Showing posts with label Security. Show all posts
Showing posts with label Security. Show all posts

Saturday, August 12, 2017

NSS Labs NGFW Security Value Map Report (2017, 2016, 2014, 2013, 2012, 2011)


It is good to compare with Gartner Magic Quadrant for Enterprise Network Firewall (2017, 2016, 2015, 2014, 2013, 2011, 2010) or Gartner Magic Quadrant for UTM (2017, 2016, 2015, 2014, 2013, 2012, 2010,...)

End users are finding that NGFWs are no longer as limiting in their performance or capability trade-offs as they once were. NSS Labs discovered that many enterprises are choosing NGFW over traditional firewalls for a variety of reasons without feeling that they are compromising on features or performance. Some NGFW solutions scale to tens of gigabits which satisfies the needs of all but the most demanding enterprise WAN connections.

NSS Labs regularly released NGFW Security Value Map™, Comparative Analysis Reports, and Product Analysis Reports.  These results help guide security professionals in the enterprise to make informed decisions when evaluating the many offerings in the industry.

NSS Labs designed the test to focus on the following four areas:
  •     Security effectiveness
  •     Performance
  •     Stability
  •     Total Cost of Ownership (TCO)
2017
June 06, 2017 (GLOBE NEWSWIRE) -- NSS Labs, Inc., the global leader in operationalizing cybersecurity, announced the results of its Next Generation Firewall (NGFW) Group Test.


Monday, July 24, 2017

Gartner Magic Quadrant for Enterprise Network Firewall (2017, 2016, 2015, 2014, 2013, 2011, 2010)

Based on Gartner's definition, the enterprise network firewall
" is composed primarily of purpose-built appliances for securing enterprise corporate networks. Products must be able to support single-enterprise firewall deployments and large and/or complex deployments, including branch offices, multitiered demilitarized zones (DMZs) and, increasingly, the option to include virtual versions for the data center. Customers should also have the option to deploy versions within Amazon Web Services (AWS) and Microsoft Azure public cloud environments. These products are accompanied by highly scalable (and granular) management and reporting consoles, and there is a range of offerings to support the network edge, the data center, branch offices and deployments within virtualized servers and the public cloud. "

Here is the difference from UTM appliance, which  UTM approaches are suitable for small or midsize businesses (SMBs), but not for the remainder of the enterprise market.

2017 Gartner Magic Quadrant for Enterprise Network Firewalls



2017 Gartner Magic Quadrant for Enterprise Network Firewalls

Gartner Magic Quadrant for Unified Threat Management (2017, 2016, 2015, 2014, 2013, 2012, 2010,...)

Gartner defines the unified threat management (UTM) market as multifunction network security products used by small or midsize businesses (SMBs) (< 1000 employees).

2017 Gartner Magic Quadrant for Unified Threat Management (SMB Multifunction Firewalls)

Not much changes from 2016.
2017 Gartner Magic Quadrant for Unified Threat Management (SMB Multifunction Firewalls)

Friday, February 10, 2017

Gartner Magic Quadrant for Intrusion Detection and Prevention Systems (2017, 2015, 2013, 2012, 2010 ...)


According to Gartner, “The network intrusion prevention system market has undergone dynamic
evolution, increasingly being absorbed by next-generation firewall placements. Nextgeneration
IPSs are available for the best protection, but the IPS market is being pressured by the uptake of
advanced threat defense solutions.

This Magic Quadrant focuses on the market for stand-alone IDPS appliances; however, IDPS capabilities are also delivered as functionality in other network security products. Network IDPSs are provided within a next-generation firewall (NGFW), which is the evolution of enterprise-class network firewalls, and include application awareness and policy control, as well as the integration of network IDPSs


2017


Gartner’s 2017 Magic Quadrant for Intrusion Detection and Prevention Systems (IDPS)



Cisco and Intel are still in leader quadrant, at the same time Trend Micro comes in as leader now. IBM becomes Challengers.

Sunday, April 17, 2016

Real-Time Cyber Attack Threat Map

More and more security companies use a webpage to show their monitored global security events such as the  Live Status of Cyber Attacks being launched from where and who is the target of that attack. It is become interesting by watching those websites. Actually those are not games but actually happening globally.


