Join Sean Colins for an in-depth discussion in this video Why SSL?, part of Understanding Secure Sockets Layer.
- View Offline
- [Voiceover] The first step in understanding anything is understanding why you need to do it or have it. And so I want to talk to you about why we need SSL or Secure Sockets Layer. To do that I'm going to explain to you the various players that would be involved in your average set of transactions on a network or on the internet. The first is a hacker. Someone who would be a malicious attacker. Someone who would be interested in attacking an individual, an application, or a server. As transmissions go back and forth between the person and their application, or the application and the server, the hacker has an opportunity to steal data from any one of those places.
And there are different levels of difficulty, and different amounts of data that that hacker can attain from each of those locations. Now let's take a more detailed look at each of these players. We have this organized in a grid here to make this easier to understand. And we're going to start with the attacker. So the attacker is a motivated and clever individual, right? This is someone with real skills. They're focused. The have the flexibility to change direction based on whatever is going on at the time.
And in fact, they can change their attacks based on the software and the environment they're in. So they're aware of their environment and they're adaptable to new environments. This makes them a very talented and skilled hunter. Whereas the user, well the user's just a regular person, right? They're just trying to get through their lives. They're unconcerned with security. They're also probably pretty distracted by their lives. So they're unaware of a security problem in the first place. This makes them very easy prey.
Now moving on to the client. The client is like a client application, let's say a web browser or a mail client. And this is something that was built by a set of programmers. It was built around a set of rules for a deliverable that is supposed to make the user happy. They're trying to make a product that people will buy. They want it to be fun. They want it to be exciting. And if it's secure too, that's great. But frequently the security doesn't get tested as well as it should. This makes it vulnerable to the attacker. On the server administrator side however, we have an entirely different picture.
This potentially you, right? You are motivated. You are clever. You are focused. And you have rules about how security is supposed to work in your organization, on your network, and on your servers. This makes you aware and you can be directed, or your staff can be directed, to close security holes when you become aware of them. This makes you a hardened target. This makes your server very hard to attack for the hunter. You and the attacker share motivation, focus, and awareness.
This makes the attacker your nemesis. And this makes you, well, makes you the hero that stands between your users and that malicious attacker.
- SSL communications
- Certificate authorities
- Public key infrastructures
- Symmetric and asymmetric key pairs
- Cryptographic hash functions
- Encryption algorithms
Start now, and by the end of this course you'll have the knowledge to create SSL certificates, as well as revoke and renew them, from the command line.