{"id":15475,"date":"2026-03-30T16:13:14","date_gmt":"2026-03-30T13:13:14","guid":{"rendered":"https:\/\/www.ihs.com.tr\/blog\/?p=15475"},"modified":"2026-03-30T16:13:14","modified_gmt":"2026-03-30T13:13:14","slug":"dane-dns-tabanli-kimlik-dogrulama-nedir","status":"publish","type":"post","link":"https:\/\/www.ihs.com.tr\/blog\/dane-dns-tabanli-kimlik-dogrulama-nedir\/","title":{"rendered":"DANE (DNS Tabanl\u0131 Kimlik Do\u011frulama) Nedir? Sahte Sertifikalar DNSSEC ile Nas\u0131l Engellenir?"},"content":{"rendered":"<p>\u0130nternet \u00fczerinde ger\u00e7ekle\u015ftirdi\u011fimiz her i\u015flem, bankac\u0131l\u0131ktan e-ticarete, sosyal medyadan e-posta ileti\u015fimine kadar hassas verilerin transferini i\u00e7erir. Bu dijital ekosistemin g\u00fcvenli\u011fi, b\u00fcy\u00fck \u00f6l\u00e7\u00fcde istemci ile sunucu aras\u0131nda kurulan \u015fifreli ba\u011flant\u0131lara dayan\u0131r. Geleneksel olarak bu g\u00fcven, Sertifika Otoriteleri (CA) taraf\u0131ndan verilen dijital sertifikalarla sa\u011flan\u0131r. Ancak bu model, merkezi yap\u0131s\u0131 ve ge\u00e7mi\u015fte ya\u015fanan g\u00fcvenlik ihlalleri nedeniyle ciddi zafiyetler bar\u0131nd\u0131rmaktad\u0131r. \u0130\u015fte bu noktada DANE (DNS-Based Authentication of Named Entities) ve DNSSEC (DNS Security Extensions) devreye girerek, g\u00fcvenli\u011fi merkezi otoritelerden al\u0131p alan ad\u0131n\u0131n kendisine, yani DNS\u2019e ta\u015f\u0131yan devrimsel bir yakla\u015f\u0131m sunar. Bu makalede, geleneksel g\u00fcven modelinin zay\u0131fl\u0131klar\u0131ndan ba\u015flayarak, DNSSEC ve DANE&#8217;in bu zafiyetleri nas\u0131l kapatt\u0131\u011f\u0131n\u0131 ve sahte sertifikalara kar\u015f\u0131 nas\u0131l sa\u011flam bir kalkan olu\u015fturdu\u011funu detayl\u0131ca inceleyece\u011fiz.<\/p>\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_77 counter-hierarchy ez-toc-counter ez-toc-grey ez-toc-container-direction\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">\u0130\u00e7erik Tablosu<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-6a13ffef094c3\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #999;color:#999\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #999;color:#999\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\" id=\"ez-toc-cssicon-toggle-item-6a13ffef094c3\" aria-label=\"Toggle\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/www.ihs.com.tr\/blog\/dane-dns-tabanli-kimlik-dogrulama-nedir\/#Dijital-Sertifikalarin-Guvenlikteki-Rolu-ve-Geleneksel-Guven-Modelinin-Zayifliklari\" >Dijital Sertifikalar\u0131n G\u00fcvenlikteki Rol\u00fc ve Geleneksel G\u00fcven Modelinin Zay\u0131fl\u0131klar\u0131<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/www.ihs.com.tr\/blog\/dane-dns-tabanli-kimlik-dogrulama-nedir\/#Web-Guvenliginin-Temeli-TLSSSL-Sertifikalari-Nedir-ve-Nasil-Calisir\" >Web G\u00fcvenli\u011finin Temeli: TLS\/SSL Sertifikalar\u0131 Nedir ve Nas\u0131l \u00c7al\u0131\u015f\u0131r?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/www.ihs.com.tr\/blog\/dane-dns-tabanli-kimlik-dogrulama-nedir\/#Sertifika-Otoriteleri-CA-ve-Hiyerarsik-Guven-Zinciri\" >Sertifika Otoriteleri (CA) ve Hiyerar\u015fik G\u00fcven Zinciri<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/www.ihs.com.tr\/blog\/dane-dns-tabanli-kimlik-dogrulama-nedir\/#Geleneksel-Modeldeki-Riskler-Sahte-Sertifikalar-ve-Ortadaki-Adam-MITM-Saldirilari\" >Geleneksel Modeldeki Riskler: Sahte Sertifikalar ve Ortadaki Adam (MITM) Sald\u0131r\u0131lar\u0131<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/www.ihs.com.tr\/blog\/dane-dns-tabanli-kimlik-dogrulama-nedir\/#Sertifika-Otoritesi-CA-Ihlalleri-ve-Guven-Sarsintisi-Ornekleri\" >Sertifika Otoritesi (CA) \u0130hlalleri ve G\u00fcven Sars\u0131nt\u0131s\u0131 \u00d6rnekleri<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/www.ihs.com.tr\/blog\/dane-dns-tabanli-kimlik-dogrulama-nedir\/#Guvenli-DNSin-Temeli-DNSSEC-DNS-Guvenlik-Eklentileri\" >G\u00fcvenli DNS&#8217;in Temeli: DNSSEC (DNS G\u00fcvenlik Eklentileri)<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/www.ihs.com.tr\/blog\/dane-dns-tabanli-kimlik-dogrulama-nedir\/#DNSSEC-Nedir\" >DNSSEC Nedir?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-8\" href=\"https:\/\/www.ihs.com.tr\/blog\/dane-dns-tabanli-kimlik-dogrulama-nedir\/#DNS-Kayitlarinin-Dijital-Olarak-Imzalanmasi-ve-Dogrulanmasi\" >DNS Kay\u0131tlar\u0131n\u0131n Dijital Olarak \u0130mzalanmas\u0131 ve Do\u011frulanmas\u0131<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-9\" href=\"https:\/\/www.ihs.com.tr\/blog\/dane-dns-tabanli-kimlik-dogrulama-nedir\/#DNS-Yanitlarinin-Butunlugunu-ve-Gercekligini-Saglama\" >DNS Yan\u0131tlar\u0131n\u0131n B\u00fct\u00fcnl\u00fc\u011f\u00fcn\u00fc ve Ger\u00e7ekli\u011fini Sa\u011flama<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-10\" href=\"https:\/\/www.ihs.com.tr\/blog\/dane-dns-tabanli-kimlik-dogrulama-nedir\/#DANE-Icin-DNSSECin-Neden-Zorunlu-Bir-On-Kosul-Oldugu\" >DANE \u0130\u00e7in DNSSEC&#8217;in Neden Zorunlu Bir \u00d6n Ko\u015ful Oldu\u011fu<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-11\" href=\"https:\/\/www.ihs.com.tr\/blog\/dane-dns-tabanli-kimlik-dogrulama-nedir\/#DANE-DNS-Tabanli-Kimlik-Dogrulama-Protokolune-Giris\" >DANE (DNS Tabanl\u0131 Kimlik Do\u011frulama) Protokol\u00fcne Giri\u015f<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-12\" href=\"https:\/\/www.ihs.com.tr\/blog\/dane-dns-tabanli-kimlik-dogrulama-nedir\/#DANE-Nedir\" >DANE Nedir?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-13\" href=\"https:\/\/www.ihs.com.tr\/blog\/dane-dns-tabanli-kimlik-dogrulama-nedir\/#DANEin-Temel-Amaci-Sertifika-Guvenini-DNSe-Tasima\" >DANE&#8217;in Temel Amac\u0131: Sertifika G\u00fcvenini DNS&#8217;e Ta\u015f\u0131ma<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-14\" href=\"https:\/\/www.ihs.com.tr\/blog\/dane-dns-tabanli-kimlik-dogrulama-nedir\/#DANEin-Kalbi-TLSA-Kaynak-Kaydi-TLSA-Record\" >DANE&#8217;in Kalbi: TLSA Kaynak Kayd\u0131 (TLSA Record)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-15\" href=\"https:\/\/www.ihs.com.tr\/blog\/dane-dns-tabanli-kimlik-dogrulama-nedir\/#TLSA-Kaydinin-Yapisi-ve-Alanlari\" >TLSA Kayd\u0131n\u0131n Yap\u0131s\u0131 ve Alanlar\u0131<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-16\" href=\"https:\/\/www.ihs.com.tr\/blog\/dane-dns-tabanli-kimlik-dogrulama-nedir\/#DANE-ve-DNSSEC-ile-Sahte-Sertifikalarin-Engellenmesi\" >DANE ve DNSSEC ile Sahte Sertifikalar\u0131n Engellenmesi<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-17\" href=\"https:\/\/www.ihs.com.tr\/blog\/dane-dns-tabanli-kimlik-dogrulama-nedir\/#Sertifika-Otoritesi-Bagimliligini-Azaltma\" >Sertifika Otoritesi Ba\u011f\u0131ml\u0131l\u0131\u011f\u0131n\u0131 Azaltma<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-18\" href=\"https:\/\/www.ihs.com.tr\/blog\/dane-dns-tabanli-kimlik-dogrulama-nedir\/#Bir-Tarayicinin-veya-Istemcinin-DANE-Dogrulamasini-Adim-Adim-Nasil-Yaptigi\" >Bir Taray\u0131c\u0131n\u0131n veya \u0130stemcinin DANE Do\u011frulamas\u0131n\u0131 Ad\u0131m Ad\u0131m Nas\u0131l Yapt\u0131\u011f\u0131<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-19\" href=\"https:\/\/www.ihs.com.tr\/blog\/dane-dns-tabanli-kimlik-dogrulama-nedir\/#Saldiri-Senaryolari-Uzerinden-DANEin-Koruma-Mekanizmasi\" >Sald\u0131r\u0131 Senaryolar\u0131 \u00dczerinden DANE&#8217;in Koruma Mekanizmas\u0131<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-20\" href=\"https:\/\/www.ihs.com.tr\/blog\/dane-dns-tabanli-kimlik-dogrulama-nedir\/#DANE-Kullanim-Modelleri-ve-Uygulama-Alanlari\" >DANE Kullan\u0131m Modelleri ve Uygulama Alanlar\u0131<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-21\" href=\"https:\/\/www.ihs.com.tr\/blog\/dane-dns-tabanli-kimlik-dogrulama-nedir\/#CA-Kisitlamasi-CA-Constraint-%E2%80%93-Usage-0\" >CA K\u0131s\u0131tlamas\u0131 (CA Constraint &#8211; Usage 0)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-22\" href=\"https:\/\/www.ihs.com.tr\/blog\/dane-dns-tabanli-kimlik-dogrulama-nedir\/#Servis-Sertifikasi-Kisitlamasi-Service-Certificate-Constraint-%E2%80%93-Usage-1\" >Servis Sertifikas\u0131 K\u0131s\u0131tlamas\u0131 (Service Certificate Constraint &#8211; Usage 