Ssl Protocol

Web applications rely on encryption to protect information such as passwords, credit card numbers, customer names, and addresses transmitted between a Web browser and a server. SSL (Secure Socket Layer) is a protocol layer that operates on top of TCP/IP to provide encrypted communications. The protocol is a set of rules governing server authentication, client authentication, and encrypted communication between servers and clients. SSL is widely used on the Internet, especially for interactions that involve exchanging confidential information such as credit card numbers. SSL uses public key cryptography to transmit a unique session key for each connection. It then uses a faster, symmetric encryption algorithm such as DES or RC4 to encrypt whatever information the application needs to transmit.

When you establish a connection to a web site, such as the web site for Amazon.com booksellers, you want to be assured that your communications will not be read by an eavesdropper and you are communicating with a legitimate Web server, not an imposter pretending to be Amazon.com. In order to verify the identity of a Web server, the SSL asks the server for its public key and it requires the key to be digitally signed by a certificate authority.

When you communicate with a Web server using the prefix https instead of http, your browser establishes an SSL connection. Many websites such as Amazon.com use this technique to keep your password and personal data secure from others. You will also see a lock icon appear at the bottom right of the web page window indicating the data on the page came to you encrypted via a SSL protocol. If do not see a lock icon when transmitting sensitive information, you should be aware that your data was not encrypted, and may be seen by eavesdroppers. The image below highlights the URL that begins with "https" and the lock icon, indicating that the data on the page will be transmitted securely.

Figure 6 Using SSL

As part of the initial "handshake" process between the server and the client, SSL requires a server SSL certificate. The server presents its certificate to the client to authenticate the server's identity. The authentication process uses public-key encryption and digital Signatures to confirm that the server is in fact the server it claims to be.

For more detailed information about SSL, see an introduction to SSL.

6.3 Prevention, Detection, and Recovery

In addition to using technologies that keep your data secure such as encryption and authentication, there are many ways to protect your data by preventing and monitoring network activities. It is also important to keep back-ups of your data in case of data loss.

Reading Sequence: 6.3.1 Firewall. Learning Goal: Obtain knowledge of what a firewall is, what purpose a firewall serves, and how the firewall attempts to perform its job.  6.3.2 Intrusion Detection Tools. Learning Goal: Gain familiarity with tools used for intruder detection and prevention such as network monitoring tools, and anti-virus tools. 6.3.3 Data Recovery. Learning Goal: Learn about back-up methods for data recovery. Parsons/Oja, Chapter 4-Section E. Learning Goal: Learn about disk backup procedures that provide for the recovery of lost or corrupted files. Parsons/Oja, Chapter 4-Lab: "Backing Up Your Computer". Learning Goal: Practical experience with data backup and recovery.  6.3.4 Summary of Security Tips. Learning Goal: Knowledge of security practices that are most important to prevent and counter some security vulnerabilities.

                                          

Assessments: Multiple-Choice Quiz 24