{"id":15486,"date":"2026-04-01T17:50:20","date_gmt":"2026-04-01T14:50:20","guid":{"rendered":"https:\/\/www.ihs.com.tr\/blog\/?p=15486"},"modified":"2026-04-01T17:50:20","modified_gmt":"2026-04-01T14:50:20","slug":"man-in-the-middle-ortadaki-adam-saldirilarini-ssl-nasil-engeller","status":"publish","type":"post","link":"https:\/\/www.ihs.com.tr\/blog\/man-in-the-middle-ortadaki-adam-saldirilarini-ssl-nasil-engeller\/","title":{"rendered":"&#8220;Man-in-the-Middle&#8221; (Ortadaki Adam) Sald\u0131r\u0131lar\u0131n\u0131 SSL Nas\u0131l Engeller?"},"content":{"rendered":"<p>\u0130nternet \u00fczerinde ger\u00e7ekle\u015ftirdi\u011fimiz her i\u015flem, bir istemci (taray\u0131c\u0131n\u0131z) ile bir sunucu (web sitesi) aras\u0131nda veri al\u0131\u015fveri\u015fini i\u00e7erir. Bu ileti\u015fim hatt\u0131, siber sald\u0131rganlar i\u00e7in potansiyel bir hedef haline gelebilir. \u00d6zellikle &#8220;Man-in-the-Middle&#8221; (MitM) veya &#8220;Ortadaki Adam&#8221; sald\u0131r\u0131lar\u0131, bu ileti\u015fimin gizlili\u011fini ve b\u00fct\u00fcnl\u00fc\u011f\u00fcn\u00fc tehdit eden en sinsi y\u00f6ntemlerden biridir. Sald\u0131rgan, kullan\u0131c\u0131 ile sunucu aras\u0131na gizlice girerek t\u00fcm veri ak\u0131\u015f\u0131n\u0131 izleyebilir, \u00e7alabilir ve hatta de\u011fi\u015ftirebilir. \u0130\u015fte bu noktada, web g\u00fcvenli\u011finin temel ta\u015flar\u0131ndan biri olan SSL\/TLS protokol\u00fc devreye girer. SSL (Secure Sockets Layer) ve onun modern versiyonu olan TLS (Transport Layer Security), bu t\u00fcr gizli dinlemeleri ve veri manip\u00fclasyonlar\u0131n\u0131 etkisiz hale getirmek i\u00e7in tasarlanm\u0131\u015f \u015fifreleme tabanl\u0131 g\u00fcvenlik mekanizmalar\u0131 sunar. Bu makalede, Man-in-the-Middle sald\u0131r\u0131lar\u0131n\u0131n ne oldu\u011funu, nas\u0131l \u00e7al\u0131\u015ft\u0131\u011f\u0131n\u0131 ve SSL\/TLS protokol\u00fcn\u00fcn bu tehlikeli tehdidi nas\u0131l bertaraf etti\u011fini detaylar\u0131yla inceleyece\u011fiz.<\/p>\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_77 counter-hierarchy ez-toc-counter ez-toc-grey ez-toc-container-direction\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">\u0130\u00e7erik Tablosu<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-6a148a6cc1a7c\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #999;color:#999\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #999;color:#999\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\" id=\"ez-toc-cssicon-toggle-item-6a148a6cc1a7c\" aria-label=\"Toggle\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/www.ihs.com.tr\/blog\/man-in-the-middle-ortadaki-adam-saldirilarini-ssl-nasil-engeller\/#%E2%80%9CMan-in-the-Middle%E2%80%9D-Ortadaki-Adam-Saldirisinin-Anatomisi\" >&#8220;Man-in-the-Middle&#8221; (Ortadaki Adam) Sald\u0131r\u0131s\u0131n\u0131n Anatomisi<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/www.ihs.com.tr\/blog\/man-in-the-middle-ortadaki-adam-saldirilarini-ssl-nasil-engeller\/#Man-in-the-Middle-Saldirisi-Nedir\" >Man-in-the-Middle Sald\u0131r\u0131s\u0131 Nedir?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/www.ihs.com.tr\/blog\/man-in-the-middle-ortadaki-adam-saldirilarini-ssl-nasil-engeller\/#Saldiri-Vektorleri-ve-Yaygin-Senaryolar\" >Sald\u0131r\u0131 Vekt\u00f6rleri ve Yayg\u0131n Senaryolar<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/www.ihs.com.tr\/blog\/man-in-the-middle-ortadaki-adam-saldirilarini-ssl-nasil-engeller\/#MitM-Saldirilarinin-Hedefleri-ve-Potansiyel-Sonuclari\" >MitM Sald\u0131r\u0131lar\u0131n\u0131n Hedefleri ve Potansiyel Sonu\u00e7lar\u0131<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/www.ihs.com.tr\/blog\/man-in-the-middle-ortadaki-adam-saldirilarini-ssl-nasil-engeller\/#SSLTLS-Protokolune-Giris\" >SSL\/TLS Protokol\u00fcne Giri\u015f<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/www.ihs.com.tr\/blog\/man-in-the-middle-ortadaki-adam-saldirilarini-ssl-nasil-engeller\/#SSLTLS-Nedir\" >SSL\/TLS Nedir?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/www.ihs.com.tr\/blog\/man-in-the-middle-ortadaki-adam-saldirilarini-ssl-nasil-engeller\/#SSLTLSnin-Uc-Temel-Guvenlik-Prensibi\" >SSL\/TLS&#8217;nin \u00dc\u00e7 Temel G\u00fcvenlik Prensibi<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-8\" href=\"https:\/\/www.ihs.com.tr\/blog\/man-in-the-middle-ortadaki-adam-saldirilarini-ssl-nasil-engeller\/#HTTPSnin-Rolu-ve-SSLTLS-ile-Iliskisi\" >HTTPS&#8217;nin Rol\u00fc ve SSL\/TLS ile \u0130li\u015fkisi<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-9\" href=\"https:\/\/www.ihs.com.tr\/blog\/man-in-the-middle-ortadaki-adam-saldirilarini-ssl-nasil-engeller\/#SSLnin-MitM-Saldirilarini-Engelleme-Mekanizmalari\" >SSL&#8217;nin MitM Sald\u0131r\u0131lar\u0131n\u0131 Engelleme Mekanizmalar\u0131<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-10\" href=\"https:\/\/www.ihs.com.tr\/blog\/man-in-the-middle-ortadaki-adam-saldirilarini-ssl-nasil-engeller\/#Sifreleme-Veri-Trafigini-Okunmaz-Hale-Getirme\" >\u015eifreleme: Veri Trafi\u011fini Okunmaz Hale Getirme<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-11\" href=\"https:\/\/www.ihs.com.tr\/blog\/man-in-the-middle-ortadaki-adam-saldirilarini-ssl-nasil-engeller\/#Kimlik-Dogrulama-Dogru-Sunucuyla-Konustugunuzdan-Emin-Olma\" >Kimlik Do\u011frulama: Do\u011fru Sunucuyla Konu\u015ftu\u011funuzdan Emin Olma<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-12\" href=\"https:\/\/www.ihs.com.tr\/blog\/man-in-the-middle-ortadaki-adam-saldirilarini-ssl-nasil-engeller\/#Veri-Butunlugu-Verinin-Yolda-Degistirilmesini-Onleme\" >Veri B\u00fct\u00fcnl\u00fc\u011f\u00fc: Verinin Yolda De\u011fi\u015ftirilmesini \u00d6nleme<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-13\" href=\"https:\/\/www.ihs.com.tr\/blog\/man-in-the-middle-ortadaki-adam-saldirilarini-ssl-nasil-engeller\/#SSL-Handshake-El-Sikisma-Sureci-Adim-Adim\" >SSL Handshake (El S\u0131k\u0131\u015fma) S\u00fcreci Ad\u0131m Ad\u0131m<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-14\" href=\"https:\/\/www.ihs.com.tr\/blog\/man-in-the-middle-ortadaki-adam-saldirilarini-ssl-nasil-engeller\/#Istemci-Merhaba-Client-Hello\" >\u0130stemci Merhaba (Client Hello)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-15\" href=\"https:\/\/www.ihs.com.tr\/blog\/man-in-the-middle-ortadaki-adam-saldirilarini-ssl-nasil-engeller\/#Sunucu-Merhaba-Server-Hello-ve-Sertifika-Gonderimi\" >Sunucu Merhaba (Server Hello) ve Sertifika G\u00f6nderimi<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-16\" href=\"https:\/\/www.ihs.com.tr\/blog\/man-in-the-middle-ortadaki-adam-saldirilarini-ssl-nasil-engeller\/#Sertifikanin-Istemci-Tarafindan-Dogrulanmasi\" >Sertifikan\u0131n \u0130stemci Taraf\u0131ndan Do\u011frulanmas\u0131<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-17\" href=\"https:\/\/www.ihs.com.tr\/blog\/man-in-the-middle-ortadaki-adam-saldirilarini-ssl-nasil-engeller\/#Anahtar-Degisimi-ve-Guvenli-Kanalin-Olusturulmasi\" >Anahtar