1)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-23\" href=\"https:\/\/www.ihs.com.tr\/blog\/dane-dns-tabanli-kimlik-dogrulama-nedir\/#Guven-Capasi-Beyani-Trust-Anchor-Assertion-%E2%80%93-Usage-2\" >G\u00fcven \u00c7apas\u0131 Beyan\u0131 (Trust Anchor Assertion &#8211; Usage 2)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-24\" href=\"https:\/\/www.ihs.com.tr\/blog\/dane-dns-tabanli-kimlik-dogrulama-nedir\/#Alan-Adi-Tarafindan-Verilen-Sertifika-Domain-Issued-Certificate-%E2%80%93-Usage-3\" >Alan Ad\u0131 Taraf\u0131ndan Verilen Sertifika (Domain-Issued Certificate &#8211; Usage 3)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-25\" href=\"https:\/\/www.ihs.com.tr\/blog\/dane-dns-tabanli-kimlik-dogrulama-nedir\/#Web-Sunucularinin-Otesinde-DANE-E-posta-Guvenligi-SMTP-icin-Kullanimi\" >Web Sunucular\u0131n\u0131n \u00d6tesinde DANE: E-posta G\u00fcvenli\u011fi (SMTP) i\u00e7in Kullan\u0131m\u0131<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-26\" href=\"https:\/\/www.ihs.com.tr\/blog\/dane-dns-tabanli-kimlik-dogrulama-nedir\/#DANE-Protokolunun-Avantajlari-ve-Zorluklari\" >DANE Protokol\u00fcn\u00fcn Avantajlar\u0131 ve Zorluklar\u0131<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-27\" href=\"https:\/\/www.ihs.com.tr\/blog\/dane-dns-tabanli-kimlik-dogrulama-nedir\/#DANE-Kullaniminin-Sagladigi-Avantajlar\" >DANE Kullan\u0131m\u0131n\u0131n Sa\u011flad\u0131\u011f\u0131 Avantajlar<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-28\" href=\"https:\/\/www.ihs.com.tr\/blog\/dane-dns-tabanli-kimlik-dogrulama-nedir\/#Yayginlasmasinin-Onundeki-Engeller-ve-Zorluklar\" >Yayg\u0131nla\u015fmas\u0131n\u0131n \u00d6n\u00fcndeki Engeller ve Zorluklar<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-29\" href=\"https:\/\/www.ihs.com.tr\/blog\/dane-dns-tabanli-kimlik-dogrulama-nedir\/#Guvenli-Internetin-Geleceginde-DANEin-Yeri\" >G\u00fcvenli \u0130nternetin Gelece\u011finde DANE&#8217;in Yeri<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-30\" href=\"https:\/\/www.ihs.com.tr\/blog\/dane-dns-tabanli-kimlik-dogrulama-nedir\/#DANEin-Mevcut-Durumu-ve-Benimsenme-Oranlari\" >DANE&#8217;in Mevcut Durumu ve Benimsenme Oranlar\u0131<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-31\" href=\"https:\/\/www.ihs.com.tr\/blog\/dane-dns-tabanli-kimlik-dogrulama-nedir\/#Sertifika-Seffafligi-Certificate-Transparency-gibi-Alternatif-ve-Tamamlayici-Teknolojiler\" >Sertifika \u015eeffafl\u0131\u011f\u0131 (Certificate Transparency) gibi Alternatif ve Tamamlay\u0131c\u0131 Teknolojiler<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-32\" href=\"https:\/\/www.ihs.com.tr\/blog\/dane-dns-tabanli-kimlik-dogrulama-nedir\/#DANEin-Merkezi-Olmayan-Bir-Guven-Mimarisine-Katkisi\" >DANE&#8217;in Merkezi Olmayan Bir G\u00fcven Mimarisine Katk\u0131s\u0131<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-33\" href=\"https:\/\/www.ihs.com.tr\/blog\/dane-dns-tabanli-kimlik-dogrulama-nedir\/#DANE-ve-DNSSEC-Hizmetleri-Icin-Neden-IHS-Telekomu-Tercih-Etmelisiniz\" >DANE ve DNSSEC Hizmetleri \u0130\u00e7in Neden IHS Telekom&#8217;u Tercih Etmelisiniz?<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-34\" href=\"https:\/\/www.ihs.com.tr\/blog\/dane-dns-tabanli-kimlik-dogrulama-nedir\/#Uzman-Kadro-ile-Sorunsuz-DNSSEC-Yapilandirmasi-ve-Yonetimi\" >Uzman Kadro ile Sorunsuz DNSSEC Yap\u0131land\u0131rmas\u0131 ve Y\u00f6netimi<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-35\" href=\"https:\/\/www.ihs.com.tr\/blog\/dane-dns-tabanli-kimlik-dogrulama-nedir\/#Gelismis-Kontrol-Paneli-Uzerinden-Kolay-TLSA-Kaydi-Ekleme-ve-Guncelleme\" >Geli\u015fmi\u015f Kontrol Paneli \u00dczerinden Kolay TLSA Kayd\u0131 Ekleme ve G\u00fcncelleme<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-36\" href=\"https:\/\/www.ihs.com.tr\/blog\/dane-dns-tabanli-kimlik-dogrulama-nedir\/#Yuksek-Performansli-ve-Guvenilir-DNS-Altyapisi\" >Y\u00fcksek Performansl\u0131 ve G\u00fcvenilir DNS Altyap\u0131s\u0131<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-37\" href=\"https:\/\/www.ihs.com.tr\/blog\/dane-dns-tabanli-kimlik-dogrulama-nedir\/#Uctan-Uca-Guvenlik-Cozumlerinde-Teknik-Destek-ve-Danismanlik\" >U\u00e7tan Uca G\u00fcvenlik \u00c7\u00f6z\u00fcmlerinde Teknik Destek ve Dan\u0131\u015fmanl\u0131k<\/a><\/li><\/ul><\/li><\/ul><\/nav><\/div>\n<h2><span class=\"ez-toc-section\" id=\"Dijital-Sertifikalarin-Guvenlikteki-Rolu-ve-Geleneksel-Guven-Modelinin-Zayifliklari\"><\/span>Dijital Sertifikalar\u0131n G\u00fcvenlikteki Rol\u00fc ve Geleneksel G\u00fcven Modelinin Zay\u0131fl\u0131klar\u0131<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>\u0130nternet g\u00fcvenli\u011finin temel yap\u0131 ta\u015f\u0131 olan dijital sertifikalar, web sitelerinin kimli\u011fini do\u011frulamak ve veri ileti\u015fimini \u015fifrelemek i\u00e7in kullan\u0131l\u0131r. Ancak bu sistemin bel kemi\u011fini olu\u015fturan geleneksel g\u00fcven modeli, baz\u0131 temel zay\u0131fl\u0131klara sahiptir ve bu da onu siber sald\u0131r\u0131lara kar\u015f\u0131 savunmas\u0131z b\u0131rakabilir.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Web-Guvenliginin-Temeli-TLSSSL-Sertifikalari-Nedir-ve-Nasil-Calisir\"><\/span>Web G\u00fcvenli\u011finin Temeli: TLS\/SSL Sertifikalar\u0131 Nedir ve Nas\u0131l \u00c7al\u0131\u015f\u0131r?<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>TLS (Transport Layer Security) ve onun \u00f6nc\u00fcl\u00fc olan SSL (Secure Sockets Layer), bir istemci (genellikle bir web taray\u0131c\u0131s\u0131) ile sunucu aras\u0131nda \u015fifreli bir ileti\u015fim kanal\u0131 olu\u015fturan kriptografik protokollerdir. Bir kullan\u0131c\u0131 bir web sitesine ba\u011fland\u0131\u011f\u0131nda, sunucu kimli\u011fini kan\u0131tlamak i\u00e7in bir <a href=\"https:\/\/www.ihs.com.tr\/ssl\/\" target=\"_blank\">SSL sertifikas\u0131<\/a> sunar. Bu sertifika, sitenin alan ad\u0131n\u0131, sahibi olan kurulu\u015fu ve sertifikay\u0131 veren Sertifika Otoritesi&#8217;nin (CA) dijital imzas\u0131n\u0131 i\u00e7erir. Taray\u0131c\u0131, bu imzay\u0131 g\u00fcvendi\u011fi CA&#8217;lar\u0131n listesiyle kar\u015f\u0131la\u015ft\u0131rarak sertifikan\u0131n ge\u00e7erlili\u011fini kontrol eder. Do\u011frulama ba\u015far\u0131l\u0131 olursa, taray\u0131c\u0131 ve sunucu aras\u0131nda g\u00fcvenli bir oturum ba\u015flat\u0131l\u0131r ve t\u00fcm veri al\u0131\u015fveri\u015fi \u015fifrelenir. Bu, kullan\u0131c\u0131 ad\u0131, parola ve kredi kart\u0131 bilgileri gibi hassas verilerin \u00fc\u00e7\u00fcnc\u00fc \u015fah\u0131slar taraf\u0131ndan ele ge\u00e7irilmesini \u00f6nler.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Sertifika-Otoriteleri-CA-ve-Hiyerarsik-Guven-Zinciri\"><\/span>Sertifika Otoriteleri (CA) ve Hiyerar\u015fik G\u00fcven Zinciri<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Sertifika Otoriteleri (CA), dijital sertifikalar\u0131 d\u00fczenleyen, do\u011frulayan ve y\u00f6neten g\u00fcvenilir kurulu\u015flard\u0131r. \u0130\u015fletim sistemleri ve web taray\u0131c\u0131lar\u0131, \u00f6nceden tan\u0131mlanm\u0131\u015f ve g\u00fcvenilir kabul edilen bir K\u00f6k CA (Root CA) listesi ile birlikte gelir. Bir CA, bir web sitesi i\u00e7in sertifika d\u00fczenledi\u011finde, kendi k\u00f6k sertifikas\u0131yla veya bir ara (intermediate) sertifika ile imzalar. Bu yap\u0131, &#8220;g\u00fcven zinciri&#8221; (chain of trust) olarak bilinen hiyerar\u015fik bir model olu\u015fturur. Taray\u0131c\u0131n\u0131z bir web sitesinin sertifikas\u0131n\u0131 ald\u0131\u011f\u0131nda, bu sertifikay\u0131 imzalayan ara CA&#8217;y\u0131 ve o ara CA&#8217;y\u0131 imzalayan K\u00f6k CA&#8217;y\u0131 kontrol ederek zinciri takip eder. Zincirin sonundaki K\u00f6k CA, taray\u0131c\u0131n\u0131n g\u00fcvendi\u011fi listede yer al\u0131yorsa, web sitesinin sertifikas\u0131 da g\u00fcvenilir kabul edilir.