not affect the original TCP protocol and HTTP protocol, so there is basically no need to modify HTTP pages to use HTTPS.

In the previous article, the principle and advantages of HTTPS are discussed, but it is necessary to pay a price by adding new protocols to achieve more secure communication. The performance loss of HTTPS protocol is mainly reflected in consuming more CPU resources and increasing delay.

The characteristic of HTTPS delay is that the closer the service node is, the smaller the delay is, and the CDN is naturally closest to the user, so choosing CDN as the entrance to HTTPS access will greatly reduce the access delay. However, because HTTPS protocol requires complex encryption and decryption operations, compared with HTTP protocol, encryption and decryption will consume a lot of computing resources, and encryption and decryption will also consume longer transmission time, which makes HTTPS websites face greater challenges in the process of loading and transmission than ordinary HTTP websites.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.