1.  Kaspersky CYBERTHREAT REAL-TIME MAP



Sunday, March 20, 2016

Ransomware Locked Files on My Test Machine

One of my test machines which I am using to download and test software from Internet was hit by Ransomware recently.

Check out what it did to my machine.

In most computer folders including c driver and d driver, even on the desktop, there are three following files which obviously is from hackers who is asking for money to decrypt your files.:
  • +REcovER+gdqvd+.txt
  • +REcovER+gdqvd+.html
  • +REcovER+gdqvd+.png
 

Tuesday, March 8, 2016

How Firewalls (Security Gateways) Handle the Packets? (Traffic Flow)






Different firewall (security gateway) vendor has different solution to handle the passing traffic. This post compiles some useful Internet posts that interpret major vendors' solutions including:
1. Checkpoint
2. Palo Alto
3. Fortigate
4. Cisco
5. Juniper
6. F5



1. Checkpoint Firewall Packets Flow:

Here is official Check Point R77 Packet Flow Diagram from sk116255 updated April 2017:


Note: Checkpoint can define destination NAT happens at client side (default) or server side. Source NAT always at outbound, and ACL is checked before NAT. More details are on SK85460

Monday, February 8, 2016

Gartner Magic Quadrant for Mobile Data Protection (2015, 2014, 2013, 2012, 2011..., 2006)

According to Gartner, "Mobile Data Protection (MDP) systems and procedures are needed to protect business data privacy, meet regulatory and contractual requirements, and comply with audits." Additionally, "Most companies, even if not in sensitive or regulated industries, recognize that encrypting business data is a best practice."

2015

Magic Quadrant for Mobile Data Protection Solutions 2015

Monday, December 21, 2015

My Top Network Security Tools

I listed some of my favorite and useful Internet websites and network tools in previous post which has been used in my daily IT life. There are some network security related tools I am using at my environment. This post is a summarize for those tools and also I am trying to extend this list to add more later.

Online Security Scanning

  • Qualys FreeScan - Online Vulnerability Scan can accurately scan your network, servers, desktops or web apps for security vulnerabilities. Scanning takes just minutes to find out where you're at risk.
  • Zscaler - Free, Instant Security Scan is a comprehensive suite of security services delivered from the cloud. It covers email, web and mobile computing. Some services the product provides are anti-malware, browser and application vulnerability management, policy enforcement for mobile computing, bandwidth and QoS management, web filtering, intellectual property protection and regulatory compliance.
  • Acunetix analyze complete web and network from Acunetix servers. You can register for free but full function 14 days online scan.  46% of web applications scanned with Acunetix Online Vulnerability Scanner contained a high risk vulnerability and 87% a medium risk vulnerability as per the 2015 Web App Vulnerability Report by Acunetix
  • Scan my server: provide one of the most comprehensive reports of varieties of security test like SQL Injection, Cross Site Scripting, PHP Code Injection, Source Disclosure, HTTP Header Injection, Blind SQL Injection and much more. Scan report is notified by email with vulnerability summary. But it requires you put a verification seal on your website to confirm your site ownership.

Thursday, March 26, 2015

Troubleshooting Java HTTPS Security Warning Message

One of our Internal Website is always having a Security Warning message when using Internet Explorer https to it, but this message is not showing when using Google Chrome.

Symptoms:

As following screenshot shows, a pop-up window will ask you "Do you want to Continue? The connection to this website is untrusted".
 Click More Information link:
 The Warning message will warm you a Risk;
"This application will run with unrestricted access which may put your computer and personal information at risk. The information provided is unreliable or unknown so it is recommended not to run this application unless you are familiar with its source. 
Unable to ensure the certificate unsed to identify this application has not been revoked. 
The digital signature for this application was generated with a certificate from a trusted certificate authority, but we are unable to ensure that it was not revoked by that authority."
Lets drill down again to view Certificate Details:
 From the certificate chain, we can see the local certificate was issued by Verisign G4, Verisign G4 certificate was issued by Verisign G5 (expiring date is Jul 16 2036).

I were able to find out this G5 certificate from Certificate button at IE's Content tab:


Interesting thing is when I use Google Chrome, there is no warning at all. But I did found an Interesting thing on the Google Chrome session:

The connection to this website is using TLS1.0 , which is obsolete cryptography.


Solutions:

From previous More Information of warning message screenshot, we could find out it is coming from Java, since at the bottom, it lets us to visit Java.com for more details. Also it mentioned the certificate could not be verified if revoked before. This warning message must relate to Java's TLS Revocation Settings.


I went back to Java Control Panel and found out there is one setting for "TLS Certificate Revocation". After changed it to Do not check. This warning message is gone.

Another solution for this is to change server side to use ssl only.  I will keep post once get more information regarding this Java security warming message issue.  If you have any better idea why Google Chrome is always fine before any change, please let me know. Appreciated it. 

Monday, February 2, 2015

CVE-2015-0235: GHOST - A Critical Vulnerability in the Glibc Library


GHOST is a 'buffer overflow' bug affecting the gethostbyname() and gethostbyname2() function calls in the glibc library. If a remote attacker can make an application call to gethostbyname() or gethostbyname2(), this vulnerability allows the remote attacker to execute arbitrary code with the permissions of the user running the application.

GHOST was originally published by Red Hat as CVE-2015-0235: https://access.redhat.com/articles/1332213


1. Check Point Response to CVE-2015-0235 (glibc - GHOST)

Solution ID: sk104443
Severity: Low

IPS Protection: 

Check Point released "GNU C Library gethostbyname Buffer Overflow" IPS protection that protects customer environments.
This protection is part of the Recommended_Protection profile. It enables organizations to add a layer of protection to their network while updating their systems with vendor-provided patches.

OS Level Protection: 


  • IPSO OS is not vulnerable.
  • While Check Point Gaia and SecurePlatform operating systems may be susceptible to CVE-2015-0235, there are no known exploits to Check Point software.


Hotfix Packages

Hotfix packages are available for R77.20R77.10R77R76,  and R75.47
R77.20R77.10R77R76R75.47
Gaia
SecurePlatform

2. Juniper: 2015-01 Out of Cycle Security Bulletin: GHOST glibc gethostbyname() buffer overflow vulnerability (CVE-2015-0235)

Vulnerable Products


  • Junos Space
  • CTPView
  • CTP
  • IDP-SA
  • SRC
  • NSM Appliance
  • JSA and STRM Series

SOLUTION:


  • Junos Space: PR 1060102 has been logged to resolve this issue.
  • IDP-SA: PR 1060071 has been logged to resolve this issue in IDP-OS.
  • CTPView: PR 1060060 has been logged to resolve this issue in CTPView.
  • CTP: PR 1060352 has been logged to resolve this issue in CTP-OS.
  • SRC: PR 1060350 has been logged to resolve this issue.
  • NSM Appliance: PR 1059948 has been logged to resolve this issue.
  • QFabric Director: gethostbyname() functions are used internally, but DNS name resolution is not supplied as a service on external ports.
  • Firefly Host/vGW: The C/C++ based daemon running on the vGW/FFH Security VM agent is not exploitable. Also, the vGW/FFH management system (SD VM) is Java based (Apache Java application server) is not applicable.
  • JSA and STRM: A fix is pending release.
  • IDP Anomaly: The IDP anomaly ​SMTP:OVERFLOW:COMMAND-LINE should cover the known SMTP variant of this vulnerability. For easy attack lookup, the Signatures team has linked CVE-2015-0235 as a reference to this anomaly and also made it part of the recommended policy. All these changes will be reflected in the next signature pack which is scheduled to release on 29-Jan-2015 at 12:00 PST.

WORKAROUND: General Mitigation:

The affected gethostbyname() functions are primarily called in response to references to DNS host names and addresses from the CLI or via services listening on the device.  ​Apply and maintain good security best current practices (BCPs) to limit the exploitable attack surface of critical infrastructure networking equipment.  Use access lists or firewall filters to limit access to networking equipment only from trusted, administrative networks or hosts.  This reduces the risk of remote malicious exploitation of the GHOST vulnerability.

3. Cisco : GNU glibc gethostbyname Function Buffer Overflow Vulnerability

Advisory ID: cisco-sa-20150128-ghost:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150128-ghost

Workarounds: 

There are currently no network-based mitigations for this vulnerability or any mitigations that can be performed directly on affected systems.

Sunday, October 19, 2014

Poodle : New SSL 3.0 Bug (CVE-2014-3566)

Oct 14 2014, this bug CVE_2014-3566 has been found as a subtle but significant security weakness in version 3 of the SSL protocol. Severity level is Medium. Basically this vulnerability is not critical as Shellshock and Heartbleed

The vendors's Recommendations: 

1. Check Point response to the POODLE Bites vulnerability (CVE-2014-3566)

a. Check Point Customers

  • Check Point products are not vulnerable to the “POODLE Bites” vulnerability (CVE-2014-3566). See our Security Alert: sk102989
  • Implement the IPS protection, CPAI-2014-1909, to detect or block the use of SSL 3.0
  • Configure Multi Portal, HTTPS Inspection, and Check Point OS to prevent web browser use of SSL 3.0

b. Non Check Point Customers

  • Use Active Directory Group Policy Objects to disable the use of SSL 3.0
  • Update your browser when a patch is available
  • Disable SSL 3.0 in your clients and servers
  • Test if your browser is vulnerable at www.poodletest.com
  • Test if a particular domain name is vulnerable at www.poodlescan.com

2. Juniper Responding:

a. Junos:

Junos OS will update OpenSSL to add support for SSL 3.0 Fallback protection (TLS_FALLBACK_SCSV) in a future release.

Connect Secure (SA / SSL VPN) / Policy Secure (IC / UAC), MAG Series:
Please refer to Pulse Secure TSB16540 for details on mitigating risk from this vulnerability.

b. ScreenOS:

A problem report has been submitted.  Development is in the process of evaluating the best method to resolve this issue.

c. Junos Space:

Disable SSLv3 by changing the following files.

/etc/httpd/conf.d/webProxy.conf
/etc/httpd/conf.d/ssl.conf
/etc/httpd/conf.d/webConf/webProxyCertAuth.conf

The following line needs to be updated to remove references to SSLv3:

Original:
SSLProtocol -ALL +SSLv3 +TLSv1

Updated:
SSLProtocol -ALL +TLSv1

Restart httpd by typing 'service httpd restart'.

A future release of Junos Space will disable SSLv3 by default.

d. STRM/JSA Series:

Development is working on a patch to resolve this issue.

e. NSM3000/NSMXpress:

Edit /etc/httpd/conf/ssl.conf and change the SSLProtocol entry to:
SSLProtocol all -SSLv2 -SSLv3

f. IDP Signature:

Juniper has released signature SSL:AUDIT:SSL-V3-TRAFFIC in Sigpack 2430 to detect SSLv3 traffic.

3. Cisco Event Response: POODLE Vulnerability:

Details are in Cisco Page : 

 Vulnerable Products

Customers interested in tracking the progress of any of the following bugs can visit the Cisco Bug Search Tool to view the defect details and optionally select Save Bug and activate the Email Notification feature to receive automatic notifications when the bug is updated.

Products and services listed in the subsections below have had their exposure to this vulnerability confirmed. Additional products will be added to these sections as the investigation continues.
Collaboration and Social Media
Endpoint Clients and Client Software
Network Application, Service, and Acceleration
  • Cisco ACE 4710 Application Control Engine (A5) [CSCur27691]
  • Cisco ACE10 / ACE20 / 4710 (A3x) [CSCur27985]
  • Cisco ACE30 Application Control Engine Module [CSCur23683]
  • Cisco CSS 11500 Series Content Security Switch [CSCur27999]
Network and Content Security Devices
  • Cisco Adaptive Security Appliance (ASA) Software [CSCur23709]
  • Cisco Email Security Appliance (ESA) [CSCur27131]
  • Cisco Intrusion Prevention System Solutions (IPS) [CSCur29000]
  • Cisco Prime Security Manager (PRSM) [CSCur29172]
Network Management and Provisioning
Routing and Switching - Enterprise and Service Provider
  • Cisco Application Policy Infrastructure Controller (ACI/APIC) [CSCur28110]
  • Cisco IOS and Cisco IOS-XE (IOSd only) [CSCur23656]
  • Cisco Nexus 3000 Series Switches [CSCur28178]
  • Cisco Nexus 9000 (ACI/Fabric Switch) [CSCur28114]
  • Cisco Nexus 9000 Series (standalone, running NxOS) [CSCur28092]
Unified Computing
Voice and Unified Communications Devices
  • Cisco IM and Presence Service (CUPS) [CSCur33203]
  • Cisco Unified Communications Manager (CUCM) [CSCur23720]
Video, Streaming, TelePresence, and Transcoding Devices
  • Cisco TelePresence Advanced Media Gateway 3610 [CSCur33286]
  • Cisco TelePresence IP Gateway Series [CSCur33289]
  • Cisco TelePresence IP VCR Series [CSCur33294]
  • Cisco TelePresence ISDN Gateway [CSCur33282]
  • Cisco TelePresence MCU (8510, 8420, 4200, 4500 and 5300) [CSCur33260]
  • Cisco TelePresence MSE 8050 Supervisor [CSCur33267]
  • Cisco TelePresence Serial Gateway Series [CSCur33297]
  • Cisco TelePresence Server 8710, 7010 [CSCur33274]
  • Cisco TelePresence Server on Multiparty Media 310, 320 [CSCur33274]
  • Cisco TelePresence Server on Virtual Machine [CSCur33274]
  • Cisco TelePresence Video Communication Server [CSCur23698]
Wireless
  • Cisco Wireless LAN Controller (WLC) [CSCur27551]
Cisco Hosted Services