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Geleneksel-Modeldeki-Riskler-Sahte-Sertifikalar-ve-Ortadaki-Adam-MITM-Saldirilari\"><\/span>Geleneksel Modeldeki Riskler: Sahte Sertifikalar ve Ortadaki Adam (MITM) Sald\u0131r\u0131lar\u0131<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Geleneksel g\u00fcven modelinin en b\u00fcy\u00fck zay\u0131fl\u0131\u011f\u0131, y\u00fczlerce Sertifika Otoritesinden herhangi birine duyulan mutlak g\u00fcvendir. Bir sald\u0131rgan, herhangi bir CA&#8217;y\u0131 kand\u0131rarak veya sistemine s\u0131zarak, istedi\u011fi herhangi bir alan ad\u0131 i\u00e7in ge\u00e7erli g\u00f6r\u00fcnen sahte bir sertifika alabilir. \u00d6rne\u011fin, bir sald\u0131rgan `google.com` i\u00e7in sahte ama teknik olarak ge\u00e7erli bir sertifika elde ederse, bu sertifikay\u0131 kullanarak bir Ortadaki Adam (Man-in-the-Middle &#8211; MITM) sald\u0131r\u0131s\u0131 ger\u00e7ekle\u015ftirebilir. Bu senaryoda sald\u0131rgan, kullan\u0131c\u0131 ile ger\u00e7ek Google sunucusu aras\u0131na girer, kullan\u0131c\u0131ya sahte sertifikay\u0131 sunar ve t\u00fcm ileti\u015fimi de\u015fifre edebilir. Kullan\u0131c\u0131n\u0131n taray\u0131c\u0131s\u0131, sertifikay\u0131 g\u00fcvenilir bir CA imzalad\u0131\u011f\u0131 i\u00e7in herhangi bir uyar\u0131 g\u00f6stermez ve kullan\u0131c\u0131 t\u00fcm \u00f6zel bilgilerini fark\u0131nda olmadan sald\u0131rgana kapt\u0131r\u0131r.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Sertifika-Otoritesi-CA-Ihlalleri-ve-Guven-Sarsintisi-Ornekleri\"><\/span>Sertifika Otoritesi (CA) \u0130hlalleri ve G\u00fcven Sars\u0131nt\u0131s\u0131 \u00d6rnekleri<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Ge\u00e7mi\u015fte ya\u015fanan bir\u00e7ok olay, CA tabanl\u0131 g\u00fcven modelinin ne kadar k\u0131r\u0131lgan olabilece\u011fini g\u00f6stermi\u015ftir. 2011 y\u0131l\u0131nda Hollandal\u0131 CA olan DigiNotar&#8217;\u0131n hacklenmesi, y\u00fczlerce sahte sertifikan\u0131n (Google, Yahoo, MI6 gibi alan adlar\u0131 i\u00e7in) d\u00fczenlenmesine yol a\u00e7t\u0131. Bu sertifikalar, \u00f6zellikle \u0130ran&#8217;da kullan\u0131c\u0131lar\u0131 g\u00f6zetlemek i\u00e7in aktif olarak kullan\u0131ld\u0131. Benzer \u015fekilde, Comodo ve StartCom gibi di\u011fer CA&#8217;lar\u0131n da g\u00fcvenlik ihlalleri ya\u015fad\u0131\u011f\u0131 bilinmektedir. Bu t\u00fcr olaylar, tek bir CA&#8217;daki bir zafiyetin t\u00fcm internet ekosisteminin g\u00fcvenli\u011fini nas\u0131l tehlikeye atabildi\u011fini ve merkezi g\u00fcven modeline olan inanc\u0131 ciddi \u015fekilde sarst\u0131\u011f\u0131n\u0131 kan\u0131tlam\u0131\u015ft\u0131r.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Guvenli-DNSin-Temeli-DNSSEC-DNS-Guvenlik-Eklentileri\"><\/span>G\u00fcvenli DNS&#8217;in Temeli: DNSSEC (DNS G\u00fcvenlik Eklentileri)<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>DANE protokol\u00fcn\u00fcn sundu\u011fu g\u00fcvenli\u011fi anlayabilmek i\u00e7in \u00f6ncelikle onun \u00fczerine in\u015fa edildi\u011fi temel teknolojiyi, yani DNSSEC&#8217;i kavramak gerekir. DNSSEC, internetin telefon rehberi olarak bilinen DNS sistemine bir g\u00fcvenlik katman\u0131 ekleyerek, kullan\u0131c\u0131lar\u0131n do\u011fru web sitesine y\u00f6nlendirildi\u011finden emin olmalar\u0131n\u0131 sa\u011flar ve DANE&#8217;in \u00e7al\u0131\u015fmas\u0131 i\u00e7in zorunlu bir altyap\u0131 sunar.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"DNSSEC-Nedir\"><\/span>DNSSEC Nedir?<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>DNSSEC (Domain Name System Security Extensions), DNS verilerinin k\u00f6kenini do\u011frulamak ve b\u00fct\u00fcnl\u00fc\u011f\u00fcn\u00fc korumak i\u00e7in tasarlanm\u0131\u015f bir teknolojidir. Normalde bir kullan\u0131c\u0131 bir <a href=\"https:\/\/www.ihs.com.tr\/domain\/alan-adi-domain-tescili.html\" target=\"_blank\">alan ad\u0131<\/a> adresini taray\u0131c\u0131s\u0131na yazd\u0131\u011f\u0131nda, DNS sistemi bu ismi bir IP adresine \u00e7evirir. Ancak bu s\u00fcre\u00e7te araya giren bir sald\u0131rgan, DNS yan\u0131tlar\u0131n\u0131 manip\u00fcle ederek kullan\u0131c\u0131y\u0131 sahte bir web sitesine y\u00f6nlendirebilir. Bu sald\u0131r\u0131 t\u00fcr\u00fcne DNS zehirlenmesi (DNS spoofing\/poisoning) denir. DNSSEC, bu t\u00fcr sahtekarl\u0131klar\u0131 \u00f6nlemek i\u00e7in DNS kay\u0131tlar\u0131na dijital imzalar ekler. Bu sayede, al\u0131nan bir DNS yan\u0131t\u0131n\u0131n ger\u00e7ekten yetkili DNS sunucusundan gelip gelmedi\u011fi ve yol boyunca de\u011fi\u015ftirilip de\u011fi\u015ftirilmedi\u011fi kriptografik olarak do\u011frulanabilir.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"DNS-Kayitlarinin-Dijital-Olarak-Imzalanmasi-ve-Dogrulanmasi\"><\/span>DNS Kay\u0131tlar\u0131n\u0131n Dijital Olarak \u0130mzalanmas\u0131 ve Do\u011frulanmas\u0131<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>DNSSEC, a\u00e7\u0131k anahtar kriptografisi kullanarak \u00e7al\u0131\u015f\u0131r. Bir alan ad\u0131n\u0131n DNS b\u00f6lgesi (zone), bir \u00f6zel anahtar (private key) ile imzalan\u0131r. Bu imza, RRSIG (Resource Record Signature) ad\u0131 verilen yeni bir DNS kayd\u0131 t\u00fcr\u00fc olarak saklan\u0131r. \u0130mzan\u0131n do\u011frulanmas\u0131 i\u00e7in kullan\u0131lan a\u00e7\u0131k anahtar (public key) ise DNSKEY kayd\u0131 olarak yay\u0131nlan\u0131r. Bir istemci (veya \u00e7\u00f6z\u00fcc\u00fc sunucu), bir alan ad\u0131 i\u00e7in DNS sorgusu yapt\u0131\u011f\u0131nda, A kayd\u0131 (IP adresi) ile birlikte RRSIG kayd\u0131n\u0131 da al\u0131r. Ard\u0131ndan, ilgili DNSKEY kayd\u0131n\u0131 sorgulayarak ald\u0131\u011f\u0131 yan\u0131t\u0131n imzas\u0131n\u0131 do\u011frular. Bu s\u00fcre\u00e7, DNS verisinin ger\u00e7ekli\u011fini ve b\u00fct\u00fcnl\u00fc\u011f\u00fcn\u00fc garanti alt\u0131na al\u0131r.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"DNS-Yanitlarinin-Butunlugunu-ve-Gercekligini-Saglama\"><\/span>DNS Yan\u0131tlar\u0131n\u0131n B\u00fct\u00fcnl\u00fc\u011f\u00fcn\u00fc ve Ger\u00e7ekli\u011fini Sa\u011flama<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>DNSSEC&#8217;in g\u00fcvenli\u011fi, hiyerar\u015fik bir g\u00fcven zincirine dayan\u0131r, t\u0131pk\u0131 SSL sertifikalar\u0131ndaki gibi. Ancak burada g\u00fcven, Sertifika Otoritelerine de\u011fil, DNS&#8217;in kendi k\u00f6k (root) b\u00f6lgesine dayan\u0131r. Her alt b\u00f6lgenin (\u00f6rne\u011fin `.com` b\u00f6lgesi) anahtar\u0131n\u0131n bir \u00f6zeti (hash), bir \u00fcst b\u00f6lgede (k\u00f6k b\u00f6lgesi) DS (Delegation Signer) kayd\u0131 olarak saklan\u0131r. Bir istemci `ihs.com.tr` adresinin DNSKEY kayd\u0131n\u0131 do\u011frularken, bu anahtar\u0131n \u00f6zetinin `.com.tr` b\u00f6lgesindeki DS kayd\u0131yla e\u015fle\u015fti\u011fini, `.com.tr` b\u00f6lgesindeki anahtar\u0131n \u00f6zetinin `.tr` b\u00f6lgesindeki DS kayd\u0131yla e\u015fle\u015fti\u011fini ve bu zincirin en tepedeki g\u00fcvenilir k\u00f6k sunucular\u0131na kadar devam etti\u011fini kontrol eder. Bu kesintisiz zincir, al\u0131nan DNS yan\u0131t\u0131n\u0131n manip\u00fcle edilmedi\u011fini ve yetkili kaynaktan geldi\u011fini kesin olarak kan\u0131tlar.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"DANE-Icin-DNSSECin-Neden-Zorunlu-Bir-On-Kosul-Oldugu\"><\/span>DANE \u0130\u00e7in DNSSEC&#8217;in Neden Zorunlu Bir \u00d6n Ko\u015ful Oldu\u011fu<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>DANE protokol\u00fcn\u00fcn temel amac\u0131, bir web sitesinin SSL sertifikas\u0131yla ilgili bilgileri g\u00fcvenli bir \u015fekilde DNS&#8217;te yay\u0131nlamakt\u0131r. E\u011fer DNS sistemi g\u00fcvensiz olsayd\u0131, bir sald\u0131rgan hem DNS yan\u0131t\u0131n\u0131 (kullan\u0131c\u0131y\u0131 sahte bir IP&#8217;ye y\u00f6nlendirmek) hem de DANE kayd\u0131n\u0131 (sahte sertifika bilgilerini i\u00e7eren) kolayca manip\u00fcle edebilirdi. Bu durumda DANE anlams\u0131z hale gelirdi. DNSSEC, DNS verilerinin de\u011fi\u015ftirilemez ve taklit edilemez oldu\u011funu garanti alt\u0131na alarak bu sorunu \u00e7\u00f6zer. DNSSEC sayesinde, bir alan ad\u0131 i\u00e7in yay\u0131nlanan DANE (TLSA) kayd\u0131n\u0131n ger\u00e7ekten o alan ad\u0131n\u0131n sahibi taraf\u0131ndan olu\u015fturuldu\u011funa ve yol boyunca de\u011fi\u015ftirilmedi\u011fine %100 g\u00fcvenebiliriz. Bu nedenle DNSSEC, DANE&#8217;in \u00fczerine in\u015fa edildi\u011fi sa\u011flam ve g\u00fcvenilir temeldir.