Securing Your Website
What is SSL?
The Secure Sockets Layer (SSL) protocol has become the universal standard on the Web for authenticating sites and for encrypting communications between users and Web servers. Because SSL is built into all major browsers and Web servers, simply installing a digital certificate or Server ID enables SSL capabilities.
SSL server authentication allows users to confirm a Web server's identity.
SSL-enabled client software, such as a Web browser, can automatically check that a server's certificate and public ID are valid and have been issued by a certificate authority (CA) — such as VeriSign — listed in the client software's list of trusted CAs.
SSL server authentication is vital for secure e-commerce transactions.
An encrypted SSL connection requires all information sent between a client and a server to be encrypted by the sending software and decrypted by the receiving software, protecting private information from interception over the Internet.
In addition, all data sent over an encrypted SSL connection is protected with a mechanism for detecting tampering - that is, for automatically determining whether the data has been altered in transit.
This means that users can confidently send private data, such as credit card numbers, to a website, trusting that SSL keeps it private and confidential.
The Basics
Computing security is one discipline that is almost too daunting to tackle. To make it perfectly clear, there is never such a thing as a completely unbreakable form of computer security, just as there is no 100% theft-proof lock in the world.
The best you can hope for is that whatever you're protecting isn't so desirable that an attacker would use the equivalent of armored tanks and nuclear missiles to attack it.
As for the majority of simple malicious security crackers running around loose out there, basic and standard security measures are sufficient.
If you even follow the simplest security guidelines, you'll keep out at least 99% of the destructive criminals who would use your web space as their personal playground.
Your need for security will also change depending on your website's purpose. A simple blog and gallery site won't have much attraction to attackers, but any kind of e-commerce site will have a constant ongoing battle to protect their credit-card numbers, order forms, accounts, financial data, and so on.
Validate data on the server side.
That would be user-names, email addresses, passwords, and security measures such as CAPTCHA forms. This means do NOT use Javascript to verify data on the client (visitor's) side. Believe it or not, we've seen actual passwords stored in plain text in Javascript variables, visible to anybody who views the source code of the web page.Remember that even if your Javascript code is not visible, a simple Javascript command typed into the address bar can imitate your page's "all clear" signal.
HTTPS and SSL Certificates
These are essential for any kind of e-commerce transaction, and for protecting any kind of high-risk data pertaining to legal matters, government information, sensitive internal corporate information, or any data that could be used to steal someone's identity.Any website dealing with e-commerce or data that needs to be kept private should be based on HTTPS, which is the version of the Hyper-Text Transfer Protocol using a network security protocol. Briefly explaining, the website and the visitor's browser are talking to each other through an encrypted communications transaction, and the website has verified itself as being who it says it is by means of an identifying certificate which is verified through a third-party certificate authority (Verisign, for example).
You can tell you're visiting a website which uses these standards if you see a padlock icon somewhere on your web browser.
SSL Certificates
Quick Validation SSL certificates ensure that information is encrypted between parties. The owner of the certificate is verified via an email to a contact listed in the domain’s WHOIS information. This helps ensure that the certificate is valid. A Quick Validation certificate ensures that your data is transferred with the secure encryption technology.
| Quick Validation SSL Certificates | |
| RapidSSL | $AUD 99.00 per yr |
Automated 2-step validation process gets you up and running with SSL painlessly. Offers 256-bit encryption. |
 |
| SBS Instant | $AUD 99 per yr |
A quick and cost effective starter certificate that provides a up to 256-bit encryption. This new product is perfect for companies that want to get up and running with SSL quickly and easily. |
|
| GeoTrust QuickSSL | $AUD 249 per yr |
| A low-priced 256-bit SSL certificate. | |
| GeoTrust QuickSSL Premium | $AUD 349 per yr |
| A low priced 256-bit SSL certificate that includes the dynamic site seal. | |
Full Validation SSL Certificates
Full Validation SSL certificates also encrypt data sent between two parties with the same encryption technology. In addition to verifying an email to the WHOIS contacts, Full Validation certificates verify that the certificate owner is a legal entity. Verifiable legal entities can be either a business or an individual. Full validation certificates therefore help ensure that data is securely sent over the Internet to a trusted entity.
| Full Validation SSL Certificates | |
| SBS Secure | $AUD 199.00 per yr |
SBS Certificates are up to 256-bit encrypted, accepted by over 99% of all browsers, are fully validated and insured, and you get it all for a great low price! |
|
| SBS Secure Plus | $AUD 299 per yr |
SBS Certificates are up to 256-bit encrypted, accepted by over 99% of all browsers, are fully validated and insured, and you get it all for a great low price |
|
| GeoTrust TrueBizID | $AUD 399 per yr |
| Provides end-to-end internet security protection for doing business online with secure transactions through SSL. | |
| GeoTrust TrueBizID EV | $AUD 1299 per yr |
| Complete extended validation process provides more security for your online transactions. | |
| GeoTrust TrueBizID Wildcard | $AUD 1599 per yr |
| End-to-end transactional security for multiple sub domains while doing business online. Secure transactions through SSL. | |