17 January 2023

Secure Socket Layer – SSL

SSL ensures that the communication between the server and the user can be encrypted for general frame and protection during data sets on the network, thus ensuring confidential and secure communication. Thus, it also helps to maintain data protection in communication. Both SSL and HTTPS technologies are viewed by Netscape company. In SSL technology, sensitive information such as purpose, personal data, payment, or login details started as a secure transmission, but today much wider areas have been spread for secure access to data.

It is a protocol by all SSL web servers and web browsers. It provides encrypted communication possibilities between a website and a web browser. Additionally, TLS is an advanced solution to address known vulnerabilities in SSL infrastructure and SSLv3. It is certain that the encrypted message or data packet is not read or modified by anyone else in the content using SSL or TLS. SSL includes a worldwide used standard. In order for SSL servers to work, server units need a key (Private Key) and a certificate (Public Key) that works on the user device side receiving service from the server.

In this case, considering the user sending and replying to service for the server and for the server, there should be two keys each. Thanks to these keys, each receiver and sender encrypt the data to be sent and convert the data received from the encrypted format into readable form.

The working principle of the keys called Public Key and Private Key is based on a special encoding method. There are two keys for SSL encryption and only these two keys can open the lock. These keys are digitally encoded software and work on encrypting data. Thus, the data is locked by one key, and only the other key unlocks. These private keys are created upon login to the website. One of the keys created remains on the main server, and the other is defined as the server or user who wants to connect. The message is delivered to the user securely by using the Public Key when it is desired to communicate with the user from outside. Even if the data is captured by third parties before reaching the user, Private Key is required to decrypt and read the message. In this way, the data transfer is encrypted in a way that cannot be deciphered by a third-party person or software. It is not possible to decrypt these passwords unless server-generated key pairs are used for the same data at the same time. Secure and valid communication provided by SSL certificate is recorded as date and time.

In addition, an SSL certificate is one of the SEO criteria determined by Google. In this way, it may be possible for the sites to increase in search rankings by adapting to Google terms. SEO is search engine optimization. It allows search engines to understand and browse websites more easily and makes them suitable for search engines’ criteria. Optimizing a website for the search engine and increasing or decreasing its ranking in the search result also depends on SEO terms.

All modern web browsers support the SSL Protocol. SSL is widely used in browsers and websites as well as in almost all internet access protocols. SMTP, POP3, and IMAP protocols, which were established with standard communication methods in the past, have now been replaced by the SSL encryption method. Thus, thanks to SSL encryption, your Mail traffic cannot be monitored by attackers. Looking at the working structure, there are three different types of SSL verification methods.

Domain Validation (DV)

Domain Validated is a certificate control method that verifies that the user is the domain owner or the relevant domain by checking the domain only over the domain name. It is generated when an email is sent to the WHOIS information or email addresses belonging to that domain to verify ownership of the owned domain usage rights. The installation and control of the certificate are provided after the information provided by the hosting company or the system administrator on the domain is confirmed. It is the most widely used certificate type. It is the most economical and fastest way to have an SSL certificate.

Organization Verification (OV)

Organization Validated Verification is the organization’s Certification Authority (CA) issues approval to verify the special pieces of information for the organization. “Organization Name, Physical Address, and Telephone Number” are verified to ensure that the institution is a real organization. This data must match WHOIS information before publication, as well as a public Government Information site or an approved Third Party Website. Therefore, it gives more confidence to a consumer who checks the certificate.

Extended Validation (EV)

It is the most trusted type of SSL certificate. It fully verifies that the address involved is a legitimate business and is in good standing above and beyond an OV validation process during the Extended Validation process. The most important indicator that becomes active is the ‘Green Bar’ in the user’s web browser. This type of certificate is the most expensive SSL certificate.

In addition, the “Wildcard SSL” certificate allows obtaining separate SSL certificates for all subdomains in the domain. The “Multi-Domain SSL” certificate is preferred by webmaster administrators who host more than one website of their own on a server. These SSL certificates installed on the server can be used in common on all domains on the server. It is often preferred because it saves money.

In fact, the SSL Protocol was long ago replaced by the widely used version of TLS 1.3, known as TLS. All security certificates are called SSL because they are used in the same context. Many operating systems and web servers have started to support HSTS and TLS 1.3. TLS stands for Transport Layer Security. TLS is an encryption protocol, that provides data privacy just like SSL, and is an enhanced version of SSL.

HTTP stands for Hyper Text Transfer Protocol. It is the protocol that shows how and in what way the information is transferred from the server to the user. It is a protocol that is automatically added to the search bar on all websites. It enables the display of websites and determines the rules of user-to-server communication. To enter a website, a request is sent to the server via HTTP when the address of the site is typed into the address bar. When the server responds to this request, communication starts and the website is logged.

HTTPS is the secure extension of HTTP. Websites that have installed TLS/SSL certificates use the HTTPS protocol to establish a secure connection with the server. An SSL certificate cannot communicate without using HTTPS. These two protocols must work in harmony with each other. One way to tell if a website is using an SSL certificate is to check its URL address. Because HTTPS connections need an SSL certificate to work. Another way is to see a green lock icon next to your browser’s address bar, showing a “secure” message. Three main advantages of using SSL/TLS are shared below.

Need for Authentication: Thanks to SSL/TLS, any server can act as the main server to be contacted, while accessing users’ communication, and information is prevented by verifying the identity of the server.
Establishing Trust: A certain trust must be built on eCommerce sites and pages that request or offer the critical information. With the use of an SSL certificate, users’ trust in information security can be gained.
Adapting to Market Standards: In some sectors, such as the financial sector, it is necessary to have a certain level of security. In addition, if credit card information is to be obtained on the website, Payment Card Industry (PCI) standards must be complied with and implemented. One of these requirements is SSL/TLS certificate.

