Website security needs to be "visible". How to see if the website is safe

1 year ago (2023-12-27) Chief Editor
6 minutes
two hundred and sixty-four
zero

Original title: Website security needs to be "visible"

Today is the Programmer's Day. The author, as an old programmer, wrote a special article to reveal the masterpiece of the new programmers of the company - Zero Trust Browser, which is the first completely free national security browser in the world to support the transparency of the national security certificate and make the website safe "visible". I also take this article to wish all new and old programmers a happy holiday.

Whether a website is safe or not is generally invisible. In order to make the website visible to users, all browsers will prompt "unsafe" for the website accessed by http. This is to make the website visible to users. HTTP is a clear text transmission protocol. Various confidential information is transmitted in clear text from the browser to the server, which is very easy to be illegally stolen and tampered with. Therefore, the browser directly displays "Unsafe" in the address bar, so that users can "see"! The left figure below shows the "Unsafe" displayed by Google Chrome. Similarly, if the browser uses https to access the website, the encryption lock logo will be displayed, which is also to make the user "see" the "connection is secure" of the website. The following figure on the right shows the encryption lock and prompt "secure" displayed by Google Browser.

In my opinion, there are only two“ visible ”The design is not enough. Therefore, in addition to displaying "unsafe" for http websites and encryption locks for https websites, Zero Trust browser also adds five distinctive "visible" security, which can really help users see whether the website they are visiting is safe. As shown in the figure below.

The first "visible" security is the encryption lock identification

Different from the encryption lock identification of other browsers, click the encryption lock identification, and the Zero Trust browser will display the security rating of the website in real time, clearly telling the user how secure the website is. There are six security levels, namely, A, B, C, D, E, F, from SSL certificate, protocol support, key exchange, password strength Cloud WAF protection, trusted authentication and other six dimensions score the security level, the highest level is A+. At the same time, Zero Trust browser changed the "connection is secure" displayed by Google Browser to "connection is encrypted (SM2)", because deploying an SSL certificate only means that the connection from the browser to the server is encrypted, and deploying an SSL certificate does not mean security! The parentheses after "connection encrypted" show what encryption algorithm is used for this encrypted connection, such as RSA, ECC and SM2, among which SM2 is a domestic encryption algorithm.

The second "visible" security is the national security encryption mark

Specifically tell website visitors that the website has deployed a national security SSL certificate, and zero trust browser uses the national security algorithm SM2 to implement national security https encryption, so that users can see that the website is in compliance with national security. By clicking the national security encryption logo, you can not only see the prompt of "national security compliance, security compliance" on the website, but also explain the role of SM2/SM3/SM4 password algorithms.

At the same time, users can also see the national security certificate transparency logo, which clearly tells users whether the national security SSL certificate used for website national security encryption meets the national security certificate transparency requirements of Zero Trust browser. If the certificate contains a trusted certificate transparency list, "National Security Certificate Transparency" will be displayed, and the certificate transparency log server list will be listed. If the certificate transparent SCT data trusted by Zero Trust browser is not included, "National Security Certificate is not transparent" will be displayed. This one“ visible ”It is very important. It can effectively prevent the state secret SSL certificate issued maliciously for attack and fraud, so as to protect the security of the state secret SSL certificate itself. Only the state secret SSL certificate itself is secure and reliable, can it truly guarantee the security and credibility of the state secret https encryption.

The third "visible" security is the cloud WAF protection logo

Clearly tell website visitors that the website has cloud WAF protection, which is very important for website security. Cloud WAF protection will check whether each web connection is a malicious attack, release normal connections and intercept malicious connections, so as to effectively ensure the safe operation of the website. If a website only has https encryption without cloud WAF protection, it is still insecure.

Clicking the cloud WAF logo not only explicitly tells website visitors that the website has cloud WAF protection, but also "equal protection compliance", because cloud WAF protection is one of the requirements of equal protection compliance. At the same time, it will also show which service provider provides this cloud WAF protection, which can also enhance the confidence of website visitors in website security protection. The cloud WAF service integrated with the security cloud service of Zero Trust website is provided by the industry-leading Alibaba Cloud WAF.

