Internet Security Applications
As with e-mail applications, several protocols, standards, and applications have been developed to provide security for Internet communications and transactions.
Secure Sockets Layer (SSL)/Transport Layer Security (TLS)
The Secure Sockets Layer (SSL) protocol, developed by Netscape in 1994, provides session-based encryption and authentication for secure communication between clients and servers on the Internet. SSL operates at the Transport Layer (Layer 4) of the OSI model, is independent of the application protocol, and provides server authentication with optional client authentication. SSL uses the RSA asymmetric key system; IDEA, DES, and 3DES symmetric key systems; and the MD5 hash function. The current version is SSL 3.0. SSL 3.0 was standardized by the IETF in Transport Layer Security (TLS) 1.0 and released in 1999 with only minor modifications to the original SSL 3.0 specification. TLS 1.2 is the most current version of TLS.
SSL is most visible to users when used in conjunction with web servers when they serve encrypted pages using the https protocol. SSL is also gaining favor as a protocol for Virtual Private Networks (VPNs) used for remote access.