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"DANE-DNS-Tabanli-Kimlik-Dogrulama-Protokolune-Giris\"><\/span>DANE (DNS Tabanl\u0131 Kimlik Do\u011frulama) Protokol\u00fcne Giri\u015f<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>DNSSEC taraf\u0131ndan sa\u011flanan g\u00fcvenli altyap\u0131 \u00fczerine in\u015fa edilen DANE, internet g\u00fcvenli\u011finde \u00f6nemli bir paradigma de\u011fi\u015fikli\u011fi sunar. Geleneksel CA hiyerar\u015fisine olan ba\u011f\u0131ml\u0131l\u0131\u011f\u0131 azaltarak, bir web sitesinin kimlik do\u011frulamas\u0131n\u0131 do\u011frudan DNS sistemine entegre eder. Bu b\u00f6l\u00fcm, DANE&#8217;in ne oldu\u011funu, temel amac\u0131n\u0131 ve bu sistemi m\u00fcmk\u00fcn k\u0131lan TLSA kayd\u0131n\u0131n yap\u0131s\u0131n\u0131 ele almaktad\u0131r.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"DANE-Nedir\"><\/span>DANE Nedir?<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>DANE (DNS-Based Authentication of Named Entities), bir alan ad\u0131n\u0131n kullanmas\u0131 gereken veya kabul etti\u011fi TLS\/SSL sertifikalar\u0131n\u0131, DNSSEC ile g\u00fcvence alt\u0131na al\u0131nm\u0131\u015f DNS kay\u0131tlar\u0131 arac\u0131l\u0131\u011f\u0131yla belirtmesine olanak tan\u0131yan bir internet g\u00fcvenlik protokol\u00fcd\u00fcr. Ba\u015fka bir deyi\u015fle DANE, bir alan ad\u0131 sahibine, &#8220;Benim web siteme ba\u011flanan kullan\u0131c\u0131lar, yaln\u0131zca \u015fu \u00f6zelliklere sahip sertifikalar\u0131 kabul etmelidir&#8221; deme imkan\u0131 verir. Bu bilgi DNS&#8217;te yay\u0131nland\u0131\u011f\u0131 i\u00e7in, bir istemci (taray\u0131c\u0131 veya uygulama) sunucudan bir sertifika ald\u0131\u011f\u0131nda, bu sertifikan\u0131n DNS&#8217;teki DANE kayd\u0131yla e\u015fle\u015fip e\u015fle\u015fmedi\u011fini kontrol edebilir. Bu e\u015fle\u015fme, sertifikan\u0131n me\u015fruiyetini do\u011frulamak i\u00e7in CA hiyerar\u015fisine ek veya alternatif bir y\u00f6ntem sunar.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"DANEin-Temel-Amaci-Sertifika-Guvenini-DNSe-Tasima\"><\/span>DANE&#8217;in Temel Amac\u0131: Sertifika G\u00fcvenini DNS&#8217;e Ta\u015f\u0131ma<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>DANE&#8217;in ana hedefi, sertifika g\u00fcven modelini merkezile\u015ftirilmi\u015f ve potansiyel olarak zay\u0131f olan y\u00fczlerce Sertifika Otoritesinden (CA) uzakla\u015ft\u0131r\u0131p, daha da\u011f\u0131t\u0131k ve alan ad\u0131 sahibinin kontrol\u00fcnde olan DNS sistemine ta\u015f\u0131makt\u0131r. Geleneksel modelde, taray\u0131c\u0131n\u0131z\u0131n g\u00fcvendi\u011fi herhangi bir CA, sizin alan ad\u0131n\u0131z i\u00e7in bir sertifika yay\u0131nlayabilir ve bu durum sizin kontrol\u00fcn\u00fcz d\u0131\u015f\u0131ndad\u0131r. DANE ile alan ad\u0131 sahibi, kendi DNS kay\u0131tlar\u0131 \u00fczerinden hangi sertifikalar\u0131n veya hangi CA&#8217;lar\u0131n kendisi i\u00e7in ge\u00e7erli oldu\u011funu belirleyebilir. Bu, sahte sertifika verilmesi riskini \u00f6nemli \u00f6l\u00e7\u00fcde azalt\u0131r ve g\u00fcvenli\u011fin kontrol\u00fcn\u00fc do\u011frudan varl\u0131\u011f\u0131n (alan ad\u0131n\u0131n) sahibine iade eder.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"DANEin-Kalbi-TLSA-Kaynak-Kaydi-TLSA-Record\"><\/span>DANE&#8217;in Kalbi: TLSA Kaynak Kayd\u0131 (TLSA Record)<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>DANE protokol\u00fcn\u00fcn teknik uygulamas\u0131, TLSA (TLS Authentication) ad\u0131 verilen yeni bir DNS kaynak kayd\u0131 t\u00fcr\u00fc arac\u0131l\u0131\u011f\u0131yla ger\u00e7ekle\u015ftirilir. Bu kay\u0131t, bir alan ad\u0131n\u0131n belirli bir port ve protokol (\u00f6rne\u011fin, 443\/TCP) i\u00e7in kullanaca\u011f\u0131 sertifikan\u0131n \u00f6zelliklerini tan\u0131mlar. TLSA kayd\u0131, DNSSEC ile dijital olarak imzalan\u0131r, bu da onun ger\u00e7ekli\u011fini ve b\u00fct\u00fcnl\u00fc\u011f\u00fcn\u00fc garanti eder. Bir istemci bir sunucuya ba\u011flanmadan \u00f6nce veya ba\u011fland\u0131ktan sonra, ilgili TLSA kayd\u0131n\u0131 DNS&#8217;ten sorgular ve sunucudan ald\u0131\u011f\u0131 sertifikan\u0131n bu kay\u0131tta belirtilen kurallara uyup uymad\u0131\u011f\u0131n\u0131 kontrol eder. Bu do\u011frulama, g\u00fcvenli\u011fin temelini olu\u015fturur.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"TLSA-Kaydinin-Yapisi-ve-Alanlari\"><\/span>TLSA Kayd\u0131n\u0131n Yap\u0131s\u0131 ve Alanlar\u0131<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Bir TLSA kayd\u0131, d\u00f6rt temel alandan olu\u015fur ve her biri sertifika do\u011frulama s\u00fcrecinde belirli bir rol oynar. Bu alanlar, sertifikan\u0131n hangi b\u00f6l\u00fcm\u00fcn\u00fcn nas\u0131l do\u011frulanaca\u011f\u0131n\u0131 esnek bir \u015fekilde tan\u0131mlamaya olanak tan\u0131r.<\/p>\n<div class=\"karsilastirma\">\n<table>\n<thead>\n<tr>\n<th>Alan Ad\u0131<\/th>\n<th>De\u011fer Aral\u0131\u011f\u0131<\/th>\n<th>A\u00e7\u0131klama<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td><strong>Sertifika Kullan\u0131m Alan\u0131 (Certificate Usage)<\/strong><\/td>\n<td>0-3<\/td>\n<td>Sertifikan\u0131n nas\u0131l do\u011frulanaca\u011f\u0131n\u0131 belirten ana kural\u0131 tan\u0131mlar (\u00f6rne\u011fin, belirli bir CA&#8217;ya k\u0131s\u0131tlama veya sadece bu sertifikay\u0131 kabul etme).<\/td>\n<\/tr>\n<tr>\n<td><strong>Se\u00e7ici (Selector)<\/strong><\/td>\n<td>0-1<\/td>\n<td>Sertifikan\u0131n hangi b\u00f6l\u00fcm\u00fcn\u00fcn e\u015fle\u015ftirme i\u00e7in kullan\u0131laca\u011f\u0131n\u0131 belirtir (t\u00fcm sertifika veya sadece a\u00e7\u0131k anahtar).<\/td>\n<\/tr>\n<tr>\n<td><strong>E\u015fle\u015ftirme T\u00fcr\u00fc (Matching Type)<\/strong><\/td>\n<td>0-2<\/td>\n<td>Se\u00e7ilen veriye hangi hash algoritmas\u0131n\u0131n uygulanaca\u011f\u0131n\u0131 veya verinin ham haliyle mi kullan\u0131laca\u011f\u0131n\u0131 belirler (SHA-256, SHA-512 veya tam e\u015fle\u015fme).<\/td>\n<\/tr>\n<tr>\n<td><strong>Sertifika \u0130li\u015fkilendirme Verisi (Certificate Association Data)<\/strong><\/td>\n<td>Hex Dizisi<\/td>\n<td>Yukar\u0131daki alanlara g\u00f6re olu\u015fturulan, sertifikan\u0131n \u00f6zeti (hash) veya tam verisidir.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<h4>Sertifika Kullan\u0131m Alan\u0131 (Certificate Usage)<\/h4>\n<p>Bu alan, 0&#8217;dan 3&#8217;e kadar bir de\u011fer al\u0131r ve DANE do\u011frulamas\u0131n\u0131n en temel kural\u0131n\u0131 belirler. \u00d6rne\u011fin, &#8220;0&#8221; de\u011feri belirli bir CA&#8217;ya k\u0131s\u0131tlama getirirken, &#8220;3&#8221; de\u011feri CA&#8217;ya hi\u00e7 g\u00fcvenilmeksizin do\u011frudan alan ad\u0131 sahibi taraf\u0131ndan yay\u0131nlanan sertifikan\u0131n kullan\u0131laca\u011f\u0131n\u0131 belirtir. Bu kullan\u0131m modelleri ilerleyen b\u00f6l\u00fcmlerde detayland\u0131r\u0131lacakt\u0131r.<\/p>\n<h4>Se\u00e7ici Alan\u0131 (Selector)<\/h4>\n<p>Bu alan, e\u015fle\u015ftirme i\u00e7in sertifikan\u0131n hangi k\u0131sm\u0131n\u0131n kullan\u0131laca\u011f\u0131n\u0131 tan\u0131mlar. &#8220;0&#8221; de\u011feri, t\u00fcm sertifikan\u0131n (DER format\u0131nda) kullan\u0131laca\u011f\u0131n\u0131 belirtirken, &#8220;1&#8221; de\u011feri sadece sertifikan\u0131n i\u00e7indeki konu a\u00e7\u0131k anahtar\u0131n\u0131n (Subject Public Key) kullan\u0131laca\u011f\u0131n\u0131 ifade eder. A\u00e7\u0131k anahtar\u0131 se\u00e7mek, sertifika yenilendi\u011finde ayn\u0131 anahtar \u00e7ifti kullan\u0131ld\u0131\u011f\u0131 s\u00fcrece TLSA kayd\u0131n\u0131 de\u011fi\u015ftirme zorunlulu\u011funu ortadan kald\u0131rabilir.<\/p>\n<h4>E\u015fle\u015ftirme T\u00fcr\u00fc Alan\u0131 (Matching Type)<\/h4>\n<p>Bu alan, se\u00e7ici taraf\u0131ndan belirlenen verinin nas\u0131l temsil edilece\u011fini belirtir. &#8220;0&#8221; de\u011feri, verinin tam (birebir) e\u015fle\u015fmesi gerekti\u011fini s\u00f6yler. &#8220;1&#8221; de\u011feri, verinin SHA-256 hash&#8217;inin al\u0131naca\u011f\u0131n\u0131, &#8220;2&#8221; de\u011feri ise SHA-512 hash&#8217;inin al\u0131naca\u011f\u0131n\u0131 belirtir. Hash kullanmak, TLSA kayd\u0131n\u0131n boyutunu \u00f6nemli \u00f6l\u00e7\u00fcde k\u00fc\u00e7\u00fcltt\u00fc\u011f\u00fc i\u00e7in en yayg\u0131n y\u00f6ntemdir.