Everywhere you turn nowadays, it seems that there is someone looking to benefit at the expense of someone else. Cons, cheats, and thieves seem to be a dime a dozen in today’s day and age, and as technology advances, as do the skills of criminal. The Internet is no safe haven from such activities. There are many unsavory people out there trying to benefit from many Internet crimes, ranging to identity theft to credit card fraud.
What makes this very perplexing is that many websites require their visitors to supply some sorts of personal information about themselves. Depending on the website, you may be required to enter your name, address, date of birth, credit card information, and much more information that you would very much like to keep out of the hands of the Internet criminal.
As the owner of a website, the onus is on you to secure your web visitor’s information. If your service requires personal information of some kind, then you will need to take measures to ensure that your customer’s information is safe. But how do you do this? After all, your visitors are running a web browser on their local machines and their information is traveling across the open Internet to your website. What can you do?
The answer is to use some form of encryption between the web browser and your website. You can do this using SSL or TSL.
The Secure Sockets Layer (SSL) is a commonly used protocol for managing the security of a message transmission on the Internet. SSL uses a program layer located between the Internet's Hypertext Transfer Protocol (HTTP) and Transport Control Protocol (TCP) layers. In layman’s terms, the data is encrypted in a user’s web browser, using an encryption key that belongs to the website. The data is transferred from the web browser to the website in this encrypted format, where it is unencrypted by the web server software to be used by the website. This ensures that a user’s personal information is not being transferred in readable format for anyone to capture and read as it crosses the Internet.
Transport Layer Security (TLS) is a protocol that ensures privacy between communicating applications and their users on the Internet. When a server and client communicate, TLS ensures that no third party may eavesdrop or tamper with any message. TLS allows the server and client to authenticate each other and to negotiate an encryption algorithm and cryptographic keys before data is exchanged. TLS is the successor to the Secure Sockets Layer (SSL), and is based on that technology. In this way, one can say that SSL has evolved into the TLS protocol.
So, now you know what methods are available to secure your communications, but what do you need to do to integrate it into your website?
For starters, find out what security options are available from your web hosting provider. If you host your own website, you will need to check your web server software to find out what kind of encryption it will support. Next, you need to get a certificate for your website. A certificate is required for security authentication between the web browser and your web server. Once you have installed your certificate on your web server, you will need to modify the pages of your website that you wish to secure to be called with the “https” protocol instead of the “http” protocol. For example, if you have a web page called “contactinfo.html” that asks for a series of personal information and then calls a page called “submitinfo.asp” to save it to your database, the link would be https://www.yoursite.com/submitinfo.asp. By specifying the “https” protocol at the beginning, you’ve told your web browser to utilize a secured layer to communicate with the web server. Here is a brief list of the steps that occur for SSL and TSL:
| • | A URL is entered, such as https://www.yoursite.com in the web browser’s window. The https indicates that a secure session should be used. |
| • | The server responds by sending the site’s certificate to the browser. |
| • | The browser validated the certificate is valid. |
| • | The browser then creates a session key, which is encrypted with the server's public key, and sends it to the server. |
| • | The browser and the server now communicate using the encryption that they have just agreed on. |
Now that you know how it works, the next step is getting started. The premier issuer of digital certificates worldwide is Verisign (http://www.verisign.com). On their webpage can be found more in depth information in regards to how SSL can help your business and exactly what it takes to get started. For smaller websites, there is the possibility of shared certificates, where more than one website share one certificate. This is not as secure, but it does cut down on the costs. The website WhichSSL (http://www.whichssl.com) is an excellent resource for comparing different encryption options and providers to find the one that best suits your needs.
