SSL

SSL is short for Secure Sockets Layer, a protocol originally developed by Netscape for transmitting private documents via the Internet.

SSL works by using a private key to encrypt data that's transferred over the SSL connection. Both Netscape Navigator and Internet Explorer support SSL, and many Web sites use the protocol to obtain confidential user information, such as credit card numbers. By convention, URLs that require an SSL connection start with https: instead of http:.

Another protocol for transmitting data securely over the World Wide Web is Secure HTTP (S-HTTP). Whereas SSL creates a secure connection between a client and a server, over which any amount of data can be sent securely, S-HTTP is designed to transmit individual messages securely. SSL and S-HTTP, therefore, can be seen as complementary rather than competing technologies.

Both protocols have been approved by the Internet Engineering Task Force (IETF) as a standard. Digital certificates encrypt data using Secure Sockets Layer (SSL) technology, the industry-standard method for protecting web communications developed by Netscape Communications Corporation. The SSL security protocol provides data encryption, server authentication, message integrity, and optional client authentication for a TCP/IP connection.

Because SSL is built into all major browsers and web servers, simply installing a digital certificate turns on their SSL capabilities. SSL comes in two strengths, 40-bit and 128-bit, which refer to the length of the "session key" generated by every encrypted transaction. The longer the key, the more difficult it is to break the encryption code. Most browsers support 40-bit SSL sessions, and the latest browsers, including Netscape Communicator 4.0, enable users to encrypt transactions in 128-bit sessions - trillions of times stronger than 40-bit sessions. Global companies that require international transactions over the web can use global server certificates program to offer strong encryption to their customers.

A growing number of organizations looking for a fast, secure way to link remote users and business partners are turning away from traditional IP Security-based VPNs and toward products and services based on Secure Sockets Layer technology.

The reasons are many: Browser-based SSL alternatives require little or no software on remote PCs, and in most cases any PC with a browser can be used to make the secure connection, as long as the user can authenticate to a central server. And SSL firewall ports that the traffic uses are generally left open, so firewall reconfiguring is usually unnecessary. The idea is that SSL's simplicity translates into an easier installation and long-term cost savings because of simpler ongoing support. Yo.net and Aventail are among the growing number of vendors delivering VPNs without using the collection of well-known IPSec protocols. Conversely, Internet-based IPSec remote access VPNs require software on each remote PC that has to be installed, configured and updated for the VPN to work properly. Firewalls also must be configured in tandem with the IPSec devices to let IPSec traffic pass.