<\/p>\n<h4>Sertifika \u0130li\u015fkilendirme Verisi (Certificate Association Data)<\/h4>\n<p>Bu alan, yukar\u0131daki \u00fc\u00e7 alan\u0131n kurallar\u0131na g\u00f6re olu\u015fturulmu\u015f olan nihai veriyi i\u00e7erir. Genellikle bu, sertifikan\u0131n veya a\u00e7\u0131k anahtar\u0131n\u0131n SHA-256 veya SHA-512 hash&#8217;inin onalt\u0131l\u0131k (hexadecimal) g\u00f6sterimidir. \u0130stemci, sunucudan ald\u0131\u011f\u0131 sertifikaya ayn\u0131 i\u015flemleri uygulayarak kendi hash&#8217;ini olu\u015fturur ve bu alandaki veriyle kar\u015f\u0131la\u015ft\u0131r\u0131r.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"DANE-ve-DNSSEC-ile-Sahte-Sertifikalarin-Engellenmesi\"><\/span>DANE ve DNSSEC ile Sahte Sertifikalar\u0131n Engellenmesi<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>DANE ve DNSSEC&#8217;in birle\u015fimi, geleneksel CA modelinin zay\u0131fl\u0131klar\u0131n\u0131 hedef alan sofistike sald\u0131r\u0131lara kar\u015f\u0131 g\u00fc\u00e7l\u00fc bir savunma mekanizmas\u0131 olu\u015fturur. Bu ikili, g\u00fcven denetimini alan ad\u0131 sahibine vererek ve ileti\u015fimin her a\u015famas\u0131n\u0131 kriptografik olarak do\u011frulayarak sahte sertifikalar\u0131n kullan\u0131lmas\u0131n\u0131 neredeyse imkans\u0131z hale getirir.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Sertifika-Otoritesi-Bagimliligini-Azaltma\"><\/span>Sertifika Otoritesi Ba\u011f\u0131ml\u0131l\u0131\u011f\u0131n\u0131 Azaltma<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Geleneksel modelde, bir web sitesinin g\u00fcvenli\u011fi, y\u00fczlerce farkl\u0131 Sertifika Otoritesinden (CA) herhangi birinin b\u00fct\u00fcnl\u00fc\u011f\u00fcne ba\u011fl\u0131d\u0131r. E\u011fer bu CA&#8217;lardan sadece biri bile tehlikeye at\u0131l\u0131rsa, sald\u0131rganlar bu CA&#8217;y\u0131 kullanarak herhangi bir domain i\u00e7in ge\u00e7erli g\u00f6r\u00fcnen sahte sertifikalar olu\u015fturabilir. DANE, bu ba\u011f\u0131ml\u0131l\u0131\u011f\u0131 ortadan kald\u0131r\u0131r. Alan ad\u0131 sahibi, TLSA kay\u0131tlar\u0131n\u0131 kullanarak kendi sitesi i\u00e7in hangi sertifikalar\u0131n veya hangi CA&#8217;lar\u0131n ge\u00e7erli oldu\u011funu kesin bir dille belirtebilir. \u00d6rne\u011fin, &#8220;Usage 3&#8221; (Domain-Issued Certificate) modu kullan\u0131ld\u0131\u011f\u0131nda, CA&#8217;lara olan g\u00fcven tamamen baypas edilir ve sadece alan ad\u0131 sahibinin DNS&#8217;te belirtti\u011fi sertifika ge\u00e7erli kabul edilir. Bu, bir CA&#8217;n\u0131n hacklenmesi durumunda bile alan ad\u0131n\u0131n g\u00fcvende kalmas\u0131n\u0131 sa\u011flar.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Bir-Tarayicinin-veya-Istemcinin-DANE-Dogrulamasini-Adim-Adim-Nasil-Yaptigi\"><\/span>Bir Taray\u0131c\u0131n\u0131n veya \u0130stemcinin DANE Do\u011frulamas\u0131n\u0131 Ad\u0131m Ad\u0131m Nas\u0131l Yapt\u0131\u011f\u0131<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>DANE destekleyen bir istemcinin do\u011frulama s\u00fcreci, arka planda birka\u00e7 kritik ad\u0131mdan olu\u015fur. Bu ad\u0131mlar, ba\u011flant\u0131n\u0131n g\u00fcvenli\u011fini katmanl\u0131 bir \u015fekilde sa\u011flar.<\/p>\n<h4>G\u00fcvenli Ba\u011flant\u0131 Talebi<\/h4>\n<p>Kullan\u0131c\u0131, taray\u0131c\u0131s\u0131na `https:\/\/ornek.com` gibi bir adres girdi\u011finde, taray\u0131c\u0131 sunucuya g\u00fcvenli bir TLS ba\u011flant\u0131s\u0131 kurma talebi g\u00f6nderir. Bu, standart bir HTTPS ba\u011flant\u0131 s\u00fcrecinin ilk ad\u0131m\u0131d\u0131r.<\/p>\n<h4>Sunucudan Gelen TLS Sertifikas\u0131<\/h4>\n<p>Web sunucusu, ba\u011flant\u0131 talebine yan\u0131t olarak kendi TLS\/SSL sertifikas\u0131n\u0131 taray\u0131c\u0131ya g\u00f6nderir. Bu sertifika, sunucunun kimli\u011fini, a\u00e7\u0131k anahtar\u0131n\u0131 ve sertifikay\u0131 imzalayan CA&#8217;n\u0131n bilgilerini i\u00e7erir.<\/p>\n<h4>DNSSEC ile G\u00fcvence Alt\u0131na Al\u0131nm\u0131\u015f TLSA Kayd\u0131 Sorgusu<\/h4>\n<p>Taray\u0131c\u0131, sunucudan sertifikay\u0131 al\u0131r almaz (veya e\u015f zamanl\u0131 olarak), `_443._tcp.ornek.com` adresi i\u00e7in bir DNS sorgusu yaparak DANE&#8217;e \u00f6zel TLSA kayd\u0131n\u0131 arar. Bu sorgu, DNSSEC do\u011frulamas\u0131n\u0131 zorunlu k\u0131lar. Taray\u0131c\u0131, ald\u0131\u011f\u0131 TLSA kayd\u0131n\u0131n ve DNS yan\u0131t\u0131n\u0131n tamam\u0131n\u0131n dijital olarak imzaland\u0131\u011f\u0131n\u0131 ve g\u00fcven zinciriyle do\u011fruland\u0131\u011f\u0131n\u0131 kontrol eder. E\u011fer DNSSEC do\u011frulamas\u0131 ba\u015far\u0131s\u0131z olursa, DANE s\u00fcreci an\u0131nda iptal edilir ve ba\u011flant\u0131 g\u00fcvensiz kabul edilir.<\/p>\n<h4>Sertifika ve TLSA Kayd\u0131n\u0131n Kar\u015f\u0131la\u015ft\u0131r\u0131lmas\u0131<\/h4>\n<p>Taray\u0131c\u0131, DNSSEC ile do\u011frulanm\u0131\u015f TLSA kayd\u0131n\u0131 ba\u015far\u0131yla ald\u0131\u011f\u0131nda, bu kayd\u0131n i\u00e7erdi\u011fi kurallar\u0131 (Usage, Selector, Matching Type) sunucudan gelen sertifikaya uygular. \u00d6rne\u011fin, TLSA kayd\u0131 &#8220;3 1 1&#8221; (Domain-issued, public key, SHA-256 hash) ise, taray\u0131c\u0131 sunucudan ald\u0131\u011f\u0131 sertifikan\u0131n a\u00e7\u0131k anahtar\u0131n\u0131n SHA-256 hash&#8217;ini hesaplar. Hesaplad\u0131\u011f\u0131 bu hash de\u011feri, TLSA kayd\u0131n\u0131n &#8220;Certificate Association Data&#8221; alan\u0131ndaki hash ile birebir e\u015fle\u015fiyorsa, sertifika do\u011frulanm\u0131\u015f olur ve g\u00fcvenli ba\u011flant\u0131 kurulur. E\u011fer e\u015fle\u015fmezse, taray\u0131c\u0131 ba\u011flant\u0131y\u0131 reddeder ve kullan\u0131c\u0131ya bir g\u00fcvenlik uyar\u0131s\u0131 g\u00f6sterir.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Saldiri-Senaryolari-Uzerinden-DANEin-Koruma-Mekanizmasi\"><\/span>Sald\u0131r\u0131 Senaryolar\u0131 \u00dczerinden DANE&#8217;in Koruma Mekanizmas\u0131<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>DANE&#8217;in g\u00fcc\u00fcn\u00fc anlaman\u0131n en iyi yolu, onu potansiyel sald\u0131r\u0131 senaryolar\u0131 kar\u015f\u0131s\u0131nda de\u011ferlendirmektir.<\/p>\n<h4>Sahte Bir CA Taraf\u0131ndan D\u00fczenlenen Sertifikalara Kar\u015f\u0131 Koruma<\/h4>\n<p>Bir sald\u0131rgan\u0131n, zay\u0131f bir CA&#8217;y\u0131 kand\u0131rarak `ornek.com` i\u00e7in sahte bir sertifika ald\u0131\u011f\u0131n\u0131 varsayal\u0131m. Sald\u0131rgan, bir MITM sald\u0131r\u0131s\u0131 ile bu sahte sertifikay\u0131 kullan\u0131c\u0131ya sunar. DANE kullanmayan bir taray\u0131c\u0131, sertifika g\u00fcvenilir bir CA taraf\u0131ndan imzaland\u0131\u011f\u0131 i\u00e7in bunu kabul eder. Ancak DANE destekli bir taray\u0131c\u0131, DNS&#8217;ten `ornek.com` i\u00e7in TLSA kayd\u0131n\u0131 sorgular. Alan ad\u0131n\u0131n ger\u00e7ek sahibi, kendi me\u015fru sertifikas\u0131n\u0131n bilgilerini TLSA kayd\u0131na girdi\u011fi i\u00e7in, sald\u0131rgan\u0131n sahte sertifikas\u0131 bu kay\u0131tla e\u015fle\u015fmeyecektir. Sonu\u00e7 olarak, taray\u0131c\u0131 sahtekarl\u0131\u011f\u0131 tespit eder ve ba\u011flant\u0131y\u0131 an\u0131nda keserek kullan\u0131c\u0131y\u0131 korur.<\/p>\n<h4>DNS Zehirleme Sald\u0131r\u0131lar\u0131na Kar\u015f\u0131 DNSSEC ile B\u00fct\u00fcnle\u015fik Savunma<\/h4>\n<p>Bir sald\u0131rgan\u0131n, kullan\u0131c\u0131y\u0131 sahte bir sunucuya y\u00f6nlendirmek i\u00e7in bir DNS zehirleme sald\u0131r\u0131s\u0131 yapt\u0131\u011f\u0131n\u0131 d\u00fc\u015f\u00fcnelim. Sald\u0131rgan, DNS yan\u0131t\u0131n\u0131 manip\u00fcle ederek `ornek.com` adresini kendi kontrol\u00fcndeki bir IP adresine y\u00f6nlendirir. Ancak DANE&#8217;in \u00e7al\u0131\u015fabilmesi i\u00e7in DNSSEC zorunludur. Sald\u0131rgan, DNS kayd\u0131n\u0131 (A kayd\u0131) de\u011fi\u015ftirebilse bile, bu kayd\u0131n DNSSEC imzas\u0131n\u0131 (RRSIG) taklit edemez \u00e7\u00fcnk\u00fc alan ad\u0131n\u0131n \u00f6zel anahtar\u0131na sahip de\u011fildir. DNSSEC do\u011frulamas\u0131n\u0131 yapan bir istemci, imzan\u0131n ge\u00e7ersiz oldu\u011funu anlar ve sahte DNS yan\u0131t\u0131n\u0131 reddeder. Bu sayede kullan\u0131c\u0131, daha en ba\u015f\u0131ndan sahte sunucuya y\u00f6nlendirilmekten korunmu\u015f olur. DNSSEC, DANE&#8217;in \u00e7al\u0131\u015faca\u011f\u0131 zemini g\u00fcvence alt\u0131na alarak b\u00fct\u00fcnle\u015fik bir savunma hatt\u0131 olu\u015fturur.