Google Analytics 是一个网站流量统计程式。我觉得对于一般人来说,Analytics 的功能太多了,里面有一些名词也不是很好懂,导致进到 Analytics 网站后很难找到想要查看的资料!
本网页的教学要带你查看 Analytics 里记录的“Referral”资料,这 Referral 资料可以让我们了解访客是从哪个网站转介到我们的网站。
张贴于Website
如何解决 TLS/SSL 使用了不安全的加密算法: ARCFOUR、CBC、HMAC-MD5、HMAC-RIPEMD160
弱点扫瞄
弱点: TLS Service Supports Weak Cipher Suite
Transport Layer Security (TLS), the successor to Secure Socket Layer (SSL), is a network protocol that encrypt communications between TLS servers (e.g., websites) and TLS clients (e.g., web browsers). Every communication is secured by a cipher suite: a combination of several algorithms working in concert. Cryptographic algorithms do not have a defined lifetime, but academics, researchers, and nation states are constantly evaluating them for weaknesses. Consensus on which algorithms are untrustworthy evolves over time, and if a communication is protected with a weak cipher suite then that communication can be altered or decrypted.
- Severity: Medium
- Risk: A TLS service was observed supporting weak cipher suites.
- Recommendation: Disable the cipher suites listed in the evidence column of the measurement.
如何解决 SSH Server 使用了不安全的加密算法: ARCFOUR、CBC、HMAC-MD5、HMAC-RIPEMD160
弱点扫瞄
弱点 1: SSH Supports Weak Cipher
The SSH server is configured to support either Arcfour or Cipher Block Chaining (CBC) mode cipher algorithms. SSH can be configured to use Counter (CTR) mode encryption instead of CBC. The use of Arcfour algorithms should be disabled.
- Severity: Medium
- Risk: A weak cipher has been detected.
- Recommendation: Configure the SSH server to disable Arcfour and CBC ciphers.
弱点 2: SSH Supports Weak MAC
The SSH server is configured to support MD5 algorithm. The cryptographic strength depends upon the size of the key and algorithm that is used. A Modern MAC algorithms such as SHA1 or SHA2 should be used instead.
- Severity: Medium
- Risk: A weak Message Authentication Code (MAC) algorithm has been detected.
- Recommendation: Configure the SSH server to disable the use of MD5.
如何解决 Web/Mail Server 使用了不安全的 SSL 通讯协定
弱点扫瞄
弱点: SSL/TLS Service Supports Weak Protocol
Transport Layer Security (TLS), the successor to Secure Socket Layer (SSL), is a network protocol that encrypt communications between TLS servers (e.g., websites) and TLS clients (e.g., web browsers). Every communication is secured by a cipher suite: a combination of several algorithms working in concert. Networking protocols do not have a defined lifetime, but academics, researchers, and nation states are constantly evaluating them for weaknesses. Consensus on which protocols are untrustworthy evolves over time, and if communications are sent with a weak protocol then that communication can be altered or decrypted.
- Severity: High
- Risk: A TLS service was observed supporting weak protocols.
- Recommendation: Disable the protocols listed in the evidence column of the measurement.
如何自动将网站的 http:// 网址转址为 https://
弱点扫瞄
弱点: Site does not enforce HTTPS
The site responds to HTTP requests without ultimately redirecting the browser to a secure version of the page. Since the site allows plaintext traffic, a man-in-the-middle attacker is able to read and modify any information passed between the site and the user. There are a variety of situations in which an attacker can intercept plaintext traffic in a man-in-the-middle position, including but not limited to:
- Open Wi-Fi Hotspots
- WPA/WPA2 encrypted hot-spots where the attacker connected before the victim
- Malicious Wi-Fi access points
- Compromised switches and routers
- ARP poisoning on the same wired network
It's important to remember that in many of the above situations, an attacker can not only read traffic, but also actively modify the traffic. Even if a site that does not contain sensitive information, an attacker can still inject malicious content to a user’s browser.
- Severity: High
- Risk: Site does not enforce the use of HTTPS encryption, leaving the user vulnerable to man-in-the-middle attackers (who can falsify data and inject malicious code).
- Recommendation: Any site served to a user (possibly at the end of a redirect chain) should be served over HTTPS.