Overview of HTTPS and VPN
HTTPS (originally developed by Nestscape) stands for HyperText Transport Protocol Secure and is basically similar to an HTTP but uses a Secure Socket Layer (SSL) or Transport Layer Security (TLS) as a sublayer for security purposes. It enables secure communication and connection between a remote user and a web server by encrypting and decrypting pages that are requested, delivered and received.
For example, while using the web page that has a prefix , when the user clicks “Send,” to transmit the page back to the vendor or service provider, the HTTPS layer from the user’s browser will encrypt it. Likewise, the acknowledgment returned by or received from the server will also be transmitted in encrypted form, i.e., it will be delivered and will arrive encrypted, in turn to be decrypted for the user by the HTTPS sublayer of the user’s browser. In the likelihood that connection is compromised and intermediary hackers/attackers acquire the data being transmitted via HTTPS, the information would be undecipherable. Note that the decrypted data arriving at its destination is only as secure as the host computer. (Rouse.)
Additionally, secure web sites also typically display a small padlock icon somewhere next to the URL. By clicking the lock icon, one is able to view the secure certificate that authenticates the website. (Christensen.) Not only is it the de facto protocol for conducting sensitive transactions on the web (especially ones that involve credit card and bank account information), it can also protect users from censorship by a government or an ISP.Ã‚Â (ComputerHope.com.)
SSL (Secure Sockets Layer) is a popular implementation of public-key encryption. Once the browser sends out the public key and the certificate, it checks to make sure that (1)Ã‚Â the certificate is provided by a trusted party; (2) the current certificate is valid; and (3)Ã‚Â the certificate has a relationship with the site generating it. The public key is used to encrypt a randomly selected symmetric key. In other words, most systems use a combination of public key and symmetric key encryption. Under a secure session, one computer creates a symmetric key and sends it to the other computer using public-keyÃ‚Â encryption. When the session is completed, each computer disposes the key that was created and that was used for the particular session. For any ensuing sessions, a new symmetric key is created, and the routine is repeated. (ComputerHope.com.)
VPN (Virtual Private Network) is a private network that uses a public network to connect remote sites or users together instead of using a dedicated line or physical network connection. The “virtual” connections are routed through the Internet from a private network (such as a company) to the remote site (such as an employee). The technology enables the creation of an encrypted connection over a less secure network. A well-designed VPN incorporates security, reliability, scalability, network management and policy management (Cisco.com.)
Two common types of VPN:
- Remote-Access (or, Virtual Private Dial-up Network [VPDN]), is a user-to-LAN connection created by a company for its employees who are on various remote locations and who need to connect to the private network.
- Site-to-Site (categorized into intranets or extranets) uses dedicated equipment and large-scale encryption and can connect multiple fixed sites over a public network such as the Internet, or over a large distance (much like a WAN), with each site needing only a local connection to the same public network. (Cisco.com.)
In order to gain access to the private network, a user must first be authenticated by using a unique PIN (personal identification number) and a password. The PIN changes according to a specific frequency, usually every 30 seconds or so. VPN technology uses complex algorithm encryption to guarantee secure and private communicationÃ‚Â as well as to prevent any unintentional or unauthorized interception of data between private sites. (whatismyipaddress.com.)
VPNs use IPSec (Internet Protocol Security) connection to tunnel between the two endpoints and require third-party hardware and/or software. An extra layer of security is provided since in order to access or connect to a VPN, the remote device must have an IPSec client software application installed but must also have it properly configured. In other words, although all data/traffic is encrypted, users on can only access the encrypted applications that they are configured to access in the SSL VPN connection and not the entire network. (Lifewire.com.)
HTTPS relies on SSL, which is a common protocol that most web browsers have built in. The secure connection exists between the user’s browser and the server or a specific web site. All data exchanged between the two are encrypted. Unlike VPN, it does not provide access to anything other than what is currently being communicated. Comparatively, it does not require an authentication code or PIN. Instead it creates a temporary public or symmetric key, which is discarded as soon as the communication is finished.