If you think about it, you\u2019ll probably recall that there\u2019s a green padlock icon on your online banking website, and it usually includes the name of your bank. That\u2019s SSL and it\u2019s what will save you from becoming a victim of nefarious hacks.<\/p>\n In this article, I will explain, in layman\u2019s terms, what SSL means, and its importance in today\u2019s everyday computing.<\/p>\n Let\u2019s start with the basics: SSL stands for Secure Sockets Layer.<\/p>\n SSL is the standard implementation for establishing a secure and encrypted link between two points on the internet \u2014 say your computer and a web server.<\/p>\n It has since been updated to SSL\/TLS or Secure Sockets Layer\/Transport Layer Security, but it is still known simply as SSL for simplicity. It is also the basis for secure HTTP or HTTPS \u2014 it is basically a website transported through hypertext transfer protocol that goes through a secure, encrypted connection.<\/p>\n Too much jargon? Let\u2019s simplify it even further, with some analogies.<\/p>\n Suppose you want to open an account with your local bank. You approach the teller, but she does not want to open one for you, since she does not know you (and since your account will be the basis for future transactions). One option is for the bank to call the authorities (the state department for example, or social security, or the department of motor vehicles) since they have your identification.<\/p>\n But that seems to be tedious, so she asks for identification, instead. You provide your passport, which contains your personal details, biometrics, etc. This serves as the document that authenticates your identity. However, the document in itself does nothing exceptional except identify you. You cannot use it to withdraw money from your bank, per se.<\/p>\n However, because your passport is an identifying document issued by a trusted authority (the government, the state department in particular), you can use it to open an account, acquire and ATM card, which you can then use to withdraw from the bank.<\/p>\n Similarly, the same scenario happens when you are accessing a secure website. Your client seeks authentication and identification from the web server, which it presents through its SSL certificate. The website cannot simply say \u201cI am bank of America\u201d \u2014 it needs a trusted certificate provider to establish this identity. This actually\u00a0takes the form of an SSL handshake<\/a>, which is a back-and-forth communication to establish a connection and identification before the web browser actually requests the needed information.<\/p>\n Now, not all SSL certificates and certificate providers are made equal.<\/p>\n Some are enterprise-grade certificates and cost a pretty penny (worth thousands of dollars annually or so), while some are practically free, such as with\u00a0LetsEncrypt.<\/p>\n An analogy here is that your passport is a secure indication of your citizenship to a country, and it is a trustworthy document that establishes your citizenship and identity. It can even be used to travel to other countries. Note, however, that not all passports are the same. Some are more \u201cpowerful\u201d than others, since a bearer can travel to more countries without requiring a visa. For other passport bearers, they are required to secure additional documents (visa or other travel documents) before being granted access to a country.<\/p>\n In the same breath, SSL certificates are different. In the example above, for example, the certificate\u2019s name itself is displayed on the browser, and it is one of the top-tier types of certificates. Most lower-grade certificates only indicate the \u201cSecure\u201d icon, but the certificate owner\u2019s name is not presented.<\/p>\n Granted, not all websites require the security of a bank website.<\/p>\n If you run a small blog, then security is appreciated, but not a deal-breaker. If you run an ecommerce website or a fintech company, however, users are bound to share details like addresses, card numbers, and the like. In this case, it would be necessary to have a top-tier SSL certificate.<\/p>\n SSL certificates come in different grades, as assessed by platforms like\u00a0ssllabs.com. For example, The Next Web has an A+ certificate.<\/p>\n One way of establishing a Grade A+ certificate without spending a lot is by deploying your website or app infrastructure over a content delivery network that itself has a Grade A+ certificate, wherein your website will inherit the CDN\u2019s own SSL certificate grade.<\/p>\n This does not preclude other potential dangers, such as social engineering attacks, spoofing attacks, and other such attack vectors that can circumvent the security of connections.<\/p>\n To conclude with my earlier analogy, it\u2019s like someone creating a fake ID and pretending to be you while making a transaction at the bank, or someone stealing your ATM or credit card and using it to buy items or withdraw money (with the right PIN).<\/p>\n Still, SSL is certainly the bare minimum of ensuring security of transactions and communications across client and server. No website or application should be without it, and you, as a user, should be wary of sending information across non-secure connections.<\/p>\n Source: This article<\/a> was formally published on TNW<\/a><\/p>\n","protected":false},"excerpt":{"rendered":" Time and again, we hear of incidents involving identity theft, stealing of account passwords, installation of malware from web sources, and even ransomware. All of these security breaches have a certain attack vector in common, and that is\u00a0social engineering\u00a0\u2013 when you\u2019re tricked into clicking on a link you\u2019re not supposed to, and when you open files or applications from dubious sources. It\u2019s an easy mistake to make, especially when the website looks legitimate, but it\u2019s also easy to avoid \u2014 if you know what SSL is. If you think about it, you\u2019ll probably recall that there\u2019s a green padlock icon on your online banking website, and it usually includes the name of your bank. That\u2019s SSL and it\u2019s what will save you from becoming a victim of nefarious hacks. In this article, I will explain, in layman\u2019s terms, what SSL means, and its importance in today\u2019s everyday computing. What is SSL, and how does it work? Let\u2019s start with the basics: SSL stands for Secure Sockets Layer. SSL is the standard implementation for establishing a secure and encrypted link between two points on the internet \u2014 say your computer and a web server. It has since been updated to SSL\/TLS or Secure Sockets Layer\/Transport Layer Security, but it is still known simply as SSL for simplicity. It is also the basis for secure HTTP or HTTPS \u2014 it is basically a website transported through hypertext transfer protocol that goes through a secure, encrypted connection. Too much jargon? Let\u2019s simplify it even further, with some analogies. Suppose you want to open an account with your local bank. You approach the teller, but she does not want to open one for you, since she does not know you (and since your account will be the basis for future transactions). One option is… <\/p>\n![\"\"](\"https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2017\/07\/image3-3.png\")
<\/figure>\nWhat is SSL, and how does it work?<\/b><\/h2>\n
![\"\"](\"https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2017\/07\/image2-4-796x456.png\")
<\/figure>\nIs it that simple, then? Can\u2019t I just acquire a certificate from a cheap provider?<\/b><\/h2>\n
![\"\"](\"https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2017\/07\/image5-2.png\")
<\/figure>\n![\"\"](\"https:\/\/cdn0.tnwcdn.com\/wp-content\/blogs.dir\/1\/files\/2017\/07\/image4-3-796x379.png\")
<\/figure>\nLet\u2019s recap<\/b><\/h2>\n