Internet Security - SSL Explained
Sally Hetherington for Bizland
|
|
|
|
Internet Security - SSL Explained Sally Hetherington for Bizland
|
Exactly how safe is it to submit your credit card details over the net? While most of us do it every day without batting an eyelid, there are always those horror stories of people who had their bank accounts wiped out by malicious hackers, or even fraudulent websites. How can you tell when a site is safe? We spoke to Roger Morgado, a technical supporter at Thawte, who helped explain it further…
What
is SSL?
SSL (Secure Socket Layering), an Internet protocol, is a set of specifications
that allow two applications to communication with each other via the Internet,
in a secure environment. SSL allows a web browser or client to authenticate
the existence and identity of a website using digital keys and certificates.
It also allows for all information that it sends to be encrypted, ensuring that
information cannot be intercepted or stolen while in transit.
How
does SSL work?
SSL works on the basis of two keys, a private and a public key, known as a 'keypair'.
When you request an SSL session to a server, the client browser will negotiate
a 'SSL Handshake' with that server. The client browser then creates a third
unique key, known as the Pre Master Secret Key, which is encrypted using the
public key (included in the certificate) and sent to the server. The server
then decrypts the session key with the private key, and both then create the
final Master Secret Key, which will be used for this session only. In a nutshell,
the client uses the public key to authenticate the signature made by the private
key.
How
do you know whether a website is secure?
In order to create a SSL session, a user will reference the domain using https
- so check to see that the URL starts with this. The client browser will also
verify any information contained in the certificate. The client browser will
also check that the Certification Authority (CA - e.g. Thawte) is a trusted
CA by verifying the signature on that server certificate. Finally, the client
browser will check that the domain name of the browser matches that of the certificate,
and will pop up a warning message if it does not trust one of the fields. Should
the user continue with the transaction, it would be at his or her own risk -
your credit card details could be going to a fraudulent site. You can view the
certificate by right clicking on the page, go to page properties, then certificates
details, or alternatively, click on the padlock in the bottom right-hand corner
(although this does not always appear). If all is in order you can continue.
Are
my credit card details therefore safe?
If all of the above comply, your credit card information should be secure. Nothing
is however foolproof, as the aim of encryption is not to be unbreakable, as
new technology is always being developed, but rather to make it inconvenient,
so that the time needed to break it would put anyone off from trying!
Thanks to Roger Morgado for his assistance in writing this article - he can be contacted at rogerm@thawte.com.
Back
to www.bizland.co.za
