"Guidelines for the Development of Government Websites" released, SSL certificates ensure the security of government websites

On June 8, 2015, the U.S. government also released the HTTPS-Only standard for the security of government public service websites, making HTTPS the federal security standard for its public websites in the United States, which greatly promoted the migration of U.S. government websites from HTTP to HTTPS. Safe process. my country's "Guidelines" also put forward clear requirements for encrypted transmission of websites, which is expected to promote the security construction of government websites. Security requirements for government websites in the "Guidelines" The "Guidelines" clearly put forward the following security requirements for government websites: Ÿ · Use symmetric and asymmetric encryption technology to double-encrypt website data Ÿ · Use cryptographic algorithms and products that comply with national password management policies and standards, and data transmitted through HTTP plaintext protocol is equivalent to "running naked" in the network, and is at any time at risk of being intercepted, tampered, and impersonated, while SSL/ The TLS protocol is designed to address these three risks. The SSL/TLS protocol is a security protocol that realizes network communication encryption. It can establish an encrypted channel between the client and the server to encrypt and transmit website data, prevent data from being stolen or tampered with, and improve the anti-tampering and anti-tampering of government websites. The ability to hijack and prevent leaks. [img]http://dl2.iteye.com/upload/attachment/0125/4548/8e254849-c4cd-3106-92ad-8434486ba2c5.png" alt="[/img] SSL certificate is a trusted certificate by a third party Issuing authority (Wotong CA), a digital certificate issued after authenticating the identity of the website server. After a website deploys a globally trusted SSL certificate, all browsers will automatically display website identity authentication information to users, allowing users to easily identify the real identity of government websites and prevent counterfeiting government websites.

























As shown in the figure below, the email system of the Information Center of the Ministry of Industry and Information Technology uses Wotong SuperTrue SSL Pre certificate, which can confirm the real identity of the website through the certificate details.

[img]http://dl2.iteye.com/upload/attachment/0125/4550/689f30bc-dfb1-3942-9c00-2bacba8d4b96.png" alt="[/img]


Ÿ 3)  Two-way authentication controls access rights


[ img]http://dl2.iteye.com/upload/attachment/0125/4552/f31545a2-f121-3337-adc4-76b242dcf404.png" alt="[/img] PKI/CA launched by Wotong


CA for the government Product outsourcing hosting services, so that the government does not need to invest in expensive PKI systems, nor need to equip professional PKI technical personnel, through the certificate management platform to manage various digital certificates required by government agencies, to achieve creation, generation, distribution, deployment, revocation, etc. Lifecycle management. SSL certificates can effectively solve security problems such as counterfeit websites, traffic hijacking, data leakage and data tampering, and have become the basic configuration of global website security construction. As of April 2017, Wotong CA has analyzed and counted 68,931 government websites that have been resolved to gov.cn. The results show that 88% of government websites have not deployed SSL certificates, 5% of government website certificates have expired or invalid, 4% of government websites deploy very insecure self-signed certificates, and only 3% deploy valid SSL certificates. However, there are still some deployment problems in websites that have deployed valid SSL certificates, such as the fact that the domain name bound to the certificate does not match the domain name of the website using the certificate.





[img]http://dl2.iteye.com/upload/attachment/0125/4554/8c5dadbe-caeb-34f2-bd53-aca120eb106e.png" alt="[/img]



[/b]