Secure Sockets Layer (SSL) is a method of encrypting and protecting secure web pages. Secure pages are those where the communication between them and the browser is encrypted and the identity of the company or person representing the pages can be clarified.
When a web surfer reaches a secure page, the lock symbol ( ) appears at the top and bottom of the browser, and sometimes it even makes a locking sound.
These indicate to the web surfer that the page is secure. Double-Clicking the lock symbol while visiting a secure page will display the identity of the company that owns the secure pages. (When clicking on the lock, it is recommended to check the name of the company responsible for the encryption and not be tempted to give your details to just any ephemeral company which has fabricated an opportunity for themselves).
The company issuing the SSL key which allows displaying secure pages is responsible for the truth of the information that appears.
Web surfers have enormous trust in secure pages. While working on a secure page, it is possible, for example, to transfer a credit card number without worrying that somebody eavesdropping for a prolonged length of time on the communication between the surfer’s computer and the website can receive the number and use it. In addition, secure page web surfers know that they can contact the website owner, their address and telephone numbers appear there, and their veracity has been checked by the company who issued the SSL key.
Credit card companies guarantee that order forms containing credit card numbers will be secure.
Generally, it is not recommended to secure all pages on a website. Encryption and deciphering slow the computer down. Secure pages load much more slowly than pages which are not secure.
Another tip which will reduce your concern a bit is VeriSign’s EV automatic identifier buying option which, together with Microsoft’s new browser (IE7), includes a false website (phishing) detection mechanism, protects you and prevents you from falling victim to fraud and impersonated websites. Instead of hoping that the client will remember to click on the lock, more and more websites are offering the option of the browser automatically painting an impersonated website in red. In such a website, surfing must be avoided and of course revealing personal information, such as bank account number, identification details, etc.
On the other hand, the color green indicates a trustworthy website where it is possible to surf safely without concern.
The slide shows a website pretending to be a bank website, but it is in fact an impersonated website. Internet Explorer 7 immediately displays the risk.
The system checks whether the address code in the website matches its description and whether the website is impersonated. If it is, a warning will be displayed.
SSL encryption infrastructure was established as a solution to transferring confidential information on the internet. The idea is that all information transferred to or from your computer is encrypted so that eavesdropping does not reveal the transferred information. SSL infrastructure is based on digital certification, which, for example, is provided through a certificate authority. Double-clicking on the lock symbol will display the authorization. If the authorization is not in order (eg. if the website name does not match what is written in the authorization, a warning window appears. In this case, you should be cautious before continuing. Perhaps a specific entity is pretending, with their own website, to be another site or organization).
In addition, SSL infrastructure is based on the principle that local information connected to the encrypted communication is not stored (eg. credit card numbers) on the computer, and this way sensitive information is well protected.
It is important to note that only the presence of a lock symbol at the top/bottom of the browser indicates encryption. It is important not to make do with a declaration that the website is secure, but to verify it by double-clicking the lock symbol.
Types of protection:
The longer the encrypted key (the SSL key, which allows displaying secure pages and is issued by an issuing company), the stronger the encryption and the better the information is protected. The length of the most prevalent keys on the market today is128 bit and 40bit.
The preference of course is for 128bit, and today, most browsers can display an encrypted page through this length key.
ComSign represents VeriSign in Israel, the most trusted company around the globe in SSL
. (Every self-respecting website which respects its clients’ privacy will use these certificates).
If you are interested in additional details and tailoring the certificate to your website, click here.