SSL and TSL encryption are a necessary tool for making your website secure for your visitors. By utilizing the information contained in this article, you should now be armed with the proper information to make an informative decision on what solution may be right for you and your visitors.
| DISCLAIMER: The content provided in this article is not warranted or guaranteed by Developer Shed, Inc. The content provided is intended for entertainment and/or educational purposes in order to introduce to the reader key ideas, concepts, and/or product reviews. As such it is incumbent upon the reader to employ real-world tactics for security and implementation of best practices. We are not liable for any negative consequences that may result from implementing any information covered in our articles or tutorials. If this is a hardware review, it is not recommended to open and/or modify your hardware. |
More Web Hosting How-Tos Articles
More By Rich Smith
 developerWorks - FREE Tools!
|
Join this Rational Talks to You teleconference, featuring Paul Boustany and Mark Krasovich, to speak to the experts about becoming a Rational ClearCase power user. Get a chance to ask your questions and learn tips and tricks for using Rational ClearCase in Agile development
FREE! Go There Now!
|
|
|
|
Learn how you can extend modern application lifecycle management to IBM System z through the IBM Rational Software Delivery Platform (SDP). The Did you say mainframe? e-kit includes podcasts, webcasts, tutorials, white and red papers, demos, and articles designed to help ease the challenges of modernizing your enterprise. This complimentary kit for mainframe developers is a practical, how-to guide for making the most of an existing development environment, including the skills and infrastructure already in place at an established enterprise.
FREE! Go There Now!
|
|
|
|
Visit IBM developerWorks to download a free trial version of WebSphere Business Modeler Advanced V6.1.1, IBM’s premier business process modeling and analysis tool for business users that offers process modeling, simulation, and analysis capabilities. IBM WebSphere Business Modeler helps you visualize, understand, and document business processes for continuous improvement.
FREE! Go There Now!
|
|
|
|
Visit IBM developerWorks to download a free trial version of IBM Rational Business Developer V7.1. Rational Business Developer offers rapid and simplified development of business applications and services through Enterprise Generation Language (EGL) tools, generating Java or mainframe solutions while shielding developers from technical complexities.
FREE! Go There Now!
|
|
|
|
Manage, govern, and share services across your organization by using WebSphere Service Registry and Repository. Follow the hands-on exercises to learn how to navigate the Web interface to publish, find, reuse, and update services.
FREE! Go There Now!
|
|
|
|
Learn how to do more with your reusable assets with the free Rational Asset Manager eKit. The eKit includes demos on how Rational Asset Manager tracks and audits your assets in order to utilize them for reuse. Plus you’ll find white papers and a Webcast that discuss the challenges of a Service Oriented Architecture and how Rational Asset Manager can provide quick and effective solutions.
FREE! Go There Now!
|
|
|
|
This whitepaper provides areas to consider when evaluating any software configuration management solution. It addresses how the IBM solutions (Rational ClearCase and Rational ClearQuest) meet the needs and requirements of both project leaders and developers to provide successful Software Change and Configuration Management.
FREE! Go There Now!
|
|
|
|
Get a free trial download of the latest version of IBM Rational Method Composer V7.2 which helps you deliver customized yet consistent process guidance to your project teams and IT organization, and includes the latest version of IBM Rational Unified Process (RUP), which has provided process guidance to teams since 1996.
FREE! Go There Now!
|
|
|
|
Join this Rational Talks to You teleconference, to hear how Enterprise Generation Language (EGL) eliminates the need for tedious and error-prone low level coding, so developers can focus on business requirements. EGL extends the Rational software development platform with a simplified programming language that enables developers who have little or no experience with Java, Web technologies or Service Oriented Architecture, to create enterprise-class applications and services quickly and easily. It also allows developers who may have little or no mainframe programming experience to quickly create traditional mainframe components.
FREE! Go There Now!
|
|
|
|
Join this webcast to learn how IBM Rational's Functional Testing solution enables you to implement automation your way, at your pace, with your existing staff. In this webcast, you’ll learn how you can eliminate redundancy of manual test scripts, reduce errors, and increase test coverage through test automation. After this presentation you will understand how IBM Rational Functional Testing solution can streamline your manual testing and make test automation easily attainable.
FREE! Go There Now!
|
|
|
|
All FREE IBM® developerWorks Tools!
|
/ 7 
