Secure Encrypted Connection on Georgian Website

Abstract

We make an effort and spend loads of time trying to secure IT infrastructure and services. We hide the entire network segment behind firewalls, DMZs, and other security mechanisms to protect data breaches and interception. But, one point remains—websites. They are open targets and are in the first line for attackers. Except for common types of web attacks, like a DoS, a misconfigured webpage is vulnerable for every user connected to it. This article is about how securely Georgian websites are configured, generally concerning HSTS. Which is a powerful protection against MITM attacks. The study covers the main aspect of HSTS parameters, describes major problems in Georgia, and designs how they should be resolved. According to research, only 1% of Georgian websites are served under HSTS. Also, 39% of webpages are accessible via HTTP. The majority of them have HTTPS (HTTP with encryption and verification) support, but because of misconfiguration, users face critical security issues. In very populated cities, like Tbilisi, there are high availability of free wireless networks. This increases the risk of getting intruders and targets in the same network. Which itself doubles the probability of data breach, network sniffing, and so on. The level of user awareness is very low, so it is crucial to maintain web servers so securely, that minimize user-side vulnerabilities.