Upgrading and Repairing Networks

Chapter 34. The Secure Sockets Layer (SSL) Protocol

SOME OF THE MAIN TOPICS IN THIS CHAPTER ARE

Symmetric and Asymmetric Encryption 648

Does SSL Provide Enough Security for Internet Transactions? 652

OpenSource SSL 652

Sending important information across the Internet, such as your credit-card numbers, can be a problem when using a clear-text method. Using cleartext is just about as bad as giving your credit-card number to a telephone solicitor. If you don't know who's on the other side of the transaction, can you be sure that your information will be kept secret?

In the case of Internet transactions, you should first be sure that you are dealing with a reputable vendor that has adopted a good privacy policyand that the vendor is not a fly-by-night Web site. This may be difficult at times, because there are so many Web sites that will sell you everything you can imagine. As always, if it's too good to be true, then it probably isn't. Yet if you are making a purchase from a reliable vendor, you need to further be sure that your credit-card information (as well as other privacy information, such as your name and address) are kept confidential between you and the vendor.

Determining whether a vendor is reliable is beyond the scope of this book. But the subject of this chapter, the Secure Sockets Layer (SSL) protocol, still plays an important role in ensuring secure data transfers across the Internet. SSL provides the means of authentication, proving that the server is who it says it is, and possibly vice versa. To facilitate this authentication, SSL implements a key exchange that is used to encrypt data transfers.

Just as a clear-text transaction is not acceptable on a small network, or a large intranet, the same applies to the Internet. And indeed, with the many millions of Web sites on the Internet, the security problems are exponentially greater than on a company network or small LAN.

The Secure Sockets Layer protocol was developed to address just that kind of situation. Any information you exchange between your computer and a vendor on the Internet can be encrypted and offer you a great deal of security. Note that this does not prevent a hacker from infiltrating a Web site and stealing credit card or other personal information if that information is not encrypted or otherwise securely stored. SSL just protects the transactions that occur between you and the Internet vendor. This is another reason you should choose carefully the dealers you interact with on the Interact.

SSL can be used to authenticate Web servers and clients and to provide a means to encrypt data that flows between them.