Download Security Without End Always-on SSL Protects Users with Persistent

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
Document related concepts

Information security wikipedia , lookup

Trusted Computing wikipedia , lookup

Computer security wikipedia , lookup

Certificate authority wikipedia , lookup

Web of trust wikipedia , lookup

HTTPS wikipedia , lookup

Transcript 
Security Without End
Always-on SSL Protects Users with Persistent Security from Login to Logout
Small businesses routinely use Secure Sockets Layer (SSL) technology to protect sensitive
information such as user names and passwords when customers log in at their websites. But
many stop there. They don’t encrypt subsequent pages during the user’s session. For example,
a business might use the secure HTTPS protocol to transmit login information over an
encrypted SSL channel, but then it will downgrade users to the less-secure HTTP after setting up
the session cookie. This will protect the user’s password, but the cookie—along with the session
ID—will be transmitted in plain text when the Web browser makes subsequent requests to the
domain.
This is risky because it leaves website visitors vulnerable to attack—and can expose millions of
users to threat, even when they’re visiting a trusted site.
Always-on SSL solves the problem by enabling you to use SSL across your entire website to
protect users with persistent security, from arrival to login to logout. Always-on SSL is a costeffective security measure that provides constant end-to-end protection for website visitors by
enforcing the use of encryption with SSL certificates on every single page. Always-on SSL applies
the same high level of protection to all communications that occur between the Web server
and the Web browser by requiring the use of HTTPS.
Dangerous mixture
Mixed content refers to Web pages that contain a mix of secure (HTTPS) and unsecure (HTTP)
data. Website owners should avoid mixed content because if any information relating to the
user is sent to the website over an unencrypted connection, a hacker can exploit that
vulnerability to eavesdrop or hijack the user’s session.
Companies that are serious about protecting their customers and their reputations should
implement Always-on SSL. It’s a proven, vendor-neutral approach to security that protects
users from start to finish. Always-on SSL gives your customers the confidence they need to
search, share, and shop online. It does not require reliance on any single technology vendor and
is a relatively simple, cost-effective way of preventing many of the most common network
threats, such as sidejacking, which is the malicious act of stealing someone's access to a
website.
The amount of time and effort it takes to implement Always-on SSL depends on the size,
complexity, and needs of your website. For smaller websites that already support HTTPS, the
transition may be as simple as installing an SSL certificate.
One of the first steps you can take to implement Always-on SSL is to purchase a valid SSL
certificate from a trusted certificate authority such as Symantec. The next step for most
organizations is to switch all HTTP links on their websites to HTTPS and to set up permanent
redirects for any users who may encounter the old HTTP pages.
For more information about Always-on SSL, go to Go.Symantec.com/Always-On-SSL.
Related documents
Britestream Applied: Check Point NGX Web Intelligence Accelerator
Britestream Applied: Check Point NGX Web Intelligence Accelerator
Panel: Security and the World Wide Web
Panel: Security and the World Wide Web
Chapter 19
Chapter 19
Slides for lecture 26
Slides for lecture 26
SSL Certification Information
SSL Certification Information
VPNs, PKIs, ISSs, SSLs with narration
VPNs, PKIs, ISSs, SSLs with narration
Media Release Marketing Boating in an Always On World at marine15
Media Release Marketing Boating in an Always On World at marine15
Document
Document
Ch_32 - UCF EECS
Ch_32 - UCF EECS
The Design and Implementation of a SSL Proxy
The Design and Implementation of a SSL Proxy
Edgenuity SSL Protocols
Edgenuity SSL Protocols
Quiz 2 Study Guide 1. Which of the following is not a basic building
Quiz 2 Study Guide 1. Which of the following is not a basic building
security
security
Secure Sockets Java
Secure Sockets Java
Security in Automotive Domain Using Secure Socket Layer
Security in Automotive Domain Using Secure Socket Layer
Sockets
Sockets
Certificates , SSL and IPsec - Computer Science
Certificates , SSL and IPsec - Computer Science
Product Specification K601 - LED COACH
Product Specification K601 - LED COACH
Brochure - Integrated Technology
Brochure - Integrated Technology
SYMBOLIC and STATISTICAL LEARNING
SYMBOLIC and STATISTICAL LEARNING
Slide 1
Slide 1
DRL
DRL