WHAT EXACTLY IS A SECURE SERVER
WHAT DO YOU MEAN BY SECURE?
A lot of folks seem to confuse the concepts of site security with secure servers.
One would hope that a secure server (one that uses SSL to communicate) is also
somewhat secure from intrusion. The truth is that there is that a secure server
will run just fine on a server with little or no security (in the sense of
intrusion prevention) on it!
The Internet is based on a collection of services that is referred to
as Internet Protocols, hence the term you hear quite often- IP. Each
protocol uses its own method of communication, and a different port
number. Some of the more common default port numbers are:
Typically, port 443 is used for secure server web pages that employ
an encryption technique based on what are called Secure Socket Layers (SSL).
- 80. Regular web pages sent via the HTTP protocol. (hyper text transport
- 25. E-mail is sent via SMTP. (send mail transport protocol)
- 23. Telnet, which is an interactive login session between a terminal
and a server.
HOW IS SSL CALLED?
Since port numbers are not normally displayed on the browser command line,
or used in links, the browser has an easy way to specify which protocol
should be used to communicate with the server. Here are two popular
Notice that in both the examples, the server name is www. The idea is
that the protocol name, not the server name determines which protocol is
- http://www.site.com/ would be a request for a regular web page using HTTP.
- ftp://www.site.com/ requests FTP (File Transfer Protocol) access.
Secure Server Pages are requested using a URL starting with https,
WHAT DOES A SECURE SERVER DO FOR ME?
Operating a secure server (SSL) allows you to conduct e-commerce or other
sensitive exchanges of data with your visitors in a way that will hopefuly
make them feel more comfortable doing business with you.
SSL provides two basic ingredients of security:
- Safe Passage of Information: Your data cannot (we hope) be decoded
by any party that might intercept the communications.
- Server Authentication: If your server is granted a certificate by
a CA (Certificate Authority), your customer's can protect themselves
from being directed to another server that is pretending to be yours
by checking the contents of the certificate.