Secure Socket Layer - An Overview
Secure Socket Layer
In a perfect world, persons using the internet would be browsing websites without hackers being able to gain access to their information. However, this world is not perfect and internet users are vulnerable to attacks carried out by hackers; On the internet, and data you send can be seen and manipulated by others. The currently used solution for this problem is websites allowing their users to use Secure Connections to browse the internet.
Secure Connections, achieved through the use of Secure Socket Layer (SSL) is a protocol used to create a uniquely encrypted channel to facilitate communication between a web server(eg:Yahoo) and web browser(End User). Data passed within this channel is encrypted with one of several encryption algorithms; when this channel is created, decryption keys are exchanged between the client and server, thereby allowing only each other to be able to read the information passed between them. This encrypted connection is almost impossible to hack, and there are several advantages of using secure connections, however there are also several disadvantages of using secure connections:
- Customer Confidence: This is an extremely important benefit of having an SSL certificate. It assures customers that you are taking the proper steps to protect their personal information. A well-informed and seasoned Internet shopper knows that secure sockets layer (SSL) protection is a necessity.
- Since a unique connection is made between the server and the client, the data passed over an SSL connection cannot be tampered with.
- Another advantage of secure sockets layer (SSL) protection is that it makes data transferred over the internet private. The encryption used by the secure sockets layer turns useful data, such as credit card numbers, addresses and other payment information, into useless bits of information. Random characters appear. Only the right recipient – one with the encryption key – can decode the messages. This means that you have a private communication channel. If someone else tries to intercept the information, it will appear to be useless.
- SSL communication over the internet is slower than communication without SSL. (IBM)
- SSL is costly to setup and maintain (SSLShopper.com, 2011).
- SSL has complex installations and setup process (ehow.com, 2011).
- Sites Load slower with SSL because there is no caching (ezinearticles.com).
- Secure connections consume a lot of server resources (processor, bandwidth, RAM) (SSLShopper.com, 2011).
- There is hardware available to boost the performance of a server with SSL installed, but this hardware is expensive.
- With the use of SSL, performance of a web-server will vary, depending on several conditions. A server with SSL installed may be up to 1/5 slower than the same server without SSL.
- SSL is purchased per IP address, therefore websites must pay for SSL for each IP address they need to implement SSL on.
- Most websites use a combination of both SSL and unencrypted connections; this allows hackers to force unencrypted connections on a page that is supposed to be encrypted by SSL.
- Authentication through conventional SSL can be weak and subject to man-in-the-middle attacks (Seltzer, 2010).
- With the increased use of SSL today, hackers are finding more ways to hack or bypass SSL on websites. This can be concluded due to the fact that, as the use of SSL has increased over the last few years, so has the amount of SSL hacks.
Based on the above mentioned issues, it can be concluded that SSL is a must for websites dealing with sensitive information of clients. However, it can also be concluded that Secure Connections may not always be feasible for a website to use and may not always be fully secure against internet based attacks. Therefore we can say that encrypted connections are not always feasible to use, and that even if a website is using SSL, it may still be vulnerable to attacks from hackers.