Our modern lives depend more on smaller devices but we expect our personal information to be safeguarded by them as it would be on our traditional systems. As technology surges ahead, it is important to understand how SSL functions and why taking it away results in catastrophic loss.
What is a Secure Socket Layer (SSL)?
- If information is being sent to servers in plain text, it would be easy for hackers to intercept the data.
- Secure Socket Layer (SSL) is a security encryption protocol that addresses this threat, using encryption to make information illegible to hackers.
- SSL certificates are issued by a Certificate Authority (CA). Once the CA has verified that a company is legitimate, it issues the certificate and installs it on the Web server.
- From this point on when a Web browser connects to a website, it will form an “SSL Handshake.”
- The Web browser retrieves the certificate and uses it to encrypt any information sent between the two servers.
- The visual cues that indicate whether a website is using SSL are a closed padlock in the address bar, HTTPS instead of HTTP, and/or a green address bar.
Search Engine Optimization (SEO) and SSL
- Whether SSL impacts SEO and organics rankings is a never-ending debate both SEOs and webmasters have engaged in for a long time.
- Google employee John Muller said that the company indexes and ranks SSL sites to bolster online security.
- This is good news for many websites because they do not have to give up security for higher rankings.
- Moving to SSL decreases a website’s bounce rate and increases conversion.
- The impact SSL will have on a site’s SEO is quite complicated, especially for websites that consider making a full transition from the standard HTTP to HTTPS.
- Google’s Matt Cutts said that though the transition will work perfectly, it would definitely be a little test at first.
- Google also treats HTTPS sites as new websites in Webmasters Tools. As redirects are added to SSL pages, the website will rise in rankings. But a redirected non-SSL website will take a huge hit due to deferred traffic.
- For example, take the PayPal site. The online payment site is now 100 percent HTTPS but not ranked on Google.
- Being a multibillion-dollar subsidiary of eBay, PayPal boasts about 150 million active users allowing one to assume it can bounce back from a minor hit to its SEO.
- Google requests webmasters to list an HTTPS site separately in Webmasters Tools, as it is effectively considered a new website.
- Webmasters should ensure that their server infrastructure can handle increased load occurring with SSL and caching.
Heartbleed Flaw and SSL
- In April 2014, security exploits in OpenSSL were revealed to the public. This kind of mildly shook the faith people have in SSL.
- Dubbed as “Heartbleed,” the bug allowed cybercriminals to steal encryption keys and decrypt information.
- In fact, the flaw was floating around since December 2011, although it is still unclear as to how long hackers had been aware of it.
- Around 65 percent of the Web uses OpenSSL. Tumblr, Instagram, and Pinterest are a few of the big sites that were affected by the flaw.
- Though websites have been updating their software and re-issuing SSL certificates since the bug was discovered, changing passwords often is necessary.
- You can install Chromebleed, Chrome plugin, to detect if a website is still affected by the Heartbleed bug.
The Future of Web Security
- Other recent events, following Heartbleed, have drastically altered the public’s view on Internet security.
- In the wake of NSA leaks, government surveillance has become a huge concern in the United States.
- Even businesses were shocked to know that the U.S. government had been spying on them for a long time intercepting their company data.
- This was the driving force behind Apple’s and Google’s smartphone encryption that created a huge uproar in law enforcement.
- Internet security needs to tread carefully and lightly. The best way to use SSL on vulnerable pages helps a site’s SEO, making it more secure and trustworthy.