INFORMATION SYSTEM
CHAPTER 1: INFORMATION SYSTEM
CHAPTER 2: CONTROL,AUDIT AND SECURITY OF INFORMATION SYSTEM
- Control Of Information System
- Audit Of Information System
- Security Of Information System
- Consumer Layered Security Strategy
- Enterprise Layered Security Strategy
- Extended Validation And Ssl Certificate
- Remote Access Authentication
- Content Control And Policy Based Encryption
- Example Of Security In Ecommerce Transaction
ENTERPRISE MANAGEMENT SYSTEM
- Enterprise Management Systems (Ems)
- 2.1. Enterprise Software (Erp/Crm/Scm)
- 2.2. Information Management And Technology Of Enterprise Software
- 2.3. Role Of Is And It In Enterprise Management
- 2.4. Enterprise Engineering, Electronic Organism, Loose Integration Vs Full Integration, Process Alignment, Framework To Manage Integrated Change, Future Trends
OLD QUESTION BANK SOLUTION
PLANNING FOR IS
IMPLEMENTATION OF INFORMATION SYSTEM
WEB BASED INFORMATION SYSTEM AND NAVIGATION
SCALABLE AND EMERGING INFORMATION SYSTEM TECHNIQUES
OLD QUESTION BANK
IS CASE STUDY TOPICS
DECISION SUPPORT AND INTELLIGENT SYSTEM
IS PRACTICE QUESTION
INFORMATION SYSTEM NOTES
EXTENDED VALIDATION SSL CERTIFICATE
An SSL (Secure Sockets Layer) certificate is a digital certificate that establishes a secure and encrypted connection between a web server and a user's web browser. This encryption ensures that data transmitted between the server and the browser remains confidential and protected from unauthorized access. SSL certificates play a crucial role in securing online transactions, sensitive information, and communication on the internet.
WORKING OF SSL
SSL (Secure Sockets Layer) certificates work by establishing a secure and encrypted connection between a user's web browser and a web server. This encryption ensures that the data transmitted between the user and the server remains confidential and protected from unauthorized access. The process involves several key steps:
- Initiation of a Secure Connection:
- When a user attempts to connect to a website secured with an SSL certificate, the web server sends the user's browser a copy of its SSL certificate. This usually occurs during the initial connection, in what is known as the SSL handshake.
- Verification of SSL Certificate:
- The user's browser checks the SSL certificate against a list of trusted Certificate Authorities (CAs) stored on the user's device. If the certificate is issued by a trusted CA and is not expired or revoked, the browser proceeds with the connection.
- Authentication of the Server:
- The SSL certificate contains information about the website's owner and is digitally signed by the issuing CA. This signature verifies the authenticity of the certificate and ensures that the user is connecting to the intended website.
- Encryption Setup:
- Once the SSL certificate is verified, the browser and the server initiate an encrypted connection using cryptographic algorithms. The most commonly used protocol for this encryption is Transport Layer Security (TLS), which has largely replaced SSL but is often still referred to as SSL.
- Secure Data Transmission:
- With the encrypted connection established, data exchanged between the user's browser and the server is encrypted and secure. This prevents unauthorized parties from intercepting or tampering with the transmitted information.
- Symmetric and Asymmetric Encryption:
- SSL/TLS use a combination of symmetric and asymmetric encryption. Asymmetric encryption is used for the initial key exchange, where the server and the client agree on a shared secret. Symmetric encryption, which is faster, is then used for the actual data transmission.
- Data Integrity Check:
- SSL certificates also incorporate cryptographic hash functions to check the integrity of transmitted data. This ensures that the data has not been altered or tampered with during transmission.
- HTTPS Protocol:
- Websites using SSL certificates are accessed via the HTTPS protocol (Hypertext Transfer Protocol Secure). The "S" in HTTPS indicates that the connection is secure and encrypted.
- Visual Indicators:
- Browsers display visual indicators to users when a secure connection is established. These indicators often include a padlock icon in the address bar, the use of "https://" in the URL, and, in the case of Extended Validation (EV) certificates, the display of the organization's name in green text.
- Renewal and Expiry:
- SSL certificates have a validity period, and website owners must renew them before they expire to maintain secure connections. Renewal is typically done through the certificate's issuing Certificate Authority.
TYPES OF SSL
- Domain Validated (DV) Certificates:
- Validation Level: Basic validation of domain ownership.
- Use Case: Suitable for personal websites, blogs, and small business sites.
- Visual Indicator: Browser displays HTTPS in the address bar.