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"DANE-Kullanim-Modelleri-ve-Uygulama-Alanlari\"><\/span>DANE Kullan\u0131m Modelleri ve Uygulama Alanlar\u0131<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>DANE, TLSA kayd\u0131n\u0131n &#8220;Certificate Usage&#8221; alan\u0131nda belirtilen d\u00f6rt farkl\u0131 kullan\u0131m modeli sayesinde b\u00fcy\u00fck bir esneklik sunar. Bu modeller, alan ad\u0131 sahibinin g\u00fcvenlik politikas\u0131n\u0131 kendi ihtiya\u00e7lar\u0131na g\u00f6re hassas bir \u015fekilde ayarlamas\u0131na olanak tan\u0131r. DANE&#8217;in uygulama alanlar\u0131 da sadece web sunucular\u0131yla s\u0131n\u0131rl\u0131 kalmay\u0131p, e-posta gibi di\u011fer kritik internet servislerini de kapsamaktad\u0131r.<\/p>\n<div class=\"karsilastirma\">\n<table>\n<thead>\n<tr>\n<th>Kullan\u0131m Modeli<\/th>\n<th>A\u00e7\u0131klamas\u0131<\/th>\n<th>G\u00fcven Modeli<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td><strong>Usage 0: CA Constraint<\/strong><\/td>\n<td>Belirli bir K\u00f6k veya Ara CA&#8217;y\u0131 &#8220;g\u00fcven \u00e7apas\u0131&#8221; olarak tan\u0131mlar. Sunulan sertifika zincirinin bu CA taraf\u0131ndan imzalanm\u0131\u015f olmas\u0131 gerekir.<\/td>\n<td>Geleneksel CA modelini korur ancak g\u00fcveni sadece belirli CA&#8217;larla s\u0131n\u0131rlar.<\/td>\n<\/tr>\n<tr>\n<td><strong>Usage 1: Service Certificate Constraint<\/strong><\/td>\n<td>Belirli bir son kullan\u0131c\u0131 (end-entity) sertifikas\u0131n\u0131 tan\u0131mlar. Sunulan sertifika bu olmal\u0131 ve ayn\u0131 zamanda geleneksel CA do\u011frulamalar\u0131ndan da ge\u00e7melidir.<\/td>\n<td>&#8220;Certificate Pinning&#8221;e benzer, hem DANE hem de CA do\u011frulamas\u0131 gerektirir.<\/td>\n<\/tr>\n<tr>\n<td><strong>Usage 2: Trust Anchor Assertion<\/strong><\/td>\n<td>Belirli bir K\u00f6k veya Ara CA&#8217;y\u0131 tek g\u00fcven \u00e7apas\u0131 olarak belirler. Geleneksel CA do\u011frulamas\u0131 tamamen baypas edilir.<\/td>\n<td>G\u00fcveni yaln\u0131zca alan ad\u0131 sahibinin belirtti\u011fi CA&#8217;ya dayand\u0131r\u0131r.<\/td>\n<\/tr>\n<tr>\n<td><strong>Usage 3: Domain-Issued Certificate<\/strong><\/td>\n<td>Belirli bir son kullan\u0131c\u0131 sertifikas\u0131n\u0131 tek g\u00fcven kayna\u011f\u0131 olarak tan\u0131mlar. CA hiyerar\u015fisi tamamen g\u00f6z ard\u0131 edilir.<\/td>\n<td>Merkeziyetsiz model, g\u00fcven tamamen DNSSEC ve alan ad\u0131 sahibinin kontrol\u00fcndedir.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<h3><span class=\"ez-toc-section\" id=\"CA-Kisitlamasi-CA-Constraint-%E2%80%93-Usage-0\"><\/span>CA K\u0131s\u0131tlamas\u0131 (CA Constraint &#8211; Usage 0)<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Bu modda, alan ad\u0131 sahibi g\u00fcvendi\u011fi belirli bir Sertifika Otoritesini (CA) TLSA kayd\u0131nda belirtir. DANE do\u011frulamas\u0131 yapan bir istemci, sunucudan ald\u0131\u011f\u0131 sertifika zincirinin, TLSA kayd\u0131nda belirtilen bu CA taraf\u0131ndan imzalanm\u0131\u015f olmas\u0131 gerekti\u011fini kontrol eder. Ancak bu modda, sertifikan\u0131n ayn\u0131 zamanda istemcinin kendi g\u00fcvenilir CA listesine g\u00f6re de ge\u00e7erli olmas\u0131 gerekir. Bu model, y\u00fczlerce CA aras\u0131ndan sadece g\u00fcvendi\u011finiz birka\u00e7\u0131na izin vererek g\u00fcven y\u00fczeyini daraltmak i\u00e7in kullan\u0131l\u0131r, ancak geleneksel CA modeline olan ba\u011f\u0131ml\u0131l\u0131\u011f\u0131 s\u00fcrd\u00fcr\u00fcr.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Servis-Sertifikasi-Kisitlamasi-Service-Certificate-Constraint-%E2%80%93-Usage-1\"><\/span>Servis Sertifikas\u0131 K\u0131s\u0131tlamas\u0131 (Service Certificate Constraint &#8211; Usage 1)<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Bu model, &#8220;certificate pinning&#8221; (sertifika sabitleme) olarak bilinen y\u00f6nteme benzer. Alan ad\u0131 sahibi, sunucuda kullan\u0131lmas\u0131 gereken tam son kullan\u0131c\u0131 sertifikas\u0131n\u0131 TLSA kayd\u0131nda belirtir. Bir istemci, sunucudan ald\u0131\u011f\u0131 sertifikan\u0131n TLSA kayd\u0131ndaki ile birebir e\u015fle\u015fti\u011fini do\u011frulamal\u0131d\u0131r. Ek olarak, sertifikan\u0131n geleneksel yollarla (istemcinin g\u00fcvendi\u011fi CA listesi arac\u0131l\u0131\u011f\u0131yla) da do\u011frulanabilir olmas\u0131 gerekir. Bu, hem DANE&#8217;in sa\u011flad\u0131\u011f\u0131 ek g\u00fcvenceyi hem de geleneksel modelin uyumlulu\u011funu bir arada sunan kat\u0131 bir g\u00fcvenlik y\u00f6ntemidir.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Guven-Capasi-Beyani-Trust-Anchor-Assertion-%E2%80%93-Usage-2\"><\/span>G\u00fcven \u00c7apas\u0131 Beyan\u0131 (Trust Anchor Assertion &#8211; Usage 2)<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Usage 2, Usage 0&#8217;a benzer \u015fekilde belirli bir CA&#8217;y\u0131 g\u00fcvenilir olarak i\u015faretler, ancak \u00f6nemli bir farkla: Bu modda, istemcinin kendi g\u00fcvenilir CA listesi tamamen g\u00f6z ard\u0131 edilir. G\u00fcvenin tek kayna\u011f\u0131 (trust anchor), TLSA kayd\u0131nda belirtilen CA sertifikas\u0131d\u0131r. Bu, alan ad\u0131 sahibinin kendi kurumsal CA&#8217;s\u0131n\u0131 veya daha az bilinen bir CA&#8217;y\u0131, taray\u0131c\u0131lar taraf\u0131ndan varsay\u0131lan olarak tan\u0131nmasa bile, ge\u00e7erli bir g\u00fcven kayna\u011f\u0131 olarak dayatmas\u0131na olanak tan\u0131r. Bu y\u00f6ntem, geleneksel CA hiyerar\u015fisine olan ba\u011f\u0131ml\u0131l\u0131\u011f\u0131 k\u0131rar.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Alan-Adi-Tarafindan-Verilen-Sertifika-Domain-Issued-Certificate-%E2%80%93-Usage-3\"><\/span>Alan Ad\u0131 Taraf\u0131ndan Verilen Sertifika (Domain-Issued Certificate &#8211; Usage 3)<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>En devrimsel ve merkeziyetsiz model olan Usage 3, Sertifika Otoritelerine olan ihtiyac\u0131 tamamen ortadan kald\u0131r\u0131r. Alan ad\u0131 sahibi, TLSA kayd\u0131nda do\u011frudan kendi olu\u015fturdu\u011fu (self-signed) veya belirli bir son kullan\u0131c\u0131 sertifikas\u0131n\u0131 tan\u0131mlar. \u0130stemci, sunucudan gelen sertifikan\u0131n bu kay\u0131tla e\u015fle\u015fip e\u015fle\u015fmedi\u011fini kontrol eder ve ba\u015fka hi\u00e7bir CA do\u011frulamas\u0131 yapmaz. G\u00fcvenin tek dayana\u011f\u0131, DNSSEC ile korunan DNS kayd\u0131d\u0131r. Bu, alan ad\u0131 sahibine tam kontrol sa\u011flar ve CA&#8217;larla ili\u015fkili maliyetleri ve riskleri ortadan kald\u0131r\u0131r.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Web-Sunucularinin-Otesinde-DANE-E-posta-Guvenligi-SMTP-icin-Kullanimi\"><\/span>Web Sunucular\u0131n\u0131n \u00d6tesinde DANE: E-posta G\u00fcvenli\u011fi (SMTP) i\u00e7in Kullan\u0131m\u0131<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>DANE&#8217;in faydalar\u0131 sadece web (HTTPS) ile s\u0131n\u0131rl\u0131 de\u011fildir. E-posta sunucular\u0131 aras\u0131ndaki ileti\u015fimi (SMTP) g\u00fcvence alt\u0131na almak i\u00e7in de g\u00fc\u00e7l\u00fc bir ara\u00e7t\u0131r. Geleneksel SMTP ileti\u015fimi genellikle \u015fifresizdir veya &#8220;f\u0131rsat\u00e7\u0131 TLS&#8221; (opportunistic TLS) kullan\u0131r, bu da MITM sald\u0131r\u0131lar\u0131na kar\u015f\u0131 savunmas\u0131zd\u0131r. DANE ile bir alan ad\u0131, e-posta sunucusunun (MX kayd\u0131yla belirtilen) kullanmas\u0131 gereken TLS sertifikas\u0131n\u0131 bir TLSA kayd\u0131yla yay\u0131nlayabilir. E-posta g\u00f6nderen bir sunucu, al\u0131c\u0131 sunucuya ba\u011flanmadan \u00f6nce bu TLSA kayd\u0131n\u0131 kontrol eder. E\u011fer al\u0131c\u0131 sunucunun sundu\u011fu sertifika kay\u0131tla e\u015fle\u015firse, \u015fifreli ve do\u011frulanm\u0131\u015f bir ba\u011flant\u0131 kurulur. Bu, e-postalar\u0131n gizlili\u011fini ve b\u00fct\u00fcnl\u00fc\u011f\u00fcn\u00fc \u00f6nemli \u00f6l\u00e7\u00fcde art\u0131r\u0131r ve sahte sunuculara e-posta g\u00f6nderilmesini engeller. Bu, <a href=\"https:\/\/www.ihs.com.tr\/blog\/e-posta-iletimini-iyilestiren-dns-kayitlari-spf-dkim-ve-dmarc-detayli-rehber\/\" target=\"_blank\">SPF, DKIM ve DMARC<\/a> gibi mevcut e-posta g\u00fcvenlik mekanizmalar\u0131n\u0131 tamamlayan \u00f6nemli bir ad\u0131md\u0131r.