The fourth "visible" security is the trusted identity authentication mark of the website

It clearly tells website visitors that the identity of the website has been authenticated, and the authentication level is T4, the highest trust level, which is equivalent to the extended verification of EV SSL certificate in international standards. Clicking the authentication mark will display the identity information of the website, including the company name, registration number, registration place and country. The second icon shows which authority is responsible for authentication of this website. It is generally a zero message browser or a third-party CA organization.

The trusted identity of the website is as important as https encryption, because a fake bank website is also likely to deploy a free DV SSL certificate so that the browser will display the encryption lock logo, which poses a security threat to website visitors and will mistakenly assume that other browsers are really secure when they prompt "security"! This is the main reason why Zero Message Browser does not display "Security" but instead changes to "Encrypted".

The fifth "visible" security is the green address bar and displays the unit name and country

This is also very important. Tell users the real identity of the website clearly and directly, regardless of what the company name of the website is claimed on the website page, the company name displayed on the address bar is the company name verified by a third party. The green address bar makes website visitors know that this website is a trusted and secure website. Previously, major browsers would display the green address bar for websites with EV SSL certificates, but it disappeared somehow. Zero letter browser brings the green address bar back to the user's view, which is very useful to prevent the website from being counterfeited. The bank only needs to tell its users that if they cannot see the green address bar, it must be a fake bank website, which is very useful, simple and practical. All Zero Trust website security cloud service users' websites are EV certified, and the green address bar will be displayed when using Zero Trust browser to access them.

It is believed that readers will pass the above 5“ visible ”The security of must be able to fully understand whether a website is safe, 5 security“ visible ”Add 1 "unsafe"“ visible ”, 6 in total“ visible ”It can effectively and efficiently help website visitors to understand the security situation of the website at a glance. These innovations are exclusively provided by Zero Message Browser globally, which can truly and effectively guarantee the security of website visitors. Users are welcome to download and use Zero Message Browser for free to protect their online security.

Go back to Sohu to see more

Editor in charge:

This article is written by: Chief Editor Published on Software Development of Little Turkey , please indicate the source for reprinting: //hongchengtech.cn/blog/3251.html
Kuke_WP editor
author

Related recommendations

1 year ago (2024-02-20)

How does the WeChat management system manage enterprise WeChat chat content, and chat records of enterprise WeChat administrator permissions

Original title: How does the WeChat management system manage enterprise WeChat chat content How does the enterprise WeChat chat content manage enterprise WeChat chat content? Most WeChat chat content viewers on the market are for private viewing, but viewing WeChat chat content in enterprises is also particularly important. Without the use of WeChat management system, many behaviors such as abusing customers, flying orders, and randomly promising customers are
six hundred and sixty-four
zero
1 year ago (2024-02-20)

Liaocheng Chiping District Sub branch of Agricultural Development Bank of China carried out the second online exercise of the new generation credit management system, and how to do a good job in credit work as a member of Agricultural Development Bank of China

Recently, Chiping District Sub branch of Agricultural Development Bank of China actively implemented the second phase online exercise of the new generation credit management system. In accordance with the requirements of the overall exercise plan issued by the superior bank, it carefully deployed, carefully organized, clearly defined the division of labor, strengthened the coordination and linkage between various departments, closely cooperated, and effectively performed various work responsibilities during the exercise. Chiping District Sub branch organized all staff of the Customer Department to participate in the online drill
four hundred and ninety-one
zero
1 year ago (2024-02-18)

Content marketing is hard to do? Zhiqu Baichuan teaches you how to easily build a content management system, and what needs to be done well in content marketing

Two days ago, we received an official email "to Baichuan to remove from the salesforce app store" - because the United States issued an administrative order on August 6, 2020, prohibiting "any WeChat related transactions", which came into effect 45 days after the administrative order was issued (that is, September 20). The "one-stop marketing cloud" provided by Zhiqu Baichuan includes
three hundred and forty-three
zero
1 year ago (2024-02-18)

Why Enterprise Content Management System?, Why did you choose Business Management

As paper has almost disappeared, your company's important documents and information need to be digitized, stored and used in a way that supports processes and workflows. Through the enterprise content management (ECM) system, you can better manage enterprise content and choose a more interactive way to process the information of the entire enterprise. Do you check the internal documents, invoices, training materials, contracts, finance
two hundred and eighty-nine
zero

comment

0 people have participated in the review

Scan code to add WeChat

contact us

WeChat: Kuzhuti
Online consultation: