A digital signature is a rapid course (translation of Chapter 17 of Powershell in depth)
so well, concisely and practically written that I could not resist and turned.
— Powershell in depth Don Jones Richard Siddaway
Chapter 17.3.1 a Digital signature educational program
For several years Microsoft is promoting the idea of code signing as a mechanism of protection. Signed code carries the encrypted block called digital signature. This signature contains information identifying the signer, and gives confidence that the code has not been modified since signing. From a practical point of view, the signature says that (A) who signed the application, (B) it has not been altered since the signing. Any problems with the app so we can shift the liability on the distributing side, and the information in the certificate helps out at her.
A digital signature does not prevent the distribution of harmful code. But ideally, only extremely stupid people will put their digital signature on the malware because signature allows you to enter the signer. That's the idea, ideally.
A digital signature is a whole business working on the mechanism of trust (in Russian literature of trust relations).
Let's use an analogy: in the US driving license can be used to identify people (so like a passport). In addition they include date of birth, and the bartender or the store can test it before you sell alcohol. In computer terms, States have the 52 "certification authority" (CA): one in each of the 50 States, one in Washington D.C. (the capital, is a separate subject), and one of the U.S. army. If you live in Nevada, you go beyond the rights at the Department of motor vehicles of the state of Nevada and the right to receive. You go to California and buy a beer, because California trusts Department in Nevada. In reality, all the other States trust the CA to other States, and thus, your driver's license is valid throughout the country. Why is this so? Obviously for legal reasons but in reality for the following reason: the state entrusts another state because they all use the same basic processes of verification of your identity, age, and audits were conducted prior to the issuance of the document. This does not mean that one state completely trusted another state, but it means that the state trusts the process in another state and procedures for all adopted (agreed). If the news announced that the state will revoke its license all driver's licenses in that state will cease to operate in other States due to the termination of the trust.
Let's get back to computers. In the world of digital certificates there are several classes of certificates. each class of certificates established on the basis of decisions that may occur if a certificate gets hold of the attacker. Class 1 certificates are used to encrypt e-mail, and the worst that will happen is to read your mail when you don't want it. Bad for you, but not as bad for society as a whole.
Certificates are used for signing code are called Class 3. And are issued only to organizations (February 2016 — this is not so, you can undergo individual inspections at the notary and send the documents by Fax) after careful verification of their data. Usually the CA verifies the registration of the company in Dun&Bradstreet, the registration of the company in the state or the state where it is registered, etc. So if you have a certificate of the Corporation So that everyone thinks you have the right to represent the company.
It is a place where included in the trust. The certificate can be issued by a commercial CA or a private (sandelowski CA). Windows has a built-in list of CA whom she can trust. Vista and earlier systems have a small list of CA. You can check the CAS on the list in the system and check how they issue certificates. If you don't like it you can remove this CA from the list saying, "I don't think they well check certificates, maybe they gave them without checking the cyber criminals. This CA issues certificates without checking". This is the same that will happen if the Department of state will begin issuing driver's licenses left and right without check — all will cease to trust the rights of this state, the process is not followed, then the trust disappears.
So your computer should contain a list of SA which do a good job, there must be confidence that the certificate was issued the company specified. If an application is infected, you can easily find and take action. But if your SA is doing a bad job, you can't prove that the malicious code was signed by "Adobe Inc". When you track it you will find that SA does not know who issued the certificate, because it is not held as needed authentication.
Thus, the digital signature does not prevent the appearance of bad code. Signed scripts are not getting the best scripts, or start safer to work in your environment. Everything you know from the signature this is who has put her (signed), and that the code has not been modified since the signature.
— Chapter 17.3.3 paragraph (RemoteSigned)
Article based on information from habrahabr.ru
— Powershell in depth Don Jones Richard Siddaway
Chapter 17.3.1 a Digital signature educational program
For several years Microsoft is promoting the idea of code signing as a mechanism of protection. Signed code carries the encrypted block called digital signature. This signature contains information identifying the signer, and gives confidence that the code has not been modified since signing. From a practical point of view, the signature says that (A) who signed the application, (B) it has not been altered since the signing. Any problems with the app so we can shift the liability on the distributing side, and the information in the certificate helps out at her.
A digital signature does not prevent the distribution of harmful code. But ideally, only extremely stupid people will put their digital signature on the malware because signature allows you to enter the signer. That's the idea, ideally.
A digital signature is a whole business working on the mechanism of trust (in Russian literature of trust relations).
Let's use an analogy: in the US driving license can be used to identify people (so like a passport). In addition they include date of birth, and the bartender or the store can test it before you sell alcohol. In computer terms, States have the 52 "certification authority" (CA): one in each of the 50 States, one in Washington D.C. (the capital, is a separate subject), and one of the U.S. army. If you live in Nevada, you go beyond the rights at the Department of motor vehicles of the state of Nevada and the right to receive. You go to California and buy a beer, because California trusts Department in Nevada. In reality, all the other States trust the CA to other States, and thus, your driver's license is valid throughout the country. Why is this so? Obviously for legal reasons but in reality for the following reason: the state entrusts another state because they all use the same basic processes of verification of your identity, age, and audits were conducted prior to the issuance of the document. This does not mean that one state completely trusted another state, but it means that the state trusts the process in another state and procedures for all adopted (agreed). If the news announced that the state will revoke its license all driver's licenses in that state will cease to operate in other States due to the termination of the trust.
Let's get back to computers. In the world of digital certificates there are several classes of certificates. each class of certificates established on the basis of decisions that may occur if a certificate gets hold of the attacker. Class 1 certificates are used to encrypt e-mail, and the worst that will happen is to read your mail when you don't want it. Bad for you, but not as bad for society as a whole.
Certificates are used for signing code are called Class 3. And are issued only to organizations (February 2016 — this is not so, you can undergo individual inspections at the notary and send the documents by Fax) after careful verification of their data. Usually the CA verifies the registration of the company in Dun&Bradstreet, the registration of the company in the state or the state where it is registered, etc. So if you have a certificate of the Corporation So that everyone thinks you have the right to represent the company.
It is a place where included in the trust. The certificate can be issued by a commercial CA or a private (sandelowski CA). Windows has a built-in list of CA whom she can trust. Vista and earlier systems have a small list of CA. You can check the CAS on the list in the system and check how they issue certificates. If you don't like it you can remove this CA from the list saying, "I don't think they well check certificates, maybe they gave them without checking the cyber criminals. This CA issues certificates without checking". This is the same that will happen if the Department of state will begin issuing driver's licenses left and right without check — all will cease to trust the rights of this state, the process is not followed, then the trust disappears.
So your computer should contain a list of SA which do a good job, there must be confidence that the certificate was issued the company specified. If an application is infected, you can easily find and take action. But if your SA is doing a bad job, you can't prove that the malicious code was signed by "Adobe Inc". When you track it you will find that SA does not know who issued the certificate, because it is not held as needed authentication.
Thus, the digital signature does not prevent the appearance of bad code. Signed scripts are not getting the best scripts, or start safer to work in your environment. Everything you know from the signature this is who has put her (signed), and that the code has not been modified since the signature.
— Chapter 17.3.3 paragraph (RemoteSigned)
Remember that some applications such as Firefox, Internet Explorer, Outlook adds a special flag to the file when it is saved to disk. Files with this flag will be defined as getting from the outside when trying to run them in PowerShell
Комментарии
Отправить комментарий