De\u011fi\u015fimi ve G\u00fcvenli Kanal\u0131n Olu\u015fturulmas\u0131<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-18\" href=\"https:\/\/www.ihs.com.tr\/blog\/man-in-the-middle-ortadaki-adam-saldirilarini-ssl-nasil-engeller\/#SSL-Handshakein-MitM-Saldirilarini-Nasil-Basarisiz-Kildigi\" >SSL Handshake&#8217;in MitM Sald\u0131r\u0131lar\u0131n\u0131 Nas\u0131l Ba\u015far\u0131s\u0131z K\u0131ld\u0131\u011f\u0131<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-19\" href=\"https:\/\/www.ihs.com.tr\/blog\/man-in-the-middle-ortadaki-adam-saldirilarini-ssl-nasil-engeller\/#SSL-Sertifikalari-ve-Guven-Duzeyleri\" >SSL Sertifikalar\u0131 ve G\u00fcven D\u00fczeyleri<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-20\" href=\"https:\/\/www.ihs.com.tr\/blog\/man-in-the-middle-ortadaki-adam-saldirilarini-ssl-nasil-engeller\/#Alan-Adi-Dogrulamali-DV-SSL\" >Alan Ad\u0131 Do\u011frulamal\u0131 (DV) SSL<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-21\" href=\"https:\/\/www.ihs.com.tr\/blog\/man-in-the-middle-ortadaki-adam-saldirilarini-ssl-nasil-engeller\/#Kurulus-Dogrulamali-OV-SSL\" >Kurulu\u015f Do\u011frulamal\u0131 (OV) SSL<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-22\" href=\"https:\/\/www.ihs.com.tr\/blog\/man-in-the-middle-ortadaki-adam-saldirilarini-ssl-nasil-engeller\/#Genisletilmis-Dogrulamali-EV-SSL\" >Geni\u015fletilmi\u015f Do\u011frulamal\u0131 (EV) SSL<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-23\" href=\"https:\/\/www.ihs.com.tr\/blog\/man-in-the-middle-ortadaki-adam-saldirilarini-ssl-nasil-engeller\/#Dogru-Sertifika-Turunu-Secmenin-Onemi\" >Do\u011fru Sertifika T\u00fcr\u00fcn\u00fc Se\u00e7menin \u00d6nemi<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-24\" href=\"https:\/\/www.ihs.com.tr\/blog\/man-in-the-middle-ortadaki-adam-saldirilarini-ssl-nasil-engeller\/#SSLTLS-Uygulamasindaki-Zayifliklar-ve-Ek-Guvenlik-Onlemleri\" >SSL\/TLS Uygulamas\u0131ndaki Zay\u0131fl\u0131klar ve Ek G\u00fcvenlik \u00d6nlemleri<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-25\" href=\"https:\/\/www.ihs.com.tr\/blog\/man-in-the-middle-ortadaki-adam-saldirilarini-ssl-nasil-engeller\/#Suresi-Dolmus-veya-Yanlis-Yapilandirilmis-Sertifikalar\" >S\u00fcresi Dolmu\u015f veya Yanl\u0131\u015f Yap\u0131land\u0131r\u0131lm\u0131\u015f Sertifikalar<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-26\" href=\"https:\/\/www.ihs.com.tr\/blog\/man-in-the-middle-ortadaki-adam-saldirilarini-ssl-nasil-engeller\/#Zayif-Sifreleme-Algoritmalari\" >Zay\u0131f \u015eifreleme Algoritmalar\u0131<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-27\" href=\"https:\/\/www.ihs.com.tr\/blog\/man-in-the-middle-ortadaki-adam-saldirilarini-ssl-nasil-engeller\/#SSL-Stripping-Saldirilari-ve-HSTS-HTTP-Strict-Transport-Security-ile-Korunma\" >SSL Stripping Sald\u0131r\u0131lar\u0131 ve HSTS (HTTP Strict Transport Security) ile Korunma<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-28\" href=\"https:\/\/www.ihs.com.tr\/blog\/man-in-the-middle-ortadaki-adam-saldirilarini-ssl-nasil-engeller\/#Web-Guvenliginiz-ve-SSL-Sertifikasi-Icin-Neden-IHS-Telekomu-Tercih-Etmelisiniz\" >Web G\u00fcvenli\u011finiz ve SSL Sertifikas\u0131 \u0130\u00e7in Neden \u0130HS Telekom&#8217;u Tercih Etmelisiniz?<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-29\" href=\"https:\/\/www.ihs.com.tr\/blog\/man-in-the-middle-ortadaki-adam-saldirilarini-ssl-nasil-engeller\/#Ihtiyaclariniza-Uygun-Genis-Sertifika-Yelpazesi-DV-OV-EV-Wildcard\" >\u0130htiya\u00e7lar\u0131n\u0131za Uygun Geni\u015f Sertifika Yelpazesi (DV, OV, EV, Wildcard)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-30\" href=\"https:\/\/www.ihs.com.tr\/blog\/man-in-the-middle-ortadaki-adam-saldirilarini-ssl-nasil-engeller\/#Uzman-Teknik-Destek-ile-Kolay-Kurulum-ve-Yapilandirma\" >Uzman Teknik Destek ile Kolay Kurulum ve Yap\u0131land\u0131rma<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-31\" href=\"https:\/\/www.ihs.com.tr\/blog\/man-in-the-middle-ortadaki-adam-saldirilarini-ssl-nasil-engeller\/#Rekabetci-Fiyatlar-ve-Guvenilir-Altyapi\" >Rekabet\u00e7i Fiyatlar ve G\u00fcvenilir Altyap\u0131<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-32\" href=\"https:\/\/www.ihs.com.tr\/blog\/man-in-the-middle-ortadaki-adam-saldirilarini-ssl-nasil-engeller\/#Otomatik-Yenileme-ve-Sertifika-Yonetim-Kolayligi\" >Otomatik Yenileme ve Sertifika Y\u00f6netim Kolayl\u0131\u011f\u0131<\/a><\/li><\/ul><\/li><\/ul><\/nav><\/div>\n<h2><span class=\"ez-toc-section\" id=\"%E2%80%9CMan-in-the-Middle%E2%80%9D-Ortadaki-Adam-Saldirisinin-Anatomisi\"><\/span>&#8220;Man-in-the-Middle&#8221; (Ortadaki Adam) Sald\u0131r\u0131s\u0131n\u0131n Anatomisi<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Man-in-the-Middle (MitM) sald\u0131r\u0131s\u0131, siber g\u00fcvenlikte en temel ve tehlikeli sald\u0131r\u0131 t\u00fcrlerinden biridir. Bu sald\u0131r\u0131, iki taraf aras\u0131ndaki mevcut bir ileti\u015fim kanal\u0131na, taraflar\u0131n haberi olmaks\u0131z\u0131n \u00fc\u00e7\u00fcnc\u00fc bir taraf\u0131n (sald\u0131rgan\u0131n) dahil olmas\u0131yla ger\u00e7ekle\u015fir. Sald\u0131rgan, kendini her iki tarafa da me\u015fru bir u\u00e7 nokta olarak tan\u0131tarak aradaki t\u00fcm veri trafi\u011fini ele ge\u00e7irir. Bu sayede, hassas bilgileri (kullan\u0131c\u0131 adlar\u0131, \u015fifreler, kredi kart\u0131 numaralar\u0131 vb.) \u00e7alabilir, ileti\u015fimi de\u011fi\u015ftirebilir veya taraflar\u0131 sahte sitelere y\u00f6nlendirebilir.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Man-in-the-Middle-Saldirisi-Nedir\"><\/span>Man-in-the-Middle Sald\u0131r\u0131s\u0131 Nedir?<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Temel olarak MitM, bir aldatmaca ve gizli dinleme sald\u0131r\u0131s\u0131d\u0131r. Sald\u0131rgan, sizinle ba\u011flant\u0131 kurmaya \u00e7al\u0131\u015ft\u0131\u011f\u0131n\u0131z sunucu (\u00f6rne\u011fin bankan\u0131z\u0131n web sitesi) aras\u0131na konumlan\u0131r. Siz, do\u011frudan bankan\u0131zla ileti\u015fim kurdu\u011funuzu zannederken asl\u0131nda t\u00fcm verilerinizi sald\u0131rgana g\u00f6nderirsiniz. Sald\u0131rgan ise bu verileri ald\u0131ktan sonra, iste\u011finizi ger\u00e7ek sunucuya iletir ve sunucudan gelen yan\u0131t\u0131 da size iletmeden \u00f6nce ele ge\u00e7irir. Bu s\u00fcre\u00e7 tamamen \u015feffaf g\u00f6r\u00fcnd\u00fc\u011f\u00fc i\u00e7in kurbanlar genellikle durumun fark\u0131na varmazlar. \u0130leti\u015fim, sanki hi\u00e7bir sorun yokmu\u015f gibi devam eder, ancak arka planda t\u00fcm verileriniz \u00fc\u00e7\u00fcnc\u00fc bir g\u00f6z taraf\u0131ndan izlenmektedir.