What is a security certificate?

I'll bet one time or another you've surfed the web and suddenly
found a pop-up window in front of you, demanding your approval
for a security certificate. I occasionally see these on shopping
sites, usually the smaller, less-well-funded companies.

The first time I saw one of these windows I had no idea what to
do. What the heck is a security certificate? And whatever it is,
why is the browser asking me about it? I mean, I had enough
questions about ActiveX controls, now I was being asked about
security certificates?

Let's look at security certificates from the perspective of
dating. Let's say you are a woman looking for a date. How do
you know you can trust a person?

Well, you can just decide for yourself or you can ask a trusted
friend about the potential date. So you call up "Sally" and ask
"can I trust Bill on a date?" Sally will tell you yes or no,
and since you trust her if she says "no" the poor guy will not
be going out with you.

That's the way a security certificate works. The certificate is
an electronic document which is highly secure (encrypted) and
stamped with an identifier. That identifier says the web site with
the certificate is whom it claims to be.

The way it works is straightforward. Let's say I want to sell
something on my web site. I might purchase a security
certificate from Verisign (or any number of other companies)
to prove to people visiting my web site that I am who I say I
am.

Before it grants the certificate, I will need to provide
Verisign with proof that I am indeed the person (or company)
that I claim to be. Verisign will ask me for documents,
notarized, such as a birth certificate (for a personal
certificate) or other documents from businesses. Several
documents must be presented in order for Verisign to grant
the certificate.

Okay, now you also have to understand that your browser
automatically comes with a number of security certificates,
including one from Verisign. Thus, when you visit my secure site
my certificate is retrieved. The browser sees that my certificate
was granted by Verisign, and checks it's own certificates and
finds Verisign. The browser then grants access to the secure web
page, since it has "proof" that I am who I say I am. This means
that a secure channel is now set up so the browser can talk to
the web site (and vice versa) without fear of someone listening
in on the conversation.

So in other words, Verisign is simply a trusted organization
which verifies that people (and companies) are who they say
they are.

Remember the purpose of security certificates is merely to
provide a means whereby you can trust entities (companies and
people) on the internet. A security certificate does not in any
way imply a web site is "good", will protect your privacy or
will deliver your products.

Let me stress that again - security certificates so not imply
anything about a web site except that it is what it says it is.
They DO NOT mean the site is trustworthy or valuable.

Richard Lowe Jr. is the webmaster of Internet Tips And Secrets
at http://www.internet-tips.net - Visit our website any time to
read over 1,000 complete FREE articles about how to improve your
internet profits, enjoyment and knowledge.

Information Security Awareness Training ? Secure Sockets Layer = E-Commerce Security

It is not so hard, make webpage, find something what to sell and starting make e-commerce! In these days it is really easy, but much harder is find customers and get trust from them, because any business plan, even the most perfect, can totally fail without trust.
How to get this trust? How make webpage safe? How to known, that this webpage is dependable? That you can find out in this article!

Why e-commerce providers need customers trust?
Customer trust is really important because without that there is no business. E-commerce lean to trust... Internet is good way how to make money and also good way how to spend them, but this is also quite insecure place! Every day peoples suffer from identity thiefs and lost money, identity and reputation. Because it is so important make a place, where people-customer can feel safe and be sure that information which he hand over here, will never be use to make damage him! The trust is really hard to get and if you lose it once then it is big possibility that you lose it forever!

SSL ? Secure Sockets Layer
Secure Sockets Layer or SSL is protocol for transmitting private documents through the Internet, and also it is a way how to make your webpage safer and get customer trust. Since 1994, SSL has been the main standard for e-commerce transaction security!

How SSL works?!
SSL encrypts data, like credit cards numbers (as well other personally identifiable information), which prevents the hackers or identity thiefs from stealing your information for malicious intent.

