In the description of the constituents of the URL address provided in Part 1 of our info-series, the starting HTTP code is a necessary feature, specifically a protocol, to connect you with the server where your domain is actually located. With HTTP being the foundation of any data exchange on the internet, the addition of the ‘s’, becoming HTTPs, implies ‘secure’ and constitutes a huge step towards greater internet safety, facilitating privacy and data security for web communications. This added protocol encrypts the data exchange between web applications and servers.
An earlier version of this protocol is called Secure Socket Layer (SSL), which is being replaced by a more enhanced encryption version on top of the HTTP protocol, specifically Transport Layer Security (TLS). While the “s” still features after HTTP when web browsers are loading a website, the protocol running HTTPs is TLS, which is steadily becoming the norm.
The deployment of new domains through CMS providers are by default prompting the use of this enhanced security layer making it standard practice for users to look out for the padlock icon that appears in the browser. Any other website that is preceded either by info icon or warning icon means the site is simply not secure or even dangerous and so should be avoided altogether.
In more technical jargon, a certificate will be installed on the origin server, which is conventionally still termed an SSL certificate though it is running the TLS protocol. This certificate is a form of passport, listing domain ownership, the server’s public key, so that the identity of the server can be validated.
Thank you for staying with us on this journey and we hope you have enjoyed reading – as much as we have had in designing – these insights. As promised they were intended to be short & sharp bursts and give you the confidence to ask more probing questions.
In sum, the combination of 1) email messaging using your domain address, 2) the code behind the website domain itself, 3) the content management system used to help build your internet presence, along with 4) established conventions regarding internet transport protocol, together, represent avenues through which threat intelligence can be gathered. There are myriad software developers who provide scanning services, however understanding the vulnerabilities that your website is exposed to is the first line of defence.
We hope you enjoy reading our research, designed for professionals who are not IT experts but thirsty for knowledge about the everyday tools to operate a business – your email and website.