4. Other Vendors

Apple has released a security update at the following link:Security Update 2014-005

Asterisk has released a security advisory at the following link:AST-2014-011

BlackBerry has released a security notice at the following link: KB36397

FreeBSD has released a VuXML document at the following link: OpenSSL -- multiple vulnerabilities


Microsoft has released a security advisory at the following link: 3009008

OpenSSL has released a security advisory at the following link: secadv_20141015

Oracle has released a security advisory at the following link:Cryptographic Issues vulnerability

Red Hat has released a CVE statement and security advisories for bug ID 1152789 at the following links: CVE-2014-3566RHSA-2014:1653, and RHSA-2014:1652


References:

a.  Check Point response to the POODLE Bites vulnerability (CVE-2014-3566)

Friday, September 26, 2014

Shellshock (Bash Computer Bug) Exploited - Responding from Venders


Heartbleed Extension Vulnerability caused lots of worries for Internet system. The affects still do not go away and now Shellshock coming.  This latest vulnerability affects the command line software Bash operating at Linux , Unix and Mac OS X.


Vendors have been posting the patches and suggestions on their websites already. Here is some quick collections for my environment.


1. Checkpoint's Responding:

https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk102673

2. Cisco's Responding: 

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash

3. Juniper's Responding:

https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10648&actp=RSS

4. Vmware:

http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2090740


Note: How it happened? (from Symantec)

An attacker can potentially use CGI to send a malformed environment variable to a vulnerable Web server. Because the server uses Bash to interpret the variable, it will also run any malicious command tacked-on to it.

Thursday, May 1, 2014

Reset SonicWall NSA 4500 to Factory Default Configuration

SonicWall NSA 4500 is Next-Generation Firewall features integrate intrusion prevention, gateway
anti-virus, anti-spyware and URL filtering with application intelligence and control, and SSL decryption to
block threats from entering the network and provide granular application control without compromising performance.

Here is the steps to reset SonicWall to factory default configuration:

SonicWALL security appliance has a special SafeMode which allows you to quickly recover from uncertain configuration states with a simplified management interface that includes the same settings available on the System > Settings page.

Step 1. 

Connect your management station to a LAN port (NSA 4500 is X0 port) on the SonicWALL security appliance and configure you management workstation IP address to 192.168.168.20/24.


Step 2. 

Use a narrow, straight object, like a straightened paper clip or a toothpick, to press and hold the reset button on the back of the security appliance for five to ten seconds. The reset button is in a small hole next to the console port or next to the power supply, depending on your SonicWALL security appliance model. 
The Test light starts blinking when the SonicWALL security appliance has rebooted into SafeMode.

Step 3. 

Connect to the SonicWALL management interface: Point the Web browser on your Workstation to 192.168.168.168. The SafeMode management interface displays. Choose Current firmware with Factory Default Settings and boot device.


Step 4. 