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"DANE-Protokolunun-Avantajlari-ve-Zorluklari\"><\/span>DANE Protokol\u00fcn\u00fcn Avantajlar\u0131 ve Zorluklar\u0131<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Her yeni teknolojide oldu\u011fu gibi, DANE protokol\u00fc de internet g\u00fcvenli\u011fini ileriye ta\u015f\u0131yan \u00f6nemli avantajlar sunarken, yayg\u0131nla\u015fmas\u0131n\u0131n \u00f6n\u00fcnde baz\u0131 zorluklar ve engeller bar\u0131nd\u0131rmaktad\u0131r. Bu b\u00f6l\u00fcmde, DANE&#8217;in getirdi\u011fi faydalar\u0131 ve kar\u015f\u0131la\u015ft\u0131\u011f\u0131 zorluklar\u0131 objektif bir \u015fekilde ele alaca\u011f\u0131z.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"DANE-Kullaniminin-Sagladigi-Avantajlar\"><\/span>DANE Kullan\u0131m\u0131n\u0131n Sa\u011flad\u0131\u011f\u0131 Avantajlar<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>DANE&#8217;in benimsenmesi, internetin g\u00fcvenlik mimarisinde k\u00f6kl\u00fc iyile\u015ftirmeler vaat etmektedir.<\/p>\n<h4>Art\u0131r\u0131lm\u0131\u015f G\u00fcvenlik ve Sahtecili\u011fe Kar\u015f\u0131 Diren\u00e7<\/h4>\n<p>DANE&#8217;in en b\u00fcy\u00fck avantaj\u0131, sahte sertifikalara ve Ortadaki Adam (MITM) sald\u0131r\u0131lar\u0131na kar\u015f\u0131 sundu\u011fu \u00fcst\u00fcn korumad\u0131r. G\u00fcveni, potansiyel olarak zay\u0131f y\u00fczlerce CA&#8217;dan al\u0131p, DNSSEC ile kriptografik olarak g\u00fcvence alt\u0131na al\u0131nm\u0131\u015f DNS&#8217;e ta\u015f\u0131yarak, tek bir CA&#8217;n\u0131n ihlal edilmesinin t\u00fcm sistemi \u00e7\u00f6kertme riskini ortadan kald\u0131r\u0131r. Alan ad\u0131 sahibi, kendi g\u00fcvenlik politikas\u0131n\u0131 belirleyerek, hangi sertifikalar\u0131n ge\u00e7erli oldu\u011funu kesin bir dille ifade eder ve bu da sahtecili\u011fi neredeyse imkans\u0131z hale getirir.<\/p>\n<h4>G\u00fcven Modelinde Esneklik ve Kontrol<\/h4>\n<p>D\u00f6rt farkl\u0131 kullan\u0131m modeli (Usage 0-3) sayesinde DANE, alan ad\u0131 sahiplerine benzeri g\u00f6r\u00fclmemi\u015f bir esneklik ve kontrol sunar. Mevcut CA modelini daha g\u00fcvenli hale getirmekten (Usage 0\/1), CA&#8217;lar\u0131 tamamen devreden \u00e7\u0131kar\u0131p merkeziyetsiz bir g\u00fcven modeli olu\u015fturmaya (Usage 2\/3) kadar geni\u015f bir yelpazede se\u00e7enek sunar. Bu, her kurulu\u015fun kendi risk tolerans\u0131na ve teknik kapasitesine uygun bir g\u00fcvenlik stratejisi belirlemesine olanak tan\u0131r.<\/p>\n<h4>Potansiyel Maliyet Avantajlar\u0131<\/h4>\n<p>\u00d6zellikle &#8220;Usage 3&#8221; (Domain-Issued Certificate) modelinin kullan\u0131lmas\u0131 durumunda, ticari Sertifika Otoritelerinden pahal\u0131 SSL sertifikalar\u0131 sat\u0131n alma zorunlulu\u011fu ortadan kalkar. Alan ad\u0131 sahipleri, kendi kendilerine imzalad\u0131klar\u0131 (self-signed) sertifikalar\u0131 g\u00fcvenli bir \u015fekilde kullanabilirler. Bu durum, \u00f6zellikle \u00e7ok say\u0131da alt alan ad\u0131na sahip b\u00fcy\u00fck kurulu\u015flar veya k\u0131s\u0131tl\u0131 b\u00fct\u00e7eye sahip projeler i\u00e7in \u00f6nemli bir maliyet avantaj\u0131 sa\u011flayabilir. G\u00fcvenli\u011fin maliyeti, sertifika \u00fccretlerinden DNSSEC y\u00f6netimi ve bilgisine kayar.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Yayginlasmasinin-Onundeki-Engeller-ve-Zorluklar\"><\/span>Yayg\u0131nla\u015fmas\u0131n\u0131n \u00d6n\u00fcndeki Engeller ve Zorluklar<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>DANE&#8217;in sundu\u011fu bu avantajlara ra\u011fmen, k\u00fcresel \u00f6l\u00e7ekte yayg\u0131nla\u015fmas\u0131 yava\u015f ilerlemektedir.<\/p>\n<h4>DNSSEC Adaptasyonunun Gereklili\u011fi<\/h4>\n<p>DANE&#8217;in en temel gereksinimi, alan ad\u0131n\u0131n DNSSEC ile yap\u0131land\u0131r\u0131lm\u0131\u015f olmas\u0131d\u0131r. DNSSEC, DANE&#8217;in \u00fczerine in\u015fa edildi\u011fi g\u00fcven temelini olu\u015fturur. Ancak, d\u00fcnya genelinde DNSSEC adaptasyon oran\u0131 hala istenen seviyede de\u011fildir. Bir\u00e7ok <a href=\"https:\/\/www.ihs.com.tr\/web-hosting\/\" target=\"_blank\">hosting<\/a> sa\u011flay\u0131c\u0131s\u0131 ve alan ad\u0131 kay\u0131t kurulu\u015fu, DNSSEC&#8217;i ya hi\u00e7 desteklememekte ya da karma\u015f\u0131k bir s\u00fcre\u00e7 olarak sunmaktad\u0131r. Bu durum, DANE&#8217;in benimsenmesinin \u00f6n\u00fcndeki en b\u00fcy\u00fck engeldir.<\/p>\n<h4>\u0130stemci (Taray\u0131c\u0131 ve Uygulama) Deste\u011finin S\u0131n\u0131rl\u0131 Olmas\u0131<\/h4>\n<p>DANE&#8217;in etkili olabilmesi i\u00e7in sadece sunucu taraf\u0131nda de\u011fil, ayn\u0131 zamanda istemci taraf\u0131nda da (web taray\u0131c\u0131lar\u0131, e-posta istemcileri, i\u015fletim sistemleri vb.) desteklenmesi gerekir. Maalesef, b\u00fcy\u00fck web taray\u0131c\u0131lar\u0131 (Chrome, Firefox, Safari) DANE do\u011frulamas\u0131 i\u00e7in yerel destek sunmamaktad\u0131r. Taray\u0131c\u0131 geli\u015ftiricileri, Sertifika \u015eeffafl\u0131\u011f\u0131 (Certificate Transparency) gibi alternatif mekanizmalar\u0131 tercih etmi\u015flerdir. DANE deste\u011fi, \u015fu anda daha \u00e7ok e-posta sunucular\u0131 ve baz\u0131 \u00f6zel uygulamalarla s\u0131n\u0131rl\u0131d\u0131r. Bu destek olmadan, DANE&#8217;in web trafi\u011fi \u00fczerindeki etkisi marjinal kalmaktad\u0131r.<\/p>\n<h4>Kurulum ve Y\u00f6netim Karma\u015f\u0131kl\u0131\u011f\u0131<\/h4>\n<p>Hem DNSSEC&#8217;in hem de DANE&#8217;in (TLSA kay\u0131tlar\u0131n\u0131n) kurulumu ve y\u00f6netimi, standart DNS y\u00f6netimine g\u00f6re daha fazla teknik bilgi ve dikkat gerektirir. \u00d6zellikle sertifika yenileme s\u00fcre\u00e7lerinde TLSA kay\u0131tlar\u0131n\u0131n do\u011fru bir \u015fekilde g\u00fcncellenmesi kritik \u00f6neme sahiptir. Hatal\u0131 bir yap\u0131land\u0131rma, web sitesine veya e-posta servisine eri\u015fimin tamamen kesilmesine neden olabilir. Bu karma\u015f\u0131kl\u0131k, bir\u00e7ok sistem y\u00f6neticisini DANE&#8217;i uygulamaktan cayd\u0131rabilmektedir. Bu nedenle, uzman bir <a href=\"https:\/\/www.ihs.com.tr\/sunucu-kiralama\/\" target=\"_blank\">sunucu<\/a> y\u00f6netimi hizmeti almak \u00f6nem kazanmaktad\u0131r.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Guvenli-Internetin-Geleceginde-DANEin-Yeri\"><\/span>G\u00fcvenli \u0130nternetin Gelece\u011finde DANE&#8217;in Yeri<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>DANE, internetin temel g\u00fcven mimarisini yeniden \u015fekillendirme potansiyeline sahip \u00f6nemli bir teknoloji olsa da, yayg\u0131nla\u015fmas\u0131 ve gelecekteki rol\u00fc, ekosistemdeki di\u011fer geli\u015fmeler ve zorluklarla yak\u0131ndan ili\u015fkilidir. DANE&#8217;in mevcut durumunu, alternatiflerini ve daha geni\u015f bir perspektifte internet g\u00fcvenli\u011fine katk\u0131s\u0131n\u0131 anlamak, gelecekteki yerini daha iyi konumland\u0131rmam\u0131za yard\u0131mc\u0131 olur.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"DANEin-Mevcut-Durumu-ve-Benimsenme-Oranlari\"><\/span>DANE&#8217;in Mevcut Durumu ve Benimsenme Oranlar\u0131<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>\u015eu anki duruma bak\u0131ld\u0131\u011f\u0131nda, DANE&#8217;in benimsenmesi beklentilerin alt\u0131nda kalm\u0131\u015ft\u0131r. Web trafi\u011fi i\u00e7in en kritik halka olan b\u00fcy\u00fck taray\u0131c\u0131lar\u0131n (Chrome, Firefox, Edge, Safari) yerel destek sunmamas\u0131, DANE&#8217;in web g\u00fcvenli\u011findeki rol\u00fcn\u00fc ciddi \u015fekilde s\u0131n\u0131rlam\u0131\u015ft\u0131r. Bununla birlikte, DANE e-posta (SMTP) g\u00fcvenli\u011fi alan\u0131nda \u00e7ok daha ba\u015far\u0131l\u0131 bir benimsenme oran\u0131 yakalam\u0131\u015ft\u0131r. Bir\u00e7ok b\u00fcy\u00fck e-posta sa\u011flay\u0131c\u0131s\u0131 ve g\u00fcvenlik odakl\u0131 kurulu\u015f, sunucular aras\u0131 ileti\u015fimi g\u00fcvence alt\u0131na almak i\u00e7in DANE&#8217;i aktif olarak kullanmaktad\u0131r. Bu alanda, geleneksel TLS uygulamalar\u0131ndaki zay\u0131fl\u0131klar\u0131 gidermek i\u00e7in en etkili standartlardan biri olarak kabul edilmektedir.