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Saldiri-Vektorleri-ve-Yaygin-Senaryolar\"><\/span>Sald\u0131r\u0131 Vekt\u00f6rleri ve Yayg\u0131n Senaryolar<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>MitM sald\u0131r\u0131lar\u0131 \u00e7e\u015fitli y\u00f6ntemler kullan\u0131larak ger\u00e7ekle\u015ftirilebilir. Sald\u0131rganlar\u0131n en s\u0131k ba\u015fvurdu\u011fu vekt\u00f6rler \u015funlard\u0131r:<\/p>\n<h4>G\u00fcvensiz Wi-Fi A\u011flar\u0131<\/h4>\n<p>Halka a\u00e7\u0131k ve \u015fifresiz Wi-Fi a\u011flar\u0131 (kafeler, havaalanlar\u0131, oteller vb.) MitM sald\u0131r\u0131lar\u0131 i\u00e7in en verimli ortamlard\u0131r. Sald\u0131rgan, &#8220;Evil Twin&#8221; (\u015eeytan \u0130kiz) ad\u0131 verilen bir y\u00f6ntemle, me\u015fru a\u011f\u0131n ad\u0131n\u0131 kopyalayan sahte bir Wi-Fi eri\u015fim noktas\u0131 olu\u015fturur. Kullan\u0131c\u0131lar, ger\u00e7ek a\u011fa ba\u011fland\u0131klar\u0131n\u0131 d\u00fc\u015f\u00fcnerek bu sahte a\u011fa ba\u011flan\u0131rlar ve o andan itibaren t\u00fcm internet trafikleri sald\u0131rgan\u0131n kontrol\u00fcndeki cihaz \u00fczerinden ge\u00e7er.<\/p>\n<h4>DNS Sahtekarl\u0131\u011f\u0131 (DNS Spoofing)<\/h4>\n<p>DNS (Domain Name System), &#8220;www.ornek.com&#8221; gibi alan adlar\u0131n\u0131 sunucular\u0131n IP adreslerine \u00e7eviren sistemdir. DNS sahtekarl\u0131\u011f\u0131nda sald\u0131rgan, DNS sunucusunun kay\u0131tlar\u0131n\u0131 manip\u00fcle ederek veya kullan\u0131c\u0131n\u0131n DNS sorgular\u0131na sahte yan\u0131tlar vererek, me\u015fru bir siteye gitmek isteyen kullan\u0131c\u0131y\u0131 kendi kontrol\u00fcndeki sahte bir siteye y\u00f6nlendirir. \u00d6rne\u011fin, bankan\u0131z\u0131n <a href=\"https:\/\/www.ihs.com.tr\/domain\/alan-adi-domain-tescili.html\" target=\"_blank\">alan ad\u0131<\/a> adresini yazd\u0131\u011f\u0131n\u0131zda, sahte ama g\u00f6rsel olarak birebir ayn\u0131 olan bir siteye y\u00f6nlendirilebilirsiniz.<\/p>\n<h4>ARP Sahtekarl\u0131\u011f\u0131 (ARP Spoofing)<\/h4>\n<p>ARP (Address Resolution Protocol), yerel a\u011flarda IP adreslerini cihazlar\u0131n MAC (fiziksel) adresleriyle e\u015fle\u015ftirmek i\u00e7in kullan\u0131l\u0131r. ARP sahtekarl\u0131\u011f\u0131nda, sald\u0131rgan a\u011fdaki di\u011fer cihazlara sahte ARP mesajlar\u0131 g\u00f6nderir. Bu mesajlarla, a\u011f ge\u00e7idinin (modem\/router) MAC adresinin kendi MAC adresi oldu\u011funu veya kurban\u0131n MAC adresinin kendisininki oldu\u011funu iddia eder. B\u00f6ylece, kurban\u0131n veya t\u00fcm a\u011f\u0131n trafi\u011fini kendi cihaz\u0131 \u00fczerinden ge\u00e7meye zorlar.<\/p>\n<div class=\"karsilastirma\">\n<table>\n<thead>\n<tr>\n<th>Sald\u0131r\u0131 Vekt\u00f6r\u00fc<\/th>\n<th>\u00c7al\u0131\u015fma Prensibi<\/th>\n<th>En Yayg\u0131n Ortam<\/th>\n<th>Korunma Y\u00f6ntemi<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td>G\u00fcvensiz Wi-Fi (Evil Twin)<\/td>\n<td>Me\u015fru Wi-Fi a\u011f\u0131n\u0131n sahtesini olu\u015fturarak kullan\u0131c\u0131lar\u0131 kand\u0131rma.<\/td>\n<td>Halka a\u00e7\u0131k alanlar (kafe, havaalan\u0131)<\/td>\n<td>VPN kullanmak, \u015f\u00fcpheli a\u011flara ba\u011flanmamak, HTTPS kullanmak.<\/td>\n<\/tr>\n<tr>\n<td>DNS Sahtekarl\u0131\u011f\u0131 (DNS Spoofing)<\/td>\n<td>Alan ad\u0131 sorgular\u0131n\u0131 manip\u00fcle ederek kullan\u0131c\u0131y\u0131 sahte siteye y\u00f6nlendirme.<\/td>\n<td>Yerel a\u011flar, ele ge\u00e7irilmi\u015f DNS sunucular\u0131<\/td>\n<td>G\u00fcvenilir DNS sunucular\u0131 kullanmak, DNSSEC, SSL\/TLS.<\/td>\n<\/tr>\n<tr>\n<td>ARP Sahtekarl\u0131\u011f\u0131 (ARP Spoofing)<\/td>\n<td>Yerel a\u011fdaki cihazlar\u0131n MAC adreslerini taklit ederek trafi\u011fi \u00fczerine \u00e7ekme.<\/td>\n<td>Kurumsal ve ev a\u011flar\u0131<\/td>\n<td>Statik ARP tablolar\u0131, a\u011f izleme yaz\u0131l\u0131mlar\u0131.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<h3><span class=\"ez-toc-section\" id=\"MitM-Saldirilarinin-Hedefleri-ve-Potansiyel-Sonuclari\"><\/span>MitM Sald\u0131r\u0131lar\u0131n\u0131n Hedefleri ve Potansiyel Sonu\u00e7lar\u0131<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>MitM sald\u0131r\u0131lar\u0131n\u0131n temel hedefi veri h\u0131rs\u0131zl\u0131\u011f\u0131d\u0131r. Sald\u0131rganlar genellikle online bankac\u0131l\u0131k \u015fifreleri, e-posta giri\u015f bilgileri, kredi kart\u0131 numaralar\u0131, sosyal medya hesaplar\u0131 ve di\u011fer ki\u015fisel verilerin pe\u015findedir. Olas\u0131 sonu\u00e7lar olduk\u00e7a ciddidir ve finansal kay\u0131plardan kimlik h\u0131rs\u0131zl\u0131\u011f\u0131na, kurumsal casusluktan \u015fantaja kadar geni\u015f bir yelpazeyi kapsar. Sald\u0131rgan, ele ge\u00e7irdi\u011fi oturum \u00e7erezleri (session cookies) ile sizin ad\u0131n\u0131za hesaplar\u0131n\u0131zda oturum a\u00e7abilir ve i\u015flem yapabilir.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"SSLTLS-Protokolune-Giris\"><\/span>SSL\/TLS Protokol\u00fcne Giri\u015f<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Man-in-the-Middle gibi gizli dinleme ve veri manip\u00fclasyonu sald\u0131r\u0131lar\u0131na kar\u015f\u0131 en etkili savunma hatt\u0131, ileti\u015fimi en ba\u015f\u0131ndan itibaren g\u00fcvenli hale getirmektir. \u0130\u015fte bu g\u00f6revi, modern internetin temelini olu\u015fturan SSL\/TLS protokolleri \u00fcstlenir. Bu protokoller, istemci ve sunucu aras\u0131ndaki veri ak\u0131\u015f\u0131n\u0131 koruyarak g\u00fcvenli bir ileti\u015fim kanal\u0131 olu\u015fturur.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"SSLTLS-Nedir\"><\/span>SSL\/TLS Nedir?<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>SSL (Secure Sockets Layer), Netscape taraf\u0131ndan 1990&#8217;larda geli\u015ftirilen orijinal g\u00fcvenlik protokol\u00fcd\u00fcr. Zamanla ke\u015ffedilen zafiyetleri nedeniyle yerini daha g\u00fcvenli ve g\u00fcncel bir versiyon olan TLS&#8217;ye (Transport Layer Security) b\u0131rakm\u0131\u015ft\u0131r. G\u00fcn\u00fcm\u00fczde &#8220;SSL&#8221; terimi genellikle TLS&#8217;yi de kapsayacak \u015fekilde genel bir ifade olarak kullan\u0131lsa da, teknik olarak kullan\u0131lan protokol TLS&#8217;dir. Bu protokol\u00fcn temel amac\u0131, internet \u00fczerindeki iki bilgisayar aras\u0131nda \u015fifreli bir ba\u011flant\u0131 kurarak veri g\u00fcvenli\u011fini sa\u011flamakt\u0131r. Bir web sitesi <a href=\"https:\/\/www.ihs.com.tr\/ssl\/\" target=\"_blank\">SSL sertifikas\u0131<\/a> kulland\u0131\u011f\u0131nda, taray\u0131c\u0131 ile sunucu aras\u0131ndaki t\u00fcm veriler \u015fifrelenir.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"SSLTLSnin-Uc-Temel-Guvenlik-Prensibi\"><\/span>SSL\/TLS&#8217;nin \u00dc\u00e7 Temel G\u00fcvenlik Prensibi<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>SSL\/TLS, g\u00fcvenli\u011fi \u00fc\u00e7 temel prensip \u00fczerine in\u015fa eder. Bu prensipler, MitM sald\u0131r\u0131lar\u0131n\u0131n ba\u015far\u0131l\u0131 olmas\u0131n\u0131 engellemek i\u00e7in birlikte \u00e7al\u0131\u015f\u0131r.