Everywhere you turn nowadays, it seems that there is someone looking to benefit at the expense of someone else. Cons, cheats, and thieves seem to be a dime a dozen in today’s day and age, and as technology advances, as do the skills of criminal. The Internet is no safe haven from such activities. There are many unsavory people out there trying to benefit from many Internet crimes, ranging to identity theft to credit card fraud.

What makes this very perplexing is that many websites require their visitors to supply some sorts of personal information about themselves. Depending on the website, you may be required to enter your name, address, date of birth, credit card information, and much more information that you would very much like to keep out of the hands of the Internet criminal.

As the owner of a website, the onus is on you to secure your web visitor’s information. If your service requires personal information of some kind, then you will need to take measures to ensure that your customer’s information is safe. But how do you do this? After all, your visitors are running a web browser on their local machines and their information is traveling across the open Internet to your website. What can you do?

The answer is to use some form of encryption between the web browser and your website. You can do this using SSL or TSL.

The Secure Sockets Layer (SSL) is a commonly used protocol for managing the security of a message transmission on the Internet. SSL uses a program layer located between the Internet's Hypertext Transfer Protocol (HTTP) and Transport Control Protocol (TCP) layers. In layman’s terms, the data is encrypted in a user’s web browser, using an encryption key that belongs to the website. The data is transferred from the web browser to the website in this encrypted format, where it is unencrypted by the web server software to be used by the website. This ensures that a user’s personal information is not being transferred in readable format for anyone to capture and read as it crosses the Internet.

Transport Layer Security (TLS) is a protocol that ensures privacy between communicating applications and their users on the Internet. When a server and client communicate, TLS ensures that no third party may eavesdrop or tamper with any message. TLS allows the server and client to authenticate each other and to negotiate an encryption algorithm and cryptographic keys before data is exchanged. TLS is the successor to the Secure Sockets Layer (SSL), and is based on that technology. In this way, one can say that SSL has evolved into the TLS protocol.

So, now you know what methods are available to secure your communications, but what do you need to do to integrate it into your website?

For starters, find out what security options are available from your web hosting provider. If you host your own website, you will need to check your web server software to find out what kind of encryption it will support. Next, you need to get a certificate for your website. A certificate is required for security authentication between the web browser and your web server. Once you have installed your certificate on your web server, you will need to modify the pages of your website that you wish to secure to be called with the “https” protocol instead of the “http” protocol. For example, if you have a web page called “contactinfo.html” that asks for a series of personal information and then calls a page called “submitinfo.asp” to save it to your database, the link would be https://www.yoursite.com/submitinfo.asp. By specifying the “https” protocol at the beginning, you’ve told your web browser to utilize a secured layer to communicate with the web server. Here is a brief list of the steps that occur for SSL and TSL:

•	A URL is entered, such as https://www.yoursite.com in the web browser’s window. The https indicates that a secure session should be used.
•	The server responds by sending the site’s certificate to the browser.
•	The browser validated the certificate is valid.
•	The browser then creates a session key, which is encrypted with the server's public key, and sends it to the server.
•	The browser and the server now communicate using the encryption that they have just agreed on.

Now that you know how it works, the next step is getting started. The premier issuer of digital certificates worldwide is Verisign (http://www.verisign.com). On their webpage can be found more in depth information in regards to how SSL can help your business and exactly what it takes to get started. For smaller websites, there is the possibility of shared certificates, where more than one website share one certificate. This is not as secure, but it does cut down on the costs. The website WhichSSL (http://www.whichssl.com) is an excellent resource for comparing different encryption options and providers to find the one that best suits your needs.

SSL and TSL encryption are a necessary tool for making your website secure for your visitors. By utilizing the information contained in this article, you should now be armed with the proper information to make an informative decision on what solution may be right for you and your visitors.

DISCLAIMER: The content provided in this article is not warranted or guaranteed by Developer Shed, Inc. The content provided is intended for entertainment and/or educational purposes in order to introduce to the reader key ideas, concepts, and/or product reviews. As such it is incumbent upon the reader to employ real-world tactics for security and implementation of best practices. We are not liable for any negative consequences that may result from implementing any information covered in our articles or tutorials. If this is a hardware review, it is not recommended to open and/or modify your hardware.

More Web Hosting How-Tos Articles
More By Rich Smith

 

developerWorks - FREE Tools!

