Lesson 1  Why HTTPS

Learning Objectives

  • Understand why we need HTTPS
  • Describe the additional security that is provided by HTTPS
  • Be Aware that HTTPS is often referred to HTPP over TLS

Introduction

In the beginning (1990's) HTTP Hyper text control protocol was used and in some cases is still used to  send data between a web browser and a website

Get me the index page using version 1.1 of HTTP

Client SERVER 

Client Request

GET  / HTTP1:1

HOST: www.google.com/


Server Response

HTPP1:1 200 OK

Content-Type  text/HTML

.....................

OTHER HTTP RESPONSES

404

Not Found

200

OK

301

Moved Redirect

403

Forbidden

REVIEW

Explain the Hyper Text Transfer Protocol - High level 

Explain why we need HTTPS

Explain 3 Benefits of HTTPS over HTTP 

HTTPS is referred as HTTP over TSL -  ( Transport secure layer) 

TSL is now the standard protocol. Before that Netscape had developed SSL. Why was this superseded by TSL

Google First Server Circa 1998

Plain Text

The data is transported in plain text from server to client or client to server this leaves it open to the following:   

  • Man in the Middle attacks 
  • ISP injecting adds
  • Loss of Privacy

ISP Displaying/Injecting their adds on Apple web site


Sniffing Data


HTTPS

The key benefits 

  • Keeps data transfer secure and safe from any third party 
  • Prevents IPS provider injecting adds 
  • Provides web site authentication
  • Privacy from from your ISP and other bodies example government or collectors of BIG DATA
  • SEO  using https increases SEO ranking. In Google Chrome, Google shows the Not Secure label in the browser if users' data is collected over http

TLS Transport Layer Protocol  superseded SSL . SSL was developed by NETSCAPE and was proprietary.  TLS is  an open protocol that was developed to avoid any legal issues with NETSCAPE 

Visual Representation of  Encryption