<\/p>\n<h4>\u015eifreleme (Encryption)<\/h4>\n<p>\u015eifreleme, verilerin yetkisiz ki\u015filer taraf\u0131ndan okunmas\u0131n\u0131 engellemek i\u00e7in onlar\u0131 anla\u015f\u0131lamaz bir formata d\u00f6n\u00fc\u015ft\u00fcrme i\u015flemidir. SSL, istemci ve sunucu aras\u0131ndaki t\u00fcm verileri (g\u00f6nderilen formlar, kullan\u0131c\u0131 adlar\u0131, \u015fifreler vb.) \u015fifreler. Bu sayede, bir sald\u0131rgan veri paketlerini ele ge\u00e7irse bile, elindeki anlams\u0131z karakter y\u0131\u011f\u0131n\u0131n\u0131 \u00e7\u00f6zemez ve i\u00e7eri\u011fini anlayamaz.<\/p>\n<h4>Kimlik Do\u011frulama (Authentication)<\/h4>\n<p>\u0130nternet \u00fczerinde ger\u00e7ekten do\u011fru sunucuyla m\u0131 konu\u015ftu\u011funuzu nas\u0131l anlars\u0131n\u0131z? Kimlik do\u011frulama bu sorunun cevab\u0131d\u0131r. SSL sertifikalar\u0131, bir web sitesinin kimli\u011fini do\u011frular. Taray\u0131c\u0131n\u0131z bir SSL sertifikas\u0131 g\u00f6rd\u00fc\u011f\u00fcnde, bu sertifikan\u0131n g\u00fcvenilir bir Sertifika Otoritesi (CA) taraf\u0131ndan verildi\u011fini ve sertifikan\u0131n ait oldu\u011fu alan ad\u0131n\u0131n do\u011frulanm\u0131\u015f oldu\u011funu kontrol eder. Bu, sizi sahte sitelere y\u00f6nlendiren DNS veya ARP sahtekarl\u0131\u011f\u0131 gibi sald\u0131r\u0131lara kar\u015f\u0131 korur.<\/p>\n<h4>Veri B\u00fct\u00fcnl\u00fc\u011f\u00fc (Data Integrity)<\/h4>\n<p>Veri b\u00fct\u00fcnl\u00fc\u011f\u00fc, g\u00f6nderilen verinin yol boyunca de\u011fi\u015ftirilmedi\u011finden emin olmay\u0131 sa\u011flar. SSL, iletilen her veri paketi i\u00e7in bir Mesaj Do\u011frulama Kodu (MAC) olu\u015fturur. Bu kod, verinin i\u00e7eri\u011fine ba\u011fl\u0131 olarak \u00fcretilen benzersiz bir dijital imzaya benzer. Sunucu veya istemci, veriyi ald\u0131\u011f\u0131nda ayn\u0131 kodu kendisi de hesaplar. E\u011fer hesaplanan kod ile gelen kod e\u015fle\u015fmiyorsa, bu verinin yolda de\u011fi\u015ftirildi\u011fi anlam\u0131na gelir ve ba\u011flant\u0131 sonland\u0131r\u0131l\u0131r. Bu, sald\u0131rgan\u0131n ileti\u015fime m\u00fcdahale edip i\u00e7eri\u011fi de\u011fi\u015ftirmesini engeller.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"HTTPSnin-Rolu-ve-SSLTLS-ile-Iliskisi\"><\/span>HTTPS&#8217;nin Rol\u00fc ve SSL\/TLS ile \u0130li\u015fkisi<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>HTTPS (Hypertext Transfer Protocol Secure), standart HTTP protokol\u00fcn\u00fcn SSL\/TLS ile \u015fifrelenmi\u015f halidir. Bir web sitesinin adresi &#8220;http:\/\/&#8221; yerine &#8220;https:\/\/ &#8221; ile ba\u015fl\u0131yorsa ve taray\u0131c\u0131n\u0131zda bir kilit simgesi g\u00f6r\u00fcn\u00fcyorsa, bu o siteyle aran\u0131zdaki ileti\u015fimin SSL\/TLS kullan\u0131larak g\u00fcvence alt\u0131na al\u0131nd\u0131\u011f\u0131 anlam\u0131na gelir. HTTPS, bu \u00fc\u00e7 g\u00fcvenlik prensibini (\u015fifreleme, kimlik do\u011frulama, veri b\u00fct\u00fcnl\u00fc\u011f\u00fc) web trafi\u011fine uygulayarak online i\u015flemlerinizi, form g\u00f6nderimlerinizi ve gezinti aktivitelerinizi korur.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"SSLnin-MitM-Saldirilarini-Engelleme-Mekanizmalari\"><\/span>SSL&#8217;nin MitM Sald\u0131r\u0131lar\u0131n\u0131 Engelleme Mekanizmalar\u0131<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>SSL\/TLS protokol\u00fcn\u00fcn \u00fc\u00e7 temel prensibi, Man-in-the-Middle sald\u0131r\u0131lar\u0131n\u0131 etkisiz k\u0131lmak i\u00e7in tasarlanm\u0131\u015f sofistike mekanizmalar\u0131 hayata ge\u00e7irir. Sald\u0131rgan\u0131n araya girme, dinleme ve veriyi de\u011fi\u015ftirme giri\u015fimleri, bu mekanizmalar sayesinde ba\u015far\u0131s\u0131z olur. \u015eimdi bu mekanizmalar\u0131n MitM sald\u0131r\u0131lar\u0131n\u0131 nas\u0131l engelledi\u011fini daha yak\u0131ndan inceleyelim.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Sifreleme-Veri-Trafigini-Okunmaz-Hale-Getirme\"><\/span>\u015eifreleme: Veri Trafi\u011fini Okunmaz Hale Getirme<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>MitM sald\u0131r\u0131s\u0131n\u0131n temel amac\u0131, iki taraf aras\u0131ndaki veriyi okumakt\u0131r. \u015eifreleme, bu amac\u0131 do\u011frudan hedefler ve veriyi, do\u011fru anahtara sahip olmayan herkes i\u00e7in anlams\u0131z bir karaktere d\u00f6n\u00fc\u015ft\u00fcr\u00fcr. Bu, sald\u0131rgan araya girip veri paketlerini yakalasa bile i\u00e7eri\u011fini anlamas\u0131n\u0131 imkans\u0131z k\u0131lar.<\/p>\n<h4>Simetrik ve Asimetrik \u015eifreleme Kavramlar\u0131<\/h4>\n<p>SSL\/TLS, iki farkl\u0131 \u015fifreleme t\u00fcr\u00fcn\u00fc bir arada kullanarak hem g\u00fcvenli hem de verimli bir sistem olu\u015fturur:<\/p>\n<ul>\n<li><strong>Asimetrik \u015eifreleme (A\u00e7\u0131k Anahtarl\u0131 Kriptografi):<\/strong> Bu y\u00f6ntemde birbiriyle ili\u015fkili iki anahtar kullan\u0131l\u0131r: Genel Anahtar (Public Key) ve \u00d6zel Anahtar (Private Key). Genel anahtar herkesle payla\u015f\u0131labilir ve veriyi \u015fifrelemek i\u00e7in kullan\u0131l\u0131r. Ancak bu \u015fifrelenmi\u015f veriyi sadece ve sadece ilgili \u00f6zel anahtara sahip olan taraf \u00e7\u00f6zebilir. Bu y\u00f6ntem \u00e7ok g\u00fcvenlidir ancak i\u015flemci g\u00fcc\u00fc a\u00e7\u0131s\u0131ndan yava\u015ft\u0131r.<\/li>\n<li><strong>Simetrik \u015eifreleme:<\/strong> Bu y\u00f6ntemde ise \u015fifreleme ve \u015fifre \u00e7\u00f6zme i\u015flemleri i\u00e7in tek bir ortak anahtar kullan\u0131l\u0131r. Asimetrik \u015fifrelemeye g\u00f6re \u00e7ok daha h\u0131zl\u0131d\u0131r ancak bu ortak anahtar\u0131n iki taraf aras\u0131nda g\u00fcvenli bir \u015fekilde payla\u015f\u0131lmas\u0131 gerekir.<\/li>\n<\/ul>\n<h4>Oturum Anahtarlar\u0131 (Session Keys) ile \u0130leti\u015fimin G\u00fcvenli\u011fi<\/h4>\n<p>SSL\/TLS, bu iki y\u00f6ntemin en iyi y\u00f6nlerini birle\u015ftirir. Ba\u011flant\u0131n\u0131n ba\u015flang\u0131c\u0131nda (SSL Handshake s\u0131ras\u0131nda), taraflar g\u00fcvenli bir oturum anahtar\u0131 (session key) olu\u015fturmak i\u00e7in asimetrik \u015fifrelemeyi kullan\u0131r. Sunucu, genel anahtar\u0131n\u0131 istemciye g\u00f6nderir. \u0130stemci, bu genel anahtarla \u015fifreledi\u011fi simetrik oturum anahtar\u0131n\u0131 sunucuya g\u00f6nderir. Bu anahtar\u0131 sadece sunucunun \u00f6zel anahtar\u0131 \u00e7\u00f6zebilece\u011fi i\u00e7in, oturum anahtar\u0131 g\u00fcvenli bir \u015fekilde iletilmi\u015f olur. Ba\u011flant\u0131 kurulduktan sonraki t\u00fcm veri al\u0131\u015fveri\u015fi, bu h\u0131zl\u0131 ve verimli simetrik oturum anahtar\u0131 ile \u015fifrelenir. Bu sayede, sald\u0131rgan anahtar de\u011fi\u015fimini izlese bile \u00f6zel anahtara sahip olmad\u0131\u011f\u0131 i\u00e7in oturum anahtar\u0131n\u0131 ele ge\u00e7iremez ve sonraki trafi\u011fi \u00e7\u00f6zemez.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Kimlik-Dogrulama-Dogru-Sunucuyla-Konustugunuzdan-Emin-Olma\"><\/span>Kimlik Do\u011frulama: Do\u011fru Sunucuyla Konu\u015ftu\u011funuzdan Emin Olma<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>MitM sald\u0131rgan\u0131, kendini size bankan\u0131z veya e-ticaret siteniz gibi tan\u0131tarak sizi kand\u0131rmaya \u00e7al\u0131\u015f\u0131r. SSL&#8217;nin kimlik do\u011frulama mekanizmas\u0131, bu t\u00fcr sahtekarl\u0131klar\u0131 \u00f6nler. Bir <a href=\"https:\/\/www.ihs.com.tr\/web-hosting\/\" target=\"_blank\">hosting<\/a> hizmeti \u00fczerinde bar\u0131nan web sitesinin ger\u00e7ekten iddia etti\u011fi ki\u015fi veya kurum oldu\u011fundan emin olman\u0131z\u0131 sa\u011flar.