Featured Posts

When do you need SSL Certificates and How does it Thwart SSL Sniffing

20th June 2016 | By Administrator

SSL certificates are now increasingly used to secure websites and prevent theft of sensitive personal data. The tech-savvy may very well know what SSL certificates are, but for non-technical people SSL certificates may seem rather unfamiliar.

What’s SSL Certificate?

SSL Certificate (Secure Sockets Layer Certificate) is used to make a website secure; this is done by ensuring that all communication that occurs between the user/web browser and website/web-server remains encrypted. To put it more simple, SSL Certificate ensures encryption and decryption of messages that are transmitted between a browser and a server. Thus, cybercriminals who’d want to use malware to hack websites and steal sensitive personal data would find it impossible to accomplish this.

How does an SSL Certificate work?

It all happens like a multi-step process

  • When a browser attempts to connect to any SSL secured website, it first asks the web server to identify itself.
  • The website responds by identifying itself with a copy of the SSL certificate.
  • The browser checks the trust level of the SSL certificate. If so, it sends a message to the server.
  • The server then responds with a digitally signed acknowledgment to start an SSL encrypted session.

It is then that an encrypted communication commences, between the user/browser and the website/server.

SSL Certificate

When do you need SSL Certificates?

In the modern world SSL Certificates are needed for almost all kinds of websites. The emails that you send needs to be encrypted, your chats need to be encrypted, your online money transactions need to be encrypted, and the login details (including passwords) which you have stored on your system/mobile device need to be protected. Thus, you need SSL certificate almost in all online interactions these days, to ensure your privacy and to prevent data breach of all kinds. Still, if you feel like asking “When do I need SSL certificates”, here’s a brief list of sorts-

  • If you have a website that sells products and performs financial transactions.
  • If you have a website that handles financial transactions via third party online money transfer services like PayPal, Google Wallet, Venmo etc.
  • If you are in any way receiving, sending or storing users’ personal data, like bank account data, credit card data etc.
  • If you want your business to have a good image and if you want to earn the trust of your customers.
  • If you have a member/login area of your site, where passwords are stored.
  • If you want your website to rank better on Google.
  • If you run a company and want the organizational network to be secure.
  • If you run a company and want to convey the company’s genuineness to customers. (Because SSL Certificates are issued after thorough identity check).

These are just some of the instances where SSL certificates would benefit you.

What is SSL Sniffing and how SSL Certificate thwarts it?

SSL Sniffing refers to instances when unauthorized persons try to get onto your server and attempt sniffing out your SSL information. They could then use this information to either recreate your website for phishing purposes or hack and infect your website with potential dangerous malware or steal sensitive information like credit card data/bank account data.

SSL works based on public/private-key cryptography. While the public key is used for encryption, the secret private key is used for decryption. The server sends a copy of its public key and a session is established between the server and the browser wherein the browser encrypts the communication with the server’s public key. But then the decryption can only happen using the matching private key, which is secret. Thus if an attempt is made at sniffing, the hacker using the proxy server would be able to get the public key. The server sends the public key to anyone who connects to it. But the malicious proxy wouldn’t have the private key and hence wouldn’t be able to decrypt the encrypted communication. Thus, a good, trusted SSL Certificate (with keys that are at least 2048 bits) prevent SSL sniffing very effectively.

 


SSL Sniffing

 

Be Sociable, Share!
Be Sociable, Share!

Add new comment

Your name
Comment

You may use these HTML tags and attributes: <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>