Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Security Without End Always-on SSL Protects Users with Persistent Security from Login to Logout Small businesses routinely use Secure Sockets Layer (SSL) technology to protect sensitive information such as user names and passwords when customers log in at their websites. But many stop there. They don’t encrypt subsequent pages during the user’s session. For example, a business might use the secure HTTPS protocol to transmit login information over an encrypted SSL channel, but then it will downgrade users to the less-secure HTTP after setting up the session cookie. This will protect the user’s password, but the cookie—along with the session ID—will be transmitted in plain text when the Web browser makes subsequent requests to the domain. This is risky because it leaves website visitors vulnerable to attack—and can expose millions of users to threat, even when they’re visiting a trusted site. Always-on SSL solves the problem by enabling you to use SSL across your entire website to protect users with persistent security, from arrival to login to logout. Always-on SSL is a costeffective security measure that provides constant end-to-end protection for website visitors by enforcing the use of encryption with SSL certificates on every single page. Always-on SSL applies the same high level of protection to all communications that occur between the Web server and the Web browser by requiring the use of HTTPS. Dangerous mixture Mixed content refers to Web pages that contain a mix of secure (HTTPS) and unsecure (HTTP) data. Website owners should avoid mixed content because if any information relating to the user is sent to the website over an unencrypted connection, a hacker can exploit that vulnerability to eavesdrop or hijack the user’s session. Companies that are serious about protecting their customers and their reputations should implement Always-on SSL. It’s a proven, vendor-neutral approach to security that protects users from start to finish. Always-on SSL gives your customers the confidence they need to search, share, and shop online. It does not require reliance on any single technology vendor and is a relatively simple, cost-effective way of preventing many of the most common network threats, such as sidejacking, which is the malicious act of stealing someone's access to a website. The amount of time and effort it takes to implement Always-on SSL depends on the size, complexity, and needs of your website. For smaller websites that already support HTTPS, the transition may be as simple as installing an SSL certificate. One of the first steps you can take to implement Always-on SSL is to purchase a valid SSL certificate from a trusted certificate authority such as Symantec. The next step for most organizations is to switch all HTTP links on their websites to HTTPS and to set up permanent redirects for any users who may encounter the old HTTP pages. For more information about Always-on SSL, go to Go.Symantec.com/Always-On-SSL.