<\/p>\n<h4>SSL Sertifikas\u0131n\u0131n Rol\u00fc<\/h4>\n<p>SSL sertifikas\u0131, bir web sitesinin kimli\u011fini kan\u0131tlayan dijital bir belgedir. Bu sertifika, sitenin alan ad\u0131n\u0131, sahibi olan kurulu\u015fu, sertifikan\u0131n ge\u00e7erlilik s\u00fcresini ve en \u00f6nemlisi sitenin genel anahtar\u0131n\u0131 i\u00e7erir. Taray\u0131c\u0131n\u0131z bir siteye ba\u011fland\u0131\u011f\u0131nda, sunucu bu sertifikay\u0131 taray\u0131c\u0131n\u0131za g\u00f6nderir. Bu, sizin sahte bir sunucuya de\u011fil, ger\u00e7ek sunucuya ba\u011fland\u0131\u011f\u0131n\u0131z\u0131n ilk kan\u0131t\u0131d\u0131r.<\/p>\n<h4>Sertifika Otoriteleri (CA) ve G\u00fcven Zinciri<\/h4>\n<p>Peki, bir SSL sertifikas\u0131na nas\u0131l g\u00fcveniriz? \u00c7\u00fcnk\u00fc bu sertifikalar, Comodo, DigiCert, GlobalSign gibi d\u00fcnya \u00e7ap\u0131nda g\u00fcvenilir kabul edilen Sertifika Otoriteleri (Certificate Authorities &#8211; CA) taraf\u0131ndan verilir. Taray\u0131c\u0131n\u0131z ve i\u015fletim sisteminiz, bu g\u00fcvenilir CA&#8217;lar\u0131n bir listesiyle birlikte gelir. Taray\u0131c\u0131n\u0131z bir sertifika ald\u0131\u011f\u0131nda, sertifikay\u0131 imzalayan CA&#8217;n\u0131n bu g\u00fcvenilir listede olup olmad\u0131\u011f\u0131n\u0131 kontrol eder. E\u011fer imza ge\u00e7erliyse ve sertifika, ba\u011fland\u0131\u011f\u0131n\u0131z alan ad\u0131yla e\u015fle\u015fiyorsa, taray\u0131c\u0131 ba\u011flant\u0131n\u0131n g\u00fcvenli oldu\u011funu kabul eder. Sald\u0131rgan, kendi sahte sertifikas\u0131n\u0131 olu\u015fturabilir, ancak bu sertifika g\u00fcvenilir bir CA taraf\u0131ndan imzalanmad\u0131\u011f\u0131 i\u00e7in taray\u0131c\u0131n\u0131z &#8220;Bu ba\u011flant\u0131 g\u00fcvenli de\u011fil&#8221; gibi ciddi bir uyar\u0131 vererek sizi korur.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Veri-Butunlugu-Verinin-Yolda-Degistirilmesini-Onleme\"><\/span>Veri B\u00fct\u00fcnl\u00fc\u011f\u00fc: Verinin Yolda De\u011fi\u015ftirilmesini \u00d6nleme<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Bir sald\u0131rgan veriyi okuyamasa bile, onu manip\u00fcle etmeye \u00e7al\u0131\u015fabilir. \u00d6rne\u011fin, bir banka transferi i\u015fleminde al\u0131c\u0131 hesap numaras\u0131n\u0131 veya miktar\u0131 de\u011fi\u015ftirmeyi deneyebilir. SSL&#8217;nin veri b\u00fct\u00fcnl\u00fc\u011f\u00fc mekanizmas\u0131 bunu engeller.<\/p>\n<h4>Mesaj Do\u011frulama Kodlar\u0131 (MAC)<\/h4>\n<p>Veri, g\u00f6nderilmeden \u00f6nce \u00f6zel bir algoritmadan (hash fonksiyonu) ge\u00e7irilir ve Mesaj Do\u011frulama Kodu (Message Authentication Code &#8211; MAC) ad\u0131 verilen benzersiz bir \u00f6zet olu\u015fturulur. Bu MAC, \u015fifrelenmi\u015f veriyle birlikte g\u00f6nderilir. Veriyi alan taraf, \u015fifreyi \u00e7\u00f6zd\u00fckten sonra ayn\u0131 hash fonksiyonunu kullanarak verinin MAC&#8217;ini yeniden hesaplar.<\/p>\n<h4>Hash Fonksiyonlar\u0131n\u0131n Kullan\u0131m\u0131<\/h4>\n<p>E\u011fer al\u0131c\u0131n\u0131n hesaplad\u0131\u011f\u0131 MAC ile g\u00f6nderenin yollad\u0131\u011f\u0131 MAC birebir ayn\u0131ysa, bu, verinin yolculuk s\u0131ras\u0131nda hi\u00e7bir de\u011fi\u015fikli\u011fe u\u011framad\u0131\u011f\u0131n\u0131 kan\u0131tlar. E\u011fer sald\u0131rgan yoldaki veriyi de\u011fi\u015ftirirse, verinin yeni MAC&#8217;i orijinalinden farkl\u0131 olacakt\u0131r. Al\u0131c\u0131 taraf bu tutars\u0131zl\u0131\u011f\u0131 tespit etti\u011finde ba\u011flant\u0131y\u0131 hemen sonland\u0131r\u0131r ve de\u011fi\u015ftirilmi\u015f veriyi reddeder. Bu sayede, verilerinizin gizlice manip\u00fcle edilmesi \u00f6nlenmi\u015f olur.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"SSL-Handshake-El-Sikisma-Sureci-Adim-Adim\"><\/span>SSL Handshake (El S\u0131k\u0131\u015fma) S\u00fcreci Ad\u0131m Ad\u0131m<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>SSL\/TLS&#8217;nin MitM sald\u0131r\u0131lar\u0131na kar\u015f\u0131 koruma sa\u011flayan t\u00fcm mekanizmalar\u0131, &#8220;SSL Handshake&#8221; ad\u0131 verilen kritik bir s\u00fcre\u00e7te devreye girer. Bu s\u00fcre\u00e7, taray\u0131c\u0131n\u0131z (istemci) ile web sunucusu aras\u0131nda g\u00fcvenli bir ileti\u015fim kanal\u0131 kurulmadan \u00f6nce ger\u00e7ekle\u015fen bir dizi ad\u0131md\u0131r. Bu &#8220;el s\u0131k\u0131\u015fma&#8221; i\u015flemi, taraflar\u0131n kimliklerini do\u011frulamalar\u0131n\u0131, \u015fifreleme algoritmalar\u0131 \u00fczerinde anla\u015fmalar\u0131n\u0131 ve g\u00fcvenli bir oturum anahtar\u0131 olu\u015fturmalar\u0131n\u0131 sa\u011flar. \u0130\u015fte bu s\u00fcre\u00e7 MitM sald\u0131r\u0131lar\u0131n\u0131 en ba\u015f\u0131ndan itibaren bo\u015fa \u00e7\u0131kar\u0131r.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Istemci-Merhaba-Client-Hello\"><\/span>\u0130stemci Merhaba (Client Hello)<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>G\u00fcvenli bir web sitesine ba\u011flanmaya \u00e7al\u0131\u015ft\u0131\u011f\u0131n\u0131zda s\u00fcre\u00e7 ba\u015flar. Taray\u0131c\u0131n\u0131z, sunucuya bir &#8220;Client Hello&#8221; mesaj\u0131 g\u00f6nderir. Bu mesaj \u015funlar\u0131 i\u00e7erir:<\/p>\n<ul>\n<li>Taray\u0131c\u0131n\u0131z\u0131n destekledi\u011fi SSL\/TLS versiyonlar\u0131.<\/li>\n<li>Taray\u0131c\u0131n\u0131z\u0131n destekledi\u011fi \u015fifreleme algoritmalar\u0131 (cipher suites).<\/li>\n<li>&#8220;Client Random&#8221; ad\u0131 verilen, rastgele \u00fcretilmi\u015f bir karakter dizisi.<\/li>\n<\/ul>\n<h3><span class=\"ez-toc-section\" id=\"Sunucu-Merhaba-Server-Hello-ve-Sertifika-Gonderimi\"><\/span>Sunucu Merhaba (Server Hello) ve Sertifika G\u00f6nderimi<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Sunucu, &#8220;Client Hello&#8221; mesaj\u0131n\u0131 ald\u0131\u011f\u0131nda \u015fu ad\u0131mlarla yan\u0131t verir:<\/p>\n<ul>\n<li>\u0130stemcinin listesinden se\u00e7ti\u011fi bir SSL\/TLS versiyonu ve \u015fifreleme algoritmas\u0131n\u0131 i\u00e7eren bir &#8220;Server Hello&#8221; mesaj\u0131 g\u00f6nderir.<\/li>\n<li>&#8220;Server Random&#8221; ad\u0131 verilen, kendi \u00fcretti\u011fi rastgele bir karakter dizisi g\u00f6nderir.<\/li>\n<li>Kimli\u011fini do\u011frulamak i\u00e7in SSL sertifikas\u0131n\u0131 istemciye g\u00f6nderir.<\/li>\n<\/ul>\n<h3><span class=\"ez-toc-section\" id=\"Sertifikanin-Istemci-Tarafindan-Dogrulanmasi\"><\/span>Sertifikan\u0131n \u0130stemci Taraf\u0131ndan Do\u011frulanmas\u0131<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Bu ad\u0131m, MitM sald\u0131r\u0131lar\u0131na kar\u015f\u0131 en \u00f6nemli savunma hatlar\u0131ndan biridir. Taray\u0131c\u0131n\u0131z, sunucudan gelen SSL sertifikas\u0131n\u0131 al\u0131r ve bir dizi kontrol ger\u00e7ekle\u015ftirir:<\/p>\n<ul>\n<li>Sertifikan\u0131n, ba\u011fland\u0131\u011f\u0131 alan ad\u0131yla e\u015fle\u015fip e\u015fle\u015fmedi\u011fini kontrol eder.