Also, the 301 redirects must be made to install the SSL certificate on the website and activate HTTPS. However, even if you add an SSL certificate and make a 301 redirect, manual access from the site to the version without an SSL certificate (ie the “HTTP” version) may be possible. In this case, when the user visiting the site goes to the address starting with “HTTP”, data transfers are completely insecure. Thanks to the HSTS policy, the visitor’s browser is warned that only “HTTPS” can connect to the site and is automatically directed by the browser. In addition, since sites that enable HSTS are opened faster, it is thought to have a positive effect on search engine results. To enable the HSTS policy, it is only necessary to add a small extension to the certificate extension.

Lütfen bu gönderiye bir puan ver.

[Total: 0 Average: 0]

Leave a Reply Cancel reply

EMRE ÇİÇEK
17 January 2023
Blog, Network
4g, 5g, 802.1x, aaa, access, accounting, açık, acl, ağ, ağ donanımı, ağ güvenliği, ağ iletişimi, ağ mimarisi, ağ performansı, ağ protokolleri, ağ segmentasyonu, ağ topolojisi, ağ trafiği, ağ yapılandırması, agent, ajan, alıcı, altağ, alto, anahtar, anti-virüs, API, application, arayüz, architecture, ARP, asimetrik, asymmetric, atak, attack, authentication, authorization, bağlantı, bandwidth, bant genişliği, başlık, bgp, bilgi, bilgi güvenliği, bilgi güvenliği yönetim sistemi, bilişim, bit, botnet, browser, buffer, bug, bulut, bulut bilişim, bulut güvenliği, byte, cable, cdr, center, challenge, chap, check, checkpoint, cihaz, clean, clear, cleartext, clone, cloud, communication, configuration, connection, content, control, crypto, Cryptography, customer, cve, data, database, ddos, decapsulation, decrypted, decryption, defined, delay, deliver, delivery, destination, device, dia, diode, direct, directly, display, dlp, dns, dogrulama, domain, donanım, dosya, duvar, düzlem, e-mail, eap, edr, efficiency, efficient, egress, electric, electronic, email, emre, encapsulation, encrypted, encryption, engineer, enigma, enterprise, eposta, Erişim, error, event, evrensel, exchange, f5, field, firewall, fiziksel, fortinet, Frequency, gap, gateway, gecikme, generation, ghz, gizli, guvenli, güvenlik, güvenlik açığı yönetimi, güvenlik duvarı, güvenlik izleme, güvenlik politikası, handshake, hardware, hash, hata, hava, header, hedef, hertz, hesap, hibrit bulut, hız, horizon, ibgp, içerik, İletim, iletişim, imc, information, ingress, input, integration, interface, internet, IP, iş sürekliliği, jitter, kablo, kapsül, kapsülleme, katman, kaynak, key, kimlik, kimlik avı, kimlik doğrulama, klon, konfigürasyon, kontrol, konum, kripto, kriptolanmış, kriptoloji, kritik, kullanıcı, kullanıcı adı, kullanıcıadı, kural, kurtarma, KVKK, LAN, latency, layer, line, list, local, location, log, log yönetimi, lokal, lokasyon, loss, lte, MAC, mail, malware, management, md5, mdr, merkez, mimari, mitm, mobil güvenlik, monitor, mpls, mschap, mtu, mühendis, multiple, müşteri, nac, network, next-gen, nfv, ngfw, northbound, nv, OMP, openflow, optimizasyon, optimization, oran, output, overlay, packet, paket, paloalto, parola, password, pep, phishing, plane, poe, point, poisoning, port, ppp, pppoe, prevention, prof, professor, protocol, proxy, qlink, qradar, radius, rate, receiver, redundancy, reflection, route, route poisoning, route reflection, router, saldırı, SD-WAN, SDN, SDWAN, secure, security, server, sha, show, siber, sibergüvenlik, siem, şifre, signal, simetrik, Sinyal, site-to-site VPN, sızma testi, sniff, software, sosyal mühendislik, source, southbound, speed, split, split horizon, spoofing, ssid, SSL, stateful, stateless, structure, sunucu, switch, symmetric, syslog, system, tabanlı, table, tablo, tanımlı, tasnif, TCP, technology, tehdit, teknoloji, telecommunication, telegram, telekom, telekomünikasyon, tls, topology, topoloji, trafik, trafik analizi, trafik izleme, TTL, tünel, tunnel, ucpe, UDP, underlay, universal, user, username, utm, uyumluluk yönetimi, vcpe, veri, veri analizi, veri gizliliği, veri kaybı önleme, veri merkezi, veri şifreleme, veri transferi, verici, verim, verimlilik, veritabanı güvenliği, virtual, virtualization, virus, vlan, VPN, vxlan, waf, WAN, web, wep, whatsapp, wpa, xdr, yapı, yazılım, yedek, yedekleme, yedeklilik, yenilik, yetkilendirme, yönetim, yönlendirici, yönlendirme, zafiyet, zehirlenme

EMRE ÇİÇEK

Editor

M.Sc. Computer Engineer - B.Sc. Electrical and Electornics Engineer

Posts by EMRE ÇİÇEK

Wind, Gravity, and the Universe

Artificial Intelligence and Architecture

Big Data and Machine Learning

ISO-27001 and ISMS (Information Security Management System)

DWDM (Dense Wavelength Division Multiplexing)

Comments by EMRE ÇİÇEK