Why SSL?

As a web developer, I have come across many customers who ask Why do I
need SSL? What will it do for me? This is an important question for anyone involved in
the web to understand. SSL is the backbone of our secure Internet and it protects your
sensitive information as it travels across the world. It keeps the Internet from being
ruled by anarchists and criminals and provides many direct benefits to you and your
customers.

Benefits of SSL
Why use SSL? To Encrypt Sensitive Information
The primary reason why SSL is used is to keep sensitive information sent across the
Internet encrypted so that only the intended recipient can understand it. This is
important because the information you send on the Internet is passed from computer to
computer to get to the destination server. Any computer in between you and the server
can see your credit card numbers, usernames and passwords, and other sensitive
information if it is not encrypted with an SSL certificate. When an SSL certificate is used,
the information becomes unreadable to everyone except for the server you are sending
the information to. This protects it from hackers and identity thieves.

Authentication
In addition to encryption, a proper SSL certificate also provides authentication. This
means you can be sure that you are sending information to the right server and not to a
criminals server. Why is this important? The nature of the Internet means that your
customers will often be sending information through several computers. Any of these
computers could pretend to be your website and trick your users into sending them
personal information. It is only possible to avoid this by using a proper Public Key
Infrastructure (PKI), and getting an SSL Certificate from a trusted SSL provider.
Why are SSL providers important? Trusted SSL providers will only issue an SSL certificate
to a verified company that has gone through several identity checks. Certain types of
SSL certificates, like EV SSL Certificates, require more validation than others. How do
you know if an SSL provider is trusted? You can use our SSL Wizard to compare SSL
providers(link) that are included in most web browsers. Web browser manufactures
verify that SSL providers are following specific practices and have been audited by a
third-party using a standard such as WebTrust.

Why Use SSL? To Gain Your Customers Trust

Web browsers give visual cues, such as a lock icon or a green bar, to make sure visitors
know when their connection is secured. This means that they will trust your website
more when they see these cues and will be more likely to buy from you. SSL providers
will also give you a trust seal that instills more trust in your customers.

PCI Compliance
It is also important to know that you take credit card information on your website unless
you pass certain audits such as PCI compliance which require a proper SSL certificate.

Why SSL protects from phishing

A phishing email is an email sent by a criminal who tries to impersonate your website.
The email usually includes a link to their own website or uses a man-in-the-middle attack
to use your own domain name. Because it is very difficult for these criminals to receive a
proper SSL certificate, they wont be able to perfectly impersonate your site. This means
that your users will be far less likely to fall for a phishing attack because they will be
looking for the trust indicators in their browser, such as a green address bar, and they
wont see it.

Disadvantages of SSL
With so many advantages, why would anyone not use SSL? Are there any disadvantages
to using SSL certificates? Cost is an obvious disadvantage. SSL providers need to set up
a trusted infrastructure and validate your identity so there is a cost involved. Because
some providers are so well known, their prices can be overwhelmingly
high. Performance is another disadvantage to SSL. Because the information that you
send has to be encrypted by the server, it takes more server resources than if the
information werent encrypted. The performance difference is only noticeable for web
sites with very large numbers of visitors and can be minimized with special hardware.
Overall, the disadvantages of using SSL are few and the advantages far outweigh
them. It is critical that you properly use SSL on all websites that require sending
sensitive information. Proper use of SSL certificates will help protect your customers,
help protect you, and help you to gain your customers trust and sell more. If youre
still not sure why SSL should be used on your website, read more of our SSL FAQ

An organization needs to install the SSL Certificate onto its web server to initiate
secure sessions with browsers. Depending on the type of SSL Certificate applied for,
the organization will need to go through differing levels of vetting. Once installed, it is
possible to connect to the website over https://www.domain.com, as this tells the
server to establish a secure connection with the browser. Once a secure connection is
established, all web traffic between the web server and the web browser will be
secure. Browsers tell visitors a website is SSL secure via several visible trust
indicators:
Extended Validation (EV) SSL Certificates (such as GlobalSign ExtendedSSL):

Standard SSL Certificates (such as GlobalSign DomainSSL and OrganizationSSL)

display:

GlobalSign offers a range of SSL Certificates with the

strongest 2048 bit encryption and value add features to
ensure your website is protected.
Help me choose the right SSL certificate based on my website's needs.

