Everywhere you turn nowadays, it seems that there is someone looking to benefit at the expense of someone else. Cons, cheats, and thieves seem to be a dime a dozen in today’s day and age, and as technology advances, as do the skills of criminal. The Internet is no safe haven from such activities. There are many unsavory people out there trying to benefit from many Internet crimes, ranging to identity theft to credit card fraud.
What makes this very perplexing is that many websites require their visitors to supply some sorts of personal information about themselves. Depending on the website, you may be required to enter your name, address, date of birth, credit card information, and much more information that you would very much like to keep out of the hands of the Internet criminal.
As the owner of a website, the onus is on you to secure your web visitor’s information. If your service requires personal information of some kind, then you will need to take measures to ensure that your customer’s information is safe. But how do you do this? After all, your visitors are running a web browser on their local machines and their information is traveling across the open Internet to your website. What can you do?
The answer is to use some form of encryption between the web browser and your website. You can do this using SSL or TSL.
The Secure Sockets Layer (SSL) is a commonly used protocol for managing the security of a message transmission on the Internet. SSL uses a program layer located between the Internet's Hypertext Transfer Protocol (HTTP) and Transport Control Protocol (TCP) layers. In layman’s terms, the data is encrypted in a user’s web browser, using an encryption key that belongs to the website. The data is transferred from the web browser to the website in this encrypted format, where it is unencrypted by the web server software to be used by the website. This ensures that a user’s personal information is not being transferred in readable format for anyone to capture and read as it crosses the Internet.
Transport Layer Security (TLS) is a protocol that ensures privacy between communicating applications and their users on the Internet. When a server and client communicate, TLS ensures that no third party may eavesdrop or tamper with any message. TLS allows the server and client to authenticate each other and to negotiate an encryption algorithm and cryptographic keys before data is exchanged. TLS is the successor to the Secure Sockets Layer (SSL), and is based on that technology. In this way, one can say that SSL has evolved into the TLS protocol.
So, now you know what methods are available to secure your communications, but what do you need to do to integrate it into your website?
For starters, find out what security options are available from your web hosting provider. If you host your own website, you will need to check your web server software to find out what kind of encryption it will support. Next, you need to get a certificate for your website. A certificate is required for security authentication between the web browser and your web server. Once you have installed your certificate on your web server, you will need to modify the pages of your website that you wish to secure to be called with the “https” protocol instead of the “http” protocol. For example, if you have a web page called “contactinfo.html” that asks for a series of personal information and then calls a page called “submitinfo.asp” to save it to your database, the link would be https://www.yoursite.com/submitinfo.asp. By specifying the “https” protocol at the beginning, you’ve told your web browser to utilize a secured layer to communicate with the web server. Here is a brief list of the steps that occur for SSL and TSL:
|• ||A URL is entered, such as https://www.yoursite.com in the web browser’s window. The https indicates that a secure session should be used.|
|•||The server responds by sending the site’s certificate to the browser.|
|•||The browser validated the certificate is valid.|
|•||The browser then creates a session key, which is encrypted with the server's public key, and sends it to the server.|
|•||The browser and the server now communicate using the encryption that they have just agreed on.|
Now that you know how it works, the next step is getting started. The premier issuer of digital certificates worldwide is Verisign (http://www.verisign.com). On their webpage can be found more in depth information in regards to how SSL can help your business and exactly what it takes to get started. For smaller websites, there is the possibility of shared certificates, where more than one website share one certificate. This is not as secure, but it does cut down on the costs. The website WhichSSL (http://www.whichssl.com) is an excellent resource for comparing different encryption options and providers to find the one that best suits your needs.
SSL and TSL encryption are a necessary tool for making your website secure for your visitors. By utilizing the information contained in this article, you should now be armed with the proper information to make an informative decision on what solution may be right for you and your visitors.
| DISCLAIMER: The content provided in this article is not warranted or guaranteed by Developer Shed, Inc. The content provided is intended for entertainment and/or educational purposes in order to introduce to the reader key ideas, concepts, and/or product reviews. As such it is incumbent upon the reader to employ real-world tactics for security and implementation of best practices. We are not liable for any negative consequences that may result from implementing any information covered in our articles or tutorials. If this is a hardware review, it is not recommended to open and/or modify your hardware. |
More Web Hosting How-Tos Articles
More By Rich Smith