| Name: | Description: | Size: | Format: | |
|---|---|---|---|---|
| 12.21 MB | Adobe PDF |
Authors
Advisor(s)
Abstract(s)
Esta dissertação surge da constante evolução por parte das tecnologias e serviços e a dependência que temos destes sistemas. Com esta evolução, aparecem também novas oportunidades para os atacantes. Inúmeras vezes durante o dia acede-se ao correio eletrónico, navega-se pela Internet e efetuam-se operações sensíveis como transações bancárias com os protocolos SSL/TLS sempre presentes, confiando – pelo menos os utilizadores mais atentos – na sua eficácia na proteção que oferecem.
Mas afinal o que são estes protocolos e que segurança oferecem? Nos domínios web que os portugueses frequentam assiduamente, a inclusão destes protocolos é suficiente e confiável ou existe exposição às vulnerabilidades? Para responder a estas perguntas, efetuou-se um estudo sobre os protocolos SSL/TLS, cipher suite associada, certificados digitais e vulnerabilidades relacionadas, tendo como objetivo ilustrar boas práticas ou medidas de prevenção na aplicação destes protocolos.
Examinou-se soluções que ajudassem a identificar os problemas já mencionados com o intuito de recolher informações para executar uma análise e apresentar os resultados obtidos.
A solução preconizada irá auxiliar fundamentalmente os Administradores de Sistemas para elucidar eventuais ameaças com as configurações atuais e pontos a melhorar.
Propôs-se, portanto, um método de seleção, recolha e análise para avaliar a exposição dos portugueses aos domínios web que frequentam assiduamente e chegou-se à conclusão que não é possível garantir a partilha de informação de forma segura entre as partes envolvidas.
É importante reforçar e alertar não só os utilizadores portugueses como a população em geral para tomarem consciência e mais cuidado quando navegam na Internet, nunca desprezando as boas práticas tanto para administradores de sistemas (ou quem configura e disponibiliza os serviços) como para os utilizadores.
This thesis comes from the constant evolution of technologies and services, as well as from our reliance on those systems. With this evolution, new opportunities are created for attackers as well. We check our e-mail, browse the internet or perform sensitive operations online, like bank payments, several times throughout the day, with SSL/TLS protocols always there, while trusting - at least the savvier users - in their efficiency and protection. But what are these protocols and what safety do they guarantee? On the web domains Portuguese usually browse, is the use of these protocols sufficient and trustable or are they being exposed to vulnerabilities? To answer these questions, the author performed a study on the SSL/TLS protocols, cipher suite, algorithms, digital certificates and related vulnerabilities, having, as the main objective, to highlight good practices or preventive measures in these protocols’ application.The proposed solution will mainly assist System Administrators on what are the main threats with current configurations and where to improve these. It was proposed, as such, a method of collecting, processing and analysis to evaluate the exposure of Portuguese users to the web domains more frequently browsed which permitted to conclude that it is not currently possible to guarantee a safe flow of information between all parties involved. It is very important to improve and to alert not only Portuguese users but also other users in general to have a more cautious approach when browsing the internet, never dismissing on best practices, either for system administrators (or whoever is responsible for configuring and providing those services) or for end users.
This thesis comes from the constant evolution of technologies and services, as well as from our reliance on those systems. With this evolution, new opportunities are created for attackers as well. We check our e-mail, browse the internet or perform sensitive operations online, like bank payments, several times throughout the day, with SSL/TLS protocols always there, while trusting - at least the savvier users - in their efficiency and protection. But what are these protocols and what safety do they guarantee? On the web domains Portuguese usually browse, is the use of these protocols sufficient and trustable or are they being exposed to vulnerabilities? To answer these questions, the author performed a study on the SSL/TLS protocols, cipher suite, algorithms, digital certificates and related vulnerabilities, having, as the main objective, to highlight good practices or preventive measures in these protocols’ application.The proposed solution will mainly assist System Administrators on what are the main threats with current configurations and where to improve these. It was proposed, as such, a method of collecting, processing and analysis to evaluate the exposure of Portuguese users to the web domains more frequently browsed which permitted to conclude that it is not currently possible to guarantee a safe flow of information between all parties involved. It is very important to improve and to alert not only Portuguese users but also other users in general to have a more cautious approach when browsing the internet, never dismissing on best practices, either for system administrators (or whoever is responsible for configuring and providing those services) or for end users.
Description
Keywords
TLS SSL HTTPS Vulnerabilidades Segurança Internet Vulnerabilities Security