Monday, December 7, 2020

Basics of TLS/SSL

Basics of TLS/SSL

Transport Layer Security (TLS), Secure Sockets Layer (SSL) are industry-standard protocols used to protect communication over the Internet. They establish authentic and encrypted links between the network.

TLS and SSL both use public-key and symmetric cryptography to allow all end users to be ensure of a web server’s identity and preserve all communication as private (the interactions between the end user and the web server). These protocols are most commonly used to provide privacy for sensitive information, like passwords or credit card numbers.

The initial communication between an end user and a web server is referred to as the “SSL handshake.” In that handshake, the web server sends its certificate to the browser. The browser authenticates the validity of the certificate and the legitimacy of the web server. After validation check, a secure connection is established between the devices. 

Many times, we have seen the notation like “https://” in a link or in a browser’s address bar as well as a "Padlock" symbol which donates that TLS or SSL is being used. For example, we have an HTTP website and we want to allow HTTPS secured access to it. This means we need a PKI certificate, and we can configure SSL or TLS.

Both SSL and TLS use PKI certificates and with PKI certificates they allow for encryption or data confidentiality and further allows for digital signatures and hashing.

How it works

TLS and SSL require the web server to have a digital certificate which are generally obtained from a Certificate Authority or called trusted CA. 

The web server sent its TLS or SSL certificate to the browser. The browser and web server exchange the information cryptographically to prove that the web server is in fact the one named in the SSL certificate. And, the browser verifies that the web server’s certificate is indirectly signed by a CA whose root certificate is trusted by the browser. 

An SSL Certificate issued by a CA to an organization/firm and its domain/website confirms that a trusted third party has authenticated that organization’s identity.

Its important to be used at financial transaction sites and sites used for confidential and personal data interchange for safety. 

Benefits of using SSL:

  • Encrypt Sensitive data
  • Activate HTTPS and Lock pad at browser
  • Comply with PCI standards
  • prove legitimacy
  • Strengthen brand identity
  • Increase SEO Rank

-DR

at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Network Scanning Tools

Network Scanning through Nmap and Nessus Network scanning is a process used to troubleshoot active devices on a network for vulnerabilities....

  • Basics of Ethernet
    Ethernet   Ethernet is the Media access method in a network where all the device or hosts , that share data or share the bandwidth in betw...
  • Telecom | STM-1/4/16 SDH Multiplexer- Part 2
    STM-1/4/16 SDH Multiplexer In my older post I have covered the basic STM and STM-1. STM1 is a synchronous digital hierarchy (SDH) is standar...
  • General IT Controls -ITGC & GTAG
    General IT Controls (GITC or ITGC) Information Technology General Controls is a type of internal controls which is combined a set of policie...