Secure Servers and SSL

The Internet definition of secure server is a server which provides secure connections. Secure servers are most often used to conduct electronic commerce via the Internet. Secure servers are not, however, secure by definition.

Secure server is a misnomer which has been used by the creators and vendors of specialized encryption technology called SSL -- a multi-million dollar per year industry. Verisign, one of the largest purveyors of SSL technology, was worth over $2B as of March, 2002.

All secure server truly means is that your data connection to and from the server is encrypted. This in-transit protection is actually the least important place to have your data secured. It is more important for it to be secure on your computer, and on the computer systems of the remote servers you are using. Willy Sutton robbed banks "Because that's where the money is". Modern-day thieves go after the big catches too, stealing thousands, or even millions of credit cards and identities at once. The buying public has been duped.

What Does A Secure Server Protect?

A Secure Server only protects data while it is in transit between your PC and the web server you are connected to.

Contrary to popular belief, a secure server protects very little. Secure servers use a type of public key encryption technology called RSA. This encryption technology allows any pages displayed by the server to be encrypted from the time they leave the web server until they reach your web browser. It also allows any information you are providing to the web site to be encrypted from the time it leaves your PC until it arrives at the remote server. All popular web browsers have SSL encryption/decryption capabilities, and indicate the use of encryption through the use of a lock icon.

What Does A Secure Server Not Protect?

Secure servers do not protect any of your personal information. Sure, your personal information will be encrypted while it is in transit, but nothing is done to protect your information once it is received by the secure server.

Your biggest exposure to theft is on the remote computer system. Millions of people's credit cards and personal identities have been stolen from secure servers. What matters more than having a vendor having secure server is that vendor having strong security guarding against break-ins and mis-use of all of its servers. Unfortunately it is rare for even the biggest companies to have tight server security.

What To Do

• Monitor your credit against identity theft. See http://www.mainstream.net/summary/id_identity_theft.shtml for detailed information on protecting against identity theft.
• Read any potential vendor's security policy.
• Report any suspicious financial transactions to the Federal Trade Commission.

The bottom-line? Secure servers aren't secure. It's still buyer beware.

View Responses (0)

Post Response