"Trong ky nguyen so hoa manh me nhu hien nay, moi hoat dong tu giao dich ngan hang, mua sam truc tuyen den trao doi thong tin ca nhan deu dien ra tren moi truong Internet. Chinh vi su tien loi ay, cau hoi ve do an toan va bao mat luon la moi quan tam hang dau cua nguoi dung. Va khi nhac den bao mat truc tuyen, khong the khong nhac den He thong bao mat SSL (Secure Sockets Layer) – nguoi hung tham lang dang bao ve du lieu cua chung ta moi ngay. Bai viet nay se di sau vao B8, kham pha vai tro, cach thuc hoat dong va tam quan trong khong the thieu cua SSL doi voi bat ky trang web uy tin nao.



B8.1: SSL La Gi va Vi Sao No Quan Trong Den The?



SSL, viet tat cua Secure Sockets Layer (hay phien ban ke nhiem la TLS - Transport Layer Security), khong chi la mot chung chi ky thuat kho khan. No la mot giao thuc ma hoa, mot loi cam ket ve su tin cay giua trinh duyet cua nguoi dung va may chu cua trang web.



Hay tuong tuong, khi ban nhap mat khau ngan hang, dia chi nha hay thong tin the tin dung, neu khong co SSL, nhung du lieu nay se di chuyen tren mang nhu mot buc thu duoc gui di ma khong can phong bi. Bat ky ai co ""tai mat"" tren duong truyen deu co the doc trom. SSL dong vai tro la chiec phong bi bao mat sieu cap do. No ma hoa du lieu thanh mot chuoi ky tu vo nghia ma chi trinh duyet va may chu co ""chia khoa"" moi giai ma duoc.



Tam quan trong cua SSL the hien ro qua hai khia canh cot loi: Bao mat Du lieu va Xay dung Long tin. Mot trang web khong co SSL (chi hien thi `http://`) se bi cac trinh duyet lon nhu Chrome, Firefox canh bao la ""Khong An toan"" ngay lap tuc, khien nguoi dung ngan ngai roi bo chi trong vai giay.



B8.2: Co Che Hoat Dong Bi An Cua SSL – Qua Trinh Bat Tay Ba Lan



De ma hoa thong tin mot cach hieu qua, SSL/TLS thuc hien mot quy trinh goi la ""Bat tay ba lan"" (Three-way Handshake). Day la mot qua trinh dam phan phuc tap nhung cuc ky nhanh chong:



1. Chao hoi (Client Hello): Trinh duyet cua ban gui mot thong diep toi may chu, thong bao rang no muon thiet lap ket noi an toan va liet ke cac phien ban SSL/TLS ma no ho tro.

2. Phan hoi va Chung thuc (Server Hello & Certificate Exchange): May chu tra loi bang cach chon phien ban bao mat tot nhat ma ca hai ben deu chap nhan. Quan trong hon, may chu gui Chung chi SSL cua minh. Chung chi nay chua Khoa Cong Khai (Public Key) cua may chu va duoc ky xac nhan boi mot To chuc Phat hanh Chung chi (CA) uy tin.

3. Trao doi Khoa Bi mat (Key Exchange): Dua tren thong tin nhan duoc, trinh duyet cua ban se tao ra mot khoa phien (Session Key) bi mat, sau do su dung Khoa Cong Khai cua may chu de ma hoa khoa phien nay va gui lai. May chu dung Khoa Rieng (Private Key) cua minh de giai ma va lay duoc khoa phien.



Ke tu giay phut nay tro di, moi du lieu trao doi giua ban va trang web deu duoc ma hoa bang khoa phien chung, dam bao tinh toan ven va bao mat tuyet doi cho phien giao dich do.



B8.3: Phan Loai Chung Chi SSL – Lua Chon Nao Phu Hop Voi Website Cua Ban?



Khong phai tat ca cac chung chi SSL deu giong nhau. Su khac biet nam o muc do xac thuc va pham vi bao ve. Viec lua chon dung loai SSL anh huong truc tiep den chi phi va uy tin thuong hieu:



Domain Validated (DV): Day la loai co ban nhat, chi xac minh quyen so huu ten mien. Thoi gian cap phat nhanh chong, phu hop cho blog ca nhan hoac cac trang web nho.

Organization Validated (OV): Doi hoi xac minh danh tinh phap ly cua to chuc so huu ten mien. Muc do tin cay cao hon, thich hop cho cac doanh nghiep va website thuong mai dien tu quy mo vua.

