Everything you need to know about SSL

SSL; Christopher East asks do you need it; what does it do; and how does it help?

SSL stands for secure socket layer. It is an important piece of the puzzle when it comes to ensuring security and secure connections between devices, on the internet and when authenticating users using VPNs and even on some two-factor authentication systems.

You need a secure socket layer when you are transmitting information that you want to remain private or safe. Most commonly this is used on a website, to secure information you are sending to and from a website, such as payment or address information.

Did you know, Netscape originally developed SSL to allow the transmission of documents or information which worked across any platform or operating system?

The SSL system works with two distinct parts: the private key and the public key. The private key is meant to be kept private and is stored on the server performing the authentication. The public key is sent to the server, and whilst it should not be shared without careful consideration, as it can grant access to the information or device which is secured by the private key. It is considered the public key, because it is the part of the SSL system which is transmitted across the internet.

The two keys are then compared using an algorithm which matches them if they are from the same key-pair, and then the device or web-browser is given access to the page, document, computer, network or system, which is secured using SSL.

Since the creation of SSL it was designed to provide security for inter-network traffic, to help provide confidentiality, authentication, integrity and data protection.

Unfortunately, since its introduction, different organisations have taken different approaches to assuring the identity of the people obtaining the key-pairs, which make up the SSL certificate. This has resulted in a climate where criminals or people who do not wish an organisation well, being able to obtain a certificate in their name very easily, in some cases, because these less security-focused sellers of SSL certificates use very insecure and easily forged pieces of information to determine who the person is.

This has created a difference in the trust value of some certificates, and as a result, a newer version of SSL was introduced, along with a new type of key-pair (certificate), named extended validation. Extended validation requires that additional steps are followed before the key-pair (certificate) is issued. This new type of key-pair (certificate) is recognised in web-browsers by turning the address bar green, in addition to showing the padlock symbol, which everyone is told to look for.

So, we have established that SSL and the SSL certificates protect information and devices from unwanted connections and ensure that the information on websites is protected at all times. 

This has allowed for a boom in online shops and marketplaces, as the security of the information used throughout these websites is able to be guaranteed to some level, so the public, in general, has felt more comfortable using their financial and personal information online.

So how does this help you?

It helps by making sure that the payment you make to your favourite online auction website, or your favourite marketplace online is secure, and your credit card information is never shared with the rest of the information at the time you type it into the website and press the buy button.

SSL also helps by ensuring that you can log in to secure systems, or connect to a VPN, or similar things, which use SSL certificates to protect the security, and only allow people with the correct authentication information to connect to the server or device.

Comments (1)

Leave Comment
  • 1
    Martin wrote on 7th Sep 2017

    I'd have included that all versions of SSL have been depreciated due to security issues and TLS is now preferred. Also how the client and server negotiate which cypher they will use which creates the opportunity for downgrade attacks. These can be defended against by proper server config so that weak cypher suites are not offered.
    Also the public key is not sent to the server, it is contained in the server certificate which is sent to the client. There's also lots more interesting stuff about https and certificates that should go in an an article like this.

    Report Comment

Post a comment

About this blog

This blog is brought to you by the members of the BCS Internet Specialist Group and allows you to harness their skills, expertise and knowledge. The internet is ubiquitous and has a major impact on our daily lives, at work, at home on the move. The associated risks and security concerns are real, but the magic and advantages of the internet are significant.

See all posts by Internet Specialist Group

Search this blog

January 2018
M
T
W
T
F
S
S
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31