You probably notice locks next to the addresses of the sites you visit. No? Anyway, we hope that in most cases you have them there. Today we'll talk about secure sockets, typosquatting and other obscure words.
Locks mean that the resource has an SSL certificate, and the information that users exchange with the server is transmitted in encrypted form. This is very important, try to control the presence of such icons on sites where you make payments or use personal accounts with important data.
SSL stands for Secure Sockets Layer. It is a cryptographic protocol for establishing secure communication.
A socket — is a software interface that is responsible for exchanging data between nodes.
How does it work?
An asymmetric algorithm with a public key is used for encryption. Two keys are used to exchange data: a public key and a private key. The first one is used for transmission and is published, the second one for decryption, it remains «in secret».
If the site uses SSL, the address bar will show green https in front of the domain name instead of black http (when viewed on Windows 7, 8).
With newer versions of browsers you will see the lock and https.
Thus, the usual hypertext transfer protocol becomes secure — encrypted.
Why is it necessary?
First of all, it is a guarantee of data privacy. You don't like it when your email or phone gets bombarded with spam, do you? Even worse if your account password, bank card number, or important documents have been compromised.
The second purpose is to confirm the authenticity of a resource. Sites that have received such a certificate, you can trust, they are not fraudulent typoskvotter.
Typosquatting is the intentional registration of a domain name that differs minimally from the domain name of a popular resource, with the purpose of redirecting traffic and fraud.
Based on the statistics of typing errors, a whole set of variants that can be used to twist the name of a well-known site has been collected. For example, users are known to press the first and last letters in a word with less effort. That's why scammers like to register names with those letters missing.
The capital of typosquatting is Cameroon, its geodomain is cm. As you have already guessed, users often miss a letter when entering a website address in the com zone. That is why at one time every third site in this country belonged to typosquatters.
So, it is extremely difficult for a fraudster, and it’s not too necessary to get an SSL certificate. But every self-respecting resource must have one.
Types of certificates
There are 5 categories of certificates. Each type implies a different «depth» of a resource verification, different time to issue and different cost.
1. Domain Validation (DV) certificate with domain validation
The Certification Authority checks that the domain name is used legally by the user requesting the certificate before issuing it. In fact, the only thing you need is a confirmation email. It is the fastest and easiest certificate to obtain. Therefore, it is the most affordable.
Suitable for small websites, blogs and mini online stores. If DV SSL is present, a lock appears in the address bar when the site loads, but the company name is not written.
2. Organization Validation (OV) certificate with company validation
The Certification Authority will check the registration of the requesting company and its rights to the domain. This verification is already done manually. It is suitable for sites where users may leave personal or payment information. By clicking on the lock, the user will see the name of the company to which the site belongs.
3. Extended Validation (EV) certificate with extended validation
This certificate can only be obtained by a legal entity, but the verification will be quite serious and will affect the documents which confirm the company's business. This certificate can be issued within 7 days. Suitable for financial, insurance companies, banks and large influential organizations.
Availability of the certificate changes the appearance of the address bar.
There are also multi-domain certificates. Suitable for companies with several sites registered. A «standard» certificate includes from 3 to 5 domain names. These certificates may also be DV, OV and EV.
There are also certificates for subdomain owners.
What sites always need an SSL certificate?
It's very simple. If the site has a form for entering personal data — you need a certificate. If it is bank cards data — it is desirable to choose OV.
Don’t forget that the certificate influences positions in search engines. Google, like users, trusts more trusted resources.
If you are interested in purchasing an SSL certificate for your own resource, you can contact the experts of our data center by phone (057) 720-9-960.