- Organization Validated (OV) Certificates:
- Validation Level: Verifies domain ownership and some details about the organization.
- Use Case: Commonly used for business websites and e-commerce platforms.
- Visual Indicator: Browser displays organization details in the certificate.
- Extended Validation (EV) Certificates:
- Validation Level: Rigorous validation of domain ownership and extensive verification of the organization's legal identity.
- Use Case: Typically used by e-commerce websites, financial institutions, and other sites where user trust is crucial.
- Visual Indicator: Browser displays the organization's name in green in the address bar.
- Wildcard Certificates:
- Validation Level: Similar to DV, OV, or EV, but covers a domain and all its subdomains.
- Use Case: Ideal for websites with multiple subdomains.
- Example: A wildcard certificate for example.com would cover www.example.com, blog.example.com, etc.
- Multi-Domain (SAN) Certificates:
- Validation Level: DV, OV, or EV validation for multiple domains listed in the Subject Alternative Name (SAN) field.
- Use Case: Suitable for securing multiple domains with a single certificate.
- Example: A certificate for example.com, example.net, and example.org.
- Single SSL Certificates vs. Multi-Domain SSL Certificates:
- Single SSL Certificates: Secure a single domain (e.g., example.com).
- Multi-Domain SSL Certificates: Secure multiple domains or subdomains with a single certificate.
- Self-Signed Certificates:
- Issuer: Created and signed by the entity using the certificate.
- Use Case: Typically used for testing and internal purposes.
- Visual Indicator: Usually prompts a security warning in browsers because they are not issued by trusted CAs.
- Free SSL Certificates:
- Issuer: Issued by Certificate Authorities (CAs) offering free SSL certificates, such as Let's Encrypt.
- Use Case: Widely used for securing websites at no cost.
- Visual Indicator: Similar to paid certificates, but may lack extended features.
- Public Key Infrastructure (PKI) Certificates:
- Issuer: Issued by a Certificate Authority as part of a public key infrastructure.
- Use Case: Used in various applications, including securing websites, email communication, and code signing.
EXTENDED VALIDATION SSL
An Extended Validation (EV) SSL (Secure Sockets Layer) certificate is a type of digital certificate that provides a higher level of assurance to website visitors regarding the authenticity and security of a website. SSL certificates are crucial for securing the communication between a user's browser and a website's server, ensuring that data transmitted between the two is encrypted and secure.
Here are key points about Extended Validation (EV) SSL certificates:
- Identity Verification:
- The distinguishing feature of an EV SSL certificate is the rigorous identity verification process that the Certificate Authority (CA) performs before issuing the certificate. The CA validates the identity, legal existence, and operational status of the entity (organization) requesting the certificate.
- Visual Indicators in the Browser:
- Websites using EV SSL certificates trigger specific visual indicators in the browser's address bar to indicate the higher level of validation. This often includes the organization's name in the address bar, usually in green text, providing a visual cue to users that the website is authenticated.
- Enhanced Trust:
- The extended validation process instills a higher level of trust among website visitors. Users are more likely to trust and feel confident interacting with a website that has undergone a thorough identity verification process.
- Security Features:
- Like other SSL certificates, EV SSL certificates provide the same encryption and security features. They use the HTTPS protocol to encrypt data in transit, protecting it from interception by malicious actors.
- Business Authentication:
- EV SSL certificates are typically issued to legal entities such as businesses and organizations. The CA verifies the legal existence, physical address, and operational status of the entity, helping to prevent fraudulent websites.
- Validation Process:
- The validation process for an EV SSL certificate involves multiple steps, including verifying the legal identity of the entity, confirming that the entity has control over the domain for which the certificate is requested, and ensuring that the entity has the right to request the certificate on behalf of the domain.
- Use Cases:
- EV SSL certificates are commonly used by e-commerce websites, financial institutions, and other organizations that handle sensitive user information. The enhanced trust provided by EV certificates can be especially important for websites where user confidence is paramount.
- Cost:
- EV SSL certificates typically have a higher cost compared to Domain Validation (DV) or Organization Validation (OV) certificates due to the more extensive validation process.
- Browser Compatibility:
- Most modern web browsers support EV SSL certificates and display the enhanced visual indicators. However, it's essential to ensure that the certificate is from a reputable CA and is recognized by major browsers.
- Expiration and Renewal:
- EV SSL certificates, like other SSL certificates, have a validity period. They need to be renewed before they expire to maintain the security and trust features associated with them.