<\/li>\n<li>Sertifikan\u0131n son kullanma tarihinin ge\u00e7ip ge\u00e7medi\u011fini kontrol eder.<\/li>\n<li>Sertifikay\u0131 imzalayan Sertifika Otoritesi&#8217;nin (CA) taray\u0131c\u0131n\u0131n g\u00fcvenilen k\u00f6k sertifikalar listesinde olup olmad\u0131\u011f\u0131n\u0131 do\u011frular. E\u011fer de\u011filse veya sertifika sahteyse (kendi kendine imzalanm\u0131\u015f ve g\u00fcvenilir olmayan), taray\u0131c\u0131 b\u00fcy\u00fck bir g\u00fcvenlik uyar\u0131s\u0131 g\u00f6sterir.<\/li>\n<\/ul>\n<h3><span class=\"ez-toc-section\" id=\"Anahtar-Degisimi-ve-Guvenli-Kanalin-Olusturulmasi\"><\/span>Anahtar De\u011fi\u015fimi ve G\u00fcvenli Kanal\u0131n Olu\u015fturulmas\u0131<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Sertifika do\u011fruland\u0131ktan sonra, g\u00fcvenli oturum anahtar\u0131n\u0131n olu\u015fturulma zaman\u0131 gelmi\u015ftir.<\/p>\n<ul>\n<li>Taray\u0131c\u0131, &#8220;pre-master secret&#8221; ad\u0131 verilen bir ba\u015fka rastgele karakter dizisi olu\u015fturur.<\/li>\n<li>Bu &#8220;pre-master secret&#8221;\u0131, sunucudan ald\u0131\u011f\u0131 genel anahtar (public key) ile \u015fifreler ve sunucuya g\u00f6nderir.<\/li>\n<li>Sunucu, bu mesaj\u0131 kendi \u00f6zel anahtar\u0131 (private key) ile \u00e7\u00f6zer ve &#8220;pre-master secret&#8221;\u0131 elde eder.<\/li>\n<\/ul>\n<p>Art\u0131k hem istemci hem de sunucu, &#8220;Client Random&#8221;, &#8220;Server Random&#8221; ve &#8220;pre-master secret&#8221; olmak \u00fczere \u00fc\u00e7 ayn\u0131 bilgiye sahiptir. Bu \u00fc\u00e7 bilgiyi kullanarak her iki taraf da birbirinden ba\u011f\u0131ms\u0131z olarak ayn\u0131 oturum anahtar\u0131n\u0131 (session key) hesaplar.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"SSL-Handshakein-MitM-Saldirilarini-Nasil-Basarisiz-Kildigi\"><\/span>SSL Handshake&#8217;in MitM Sald\u0131r\u0131lar\u0131n\u0131 Nas\u0131l Ba\u015far\u0131s\u0131z K\u0131ld\u0131\u011f\u0131<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>\u015eimdi bir sald\u0131rgan\u0131n bu s\u00fcrece m\u00fcdahale etmeye \u00e7al\u0131\u015ft\u0131\u011f\u0131n\u0131 d\u00fc\u015f\u00fcnelim. Sald\u0131rgan, istemci ile sunucu aras\u0131na girer.<\/p>\n<ul>\n<li><strong>Sertifika Do\u011frulamas\u0131n\u0131 Ge\u00e7emez:<\/strong> Sald\u0131rgan, istemciye kendi sahte sertifikas\u0131n\u0131 sunmak zorundad\u0131r. Ancak bu sertifika, taray\u0131c\u0131n\u0131n g\u00fcvendi\u011fi bir CA taraf\u0131ndan imzalanmad\u0131\u011f\u0131 i\u00e7in, taray\u0131c\u0131 sertifika do\u011frulama ad\u0131m\u0131nda ba\u015far\u0131s\u0131z olur ve kullan\u0131c\u0131y\u0131 uyar\u0131r. Kullan\u0131c\u0131 bu uyar\u0131y\u0131 dikkate al\u0131rsa sald\u0131r\u0131 ba\u015far\u0131s\u0131z olur.<\/li>\n<li><strong>Oturum Anahtar\u0131n\u0131 Ele Ge\u00e7iremez:<\/strong> Sald\u0131rgan, anahtar de\u011fi\u015fimi s\u00fcrecini izlese bile, istemcinin sunucunun genel anahtar\u0131yla \u015fifreledi\u011fi &#8220;pre-master secret&#8221;\u0131 \u00e7\u00f6zemez. \u00c7\u00fcnk\u00fc bu \u015fifreyi \u00e7\u00f6zmek i\u00e7in gereken \u00f6zel anahtar sadece ger\u00e7ek sunucuda bulunur. \u00d6zel anahtar olmadan sald\u0131rgan, oturum anahtar\u0131n\u0131 hesaplayamaz. Dolay\u0131s\u0131yla, el s\u0131k\u0131\u015fma tamamland\u0131ktan sonra ba\u015flayan \u015fifreli veri ak\u0131\u015f\u0131n\u0131 okuyamaz.<\/li>\n<\/ul>\n<p>Bu nedenlerle SSL Handshake s\u00fcreci, MitM sald\u0131rgan\u0131n\u0131n hem kimlik sahtekarl\u0131\u011f\u0131 yapmas\u0131n\u0131 hem de ileti\u015fimi gizlice dinlemesini en ba\u015f\u0131ndan engelleyen sa\u011flam bir temel olu\u015fturur.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"SSL-Sertifikalari-ve-Guven-Duzeyleri\"><\/span>SSL Sertifikalar\u0131 ve G\u00fcven D\u00fczeyleri<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>T\u00fcm SSL sertifikalar\u0131 ayn\u0131 d\u00fczeyde kimlik do\u011frulamas\u0131 sa\u011flamaz. Bir web sitesinin ihtiyac\u0131na ve b\u00fct\u00e7esine g\u00f6re se\u00e7ebilece\u011fi farkl\u0131 sertifika t\u00fcrleri vard\u0131r. Bu sertifikalar, \u015fifreleme g\u00fcc\u00fc a\u00e7\u0131s\u0131ndan ayn\u0131 standard\u0131 sunarken, bir site sahibinin kimli\u011fini do\u011frulamak i\u00e7in gereken s\u00fcre\u00e7 a\u00e7\u0131s\u0131ndan farkl\u0131l\u0131k g\u00f6sterir. Do\u011fru sertifika t\u00fcr\u00fcn\u00fc se\u00e7mek, kullan\u0131c\u0131lara verilen g\u00fcven sinyali a\u00e7\u0131s\u0131ndan \u00f6nemlidir.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Alan-Adi-Dogrulamali-DV-SSL\"><\/span>Alan Ad\u0131 Do\u011frulamal\u0131 (DV) SSL<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>En temel ve yayg\u0131n SSL sertifikas\u0131 t\u00fcr\u00fcd\u00fcr. Sertifika Otoritesi (CA), bu sertifikay\u0131 verirken sadece ba\u015fvuru sahibinin sertifikada belirtilen alan ad\u0131n\u0131 kontrol etme yetkisine sahip oldu\u011funu do\u011frular. Bu genellikle alan ad\u0131n\u0131n DNS kay\u0131tlar\u0131na \u00f6zel bir kay\u0131t eklenmesi veya belirli bir e-posta adresine g\u00f6nderilen do\u011frulama linkine t\u0131klanmas\u0131yla yap\u0131l\u0131r. Kurulumu h\u0131zl\u0131 ve maliyeti d\u00fc\u015f\u00fckt\u00fcr. Bireysel bloglar, portfolyo siteleri gibi d\u00fc\u015f\u00fck riskli web siteleri i\u00e7in uygundur. Taray\u0131c\u0131da kilit simgesi g\u00f6sterir.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Kurulus-Dogrulamali-OV-SSL\"><\/span>Kurulu\u015f Do\u011frulamal\u0131 (OV) SSL<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Bu sertifika t\u00fcr\u00fc, alan ad\u0131 do\u011frulamas\u0131n\u0131n yan\u0131 s\u0131ra, ba\u015fvuru yapan \u015firketin veya kurulu\u015fun ticari kimli\u011fini de do\u011frular. CA, \u015firketin yasal varl\u0131\u011f\u0131n\u0131, adresini ve telefon numaras\u0131n\u0131 \u00e7e\u015fitli resmi kay\u0131tlar \u00fczerinden kontrol eder. Bu s\u00fcre\u00e7 birka\u00e7 g\u00fcn s\u00fcrebilir. Kullan\u0131c\u0131lar, sertifika detaylar\u0131na t\u0131klad\u0131klar\u0131nda site sahibinin do\u011frulanm\u0131\u015f \u015firket bilgilerini g\u00f6rebilirler. E-ticaret siteleri ve kurumsal web siteleri gibi kullan\u0131c\u0131 g\u00fcveninin \u00f6nemli oldu\u011fu platformlar i\u00e7in tavsiye edilir.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Genisletilmis-Dogrulamali-EV-SSL\"><\/span>Geni\u015fletilmi\u015f Do\u011frulamal\u0131 (EV) SSL<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>En y\u00fcksek d\u00fczeyde g\u00fcven ve en kat\u0131 do\u011frulama s\u00fcrecini gerektiren sertifika t\u00fcr\u00fcd\u00fcr. CA, OV sertifikas\u0131ndaki t\u00fcm do\u011frulamalara ek olarak, \u015firketin yasal, fiziksel ve operasyonel varl\u0131\u011f\u0131n\u0131 \u00e7ok daha detayl\u0131 bir \u015fekilde ara\u015ft\u0131r\u0131r. Bu s\u00fcre\u00e7 haftalar s\u00fcrebilir. Ba\u015far\u0131yla tamamland\u0131\u011f\u0131nda, modern taray\u0131c\u0131lar\u0131n adres \u00e7ubu\u011funda site sahibinin do\u011frulanm\u0131\u015f \u015firket ad\u0131 belirgin bir \u015fekilde ye\u015fil olarak g\u00f6r\u00fcn\u00fcr (bu g\u00f6rsel \u00f6zellik taray\u0131c\u0131lara g\u00f6re de\u011fi\u015febilir). Bankalar, b\u00fcy\u00fck e-ticaret platformlar\u0131 ve finansal kurulu\u015flar gibi en \u00fcst d\u00fczeyde g\u00fcven gerektiren kurumlar taraf\u0131ndan tercih edilir.