SSL Within the Context of Website Security
2021-10-20 03:56:05 Author: blog.sucuri.net(查看原文) 阅读量:31 收藏

There is a common misconception that if someone adds SSL (Secure Sockets Layer) to their blog site or company website then it will protect them from cyber crimes. SSL only protects the data of the client who uses the website. Other than providing protection for website visitors’ data, SSL does not in fact make a website secure.

To understand why, let’s unpack what SSL is and how it impacts your websites’ security.

What is SSL?

SSL and its newer and cooler cousin TLS ( Transport Layer Security) are cryptographic protocols that encrypt data being sent across the internet. TLS has since replaced SSL due to  some serious vulnerabilities, but the term to refer to this security feature is still SSL. Just note that we mean TLS when we say SSL.

SSL makes sure that when a website visitor logs in, or checks out of an ecommerce site their personal information is not “understood” by anyone who may be snooping other than the intended party, or server.

Having an SSL certificate allows websites to have https in their url instead of an http

Why Should you Care?

Reputation

SSL allows you to provide a safe environment for your customers. If their data is stolen because your site is not secured, this can damage your reputation in reviews and word of mouth. The risk is real. Compared to Q1 of 2021, Q2 of 2021 has seen the volume of stolen payment data more than double

Not Having SSL Spooks Your Website Visitors

If you don’t have SSL your clients are vulnerable to having their data “sniffed”, not only that, but your company ranking and user experience can suffer. Browsers have started tagging HTTP sites in more obvious ways to deter visitors. When users try to enter a site without an SSL certificate, they are greeted with a warning stating that the site they are about to enter is Not Secure. This causes many visitors to reconsider a competitor’s secure site instead.

Source: Google Images

Search Ranking Goes Down

When Google announced a change to their ranking algorithm that would factor in a website’s SSL certificate, SSL became the norm overnight. This was in 2014, and the expectation from consumers for all websites to have SSL, has only increased over time.

What SSL Does and Does Not Do

SSL secures the client’s data through encryption. The client’s browser performs a “handshake” with the website’s server that creates a secret encryption known only by the server and the client.  

It does not secure the website from malware infections, cross-site-scripting, DDoS attacks, SQL-Injection etc. But that is because SSL is not intended to protect you from these things. It is intended to protect the transmission of data with the client. It does its job and provides a level of confidence to consumers. That leaves the rest of the daunting task of website security to you, or your friendly website security vendor Sucuri 😉

Think of SSL as writing a message in a very specific way, where only the person who you intend to receive it will ever understand. Anyone who may come across that message will never make sense of it. 

One good example is how we often see in spy movies, someone draws an X on a random trash bin. To you it would make no sense, but the person it was written to will understand it.

Where do I get an SSL Certificate?

You purchase an  SSL Certificate from your web hosting or security service provider or a Certificate Authority ( CA). There are CAs like Lets Encrypt that provide SSLs for free in the interest of creating a safer internet. Many service providers, including Sucuri, also offer this benefit for free with their products.

SSL makes the World Wide Web a safer place for consumers, and keeps your search engine results from being penalized. Have any unanswered questions about SSL? Check out our free SSL guide or drop us a line..

Allison Bondi is a marketing specialist for Sucuri. She joined the company in 2021. Allison's main responsibilities include writing website copy, blog posts, and editing content. Allison's professional experience includes 10 years working for SaaS and Telecom companies on content strategy and development, customer experience, and thought leadership. When Allison isn't writing you can find her in her garden or brewing kombucha.

Reader Interactions


文章来源: https://blog.sucuri.net/2021/10/ssl-within-the-context-of-website-security.html
如有侵权请联系:admin#unsafe.sh