After system rebooted and came back online, using browser navigator to http://192.168.168.168 and log into authentication page with following default username/password based on your SonicWall device model:
The following list provides the factory default administrator (admin) username, password and IP address for all categories of SonicWALL appliances.
 NOTE: All IP addresses listed are in the 255.255.255.0 subnet mask.
Product
Default Username
Default Password
Default IP Address
SonicWALL FIREWALL (UTM) APPLIANCES
admin
password
192.168.168.168
SonicWALL CONTENT SECURITY MANAGER (CSM) APPLIANCES
admin
password
192.168.168.168
SonicWALL SMB SSL-VPN APPLIANCES
admin
password
192.168.200.1
SonicWALL Aventail EX Series SSL-VPN Appliances
admin (AMC), 
root (CLI)
Defined during 
initial configuration.
192.168.0.10 
(on internal interface)
SonicWALL  EMAIL SECURITY APPLIANCES
admin
password
192.168.168.169
SonicWALL CONTINUOUS DATA PROTECTION (CDP) APPLIANCES
admin
password
192.168.168.169
SonicWALL SonicPoint appliance
admin
password
192.168.1.20

Step 5. 

Check the default configuration.









Tuesday, September 10, 2013

PKI Basic Flow Chart

PKI = Public Key  Infrastructure(公钥基础设施)
 
基础设施:
就是一个普适性基础,它在一个大环境里起着基本框架的作用,,设施基本原理共通,操作简便,只要遵循基本原则,不同的实体就可以方便地使用基础设施提供的服务。
 
公钥基础设施:
用非对称密码算法原理和技术是实现并提供安全服务的具有通用性的安全基础设施。
 
公钥证书:
用户的身份与之所持有的公钥的结合,在结合之前,由一个可信任的权威机构——认证机构(CA)来证实用户的身份。然后由可信任的CA对该用户身份及对应公钥相结合的证书进行数字签名,用来证明证书的有效性。
 
一个PKI系统主要包括:
认证机构,证书库,密钥备份及恢复系统,证书撤销处理系统,PKI应用接口系统。
 
PKI主要包括四个部分:
X.509格式证书,证书注销列表CRL;
CA/RA操作协议;
CA管理协议;
CA政策制定。
 
 
密钥对产生的两种方式:
 
用户自己产生密钥对,然后将公钥以安全方式传给CA,该过程应保证用户公钥的可检验性和完整性(验证身份的密钥对应先产生)
 
CA替用户产生密钥对,然后将其以安全方式传送给用户,必须保证密钥的机密性,完整性和可检验性。该方式下由于用户的私钥为CA所产生,故对CA的可信性有更高的要求。
 
 
 
证书签发两种方式:
 
离线方式发放:面对面发放,用于企业级高级证书的发放;
在线方式发放:通过Internet使用LDAP(Lightweight Directory Access Protocol ),在i500目录服务器上下载证书。
 
离线方式发放:
 
批准注册---->
RA(审核授权部门)在LDAP目录服务器中添加企业证书申请人的有关信息----->
RA将申请人信息传给CA----->
CA产生一个参照号(一次性密钥)和一个认证码(也称user ID和Password),以电子邮件,或打印在保密信封中传给申请者----->
申请者输入参照号级认证密码,在RA面对面领取证书(存在软盘或IC卡等介质中)。
 
在线方式发放:
个人证书申请者将个人信息写入CA的申请人信息数据库中------>
RA端接收从CA端发放的参照号和认证码,并打印出来,交给申请人----->
证书申请人回到自己的计算机上,登陆网站,通过浏览器安装Root CA证书------>
申请人在网页上按提示填入参照号和授权号,自助式地下载自己的证书
 
下图给出了PKI认证和加密数据的基本流图:


传送过程:
A要给B 发送“我们的五年计划是····”的明文,将不定长的明文用摘要算法计算后变为定长的的摘要,然后用认证私钥对摘要进行签名,再将明文和签名后的摘要用相应的对称密钥(用B的加密公钥对对称密钥进行加密传输)进行加密变为密文。
 
接收过程:
B用自己的加密私钥对对称密钥解密,用得到的对称密钥对密文进行解密,用A的公钥对摘要进行认证,通过认证后,对明文以同样的摘要算法进行摘要计算,如果得到的摘要与A传送过来的摘要一致,则说明明文正确。

NetSec Youtube Videos