Know how SSL certificate work to secure your website | WIKIBAN

6 October 2015

Know how SSL certificate work to secure your website

Share...

Share on Facebook
Share on Twitter
Google Plus
let me guess you have a website or you are a geek that is planning to own a website, once you attract visitors with your nice post or important stuffs depending on the website you have it may be a blog, business website or e-commerce website, to ensure standard or to comfort a visitor or customer you must make sure your site is secured, you might not know the type of visitors you have but definitely once your website begin grow you must experience security breach or related security problems.

website security wikiban

Weak passwords, compromised administrator user names, unchanged default settings on network hardware and common software leave systems open to attack by people masquerading as legitimate users .

As an advisor i suggest you should get SSL certificates from trusted issuer as your first plan. Most customers  who don’t see a visual clue proving your site is secure, won’t trust you and you won’t win their business or their aims.

If your site uses Always-On SSL, site visitors will see ‘https’ in their address bar for the entire time they are on the site. This tells them that all their interactions with your site are encrypted from the moment they arrive to the moment they leave. It gives them the comfort they want.

On top of that, visual signs of advanced SSL security, such as the green address bar, which is activated when a site uses Extended Validation SSL certificates, indicate that you are a legitimate business that underwent advanced validation in order to qualify for such a certificate. If you do this, it shows that you value your visitors’ and prospects’ security as much as you value their interaction with your website.

Trust marks are the symbols or logos that Certificate Authorities give you access to when you successfully deploy an SSL certificate. It’s the visual stamp of approval, which indicates that a particular Certificate Authority trusts your site.

These trust marks encourage visitors to trust your business and your site. This translates into more conversions. And for e-Commerce sites, tests carried out by Conversion IQ have shown that the revenue per customer (RPV) also increases when there is a trust mark present.

This raises another important point for trust marks – where you put them. If people don’t see the trust mark, they can’t feel the trust. So it’s worth displaying them prominently and at the right time – for example on your checkout page. It’s also worth experimenting with A/B tests for different locations to find the best place. Recognizing Threats to your Website

Cyber-criminals’ best weapon is their victims’ ignorance. Most webmaster simply doesn’t understand how they attack websites. If you don’t know where and how criminals attack, how can you know what vulnerability looks like?

Let alone begin to patch or remedy it?

How much risk you face depends on a number of factors. The first step in figuring out what security you need is thinking about what the criminals might be after.

Consider the following to figure how much danger you’re really in

Popularity of your site: If you get a lot of visitors you could be a prime target for malware distribution. Criminals want to get their malware on to as many devices as possible. High traffic websites make this quicker and easier.

The type of visitors you attract: Business to business web sites, for example, might attract potential customers from larger or more lucrative organizations. If criminals know their targets frequent your site, they’ll look to exploit it.

Type of information you collect: Credit card details, addresses, email addresses and password reset hints are all considered juicy prizes by cybercriminals. Identity theft is very profitable. The more you gather, the more they have to go after. Identity thieves often seek three important data points; government ID information, date of birth and address. Having access to all three usually allows them to steal an identity.

It’s like your home: You might have two locks on the front door, window locks and a burglar alarm. You need to figure out where you’re most likely to get hit, and what will cause the most damage in order to start building up effective, multi-layered protection.

Different threats require different defences, and to have a fully secure website you need multiple, overlapping layers of security. Solutions to major security related problems.

SSL certificates, or Secure Sockets Layer certificates, are the foundation of website security. They provide the technology to encrypt data and the third party verification of your business identity.

website in the future, in your plans i know your first priority is to attract visitors or you need more traffic depending on the site you have or planning to design, they are more works ahead that you don’t know and you must do it to improve your standard online.

SSL certificates aren’t just for ecommerce sites – if you think about it, almost every site has some form of interaction or data exchange with visitors. It might be contact forms, social interactions and blog comments, login details for an online application or landing pages.

SSL encryption is based on a pair of cryptographic keys. These are pieces of information that actually encrypt and decrypt the information. Cryptographic keys are essential in any public key infrastructure (PKI)-based security.

How SSL certificate works

1. The visitor’s browser attempts to connect to the website secured with SSL.

2. The browser requests that the web server identify itself.

3. The server sends the browser a copy of its SSL Certificate.

4. The browser checks whether it trusts the SSL Certificate. It does this by checking if it trusts the Certificate Authority that issued the certificate. All major browsers come pre-installed with a trusted root store with vetted public roots from approved Certificate Authorities. This way a customer’s browser automatically knows who to trust. If the browser trusts the Certificate Authority, it extends that trust to the website and sends a message to the server confirming that.

5. The browser also checks the certificate status to see if the certificate is still valid, or if it has been revoked.

This is generally done by one of two methods: Certificate Revocation List (CRL), a list of serial numbers of all revoked certificates that were issued by a particular CA certificate. The entire CRL is signed by the Certificate Authority so the browser can be assured that it’s authentic and hasn’t been tampered with. Online Certificate Status Protocol (OCSP), in which a request is made for a specific SSL certificate and a response is returned that indicates whether that certificate is valid or revoked.

The OCSP response is signed by the Certificate Authority so the browser can be assured that it’s authentic and hasn’t been tampered with. Most modern browsers rely on OCSP instead of CRLs. Certificates are revoked for various reasons, for example if they are improperly issued, or if the website owner has published false documents or suffered a security breach that exposed private keys.

6. Your server shares the public key with the browser. They use that key to securely agree on another key, the session key, that is used to set up a secure and encrypted channel to exchange data through.

7. Once a secure, encrypted connection is established, the visitor will see the website address begins ‘https’ rather than just ‘http’.This process is known as the SSL handshake, and it’s how SSL certificates work to prevent criminals eavesdropping and stealing information exchanged between  websites and visitors.
Share :

zealmatblog

No comments:

Post a Comment