SSL: Explained

The What, Why and How of SSL.

In a connected world, such as ours, the internet brings all the convenience one needs at the click of a button. With these conveniences come a host of threats. SSL is the bulletproof jacket that protects you from these threats.

Imagine, if it is your mother’s birthday. Unfortunately, you are sitting thousands of miles away. So, you decide to make her feel special by ordering her flowers, booking her a SPA Day followed by a nice dinner at her favorite restaurant. You arrange for a chauffeur to pick her up and take her out to all these places. All is well, Mom has had a great day and you feel proud of yourself.

Then suddenly, you start getting intimations from your credit card company and your bank. First one, then one more then another. Before you can hotlist it, you have been charged thousands of dollars. Leaving you, to pick up the bills.

You know you have become the latest victim of cyber fraud. Remember those movies in the ’90s? Those have become a reality today.

One may think, “so what if we lost a bit of money?” we can claim fraud and get it back. While true, do remember that this is just one kind of attack. Hacks and other malicious attacks have also grown in numbers and nature. Hence, one needs to be very careful about what information you share online and most importantly, where you share this information.

Types of Online attacks

For all the online threats that there are, they can be classified into 3 broad kinds based on the point of attack. These are:

• Attack on the Client, meaning your computer.

• Attack on the Server, meaning the host computer of the website you are viewing.

• Attack on the Communication Channel, meaning the network connection between the client and the server.

Attacks on the Client are rare and unfruitful unless someone has a personal score, they want to settle with you.

Attacks on Servers and Communication channels are where a major chunk of attacks happen. This is so because Servers host large databases, a huge source of sensitive data. Server security is a huge challenge. Starting with just the sheer physical security, companies spend millions of dollars on a multi-tier security detail to keep these assets safe.

Securing communication lines is close to impossible. For instance, it is vulnerable to tapping or attackers may maliciously pose as a server or a client, or may just overload the network for a denial-of-service attack. Whatever be the nature of attacks on communication lines, it can just as easily be tackled by encrypting the data which travels on it. With this, even if the attacker can get this data it will be of no use as it will be completely illegible.

What is SSL?

SSL (or Secured Socket Layer) is a security measure that does this encryption. With SSL, servers and clients can communicate endlessly. They can do this without fear or any vulnerability to the data. This is so because only the sender and the receiver hold the key to decrypt this data. Hence, even if someone was to get hold of it, it would take them hundreds of years on a super-powered computer to decipher this data.

Now that you know what SSL is, you must also know what to look out for to ensure your data is being transmitted on a channel that has SSL protection.

How to ensure safety?

It is very simple – have a look at the address bar. Your address bar should look like this.

You can ensure SSL protection by looking for two things.

1.   Your URL in the address bar must read HTTPS.

If it reads HTTP, beware, this means any communication you make with this website is not secure. I would not so much as even enter a fake name on such a website. Call me paranoid!

2.   Just before the URL you should see an icon of a small padlock.

Do not worry. These are not mutually exclusive. It cannot happen that you see one and you do not see the other.

What happens when you don’t see HTTPS?

Firstly, most modern web browsers are now programmed to give you a fair warning in case they do not detect an HTTPS site. See pic below:

When this happens, your browser will ask you whether you wish to continue to an “Unsecured” website. Now, not that I recommend it but, you can continue with the site. If this website is just giving you information and you do not have to give any personal details, you can consider bypassing the warning and continue to view the website. For instance, you are presented with this warning when you open the website of your local newspaper. To simply view the site may not pose too much of a risk. But that is about it. Do not share any personal information.

Secondly, the probability of you encountering such a website is fairly low. This is so because most websites are hosted on servers that are owned and managed by huge web hosting companies like BlueHost. These companies offer SSL as a complementary feature to website owners. Further, this feature is on auto-renew in most cases. Hence, you may not have this problem at all. However, and I cannot reiterate this enough, keep an eye on the HTTPS tag especially when you are prompted to share sensitive data.

Finally, most websites pay special attention to maintaining SSL-level security. Why? Because Google will automatically rank a website with SSL certification higher than a website without it. Hence, it is in the best interest of website owners to maintain and renew their SSL security.

The Final Word

Having said that, there may be a case where even a trusted website may temporarily not have SSL security, during the renewal process for instance. But, be sure when this happens you do not share your details. Remember, you will get a warning from your browser and you must always keep an eye on the HTTPS tag.

For more information on securing, your website with SSL Certifications click here.

Cover Image Courtesy of Markus Winkler Via pexels.com