Networking Fundamentals, 3rd Edition page 459

Copyright Goodheart-Willcox Co., Inc. 459 Chapter 15 Network Security Secure Sockets Layer (SSL) Secure Sockets Layer (SSL) is a security protocol used to authenticate clients and servers and to encrypt data between web servers and individuals. SSL was fi rst intro- duced and developed by Netscape Communications Corporation. It was designed to secure transactions between web servers and individuals using the Internet for such purposes as credit card transactions. SSL has been well accepted, and as a result, there have been several revisions of the SSL protocol. SSL 3.0 is the latest version. Even though this version was released before the year 2000, it has not been supplanted by TLS. Transport Layer Security (TLS) Transport Layer Security (TLS) is an Internet Engineering Task Force (IEFT) stan- dard that was developed after SSL. It serves the same purpose as SSL. Both SSL and TLS are application layer protocols. Both are based on public key encryption tech- nology. When used to support secure website connections, they both display https:// at the start of the URL. Th e S at the end of https means that the connection is secure and is using either SSL or TLS as the security mechanism. Th e main diff erence between SSL and TLS is in the way they secure the connec- tion. According to the SANS Technology Institute, TLS is more secure than SSL. Iron- ically, SSL is more popular than TLS. Th is is most likely because SSL was introduced fi rst and has become the accepted de facto security protocol for website transactions. Originally, SSL was designed to support secure website connections. Today, SSL and TLS security functions have been expanded to include applications, such as VoIP, e-mail, and remote connections. Although the diff erences between the two protocols SSL and TLS are minor, the two protocols are not directly compatible. Users must use either SSL or TLS but not both at the same time. Th ere are provisions that allow users to attempt a connec- tion with one protocol and answer the request with the other protocol. A negotiation takes place between the client and server, and an agreement is reached where both the client and server will use either TLS or SSL to complete the secure connection. SSL and TLS are similar in the following ways: ■ Th ey are application layer protocols. ■ Th ey are based on public key cryptology. ■ Th ey are supported by all major Internet browsers. ■ Neither one requires that the client have a preconfi gured user account on the server. To learn more about TLS and SSL, visit http://technet.microsoft.com/en-us/library/ cc784450(WS.10).aspx. Virtual Network Connection (VNC) A virtual network connection (VNC) is a term used to describe the broad category of remote connection systems that allow a user to connect to a network device, such as a server or a desktop computer, from a remote device, such as a laptop or cell phone. Typically, the user attaches to the remote network either wirelessly or through an Internet connection. Because the remote user is not actually a physical part of the network the user is accessing, the connection is considered “virtual.” 3.4 NET 3.4 NET 3.4 NET

Previous Page Next Page

Networking Fundamentals, 3rd Edition Page 459 (481 of 720)

Resources and Downloads

Help