What is Authentication Header and how it provides the

protection to IP header?
Basically Authentication Header protects IP header and provides the complete
authenticity to the IP packets.
AH may work in two ways: transport mode and tunnel mode.
In tunnel mode; AH protects the IP header using two IP header layers inner and outer.
Inner IP header is used to contain the source and destination addresses, and the outer
IP header is used to contain the security gateway information.
The Authentication Header (AH) is an IPSec protocol that provides data integrity,
data origin authentication, and optional anti-replay services to IP. Authentication
Header (AH) does not provide any data confidentiality (Data encryption). Since
Authentication Header (AH) does not provide confidentiality, there is no need for an
encryption algorithm. AH protocol is specified in RFC 2402.
Authentication Header (AH) is an IP protocol and has been assigned the protocol
number 51 by IANA. In the IP header of Authentication Header (AH) protected
datagram, the 8-bit protocol field will be 51, indicating that following the IP header is
an Authentication Header (AH) header.

Figure 6: Authentication Header (AH) - Header

Next Header: Next header field points to next protocol header that follows the AH
header. It can be a Encapsulating Security Payload (ESP) header, a TCP header or a
UDP header (depending on the network application).
Payload Length: specifies the length of AH in 32-bit words (4-byte units), minus 2.
RESERVED: This field is currently set to 0, reserved for future use.
Security Parameter Index (SPI): The Security Parameter Index (SPI) field contains the
Security Parameter Index, is used to identify the security association used to
authenticate this packet.
Sequence Number: Sequence Number field is the number of messages sent from the
sender to the receiver using the current SA. The initial value of the counter is 1. The
function of this field is to enable replay protection, if required.
Authentication Data: The Authentication Data field contains the result of the Integrity
Check Value calculation, that can be used by the receiver to check the authentication
and integrity of the packet. This field is padded to make total length of the AH is an
exact number of 32-bit words. RFC 2402 requires that all AH implementations
support at least HMAC-MD5-96 and HMAC-SHA1-96.

Key distribution
From Wikipedia, the free encyclopedia

In symmetric key cryptography, both parties must possess a secret key which they must
exchange prior to using any encryption. Distribution of secret keys has been problematic until
recently, because it involved face-to-face meeting, use of a trusted courier, or sending the key

through an existing encryption channel. The first two are often impractical and always unsafe,
while the third depends on the security of a previous key exchange.
In public key cryptography, the key distribution of public keys is done through public key servers.
When a person creates a key-pair, he keeps one key private and the other, public-key, is
uploaded to a server where it can be accessed by anyone to send the user a private, encrypted,
message.
Secure Sockets Layer (SSL) uses Diffie-Hellman key exchange if the client does not have a
public-private key pair and a published certificate in the Public Key Infrastructure, and Public Key
Cryptography if the user does have both the keys and the credential.
Key distribution is an important issue in wireless sensor network (WSN) design. There are many
key distribution schemes in the literature that are designed to maintain an easy and at the same
time secure communication among sensor nodes. The most accepted method of key distribution
in WSNs is key predistribution, where secret keys are placed in sensor nodes before
deployment. When the nodes are deployed over the target area, the secret keys are used to
create the network.[1] For more info see: key distribution in wireless sensor networks.

Storage of keys in the cloud[edit]

Key distribution and key storage are more problematic in the cloud due to the transitoriness of
the agents on it.[2] Secret sharing can be used to store keys at many different servers on
the cloud.[3] In secret sharing, a secret is used as a seed to generate a number of distinct secrets,
and the pieces are distributed so that some subset of the recipients can jointly authenticate
themselves and use the secret information without learning what it is. But rather than store files
on different servers, the key is parceled out and its secret shares stored at multiple locations in a
manner that a subset of the shares can regenerate the key.
Secret sharing is used in cases where one wishes to distribute a secret among N shares so
that M < N of them (M of N) can regenerate the original secret, but no smaller group up to M 1
can do so.[