If you've come to our GlobalSign website or been approached by any of us, you've probably seen the term SSL. We've started a four part series where we blog about SSL Security and what it means for you. Stay tuned each week as we break down SSL into bite-sized bits.
This week, we'll start off with some SSL introductions.
What is SSL?
This week, we'll start off with some SSL introductions.
What is SSL?
The Secure Sockets Layer (SSL) (and Transport Layer
Security (TLS)) is the most widely deployed security protocol used
today. It is essentially a protocol that provides a secure channel
between two machines operating over the Internet or an internal
network. In today’s Internet focused world, we typically see SSL in
use when a web browser needs to securely connect to a web server over
the insecure Internet.
Technically SSL is a transparent protocol, which requires little interaction from the end user when establishing a secure session. For example, in the case of a browser, users are alerted to the presence of SSL when the browser displays a padlock, or in the case of Extended Validation SSL the address bar displays both a padlock and a green bar. This is the key to the success of SSL – it is incredibly simple experience for end users.
Technically SSL is a transparent protocol, which requires little interaction from the end user when establishing a secure session. For example, in the case of a browser, users are alerted to the presence of SSL when the browser displays a padlock, or in the case of Extended Validation SSL the address bar displays both a padlock and a green bar. This is the key to the success of SSL – it is incredibly simple experience for end users.
Extended Validation (EV) SSL Certificates (such as GlobalSign ExtendedSSL):
Standard SSL Certificates (such as GlobalSign DomainSSL and OrganizationSSL):
As opposed to HTTP URLs which begin with "http://" and use port 80 by default, HTTPS URLs begin with "https://" and use port 443 by default.
HTTP is insecure and is subject to eavesdropping attacks which, if critical information like credit card details and account logins is transmitted and picked up, can let attackers gain access to online accounts and sensitive information. Ensuring data is either sent or posted through the browser using HTTPS, such information is encrypted and is secure.
SSL in Practice
SSL can be used in the following workflows and services:
- To secure online credit card
transactions, In 2006 alone there were 210 million users online spending
over $130 billion through their PCs / laptops / PDAs and mobile
phones. SSL *should* have been used to secure each and every one
of these transactions!
- To secure online system logins, sensitive information transmitted via web forms, or protected areas of websites.
- To secure webmail and applications like Outlook Web Access, Exchange and Office Communications Server.
- To secure
workflow and virtualization applications like Citrix Delivery
Platforms or cloud based computing platforms.
- To secure the
connection between an email client such as Microsoft Outlook and
an email server such as Microsoft Exchange
- To secure the
transfer of files over https and FTP(s) services such as website
owners updating new pages to their websites or transferring large
files.
- To secure hosting control panels logins and activity like Parallels, cPanel and others.
- To secure intranet based traffic such as internal networks, file sharing, extranets and database connections.
- To secure network logins and other network traffic with SSL VPNs such as VPN Access Servers or applications like the Citrix Access Gateway.
- The data being transmitted over the
Internet or network needs confidentiality, in other words, people
do not want their credit card number, account login, passwords or
personal information to be exposed over the Internet.
- The data needs to
remain integral, which means that once credit card details and the
amount to be charged to the credit card have been sent, a hacker
sitting in the middle cannot change the amount to be charged and
where the funds should go.
- Your organisation
needs to assure your customers / extranet users that you are who
you really say you are and not someone masquerading as you.
- Your organisation needs to comply to regional, national or International regulations on data privacy, security and integrity.
Visit us at our website, globalsign.com.sg for more information.
Wow. I am so excited to know all this detail about SSL certification. I will definitely catch the rest part that you will be sharing in the upcoming weeks. Great Job !
ReplyDeleteelectronic signature