What are HTTPS, SSL, and SSH?
Why Authentication Matters
Like a passport or a driver’s license, an SSL Certificate or SSH Key is issued by a trusted source, known as the Certificate Authority (CA). Many CA’s will verify the domain name and the existence of your ownership of the domain name, by issuing digital certificates that contain a public key and the identity of the owner. This certificate is also an attestation by the CA that the public key contained in the certificate belongs to the person, organization, server or other entity noted in the certificate.
HTTPS stands for Hypertext Transfer Protocol Secure. It is server software which provides the ability to “secure” transactions that take place on the World Wide Web (www). If a website is running off a HTTPS server you can type in HTTPS instead of HTTP in the URL section of your browser to enter into the “secured mode”. HTTPS is often offered by financial institutions to support their online banking offerings in order to verify that the information being passed between your PC and their server is “secure”.
SSL stands for Secure Socket Layer and is a standards-based encrypting method that enables HTTPS to function securely. SSL is widely implemented to help secure internet transactions and is the preferred way for most financial institutions to conduct business through the web. It is based specifically on a public key certificate of authentication, which uses a self-generated private key and a password. An organization looking to implement SSL can purchase a public certificate from a few Certificate Authorities (CAs), such as: VeriSign, Comodo and GoDaddy.
To make an SSL connection from a personal computer to an online banking server for example, the personal computer asks to connect and advertises the encryption methods that it is capable of. The banking server will pick the highest encryption method that both components are capable of and then will respond with its name, the Certificate Authority providing the Key, and the Public Encryption Key. At this point the customer could contact the Certificate Authority to verify the Key’s authenticity. The personal computer will respond by randomly generating a number, encrypting the random number using the public key provided by the banking server, and retransmits to the banking server. At this point, the only device that should be able to decrypt the message is the banking server using its Private Key. This will initiate a unique “session” between the two network elements in which the information passing between them is encrypted.
SSH works in a very similar fashion to SSL but it covers different layers of the OSI model in order to encrypt the exchanged data twice. The first encryption happens at the transport layer of the OSI model once a physical connection is made. At this point, the connection is authenticated using a Public Key that can be generated by most equipment. This verification of Public Keys creates a 128bit encryption that allows for a login and password to be given through an encrypted message between a client and a server. Once the password is verified, a unique session is created and a Private Key is used to digitally sign the session and encrypt it again, this time at the Session Layer of the OSI model.
In the event of an attack on an SSH system, an attacker must break the first 128bit encryption in order to intercept the password and then the attacker must break into the private key which is an immensely long series of numbers to “impersonate” a session. Otherwise, if they were logged-on (even at the exact same time as ‘you’) the sessions would be digitally signed with a different Private Key ID thus verifying the source of each session.
Many of Transition’s newer models, like the ION Chassis, SM24-1000SFP-AH, and SM24-100SFP-AH all come with Secure Sockets Layer (SSL) and Secure Shell (SSH) termination for end-to-end security.
