After 2014, Google
recommended that sites should switch to HTTPS, where at that only e-commerce
website were concerned to use HTTPS. And even Google announced to provide Https
websites with higher rankings.
Https is https
with encryption the only difference between two protocols is that HTTPs uses
TLS (SSL) to encrypt normal HTTP requests and responses, now you are probably wondering
why it is so important to switch over https? As a result, Https is far more
secure than HTTP. A website that uses HTTP has http:// in its URL while a
website that uses HTTPS has https://
What is HTTP?
HTTP stands
for Hypertext Transfer Protocol, and it is a protocol used
for transferring data over a network, Most information is sent over the
internet including, website content and API(Application Programming Interface) calls.
What is HTTP request? What is an HTTP response?
HTTP requests
are generated by user’s browser as the user interact with web properties. For
example if someone googles “what is HTTP?” and this article shows up in the search
when they click on the link, their browser will create and send a series of
HTTP requests in order to get the information necessary to render the page.
What is HTTPS?
HTTPs stands
for Hypertext Transfer Protocol Secure, where HTTPs
protocol create secure encrypted connection between the server and the browser
to protect potentially sensitive information from being stolen
TLS uses a
technology called public key encryption: there are two keys , a public key and
a private key to agree on new keys called session keys, to encrypt communication
stream between them
How does HTTPs block attacks?
Authentication
means verifying that a person or a machine is who they claim to be. In HTTP,
there is no verification of identity—it is based on a principle of trust.
Secure Socket
Layer (SSL) is the standard security technology for establishing an encrypted
link between two systems, Basically SSL ensures that the data transfer between
two systems remains encrypted and private.
Just like an
ID card confirms a person’s identity, a private key confirms server identity,
when a client opens a channel with an origin server, possession of the private
key that matches with the public key in a website SSL certificate proves that
the server is actually the legitimate host of the website.
This prevents
or helps to block a number of attacks that are possible when there is no authentication,
such as:
1. Man in the middle
attacks
2. DNS hijacking
3. BGP hijacking
4. Domain spoofing
We will discuss
all these attacks in cyber security section
stay safe with Tech4allgeeks
For more blogs you can subscribe in the email box
at right or you could follow us on facebook
0 Comments