NEW! Addressing software-as-a-service challenges using Tivoli security and WebSphere solutions Building a software-as-a-service solution requires addressing a few key technical challenges. In this webcast, we'll focus on the role of IBM Tivoli Directory Server and WebSphere Portlet Factory in creating a Software as a Service solution. We will demonstrate how to use Tivoli Directory Server to prevent the user population of one tenant from accessing the virtual portal and portlet components of another tenant. We will also use the dynamic profile capability of WebSphere Portlet Factory to create multiple highly customized applications from one code base. FREE! Go There Now!

NEW! Applying lean thinking to the governance of software development Effective governance for lean development isn’t about command and control. Instead, the focus is on enabling the right behaviors and practices through collaborative and supportive techniques. Hear from Scott Ambler on how it is far more effective to motivate people to do the right thing than it is to force them to do so. Learn how to form a lightweight, collaboration-based framework that reflects the realities of modern IT organizations. FREE! Go There Now!

NEW! Download IBM WebSphere Portal V6.1 beta code Download the IBM WebSphere Portal V6.1 beta code and learn more about the rich features and enhancements in IBM WebSphere Portal V6.1. WebSphere Portal provides a composite application or business mashup framework and the advanced tooling needed to build flexible, SOA-based solutions, and scalability to meet the needs of any size organization. FREE! Go There Now!

NEW! Download the free Web Application Security eKit Discover how IBM Rational AppScan Standard Edition can help you detext vulnerabilities in your web applications in the Web Application Security eKit. IBM Rational AppScan is a leading suite of automated web application security solutions that scan and test for common Web application vulnerabilities. The new Web Application Security eKit provides you with valuable resources, including white papers, demos, and additional information on the benefits of testing your Web applications. FREE! Go There Now!

NEW! Harnessing the power of SQL and Java for high performance data access Join this webcast to see how IBM Data Studio Developer and pureQuery can take the pain out of Java data access. uApplications developed using both Java and SQL have become a common requirement. Database connectivity using Java Database Connectivity (JDBC) to create an application is a multi-step tedious process, and tooling that covers both SQL and Java has been unavailable, until now. IBM Data Studio introduces the pureQuery platform: a high-performance, Java data access platform focused on simplifying the tasks of developing, managing, and optimizing database applications and services. FREE! Go There Now!

NEW! Rational Testing eKits Discover how Rational tools and best practices for testing can make your job easier. The new Rational Testing eKits provide you with valuable resources – including demos, webcasts, tutorials, and articles – that help you address your specific testing needs across the software lifecycle. Five new eKits are available covering the topics of Requirements and Test Management, Functional Testing, Performance Testing, Code Quality and Embedded Systems, and SOA and Web Services Testing. FREE! Go There Now!

NEW! Try IBM Rational Asset Manager V7.0 online! You can now evaluate IBM Rational Asset Manager V7.0 online without installing or configuring it on your own system! Rational Asset Manager helps create, modify, govern, find, and reuse any type of development assets, including SOA and systems development assets. Rational Asset Manager helps you reduce software development costs and improve quality by facilitating the reuse of all types of software development-related assets. Visit developerWorks to learn more about this product and register to explore its capabilities online. FREE! Go There Now!

NEW! Webcast: Eclipse: Empowering the universal platform The Eclipse community is constantly working to extend Eclipse's functionality. In this webcast, learn about some of the most important and feature-rich projects under development. From multi-language support to plug-in development, tune in to see what Eclipse is capable of now. FREE! Go There Now!

NEW! Webcast: Quickly provide customized, integrated user interfaces with Lotus Notes 8 IBM Lotus Notes 8 provides a wide range of developers the ability to provide customized, integrated user interfaces via composite applications and via custom sidebar and toolbar plug-ins. This webcast provides you with tips and techniques to use with out-of-the-box capabilities of Lotus Notes 8, and survey how you can share useful components within your own company and within a larger community. FREE! Go There Now!

NEW! Whitepaper: Achieving consistency between business process models and operational guides Explore how Rational and WebSphere software enable enterprise documentation in SOA environments. Specifically, a new integration between IBM WebSphere® Business Modeler and IBM Rational® Method Composer software can help technical writers more easily keep enterprise operations manuals in sync with changes that are made to business processes, resulting in more accurate and timely documentation that benefits the entire enterprise. FREE! Go There Now!

All FREE IBM® developerWorks Tools!