Hardware Reference
In-Depth Information
protocols operate at Session layer (level 5) in the OSI model that was mentioned earlier in
the chapter.
The basic unsecured protocol used for web traffi c is
Hypertext Transport Protocol
(HTTP).
Addresses that begin with
http://
produce results sent to your computer in an
unsecured, unencrypted way that is easy to spy on with
packet-sniffi ng
software. Packet-
sniffi ng software allows even not-very-technical users to view data that is being sent online.
Hypertext Transfer Protocol Secure (HTTPS)
is a secure version of Hypertext
Transport Protocol (HTTP) that combines regular HTTP with
Transport Layer Security
(TLS)
or
Secure Sockets Layer (SSL)
security encryption to exchange data between a web
browser and a web server in privacy. HTTPS connections are typically used when valuable
information is involved, such as credit card numbers. Addresses that begin with
https://
are secure HTTP addresses.
There are two parts to HTTPS security: ensuring that the website is what it seems, and
ensuring that data sent to it won't be snooped on its way there.
For the fi rst part, ensuring the identity of the website, HTTPS relies on
certifi cate
authorities
: companies that issue and manage digital certifi cates for a fee. A certifi cate
authority such as VeriSign or Microsoft issues a certifi cate to a website, and then the
website sends information about its certifi cate to the requesting page. The web browser
receiving the data checks with the certifi cate authority to make sure the certifi cate
is valid.
For the second part, ensuring the data isn't snooped, TLS or SSL is used to encrypt the
data being sent and then unencrypt it at the receiving end. TLS and SSL are two different
versions of the same basic technology, with TLS being the newer version. You don't need to
know the technical details of how it works for the Strata exam.
Companies that need web-based communications to be secure at all times
can create a
virtual private network (VPN)
. A VPN is like a secure tunnel
that runs from one point to another across the Internet. It uses the public
Internet routes, but the transactions are shielded from snooping because
they're in an encrypted secure pathway.
EXERCISE 3.12
Secure vs. Unsecure Web Transactions
1.
Open a web browser window, and go to
www.amazon.com
. Notice the address in the
address bar:
http://www.amazon.com
.
2.
Add an item to your shopping cart. (It can be any item; you aren't actually going to buy
it.) Then view the shopping cart. Notice that the address bar still starts with
http:
.
3.
Click the Proceed To Checkout button. If prompted to log in, do so if you already have an
account; otherwise create one.