* Extended Validation (EV): Cap do bao mat va xac thuc cao nhat. EV yeu cau quy trinh tham dinh nghiem ngat nhat ve phap ly va van hanh. Tren cac trinh duyet cu, EV thuong hien thi ten cong ty mau xanh la cay noi bat (Green Bar), la bieu tuong toi thuong cua su tin cay.



B8.4: Tac Dong Cua SSL Doi Voi SEO – Yeu To Khong The Bo Qua



Google tu lau da tuyen bo SSL la mot tin hieu xep hang (ranking signal). Don gian ma noi, mot trang web bao mat bang HTTPS se duoc uu tien hien thi cao hon so voi cac doi thu cung chat luong noi dung nhung van dung HTTP.



Viec trien khai SSL khong chi giup ban tranh bi Google ""phat"" ma con cai thien cac chi so quan trong khac:



1. Giam Ty le Thoat (Bounce Rate): Nguoi dung an tam hon khi truy cap, it roi bo trang web ngay lap tuc.

2. Cai thien Toc do Tai trang: Cac phien ban SSL moi (nhu TLS 1.3) duoc toi uu hoa de thiet lap ket noi nhanh hon.

3. Tuan thu Tieu chuan Moi: Nhieu trinh duyet va dich vu yeu cau HTTPS de hoat dong day du tinh nang (vi du: API vi tri dia ly, thanh toan).



B8.5: SSL va Moi Lien He Voi Tinh Toan Ven Du Lieu



Bao mat khong chi dung lai o viec ngan chan ke gian nghe len. SSL con dam bao Tinh toan ven (Integrity) cua du lieu.



Trong qua trinh truyen tai, du lieu co the bi can thiep boi cac ben trung gian doc hai (Man-in-the-Middle Attack), nham muc dich thay doi noi dung trang web hoac chen them quang cao doc hai. SSL su dung cac ham bam mat ma (Cryptographic Hash Functions) de tao ra ""dau van tay"" cho goi du lieu. Neu du lieu bi thay doi du chi mot bit, dau van tay se khong khop, va ket noi se bi ngat ngay lap tuc, bao ve nguoi dung khoi noi dung bi gia mao.



B8.6: Lam The Nao De Kiem Tra Xem Website Da Co SSL Chuan Chua?



Viec xac dinh mot trang web co dang su dung SSL chuan hay khong vo cung don gian:



1. Quan sat Thanh Dia chi: Tim bieu tuong o khoa nho ben canh dia chi URL.

2. Kiem tra Giao thuc: Dia chi bat dau bang `https://` chu khong phai `http://`.

3. Kiem tra Chi tiet Chung chi: Nhap vao bieu tuong o khoa, ban co the xem thong tin ve nha cung cap CA, thoi han hieu luc va ten mien duoc cap phat. Dam bao chung chi nay hop le va chua het han.



Neu thieu mot trong cac yeu to tren, website cua ban dang hoat dong duoi muc bao mat toi thieu.



B8.7: Cap Nhat va Gia Han SSL – Duy Tri Su An Toan Lien Tuc



Chung chi SSL co thoi han su dung, thuong la 1 den 2 nam. Day la mot co che bao mat chu dong, buoc cac to chuc phai lien tuc xac minh lai danh tinh.



Nhieu nguoi dung thuong quen gia han, dan den viec chung chi het han dot ngot. Khi dieu nay xay ra, trinh duyet se hien thi canh bao loi nghiem trong cho nguoi truy cap, lam mat het long tin vua xay dung duoc, dong thoi lam giam thu hang SEO. Viec thiet lap nhac nho tu dong hoac su dung cac nha cung cap dich vu quan ly SSL la buoc di thong minh de duy tri ket noi an toan khong gian doan.



B8.8: Tuong Lai Cua Bao Mat – Su Tien Hoa Tu SSL Den TLS Hien Dai



Mac du thuat ngu SSL van duoc su dung rong rai, cong nghe dang sau no da phat trien manh me qua nhieu phien ban TLS (TLS 1.2, TLS 1.3). Cac phien ban moi hon loai bo cac thuat toan ma hoa loi thoi, kem an toan va tang cuong toc do thiet lap ket noi.



b8 Doi voi nguoi van hanh website, viec dam bao may chu luon duoc cau hinh de uu tien su dung TLS 1.3 la yeu to tien quyet de tan dung toi da cac tieu chuan bao mat moi nhat. SSL, du la ten goi cu, van la nen tang vung chac cho moi giao dich dien tu an toan hien nay, la lop ao giap khong the thieu de thuong hieu so cua ban luon vung vang truoc moi moi de doa."



Xem them: https://b8pro.cc