Upgrading and Repairing Networks (5th Edition)

SOME OF THE MAIN TOPICS IN THIS CHAPTER ARE

Symmetric and Asymmetric Encryption

Does SSL Provide Enough Security for Internet Transactions?

OpenSource SSL

Sending important information across the Internet, such as your credit-card numbers , can be a problem when using a clear-text method. Using clear-text is just about as bad as giving your credit-card number to a telephone solicitor. If you don't know who's on the other side of the transaction, can you be sure that your information will be kept secret?

In the case of Internet transactions, you should first be sure that you are dealing with a reputable vendor that has adopted a good privacy policy ”and that the vendor is not a fly-by-night Web site. This may be difficult at times, because there are so many Web sites that will sell you everything you can imagine. As always, if it's too good to be true, then it probably isn't. Yet if you are making a purchase from a reliable vendor, you need to further be sure that your credit-card information (as well as other privacy information, such as your name and address) are kept confidential between you and the vendor.

Determining whether a vendor is reliable is beyond the scope of this book. But the subject of this chapter, the Secure Sockets Layer (SSL) protocol, still plays an important role in ensuring secure data transfers across the Internet. SSL provides the means of authentication, proving that the server is who it says it is, and possibly vice versa. To facilitate this authentication, SSL implements a key exchange that is used to encrypt data transfers.

Just as a clear-text transaction is not acceptable on a small network, or a large intranet, the same applies to the Internet. And indeed, with the many millions of Web sites on the Internet, the security problems are exponentially greater than on a company network or small LAN.

The Secure Sockets Layer protocol was developed to address just that kind of situation. Any information you exchange between your computer and a vendor on the Internet can be encrypted and offer you a great deal of security. Note that this does not prevent a hacker from infiltrating a Web site and stealing credit card or other personal information if that information is not encrypted or otherwise securely stored. SSL just protects the transactions that occur between you and the Internet vendor. This is another reason you should choose carefully the dealers you interact with on the Interact.

Note

The Secure Sockets Layer was originally developed by Netscape. It was adopted by both Netscape Navigator and Microsoft's Internet Explorer, as well as many other browsers. SSL is a common method today for exchanging secure transactions on the Internet. An Internet draft, "The SSL Protocol Version 3.0," was published in 1996. It is not yet an Internet standard, however.

SSL can be used to authenticate Web servers and clients and to provide a means to encrypt data that flows between them.

Категории