<\/p>\n<div class=\"karsilastirma\">\n<table>\n<thead>\n<tr>\n<th>\u00d6zellik<\/th>\n<th>Alan Ad\u0131 Do\u011frulamal\u0131 (DV)<\/th>\n<th>Kurulu\u015f Do\u011frulamal\u0131 (OV)<\/th>\n<th>Geni\u015fletilmi\u015f Do\u011frulamal\u0131 (EV)<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td><strong>Do\u011frulama D\u00fczeyi<\/strong><\/td>\n<td>Sadece Alan Ad\u0131<\/td>\n<td>Alan Ad\u0131 + Temel Kurulu\u015f Bilgileri<\/td>\n<td>Alan Ad\u0131 + Kapsaml\u0131 Kurulu\u015f Bilgileri<\/td>\n<\/tr>\n<tr>\n<td><strong>Do\u011frulama S\u00fcresi<\/strong><\/td>\n<td>Dakikalar<\/td>\n<td>1-3 \u0130\u015f G\u00fcn\u00fc<\/td>\n<td>1-5+ \u0130\u015f G\u00fcn\u00fc<\/td>\n<\/tr>\n<tr>\n<td><strong>G\u00f6rsel G\u00fcven Sinyali<\/strong><\/td>\n<td>Kilit Simgesi<\/td>\n<td>Kilit Simgesi + Sertifika Detaylar\u0131nda \u015eirket Ad\u0131<\/td>\n<td>Kilit Simgesi + Adres \u00c7ubu\u011funda \u015eirket Ad\u0131<\/td>\n<\/tr>\n<tr>\n<td><strong>Uygun Oldu\u011fu Siteler<\/strong><\/td>\n<td>Bloglar, Ki\u015fisel Siteler<\/td>\n<td>E-ticaret, Kurumsal Siteler<\/td>\n<td>Bankalar, Finans Kurulu\u015flar\u0131, B\u00fcy\u00fck E-ticaret<\/td>\n<\/tr>\n<tr>\n<td><strong>Maliyet<\/strong><\/td>\n<td>D\u00fc\u015f\u00fck<\/td>\n<td>Orta<\/td>\n<td>Y\u00fcksek<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<h3><span class=\"ez-toc-section\" id=\"Dogru-Sertifika-Turunu-Secmenin-Onemi\"><\/span>Do\u011fru Sertifika T\u00fcr\u00fcn\u00fc Se\u00e7menin \u00d6nemi<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Do\u011fru sertifika t\u00fcr\u00fcn\u00fc se\u00e7mek, web sitenizin hedef kitlesine ve ger\u00e7ekle\u015ftirdi\u011fi i\u015flemlere ba\u011fl\u0131d\u0131r. E\u011fer siteniz sadece bilgi payla\u015f\u0131yor ve kullan\u0131c\u0131dan hassas veri toplam\u0131yorsa, DV SSL yeterli olabilir. Ancak, kullan\u0131c\u0131lar\u0131n ki\u015fisel bilgilerini girdi\u011fi, \u00f6deme yapt\u0131\u011f\u0131 veya \u00fcye oldu\u011fu bir platform y\u00f6netiyorsan\u0131z, OV veya EV SSL sertifikalar\u0131 kullanarak kullan\u0131c\u0131lar\u0131n\u0131za daha g\u00fc\u00e7l\u00fc bir g\u00fcven mesaj\u0131 vermek ve marka itibar\u0131n\u0131z\u0131 art\u0131rmak kritik \u00f6neme sahiptir.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"SSLTLS-Uygulamasindaki-Zayifliklar-ve-Ek-Guvenlik-Onlemleri\"><\/span>SSL\/TLS Uygulamas\u0131ndaki Zay\u0131fl\u0131klar ve Ek G\u00fcvenlik \u00d6nlemleri<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>SSL\/TLS protokol\u00fc, Man-in-the-Middle sald\u0131r\u0131lar\u0131na kar\u015f\u0131 g\u00fc\u00e7l\u00fc bir savunma sa\u011flasa da, sihirli bir de\u011fnek de\u011fildir. Yanl\u0131\u015f yap\u0131land\u0131rmalar, g\u00fcncel olmayan uygulamalar ve belirli sald\u0131r\u0131 t\u00fcrleri, bu koruma kalkan\u0131nda gedikler a\u00e7abilir. Bu nedenle, sadece bir SSL sertifikas\u0131 kurmak yeterli de\u011fildir; ayn\u0131 zamanda bu teknolojiyi do\u011fru bir \u015fekilde uygulamak ve ek g\u00fcvenlik \u00f6nlemleriyle desteklemek de zorunludur.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Suresi-Dolmus-veya-Yanlis-Yapilandirilmis-Sertifikalar\"><\/span>S\u00fcresi Dolmu\u015f veya Yanl\u0131\u015f Yap\u0131land\u0131r\u0131lm\u0131\u015f Sertifikalar<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>En s\u0131k kar\u015f\u0131la\u015f\u0131lan zay\u0131fl\u0131klardan biri, s\u00fcresi dolmu\u015f SSL sertifikalar\u0131d\u0131r. Bir sertifikan\u0131n s\u00fcresi doldu\u011funda, taray\u0131c\u0131lar art\u0131k ona g\u00fcvenmez ve kullan\u0131c\u0131lar\u0131n kar\u015f\u0131s\u0131na b\u00fcy\u00fck g\u00fcvenlik uyar\u0131lar\u0131 \u00e7\u0131kar\u0131r. Bu durum, kullan\u0131c\u0131 g\u00fcvenini zedeledi\u011fi gibi, onlar\u0131 potansiyel sald\u0131r\u0131lara kar\u015f\u0131 da savunmas\u0131z b\u0131rakabilir. Benzer \u015fekilde, sertifikan\u0131n t\u00fcm alt alan adlar\u0131n\u0131 (subdomain) kapsamamas\u0131 veya yanl\u0131\u015f <a href=\"https:\/\/www.ihs.com.tr\/sunucu-kiralama\/\" target=\"_blank\">sunucu<\/a> \u00fczerinde kurulmas\u0131 gibi yap\u0131land\u0131rma hatalar\u0131 da g\u00fcvenlik a\u00e7\u0131klar\u0131 olu\u015fturur.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Zayif-Sifreleme-Algoritmalari\"><\/span>Zay\u0131f \u015eifreleme Algoritmalar\u0131<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>SSL\/TLS, \u00e7e\u015fitli \u015fifreleme algoritmalar\u0131n\u0131 (cipher suites) destekler. Ancak zamanla, bu algoritmalardan baz\u0131lar\u0131 (\u00f6rne\u011fin, RC4, MD5, eski SSL versiyonlar\u0131) kriptografik olarak zay\u0131f kabul edilmi\u015f ve k\u0131r\u0131labilir hale gelmi\u015ftir. Bir sunucu hala bu eski ve g\u00fcvensiz algoritmalar\u0131 destekleyecek \u015fekilde yap\u0131land\u0131r\u0131lm\u0131\u015fsa, sald\u0131rganlar &#8220;d\u00fc\u015f\u00fcrme sald\u0131r\u0131s\u0131&#8221; (downgrade attack) yaparak ba\u011flant\u0131y\u0131 bu zay\u0131f \u015fifrelemeyi kullanmaya zorlayabilir ve trafi\u011fi \u00e7\u00f6zebilir. Bu nedenle sunucu yap\u0131land\u0131rmas\u0131nda sadece g\u00fc\u00e7l\u00fc ve g\u00fcncel algoritmalar\u0131n etkinle\u015ftirilmesi hayati \u00f6nem ta\u015f\u0131r.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"SSL-Stripping-Saldirilari-ve-HSTS-HTTP-Strict-Transport-Security-ile-Korunma\"><\/span>SSL Stripping Sald\u0131r\u0131lar\u0131 ve HSTS (HTTP Strict Transport Security) ile Korunma<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>En sinsi sald\u0131r\u0131lardan biri SSL Stripping&#8217;dir. Bu sald\u0131r\u0131da, kullan\u0131c\u0131 bir siteye &#8220;http:\/\/&#8221; \u00fczerinden (g\u00fcvensiz) ba\u011fland\u0131\u011f\u0131nda, sald\u0131rgan araya girer. Kullan\u0131c\u0131 ile sunucu aras\u0131ndaki HTTPS ba\u011flant\u0131s\u0131n\u0131 kendi \u00fczerine al\u0131r, ancak kullan\u0131c\u0131ya sitenin g\u00fcvensiz HTTP versiyonunu sunmaya devam eder. Kullan\u0131c\u0131, adres \u00e7ubu\u011funda kilit simgesi g\u00f6rmedi\u011fi i\u00e7in durumdan \u015f\u00fcphelenmez ve t\u00fcm verilerini \u015fifresiz olarak sald\u0131rgana g\u00f6nderir. Sald\u0131rgan ise bu verileri ald\u0131ktan sonra g\u00fcvenli kanaldan sunucuya iletir.