Security is about risk management. Online, security is about reducing the risk of exposing information to the general Internet.
Consider the two actions occurring on any device connected to the Internet:
Communication is the heart of the Internet. The standard Internet protocol suite, known as TCP/IP (Transmission Control Protocol and Internet Protocol), is the basis for a collection of additional protocols designed to interconnect computer systems across the world in different ways. For example:
Unfortunately, in the initial designs of the Internet, preventing unauthorized access to data while in transit and the verification of the communicating parties were not primary concerns. As a result, many of the protocols that use TCP/IP do not incorporate encryption or other security mechanisms by default.
The consequence is that anyone can “listen in” (not just the NSA) as data is transmitted across the Internet. That is, none of the protocols in the sample list employ any kind of encoding that restricts access to the data as it travels from one system to another.
HTTP – the protocol of the web – does, however, have a solution to this problem. SSL (Secure Sockets Layer) establishes a process to incorporate cryptographic methods that identify the parties in communication and establish a secure method of data transmission over the web (HTTPS).
Note: Today SSL’s successor is TLS (Transport Layer Security), but it is still commonly referred to as SSL (or more accurately SSL/TLS).
Since the initial phase of establishing a SSL/TLS connection incorporates intense mathematical calculations, implementation in the past had been limited to specific webpages (an e-commerce site’s checkout page, for example). However, today the trend is to implement as broadly as possible.
Does your website need SSL/TLS? That’s a risk assessment you need to make with your web developer and hosting provider. But consider:
Our next security post will cover the second topic: data storage. In the meantime, have a question about security and the web? Post your question in the comments section below.