SSL

advertisement
SSL
Secured Sockets Layer
Lori Fitterling LI843
What is Secure Sockets Layer
(SSL)?
 It is protection of data transferred over the Internet
using encryption and enabled by a server's SSL
Certificate.
 An SSL Certificate contains a public key and a private
key. A public key is used to encrypt information and a
private key is used to decipher it.
When a browser points to a secured domain,
an SSL handshake authenticates the server and
the client and establishes an encryption
method and a unique session key.
They can begin a secure session that protects
message privacy and message integrity.
SSL Does These Two Things
 Authenticates the server and the client using
public- key signatures.
 Provides an encrypted connection for the client
and server to exchange messages.
SSL & E-Commerce
Developed by Netscape in 1994 for transmitting private
documents
Has become the standard for e-commerce transaction
security
SSL encrypts data, like credit cards numbers and
personal information
Uses either 40-bit or 128-bit encryption
I found that 40-bit encryption has been hacked
Reasons Why You Would Use SSL
 If you have an online store or accept online orders and
credit cards
 If you offer a login or sign in on your site
 If you process sensitive data such as address, birth date,
license, or ID numbers
 If you need to comply with privacy and security
requirements
How to get an SSL Certificate
Buy one from vendor – Can run about $400.00 per year.
Or “self-sign” your own certificate using proprietary
software. Self-Signed certificates will trigger a warning
window in most browser configurations that will
indicate that the certificate was not recognized.
Example of a SSL security alert
Libraries Using SSL
 White Library -- My Library Account
 To comply with license agreements that only allow
access to authenticated users -- databases and
electronic journals
Websites About SSL
 Media Lab:
http://medialab.di.unipi.it/doc/JNetSec/jns_ch11.htm
 SSL.com Knowledgebase:
http://info.ssl.com/article.aspx?id=10241
 WiseGeek: http://www.wisegeek.com/what-is-ssl.htm
 Ourshop.com:
http://www.ourshop.com/resources/ssl.html
Download