O'Reilly logo

CISSP For Dummies, 4th Edition by Peter Gregory, Lawrence Miller

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Internet Security Applications

As with e-mail applications, several protocols, standards, and applications have been developed to provide security for Internet communications and transactions.

Secure Sockets Layer (SSL)/Transport Layer Security (TLS)

The Secure Sockets Layer (SSL) protocol, developed by Netscape in 1994, provides session-based encryption and authentication for secure communication between clients and servers on the Internet. SSL operates at the Transport Layer (Layer 4) of the OSI model, is independent of the application protocol, and provides server authentication with optional client authentication. SSL uses the RSA asymmetric key system; IDEA, DES, and 3DES symmetric key systems; and the MD5 hash function. The current version is SSL 3.0. SSL 3.0 was standardized by the IETF in Transport Layer Security (TLS) 1.0 and released in 1999 with only minor modifications to the original SSL 3.0 specification. TLS 1.2 is the most current version of TLS.

cross-reference.eps See Chapter 5 for a complete discussion of the OSI model.

SSL is most visible to users when used in conjunction with web servers when they serve encrypted pages using the https protocol. SSL is also gaining favor as a protocol for Virtual Private Networks (VPNs) used for remote access.

instantanswer.eps Although it is not as popular as it ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required