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Sertifika-Seffafligi-Certificate-Transparency-gibi-Alternatif-ve-Tamamlayici-Teknolojiler\"><\/span>Sertifika \u015eeffafl\u0131\u011f\u0131 (Certificate Transparency) gibi Alternatif ve Tamamlay\u0131c\u0131 Teknolojiler<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Taray\u0131c\u0131 geli\u015ftiricileri, DANE yerine Sertifika \u015eeffafl\u0131\u011f\u0131 (Certificate Transparency &#8211; CT) gibi farkl\u0131 bir yakla\u015f\u0131m\u0131 benimsemi\u015flerdir. CT, t\u00fcm g\u00fcvenilir Sertifika Otoritelerini (CA), verdikleri her sertifikay\u0131 halka a\u00e7\u0131k, denetlenebilir ve kurcalamaya kar\u015f\u0131 dayan\u0131kl\u0131 kay\u0131tlara (log&#8217;lara) girmeye zorlar. Bu sayede, bir alan ad\u0131 sahibi, kendi <a href=\"https:\/\/www.ihs.com.tr\/blog\/domain-nedir-ne-ise-yarar\/\" target=\"_blank\">domain<\/a> i\u00e7in haberi olmadan bir sertifika d\u00fczenlenip d\u00fczenlenmedi\u011fini izleyebilir. CT, sahte sertifikalar\u0131 engellemek yerine, verildikten sonra h\u0131zla tespit edilmelerini sa\u011flar. DANE ve CT, asl\u0131nda birbirine rakip teknolojiler de\u011fildir; birbirini tamamlay\u0131c\u0131 niteliktedirler. DANE, proaktif bir \u015fekilde sahte sertifikalar\u0131n g\u00fcvenilir olmas\u0131n\u0131 engellerken, CT reaktif bir \u015fekilde sahte sertifikalar\u0131n tespit edilmesini sa\u011flar. \u0130deal bir d\u00fcnyada, her ikisi de daha g\u00fcvenli bir internet i\u00e7in birlikte \u00e7al\u0131\u015fabilir.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"DANEin-Merkezi-Olmayan-Bir-Guven-Mimarisine-Katkisi\"><\/span>DANE&#8217;in Merkezi Olmayan Bir G\u00fcven Mimarisine Katk\u0131s\u0131<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>DANE&#8217;in en \u00f6nemli felsefi katk\u0131s\u0131, internetin g\u00fcven modelini ademimerkeziyet\u00e7ili\u011fe do\u011fru itmesidir. Geleneksel modelde g\u00fcven, birka\u00e7 y\u00fcz b\u00fcy\u00fck \u015firketin (CA&#8217;lar) kontrol\u00fcndedir. Bu merkezi yap\u0131, tek bir ba\u015far\u0131s\u0131zl\u0131k noktas\u0131n\u0131n (single point of failure) t\u00fcm sistemi tehlikeye atmas\u0131na neden olabilir. DANE, \u00f6zellikle Usage 2 ve 3 modlar\u0131 ile bu modeli k\u0131rar. G\u00fcvenin kontrol\u00fcn\u00fc, hiyerar\u015fik ve merkezi bir yap\u0131dan, da\u011f\u0131t\u0131k ve alan ad\u0131 sahibinin kontrol\u00fcndeki DNS sistemine ta\u015f\u0131r. Bu, internetin temel felsefesi olan da\u011f\u0131t\u0131k ve dayan\u0131kl\u0131 (resilient) yap\u0131ya daha uygundur. Gelecekte blokzincir ve di\u011fer merkezi olmayan kimlik do\u011frulama sistemleri geli\u015ftik\u00e7e, DANE&#8217;in bu alanda \u00f6nc\u00fc bir rol oynad\u0131\u011f\u0131 ve benzer bir felsefeyi payla\u015ft\u0131\u011f\u0131 g\u00f6r\u00fclecektir.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"DANE-ve-DNSSEC-Hizmetleri-Icin-Neden-IHS-Telekomu-Tercih-Etmelisiniz\"><\/span>DANE ve DNSSEC Hizmetleri \u0130\u00e7in Neden IHS Telekom&#8217;u Tercih Etmelisiniz?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>DANE ve DNSSEC gibi ileri d\u00fczey g\u00fcvenlik protokollerinin uygulanmas\u0131, derin teknik uzmanl\u0131k ve g\u00fcvenilir bir altyap\u0131 gerektirir. Hatal\u0131 bir yap\u0131land\u0131rma, hizmet kesintilerine ve g\u00fcvenlik a\u00e7\u0131klar\u0131na yol a\u00e7abilir. IHS Telekom, y\u0131llar\u0131n deneyimi ve g\u00fc\u00e7l\u00fc altyap\u0131s\u0131yla bu karma\u015f\u0131k s\u00fcre\u00e7leri sizin i\u00e7in basitle\u015ftirir ve internet varl\u0131klar\u0131n\u0131z\u0131n g\u00fcvenli\u011fini en \u00fcst d\u00fczeye \u00e7\u0131kar\u0131r.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Uzman-Kadro-ile-Sorunsuz-DNSSEC-Yapilandirmasi-ve-Yonetimi\"><\/span>Uzman Kadro ile Sorunsuz DNSSEC Yap\u0131land\u0131rmas\u0131 ve Y\u00f6netimi<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>DNSSEC, DANE&#8217;in temel ta\u015f\u0131d\u0131r ve do\u011fru bir \u015fekilde yap\u0131land\u0131r\u0131lmas\u0131 hayati \u00f6nem ta\u015f\u0131r. Uzman teknik ekibimiz, alan adlar\u0131n\u0131z i\u00e7in DNSSEC imzalama s\u00fcrecini, anahtar y\u00f6netimini ve g\u00fcven zinciri (chain of trust) delegasyonunu sorunsuz bir \u015fekilde ger\u00e7ekle\u015ftirir. Anahtar rotasyonu gibi karma\u015f\u0131k bak\u0131m s\u00fcre\u00e7lerini sizin yerinize y\u00f6neterek, DNS altyap\u0131n\u0131z\u0131n s\u00fcrekli g\u00fcvende kalmas\u0131n\u0131 sa\u011flar\u0131z.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Gelismis-Kontrol-Paneli-Uzerinden-Kolay-TLSA-Kaydi-Ekleme-ve-Guncelleme\"><\/span>Geli\u015fmi\u015f Kontrol Paneli \u00dczerinden Kolay TLSA Kayd\u0131 Ekleme ve G\u00fcncelleme<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>DANE&#8217;i etkinle\u015ftirmek i\u00e7in gereken TLSA kay\u0131tlar\u0131n\u0131 olu\u015fturmak ve y\u00f6netmek, teknik bilgi gerektiren bir i\u015flemdir. IHS Telekom&#8217;un sundu\u011fu kullan\u0131c\u0131 dostu ve geli\u015fmi\u015f kontrol paneli sayesinde, TLSA kay\u0131tlar\u0131n\u0131z\u0131 kolayca olu\u015fturabilir, ekleyebilir ve g\u00fcncelleyebilirsiniz. Sertifika yenileme s\u00fcre\u00e7lerinde, yeni sertifikan\u0131zla uyumlu TLSA kay\u0131tlar\u0131n\u0131 panelimiz \u00fczerinden birka\u00e7 t\u0131klama ile y\u00f6neterek hizmetlerinizin kesintisiz ve g\u00fcvenli kalmas\u0131n\u0131 sa\u011flars\u0131n\u0131z.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Yuksek-Performansli-ve-Guvenilir-DNS-Altyapisi\"><\/span>Y\u00fcksek Performansl\u0131 ve G\u00fcvenilir DNS Altyap\u0131s\u0131<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>DNSSEC ve DANE, DNS sorgular\u0131na ek y\u00fck getirebilir. IHS Telekom&#8217;un co\u011frafi olarak da\u011f\u0131t\u0131k, yedekli ve y\u00fcksek performansl\u0131 DNS altyap\u0131s\u0131, bu ek sorgular\u0131n kullan\u0131c\u0131lar\u0131n\u0131za yans\u0131yacak bir gecikmeye neden olmas\u0131n\u0131 engeller. D\u00fc\u015f\u00fck gecikme s\u00fcresi ve %99.9 uptime garantisi ile hem g\u00fcvenli hem de h\u0131zl\u0131 bir DNS hizmeti sunarak web sitenizin ve e-posta hizmetlerinizin performans\u0131n\u0131 en \u00fcst seviyede tutar\u0131z.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Uctan-Uca-Guvenlik-Cozumlerinde-Teknik-Destek-ve-Danismanlik\"><\/span>U\u00e7tan Uca G\u00fcvenlik \u00c7\u00f6z\u00fcmlerinde Teknik Destek ve Dan\u0131\u015fmanl\u0131k<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>G\u00fcvenlik, tek bir protokolden ibaret de\u011fildir. IHS Telekom olarak, DANE ve DNSSEC&#8217;in yan\u0131 s\u0131ra <a href=\"https:\/\/www.ihs.com.tr\/web-hosting\/wordpress-hosting.html\" target=\"_blank\">WordPress hosting<\/a> g\u00fcvenli\u011fi, SSL sertifikalar\u0131, g\u00fcvenlik duvarlar\u0131 ve e-posta g\u00fcvenli\u011fi gibi konularda da b\u00fct\u00fcnc\u00fcl \u00e7\u00f6z\u00fcmler sunuyoruz. \u0130htiya\u00e7lar\u0131n\u0131za en uygun g\u00fcvenlik mimarisini tasarlamak, uygulamak ve y\u00f6netmek i\u00e7in uzman ekibimizden 7\/24 teknik destek ve dan\u0131\u015fmanl\u0131k alabilirsiniz. G\u00fcvenli\u011finizi \u015fansa b\u0131rakmay\u0131n, IHS Telekom&#8217;un uzmanl\u0131\u011f\u0131na g\u00fcvenin.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u0130nternet \u00fczerinde ger\u00e7ekle\u015ftirdi\u011fimiz her i\u015flem, bankac\u0131l\u0131ktan e-ticarete, sosyal medyadan e-posta ileti\u015fimine kadar hassas verilerin transferini i\u00e7erir. Bu dijital ekosistemin g\u00fcvenli\u011fi, b\u00fcy\u00fck \u00f6l\u00e7\u00fcde&hellip;<\/p>\n","protected":false},"author":3,"featured_media":15478,"comment_status":"open","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[400],"tags":[],"class_list":["post-15475","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-ssl-sertifikasi"],"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/posts\/15475","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/comments?post=15475"}],"version-history":[{"count":1,"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/posts\/15475\/revisions"}],"predecessor-version":[{"id":15477,"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/posts\/15475\/revisions\/15477"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/media\/15478"}],"wp:attachment":[{"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/media?parent=15475"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/categories?post=15475"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/tags?post=15475"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}