SSL / TLS Security Primer: Keeping Your Connection Secure
Keeping your data secure is a big challenge – and a big business. The global cyber security market was estimated at over $130 billion in 2017 and is growing fast.
Whenever sensitive data is made available to users over a network connection, organizations need to make sure that data remains secure in transit. This is true even for users that work within the office; for instance, when connecting to a mainframe or other legacy host to access a customer’s personal or financial data. Yet it is especially critical in remote access scenarios.
When employees can work from anywhere, that means anywhere: including public locations such as hotels or coffee shops with insecure WiFi access points. So how do you make sure that no one can intercept the connection and access your sensitive corporate data?
You may have noticed that most websites nowadays, especially those that ask for sensitive personal information, employ an https connection and not just http. Depending on what browser you’re using, you may also see a little lock or and/or the word “Secure” next to the URL. This indicates that the connection is being secured using a TLS (Transport Layer Security) or SSL (Secure Sockets Layer) certificate. TLS and SSL are basically the same thing – TLS is simply the newer version.
SSL/TLS security works by encrypting the data being transferred between the client (user) and the server (website or host). The client starts by requesting a secure connection (e.g., by specifying a web URL that uses https instead of http), which directs the connection to a particular port, indicating to the server that the client is requesting a secure connection. As part of the establishment of the connection, the server provides a “digital certificate” that confirms the server is indeed the server you want – no one has hijacked your connection and redirected it to a fake server. The session keys used to encrypt the connection are generated, and – voila – the connection is both secure and encrypted. Thus, even if anyone does succeed in intercepting the digital stream, they won’t be able to retrieve any useful information.
The digital certificate itself is an important part of the process – it confirms the identity of the server you are connecting to. Digital certificates can either be “self-signed,” or they can be signed by a trusted Certificate Authority (CA) such as Verisign. The advantage of obtaining a certificate from a CA is that they establish a higher level of trust; the CAs verify ownership of each domain before issuing a certificate.
Using SSL / TLS for Secure Remote Access
If users need to connect to your corporate network using a remote desktop solution, you need to be sure you can provide them with a secure connection. There are a couple of ways this can be done.
- One way is to setup a virtual private network (VPN) using SSL/TLS and run your remote desktop solution through the VPN. This requires obtaining a digital certificate for each host that users will need to access.
- Another option is to use a Secure Gateway, such as the Ericom Secure Gateway. Ericom Secure Gateway is based on the highest security standards and employs TLS 1.2. With Ericom Secure Gateway, users and admins don’t need to install their own VPN, and they only need to install a digital certificate once, on the gateway, rather than installing it separately on each host.
As standards evolve, it’s important to keep up and implement the latest stable SSL/TLS encryption protocol in order to safeguard your data and applications. After all, the primary reason these standards are continuously is to address and close known vulnerabilities.
As a global leader in securing and connecting the unified workspace, Ericom offers a variety of cost-effective solutions for organizations that are looking to secure and optimize access to business-critical desktops, applications and data.
Learn more here: www.ericom.com/solutions/