SECURE WEB CONNECTIONS

Web browser, these days has become more and more of an everyday tool, we are increasingly uploading accessing and information about ourselves, our finances, and company data through it. Most banks and financial institutions offer web portals where you can perform any action from viewing your account numbers to depositing scanned checks to making wire transfers. How is the connection between you and the website protected?

What stops malicious users from intercepting, altering, stealing this information, or even logging in as you?

High-Level Overview of Secured Connections

In secured web connections, protocols like HTTP, HTTPS, SSL and TLS comes into action. To establish a secure web connection, your connection to a website is going to be encrypted using HTTPS, which means the layering of Secure Socket Layer (SSL)/Transport Layer Security (TLS) is added to HTTP protocol which is a protocol for displaying websites to create secure communications. HTTPS websites must establish a secured connection between your web browser and the web server before any information is passed between them. This is called a Handshake.

During the handshake, the web server sends a copy of its SSL Certificate. The Certificate contains information about the website such as its domain name, its public key, information about the company which owns the certificate, expiration, and the trusted signers who signed the certificate.

Your browser checks the certificate against its known trusted signers (such as Verisign, Digicert, Comodo, etc), a revocation list, and the domain providing the certificate to determine if the connection should move forward and be trusted. Your browser then works with the server to generate a temporary session key to encrypt the communication between the two. All data at that point is transmitted over an encrypted channel.

Why is SSL/TLS Important?

SSL stands for Secure Sockets Layer and, in short, it's the standard technology for keeping an internet connection secure and safeguarding any sensitive data that is being sent between two systems, preventing criminals from reading and modifying any information transferred, including potential personal details. The two systems can be a server and a client or server to server.

TLS (Transport Layer Security) is just an updated, more secure, version of SSL. We still refer to our security certificates as SSL because it is a more commonly used term, but when you are buying SSL.

SSL/TLS protects the data secured by it from interception, alteration while keeping it private. SSL/TLS also provides authentication such that it validates that the website you are connecting to is who they say they are. In order to be issued a certificate the Certificate Authority must validate the identity of the owner. For example, while phishing websites will present you with an authentic looking website (a fake paypal website), the SSL Certificate fingerprint cannot be faked. SSL also protects your login information.

Validation

Remember to look for the lock symbol in the address bar of your web browser before logging into a website. See the below examples for certificate checking.

Using Google Chrome:

 

You can see the lock icon at the left corner of the URL.