Tuesday, December 16, 2008

Internet Scam Series – Using SSL to access secure websites

When you go to your bank or some other site requesting your user name and password sometime you will see https (hyper text transfer protocol secure) AKA SSL (Secure Socket Layer)  With the internet often you are going from one computer to another to another often connected through multiple nodes. With SSL the easiest way to explain it is you are creating a direct encrypted connection from your computer to that server. 

SSL and TLS (Transport Layer Security) are not separate protocols but a combination of normal and encrypted.  When you are on a secure site depending on your browser you will see a padlock or some other methods to indicate your using an encrypted site. While not totally safe and secure these site do provide a reasonable level of protection assuming a good enough cipher is used and that the server has a trusted and verified server. 

An https: URL may specify a TCP (Transmission Control Protocol) port; if it does not, the connection uses port 443 (unsecured HTTP typically uses port 80).


To prepare a web-server for accepting https connections the administrator must create a public key certificate signed by a certificate authority.


For Client/User authentication to restrict access to a web server to only authorized users the administrator creates certificates for each user which sometimes contain the name and e-mail address of the authorized user which are automatically checked each reconnect to verify the user's identity.

No comments:

Add to Technorati Favorites