Please Give Detailed Explanation Problem 8 Some browsers have a security policy
ID: 3722005 • Letter: P
Question
Please Give Detailed Explanation
Problem 8 Some browsers have a security policy where only certificates from X are ac- cepted in order to authenticate webpages in the domain of X. For example, the browser Google Chrome only accepts certificates issued by Google for sites such as gmail.com or google.com. If a fictitious site blogs.google.com presents a certificate from Verisign, Internet Explorer 10 will accept this certificate, but Google Chrome will not. Similarly, Internet Explorer 10 will not accept a cer- tificate for the site hotmail.com that does not come from Microsoft. Discuss the security gain and costs caused by this security policyExplanation / Answer
SSL stands for Secure Sockets Layer, a global standard security technology that enables encrypted communication between a web browser and a web server. It is utilised by millions1 of online businesses and individuals to decrease the risk of sensitive information (e.g., credit card numbers, usernames, passwords, emails, etc.) from being stolen or tampered with by hackers and identity thieves. In essence, SSL allows for a private “conversation” just between the two intended parties.
To create this secure connection, an SSL certificate (also referred to as a “digital certificate”) is installed on a web server and serves two functions:
It authenticates the identity of the website (this guarantees visitors that they’re not on a bogus site)
It encrypts the data that’s being transmitted
It is true that different browsers have different security policies in order to authenticate webpages.Two SSL Certificates are not same.
There are many different types of SSL certificates based on the number of domain names or subdomains owned, such as:
Single – secures one fully-qualified domain name or subdomain name
Wildcard - covers one domain name and an unlimited number of its subdomains
Multi-Domain – secures multiple domain names
(This criteiria will also affect COST of these certificates.Higher the feature,Greater the cost.)
and the level of validation needed, such as:
Domain Validation – this level is the least expensive, and covers basic encryption and verification of the ownership of the domain name registration. This type of certificate usually takes a few minutes to several hours to receive.
Organisation Validation – in addition to basic encryption and verification of ownership of the domain name registration, certain details of the owner (e.g., name and address) are authenticated. This type of certificate usually takes a few hours to several days to receive.
Extended Validation (EV) – this provides the highest degree of security because of the thorough examination that is conducted before this certificate is issued (and as strictly specified in guidelines set by the SSL certification industry’s governing consortium). In addition to ownership of the domain name registration and entity authentication, the legal, physical and operational existence of the entity is verified. This type of certificate usually takes a few days to several weeks to receive.
Any individual or organisation that uses their website to require, receive, process, collect, store, or display confidential or sensitive information. Some examples of this information are:
logins and passwords
financial information (e.g., credit card numbers, bank accounts)
personal data (e.g., names, addresses, social security numbers, birth dates)
etc.
Probably the most important part of an SSL certificate is where it comes from. SSL certificates are issued by Certificate Authorities (CAs), organisations that are trusted to verify the identity and legitimacy of any entity requesting a certificate.
The CA’s role is to accept certificate applications, authenticate applications, issue certificates, and maintain status information on certificates issued.
These all information needs to be isolated and protected from outer world.Internet is working on the concept of trust.These SSL certificates helps to maintain that trust between 2 parties.
Cheers.