There are 5 steps, who describe SSL encryption:
1. A customer contacts your site and accesses a secured URL: a page secured by a Server ID (indicated by a URL that begins with "https:" instead of just "http:" or by a message from the browser).
2. Your server responds, automatically sending the customer your site's digital certificate, which authenticates your site.
3. Your customer's Web browser generates a unique "session key" (like a code) to encrypt all communications with the site.
4. The user's browser encrypts the session key with the your site's public key so only your site can read the session key. Depending on the browser, the user may see a key icon becoming whole or a padlock closing, indicating that the session is secure.
5. A secure session is now established--all communications will be encrypted and can only be decrypted by the two parties in the session. It all takes only seconds and requires no action by the user.(support.acmeinternet.com)

What is site digital certificate?
A digital certificate is an electronic file that uniquely identifies individuals and servers. Digital certificates serve as a kind of digital passport or credential which authenticate the server prior to the SSL session being established. A digital certificate contains an entity's name, address, serial number, public key, expiration date and digital signature, among other information. When a Web browser like Firefox, Netscape or Internet Explorer makes a secure connection, the digital certificate is automatically turned over for review. The browser checks it for anomalies or problems, and pops up an alert if any are found. When digital certificates are in order, the browser completes secure connections without interruption.
Typically, digital certificates are signed by an independent and trusted third party to ensure their validity. The "signer" of a certificate is known as a Certification Authority (CA).


How to known, that this webpage is dependable?
You know that you're on an SSL protected page when the address begins with "https" instead of "http" and there is a padlock icon at the bottom of the page (and in the case of Mozilla Firefox in the address bar as well).

SSL is just one of the ways how to make web page safer, but for now it is the most popular! Also hackers didn?t sleep and all the time try to find ways how to pass round this system and get data.
To get the newest information about information security awareness there are special training courses. So better be ready!

Article source: Infosecuritylab




www.infosecuritylab.com

Information Security Awareness Training - Secure Sockets Layer = E-Commerce Security

It is not so hard, make webpage, find something what to sell and starting make e-commerce! In these days it is really easy, but much harder is find customers and get trust from them, because any business plan, even the most perfect, can totally fail without trust.
How to get this trust? How make webpage safe? How to known, that this webpage is dependable? That you can find out in this article!

Why e-commerce providers need customers trust?
Customer trust is really important because without that there is no business. E-commerce lean to trust... Internet is good way how to make money, and also good way how to spend them, but this is also quite insecure place! Every day peoples suffer from identity thiefs and lost money, identity and reputation. Because it is so important make a place, where people-customer can feel safe and be sure that information, which he hand over here, will never be use to make damage him! The trust is really hard to get and if you lose it once, then it is big possibility that you lose it for ever!

SSL - Secure Sockets Layer
Secure Sockets Layer or SSL is protocol for transmitting private documents through the Internet, and also it is a way how to make your webpage safer and get customer trust. Since 1994, SSL has been the main standard for e-commerce transaction security!

How SSL works?!
SSL encrypts data, like credit cards numbers (as well other personally identifiable information), which prevents the hackers or identity thiefs from stealing your information for malicious intent.

There are 5 steps, who describe SSL encryption:
1. A customer contacts your site and accesses a secured URL: a page secured by a Server ID (indicated by a URL that begins with "https:" instead of just "http:" or by a message from the browser).
2. Your server responds, automatically sending the customer your site's digital certificate, which authenticates your site.
3. Your customer's Web browser generates a unique "session key" (like a code) to encrypt all communications with the site.
4. The user's browser encrypts the session key with the your site's public key so only your site can read the session key. Depending on the browser, the user may see a key icon becoming whole or a padlock closing, indicating that the session is secure.
5. A secure session is now established--all communications will be encrypted and can only be decrypted by the two parties in the session. It all takes only seconds and requires no action by the user.(support.acmeinternet.com)

What is site digital certificate?
A digital certificate is an electronic file that uniquely identifies individuals and servers. Digital certificates serve as a kind of digital passport or credential which authenticate the server prior to the SSL session being established. A digital certificate contains an entity's name, address, serial number, public key, expiration date and digital signature, among other information. When a Web browser like Firefox, Netscape or Internet Explorer makes a secure connection, the digital certificate is automatically turned over for review. The browser checks it for anomalies or problems, and pops up an alert if any are found. When digital certificates are in order, the browser completes secure connections without interruption.
Typically, digital certificates are signed by an independent and trusted third party to ensure their validity. The "signer" of a certificate is known as a Certification Authority (CA).

How to known, that this webpage is dependable?
You know that you're on an SSL protected page when the address begins with "https" instead of "http" and there is a padlock icon at the bottom of the page (and in the case of Mozilla Firefox in the address bar as well).

SSL is just one of the ways how to make web page safer, but for now it is the most popular! Also hackers didn't sleep and all the time try to find ways how to pass round this system and get data.
To get the newest information about information security awareness there is special training courses. So better be ready!

About the Author

Information security Awareness Training Infosecuritylab: http://www.infosecuritylab.com