Embed Size (px)
Citation preview
Securing email communications sent to and from your network.
A quick guide toSSL/TLS certificatesMAKING THE BEST CHOICE WHENCONSIDERING YOUR WEBSITESECURITY OPTIONS
HOW DOES SSL ENCRYPTION WORK?IN THE SAME WAY THAT YOU LOCK AND UNLOCK DOORS
USING A KEY, ENCRYPTION MAKES USE OF KEYS TO LOCK AND UNLOCK YOUR INFORMATION.
Unless you have the right key, you will not be able to “open” the information.
EACH SSL SESSION CONSISTS OF TWO KEYS:
The public key is used toencrypt (scramble) the
information.
The private key is used todecrypt (un-scramble) theinformation and restore it
to its original format sothat it can be read.
? ! $ SSL
How Do I Know That a Site Hasa Valid SSL Certificate?
Where Would I Usean SSL Certificate?
ANYWHERE THAT YOU WISH TO TRANSMITINFORMATION SECURELY.
Securing communications between your website and your customer’s Internet browser.
Securing internal communications on your corporate intranet.
Securing information between servers (both internal and external).
Securing information sent and received via mobile devices.
Different Types of SSL Certificates
Tech Talk Made Simple} Encryption Information is “scrambled” so that it cannot be used by anyone other than the person for whom it is intended. {
}Decryption “Un-scramble” information and put it back in its original format. {
}Key A mathematical formula, or algorithm, that is used to encrypt or decrypt your information. In the same way that a lock with many different combinations is more difficult to open, the longer the length of the encryption key (measured in number of bits), the stronger the encryption. {
}Browser A software program that you use to access the Internet.Examples include: Microsoft Internet Explorer (IE); Mozilla Firefox, Apple Safari, RockMelt, and Google Chrome. {
https://www.website.com1 2 4
3
4
Authentication and VerificationContains information about the authenticity of certain details regarding the identity of a person, business or website.
A digital computer file (or piece of code) that has two specific functions.
What Is an SSL Certificate?
Data EncryptionEncrypts sensitive information exchanged via the website so it cannot be intercepted and read by anyone other than the intended recipient.
1
3
HTTPS://A website that is secured with a SSL certificate will display “https://” before
the address. This stands for “Secure HTTP.”
Trust markOften, you will alsonotice a trust mark
displayed on the website itself.
2
PadlockYou will also see a
padlock symbol on the top or bottom of the
Internet browser.
AuthenticationBy clicking the closed
padlock in the browser window, the website
visitor sees the authenticated organisation name.
All Symantec SSL certificates are fully authenticated
In the past, intermittent use of SSL to protect only certain pageswas enough. Today, leaving the rest of a user’s session unsecured could
put them at risk of attack. Always-On SSL delivers high level SSL protection throughout your entire website. Visitors will see HTTPS on
every page reassuring them at every step that it is safe to search,share, and shop with you online.
ALWAYS-ON SSL =SAFE FROM START TO FINISH
“A recent survey suggests 57% of respondentsare worried their data is not safe”
Symantec Website Security Threat Report (WSTR) 2015
“Between May and September 2014 alone Symantec saw a 14-fold increase in cryptoware”
Symantec WSTR 2015
“In 2014, 76% of websites Symantec scanned had vulnerabilities.Critical vulnerabilities rose from 16% to 20%”
Symantec WSTR 2015
“The Heartbleed vulnerability left approximately half a million websites with Open SSL software at risk of significant data breaches in April 2014”
Symantec WSTR 2015
"The number of new malware variants grewby 26% from 2013 to 2014"
Symantec WSTR 2015
"There was 45 times more crypto-ransomwarereported in 2014 than 2013"
Symantec WSTR 2015
www.
Self-signed certificateAs the name implies, this is a certificate that is generated for internalpurposes and is not issued by a CA. Since the website owner generates theirown certificate, it does not hold the same weight as a fully authenticated andverified SSL certificate issued by a CA.
A Domain Validated certificate is considered anentry-level SSL certificateThe only verification check performed is to ensure that the applicant owns the domain (website address) where they plan to use the certificate. No additional checks are done to ensure that the owner of the domain is a valid business entity.
A fully authenticated SSL certificate is the firststep to true online securityCertificates are only granted once the organisation passes a number ofvalidation procedures and checks to confirm the existence of the business, the ownership of the domain, and the user’s authority to apply for the certificate.
Trust makes all the differencein the world of online business
For more information visit:www.symantec.com/ssl
CALL:1-877-438-8776 OR 1-520-477-3102
$
The leading provider of SSL certificates globally
Secures more than one million web servers worldwide
Secures over two-thirds of websites using Extended Validation SSL
Secures the biggest names in e-commerce and banking*
*Includes Symantec subsidiaries, affiliates, and resellers.
