Imagine having to make an internet purchase and having to enter your credit card information. Or, suppose you request information or activate a service, you will probably be asked to provide your personal data (email address, name, phone number or other).
We make a further hypothesis; you want to access documents stored in a reserved area within a platform and you must enter your username and password.
In all these situations, wouldn’t you like your data to be always protected? That no one intercepted them and could read or disclose them?
Wouldn’t you like all your data to be always protected, no one to intercept them and read or disclose them?
HTTPS or HyperText Transfer Protocol over Secure Socket Layer is the protocol designed to prevent information from being read or modified while in transit.
In a nutshell, HTTPS is a set of rules (protocol) created to safely and encrypted transfer files (be they data, text, images, audio, video, multimedia files etc.) providing three fundamental levels of protection:
The data exchanged is encrypted to be protected from interception. This means that, while the user consults a website, nobody can “listen” to his conversations, keep track of activities or steal his information.
- Data integrity.
The data cannot be modified or damaged during the transfer, intentionally or not, without being detected.
It shows that users communicate with the intended website and not a fake site.HTTPS is the protocol designed to securely and encrypted transfer of files of any type
HOW DOES IT WORK
The HTTPS protocol uses two different IT security tools that make up the Transport Layer Security.
On the one hand, using TLS certificates issued by third party verifiers (and comparable to identification documents), it certifies the real “identity” of the portal and allows the user to avoid being the victim of a phishing attack.
On the other hand, it encrypts incoming and outgoing data through a mathematical algorithm making them practically indecipherable. This type of transmission ensures that only the client and the server are able to know the content of the communication and prevents third parties from reading, inserting or modifying the messages exchanged between the two “interlocutors”. The encrypted communication between server and end user, therefore prevents hackers from entering into communication (typically the man in the middle or in Italian the man in the middle) and to subtract the information sent and received (which can go from the email credentials to the data of the bank account or credit card).
Third party auditors entering the assessment process are third-party organizations called CA (certification authority) with 3 main objectives:
- Release digital certificates.
- Confirm the identity of the certificate owner.
- Provide proof that the certificate is valid.
The list of certificates (called root certificates) of many trusted CAs is therefore installed in the browser of each device (PC, tablet, smartphone) in order to ensure the identity of the certificate owner.
RECOGNIZE A SAFE CONNECTION
How can I verify that the website I access is using the HTTPS protocol and implement all the necessary initiatives to protect my data? Is the website I am accessing secure?
To find out, just check that at the beginning of the website address, in the address bar there is written https: // or check the status of the web, noting the presence or absence of a lock icon:
- Gray, green or white padlock: the site is secure and the certificate is reliable and verified
- Letter “I” within a circle: The site does not use a private connection (the certificate may have expired) Someone may be able to view or modify the information sent or received through the site.
- Dangerous website: if a full-page red warning screen is displayed, it means that the site has been marked as non-secure by the Safe Browsing feature, a Google service that scans billions of URLs, software and the contents of related pages. Visiting this site would put your private information at risk
WHY VISABIT USES HTTPS
HTTPS represents the best solution to transmit sensitive data through the network and protect users’ privacy and this in itself is already a valid reason.
Furthermore, the exchange of encrypted communications, the certainty of data integrity and the verification of website authentication make the HTTPS protocol a security measure fully in line with and compliant with the GDPR directives and prevention to counter a possible data breach, where for Data breach means a security incident in which sensitive, protected or reserved data is consulted, copied, transmitted, stolen or used by an unauthorized person.