 |
|
What is a Secure Socket Layer? |
The secure socket layer protocol (SSL) is an Internet
standard security technology, which uses digital keys to
encrypt private data, such as credit card information on
an order form, sent from your customer's web browser to
the web server hosting your E-commerce site. Do to the
decentralized and very dynamic nature of the Internet, it is
possible that a third party could try to look at the
private data as it traveled through one of the many
networks between the customer and your site. This
technique, know as packet sniffing, is only effective when
the data is sent in plain text. However, because the data sent
over SSL is encrypted, it would be
completely unusable by the hacker.
|
|
How does a Secure Socket Layer Work? |
|
Below you'll find two images. The first image displays the
risk involved in transmitting data in a "non-secure" way.
The second image will display the benefits of having an
SSL certificate installed on your website.
|
|
|
|
 |
|
With the SSL, the sensitive information such as credit
card numbers or personal information such as a Driver's
License number is sent through the internet as plain text
which could be possibly be picked up by a malicious hacker
through packet sniffing. If your customer's information
were to be stolen the merchant would be blamed for
allowing the information to be leaked out to the hacker.
|
|
 |
|
The digital certificate is installed on both the
customer's web browser and the merchant's website which
encrypts all of the information submitted to and from the
website. Note that the SSL does not prevent packet
sniffing. However, any data viewed by a hacker would be in
random, non-sequential characters so it would become
useless.
|
|
|
|
What is a Shared SSL? |
|
Most Web hosting companies will offer a complimentary
shared SSL certificate to their clients. Note that the
information on the shared SSL certificate will not
match your domain name. This means that each time a
visitor visits enters a website in a secure mode using the
shared SSL, he/she will be greeted with a message (see
image below) prompting them that the SSL certificate does
not match the domain name. This could prompt the website
visitors to think the it is an illegitimate site.
|
|
Spoofing a server |
|
It is possible for a hacker to spoof a web server. The
hacker can collect the credit card information with
spoofing. But what does spoofing mean? Web spoofing is
the act of secretly tricking a web browser into talking to
a different web server than it intended to. How? By
attacking the DNS (domain name system) that maps the "www.website.com"
in a URL to a network address, or by modifying a Web page
to have a bad URL, or by tricking the web browser as it
interprets CGI, ASP, PERL data, JavaScript, etc.
After your browser has been fooled, the spoofed web
server can send the visitor fake web pages or prompt the
visitor to provide personal information such as a
login ID, password, or even credit card or bank account
numbers. If done carefully, the visitor probably will not
even notice that you have been duped.
With the Authentic SSL, your
server cannot be spoofed while running in the SSL mode. It
is literally impossible. Because it introduces the
possibility of spoofing, shared SSL provides a much less
secure environment for your customers. |
|
If a domain does not match the secure
certificate the visitor will most likely end up with an
error such as the one above! |
|
|