<\/p>\n<p>Bu sald\u0131r\u0131ya kar\u015f\u0131 en etkili \u00e7\u00f6z\u00fcm <b>HSTS (HTTP Strict Transport Security)<\/b>&#8216;dir. HSTS, bir web sunucusunun taray\u0131c\u0131lara &#8220;bana sadece ve sadece HTTPS \u00fczerinden ba\u011flan&#8221; demesini sa\u011flayan bir g\u00fcvenlik politikas\u0131 mekanizmas\u0131d\u0131r. Bir taray\u0131c\u0131, HSTS politikas\u0131na sahip bir siteyi ilk kez ziyaret etti\u011finde, bu politikay\u0131 kaydeder. Belirlenen s\u00fcre boyunca (\u00f6rne\u011fin bir y\u0131l), taray\u0131c\u0131 o siteye yap\u0131lacak t\u00fcm istekleri otomatik olarak HTTPS&#8217;e y\u00fckseltir, &#8220;http:\/\/&#8221; ile ba\u015flayan bir linke t\u0131klansa bile. Bu, SSL Stripping sald\u0131rgan\u0131n\u0131n araya girip ba\u011flant\u0131y\u0131 HTTP&#8217;ye d\u00fc\u015f\u00fcrme \u015fans\u0131n\u0131 ortadan kald\u0131r\u0131r.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Web-Guvenliginiz-ve-SSL-Sertifikasi-Icin-Neden-IHS-Telekomu-Tercih-Etmelisiniz\"><\/span>Web G\u00fcvenli\u011finiz ve SSL Sertifikas\u0131 \u0130\u00e7in Neden \u0130HS Telekom&#8217;u Tercih Etmelisiniz?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Web sitenizin g\u00fcvenli\u011fi, ziyaret\u00e7ilerinizin g\u00fcvenini kazanman\u0131n ve dijital varl\u0131\u011f\u0131n\u0131z\u0131 koruman\u0131n ilk ad\u0131m\u0131d\u0131r. Man-in-the-Middle sald\u0131r\u0131lar\u0131 gibi tehditlere kar\u015f\u0131 en etkili kalkan olan SSL\/TLS sertifikalar\u0131, bu g\u00fcvenli\u011fin temelini olu\u015fturur. \u0130HS Telekom, web g\u00fcvenli\u011finizi sa\u011flaman\u0131z i\u00e7in ihtiya\u00e7 duydu\u011funuz t\u00fcm ara\u00e7lar\u0131 ve uzmanl\u0131\u011f\u0131 bir araya getirir.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Ihtiyaclariniza-Uygun-Genis-Sertifika-Yelpazesi-DV-OV-EV-Wildcard\"><\/span>\u0130htiya\u00e7lar\u0131n\u0131za Uygun Geni\u015f Sertifika Yelpazesi (DV, OV, EV, Wildcard)<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Her web sitesinin g\u00fcvenlik ihtiyac\u0131 farkl\u0131d\u0131r. \u0130ster ki\u015fisel bir blog, ister <a href=\"https:\/\/www.ihs.com.tr\/web-hosting\/wordpress-hosting.html\" target=\"_blank\">wordpress hosting<\/a> \u00fczerinde \u00e7al\u0131\u015fan bir e-ticaret sitesi, isterse de b\u00fcy\u00fck bir kurumsal portal y\u00f6netiyor olun, \u0130HS Telekom&#8217;un geni\u015f sertifika yelpazesinde size uygun bir \u00e7\u00f6z\u00fcm mutlaka vard\u0131r. Alan Ad\u0131 Do\u011frulamal\u0131 (DV) sertifikalarla h\u0131zl\u0131 ve ekonomik bir ba\u015flang\u0131\u00e7 yapabilir, Kurulu\u015f Do\u011frulamal\u0131 (OV) ve Geni\u015fletilmi\u015f Do\u011frulamal\u0131 (EV) sertifikalarla marka itibar\u0131n\u0131z\u0131 ve kullan\u0131c\u0131 g\u00fcvenini en \u00fcst d\u00fczeye \u00e7\u0131karabilirsiniz. T\u00fcm alt alan adlar\u0131n\u0131z\u0131 tek bir sertifika ile korumak i\u00e7in Wildcard SSL se\u00e7eneklerimiz de mevcuttur.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Uzman-Teknik-Destek-ile-Kolay-Kurulum-ve-Yapilandirma\"><\/span>Uzman Teknik Destek ile Kolay Kurulum ve Yap\u0131land\u0131rma<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>SSL sertifikas\u0131 sat\u0131n almak ilk ad\u0131md\u0131r; do\u011fru bir \u015fekilde kurulmas\u0131 ve yap\u0131land\u0131r\u0131lmas\u0131 ise kritik \u00f6neme sahiptir. \u0130HS Telekom&#8217;un deneyimli teknik destek ekibi, sertifika olu\u015fturma, do\u011frulama, sunucunuza kurulum ve olas\u0131 sorunlar\u0131n giderilmesi gibi t\u00fcm s\u00fcre\u00e7lerde size yol g\u00f6sterir. Teknik detaylarla u\u011fra\u015fmak yerine, i\u015finize odaklanman\u0131z\u0131 sa\u011flar\u0131z. Bir <a href=\"https:\/\/www.ihs.com.tr\/sunucu-kiralama\/vps-server.html\" target=\"_blank\">VPS<\/a> sunucunuz olsa bile, kurulum konusunda destek alabilirsiniz.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Rekabetci-Fiyatlar-ve-Guvenilir-Altyapi\"><\/span>Rekabet\u00e7i Fiyatlar ve G\u00fcvenilir Altyap\u0131<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>G\u00fcvenlik, bir l\u00fcks de\u011fil, bir gerekliliktir. \u0130HS Telekom, d\u00fcnyan\u0131n \u00f6nde gelen Sertifika Otoriteleri taraf\u0131ndan sa\u011flanan g\u00fcvenilir SSL sertifikalar\u0131n\u0131 rekabet\u00e7i fiyatlarla sunar. G\u00fcvenli ve kesintisiz hizmet sa\u011flayan altyap\u0131m\u0131z sayesinde, web sitenizin her zaman koruma alt\u0131nda oldu\u011fundan emin olabilirsiniz. \u0130ster payla\u015f\u0131ml\u0131 bir <a href=\"https:\/\/www.ihs.com.tr\/web-hosting\/cpanel-hosting.html\" target=\"_blank\">cpanel hosting<\/a> paketi, ister g\u00fc\u00e7l\u00fc bir <a href=\"https:\/\/www.ihs.com.tr\/sunucu-kiralama\/vds-sunucu.html\" target=\"_blank\">VDS<\/a> kullan\u0131yor olun, altyap\u0131m\u0131z t\u00fcm ihtiya\u00e7lar\u0131n\u0131z\u0131 kar\u015f\u0131lar.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Otomatik-Yenileme-ve-Sertifika-Yonetim-Kolayligi\"><\/span>Otomatik Yenileme ve Sertifika Y\u00f6netim Kolayl\u0131\u011f\u0131<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>S\u00fcresi dolmu\u015f bir SSL sertifikas\u0131, sitenizin g\u00fcvenli\u011fini riske atar ve ziyaret\u00e7iler nezdinde itibar kayb\u0131na neden olur. \u0130HS Telekom&#8217;un kullan\u0131c\u0131 dostu m\u00fc\u015fteri paneli \u00fczerinden t\u00fcm sertifikalar\u0131n\u0131z\u0131 kolayca y\u00f6netebilir, yenileme zaman\u0131 geldi\u011finde otomatik yenileme \u00f6zellikleri sayesinde hizmet kesintisi ya\u015famazs\u0131n\u0131z. Sertifikalar\u0131n\u0131z\u0131n durumunu takip etmek ve zaman\u0131nda yenilemek hi\u00e7 bu kadar kolay olmam\u0131\u015ft\u0131. <a href=\"https:\/\/www.ihs.com.tr\/kurumsal\/iletisim.html\" target=\"_blank\">\u0130leti\u015fim<\/a> kanallar\u0131m\u0131z \u00fczerinden bize ula\u015farak projenize en uygun SSL \u00e7\u00f6z\u00fcm\u00fcn\u00fc birlikte belirleyebiliriz.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u0130nternet \u00fczerinde ger\u00e7ekle\u015ftirdi\u011fimiz her i\u015flem, bir istemci (taray\u0131c\u0131n\u0131z) ile bir sunucu (web sitesi) aras\u0131nda veri al\u0131\u015fveri\u015fini i\u00e7erir. Bu ileti\u015fim hatt\u0131, siber sald\u0131rganlar&hellip;<\/p>\n","protected":false},"author":3,"featured_media":15487,"comment_status":"open","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[400],"tags":[],"class_list":["post-15486","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-ssl-sertifikasi"],"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/posts\/15486","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/comments?post=15486"}],"version-history":[{"count":1,"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/posts\/15486\/revisions"}],"predecessor-version":[{"id":15488,"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/posts\/15486\/revisions\/15488"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/media\/15487"}],"wp:attachment":[{"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/media?parent=15486"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/categories?post=15486"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/tags?post=15486"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}