SSL Secure Sockets Layer - Cardinity

Transcript

1. SSL Secure Sockets Layer

2. What is SSL? Secure Sockets Layer (SSL) is the most

   widely deployed cryptographic protocol to provide security over internet communications. SSL provides a secure channel between two machines or devices operating over the internet or an internal network. One common example is when SSL is used to secure communication between a web browser and a web server. This turns a website's address from HTTP to HTTPS, the ‘S’ standing for ‘secure’.

3. Why is it a must? In order to accept credit

   card information on your website, you must pass certain audits that show that you are compliant with the Payment Card Industry (PCI) standards. One of the requirements is properly using an SSL Certificate. It provides privacy, critical security and data integrity for your website and your users' personal information.

4. SSL Certificate To be able to create an SSL connection

   a web server requires an SSL Certificate. When you choose to activate SSL on your web server you will be asked to complete a number of questions about the identity of your website and your company. SSL certificate ensures that any data transferred between users and sites remain impossible to read. It uses encryption algorithms to scramble data in transit, preventing hackers from reading it as it is sent over the connection. This information could be anything sensitive or personal which can include credit card numbers and other financial information, names and addresses.

5. How does a SSL Certificate work? When a browser attempts

   to access a website that is secured by SSL, the browser and the web server establish a SSL connection using a process called a “SSL Handshake”. Note that the SSL Handshake is invisible to the user and happens instantaneously. Three keys are used to set up the SSL connection: the public, the private, and the session keys. Anything encrypted with the public key can only be decrypted with the private key, and vice versa. Because encrypting and decrypting with private and public key takes a lot of processing power, they are only used during the SSL Handshake to create a symmetric session key. After the secure connection is made, the session key is used to encrypt all transmitted data. Everything happens in the following steps:

6. How does a SSL Certificate work? A browser connects to

   a web server (website) secured with SSL (https). A browser asks the server to identify itself. A server sends a copy of its SSL Certificate, including the server’s public key. A browser checks if the certificate is obtained from a certified authority and is valid (i.e. unexpired, unrevoked, etc.) If the browser trusts the certificate, it creates, encrypts, and sends back a symmetric session key using the server’s public key. The server decrypts the symmetric session key using its private key and sends back an acknowledgement encrypted with the session key to start the encrypted session. The server and the browser now encrypt all transmitted data with the session key.

7. How does it look like? Web browsers give visual cues,

   such as a lock icon or a green bar, to make sure visitors know when their connection is secured.

8. SSL can be used to secure: Online credit card transactions

   or other online payments. Intranet-based traffic, such as internal networks, file sharing, database connections. Webmail servers like Outlook Web Access, etc. The connection between an email client such as Microsoft Outlook and an email server such as Microsoft Exchange. System logins to applications and control panels like Parallels, cPanel and others. Workflow and virtualization applications like Citrix Delivery Platforms or cloud- based computing platforms. Hosting control panel logins and activity like Parallels, cPanel and others.

9. Benefits More confidence from your clients Better conversion rates Secure

   shopping environment No *Not Secure* warning sign Improved SEO score Search

10. Risks of not having SSL MITM (Man-in-the- middle) attacks Phishing

    attacks Confidential data leakage Distrust by web browsers Damage to brand and reputation

11. Where to buy a SSL certificate? Before you buy a

    SSL certificate, you must decide what type of SSL Certificate is right for your business. SSL Certificates have to be issued from a trusted Certificate Authority.

12. Feel free to contact us! UAB Click2Sell Sauletekio ave. 15,

    Vilnius, Lithuania Company code: 300110581 VAT code: LT100005028414 Phone: +44 2035 144 748 [email protected] www.cardinity.com