High, slow, difficult to manage?Always solve misunderstandings related to SSL

By converting the entire website into SSL, the transition to "SSL", which realizes high security, is becoming full -fledged.We asked Shimantech, who boasts a high track record in the SSL server certificate, about the constant SSL, such as "SSL is always high cost", "communication is slow", and "management becomes difficult".

What is the constant SSL that enhances the reliability of the website?

　Always SSL is literally implementing SSL * on the entire website.Since the dawn of the 1990s Internet, we use SSL, which has protected the security of the website, to guarantee the safety of the website itself, encrypt communication to prevent data leakage.In the past, SSLs were often applied only to inquiries and shopping card forms, but SSLs are always expanded to the entire site.

Difference between existing SSL use and SSL at all times

　Always SSL has a great advantage in terms of security.In recent years, banks and commerce sites have been taking measures, so in recent cyber attacks, it is often targeted for government agencies and general companies that are delayed in countermeasures."Especially with the spread of wireless LAN, the risk of security of" middle -aged attacks "is increasing, which will be a regular user in communication," points out Simantech's Izuke Nakagawa.

Symantech Trust Services Direct Channel Marketing Department Manager Izusuke Nakagawa

　There are many IT departments that hesitate to convert all sites into SSL even though they are not banks or commerce sites.In addition, some users may not enter credit cards or passwords, and do not have a form in which personal information is input.However, recently, e -mail addresses, cookies, and access users have been protected.Therefore, the premise of "SSL because it is a form" is collapsing.In that regard, if you can convert the whole SSL, you can exchange cookies, assuming that all communication with the site is encrypted.Web sites will increase the reliability of the website itself and give users a sense of security.

In the HTTP/2 era, SSL always becomes faster

　The concept of SSL itself is not always new, but it was previously regarded as a security measure to improve the reliability of websites.It was a defensive investment to have users register personal information with confidence.At present, however, SSL always has various benefits, such as the design of the website, reducing the development load, improving the communication speed, the access analysis and the improvement of SEO.

　For example, as in the past, the conductor and development of the website will be easier because the conductor does not require separation due to the presence or absence of SSL."It is often misunderstood, but if it is on the same site (FQDN), it will be 100 pages or 1 million pages, but the cost of installation and management does not change depending on the number of pages.Rather than dividing the form with SSL and normal pages in HTTP, it is often easier to manage it if you set all the SSL and specify the relative path for the link between the pages, and as a result, the cost performance is improved.It will lead to Simantec Takashi Abe.

Symantec Trust Services Product Management Department Manager Abe

　In addition, there is a point that the communication speed is faster when using SSL at all times.Speaking of SSL, it is a common theory that communication is delayed due to the burden on the server due to the encryption processing, but that is exactly the opposite.

　This has the background that the transition to the next -generation protocol HTTP/2 with various high -speed technology is progressing rapidly."In the case of communication with HTTP/2, which was standardized in IETF in May, the main web browser implements HTTP/2 protocols on the premise of SSL. Always in order to benefit the speed improvement by HTTP/2.We will consider SSL, "he points out.

　In fact, when measured on a speed measurement site, the display of a site that takes 10 seconds in HTTP ends in 2 seconds in HTTP/2.In addition to the spread of multi -core CPUs with high parallel processing capacity, the adoption of the new cryptographic algorithm ECC, and the server setting tuning, it is also possible to obtain higher performance while being SSL."SSL is slow" can no longer be a past story.

In order to benefit from the speed of HTTP/2, the SSL is more suitable.

All US government -related sites are always SSL by 2016

　Up to this point, it is a constant advantage of SSL for IT departments, but there are some advantages on the website that jurisdiction over the website.First of all, you can get a lot of referral information.With HTTP rifa, you can analyze which site the client has visited, but if you move from an SSL site to a non -SSL site, you will not be able to collect referral information depending on the specifications of the browser.Even if you analyze it, you can't properly find out which site you visited.However, if you always use the website into SSL, you can collect a lot of referral information even when visiting from SSL sites.

　Furthermore, there is also the advantage that sites that are constantly being SSL increase in search ranking.As you know, Google has increased the priority of the page ranking of the SSL site than the regular HTTP site.Of course, if the SSL site has proven the identity of the site, users are safe."The SSL of the entire site itself will show a positive attitude toward corporate security, leading to the reliability of the site," says Nakagawa.In the future, we are considering warnings to sites that are not SSLized in Web browsers such as Chrome.

　The flow of SSL conversion is no longer stopped.Many web service operators such as Google, Facebook, Twitter, YouTube, Wikipedia, and Netflix have already been SSL, and US government agencies have issued guidelines that constantly convert all government sites SSL.Currently, the constant SSL rate of US government sites has already reached about 34 % (as of November 2015), but by the end of 2016, everything is planned to be SSL.The 1/5 of the traffic on the Internet is already SSL, and it is expected that the default will always become SSL in the future.

The SSL rate of US government sites has already reached 34 % (Source: Pulse https: // pulse).cio.GOV/)

　In this way, the SSL is no longer the story of "going or not", but the current theme is "when to go".Mr. Nakagawa said, "The external environment over SSL, such as major employment, standardization of HTTP/2, and expansion of hosting services, has changed a lot in the last few years.He points out. We will surely increase in inquiries to the Web director in the future. I would like you to get a competitive position by doing it now instead of doing it in the future. "

What is the decisive factor in choosing a certificate in SSL?

　In everything, the benefits of SSL are always clear.However, the most worrisome thing about transitioning to SSL at all times is the cost problem.The SSL site always requires an SSL server certificate, so it costs more than the HTTP site.Until now, only sites that need to protect personal information are often converted to SSL, but it is natural that the cost is expanded to the entire site.

　In this regard, Symantec is ideal to introduce an EV certificate with high visibility to unspecified number of users, but argues that it is not realistic depending on the size and nature of the site."There are several types of SSL server certificates, including low -priced ones."."Use the EV certificate and use a DV certificate for the intranet, and it will be the best practices in the future according to the usage scene.It is an unusual option for a vendor selling commercial certificates.

　Under these assumptions, multiple certificates, security, and security, such as the DV certificate of the main encryption, an OV certificate that authenticates the reality of a company, and an EV certificate that authenticates the reality of companies.It is the best optimal solution to use properly according to the strength of.Of course, Symantec offers all kinds of certificates, so first select a certificate according to the authentication level.Depending on the domain name, select a wildcard corresponding to multiple sub domains or multi -domain corresponding to multiple domains.

In Symantech's SSL server certificate, you can select a DV certificate (from the georast), an OV certificate, and EV certificate according to the strength of the security.

　The most important thing is the reliability of the Certification Bureau, which ensures the legitimacy of the SSL server certificate.In the case of the so -called “oleore certificate”, there is a fundamental defect that has no warranty of an external organization, as well as the management problem that it is difficult to grasp the person in charge, not noticing the theft, and how many sheets are.On the other hand, the Symantech Group, which takes over the Belisain brand, which has been developing commercial certificates since the 1990s, has high track record in infrastructure, platforms, and support for corporate users as a certificate bureau.

■ Related article

　In commercial certificates, if you use a cheap service, the infrastructure of the certification bureau itself may be exposed to external attacks and abused by the attacker.In fact, Diginotar, a long -established certification bureau in the Netherlands, was hacked all servers managed by the Certificate Bureau in June 2011, abusing unauthorized SSL server certificates.As a result, it was removed from the trusted certification bureau list of the web browser, and the user had to purchase a certificate again from other certification bureaus to avoid warnings at the time of access to the site.If you select an SSL server certificate only for cost, it can be said that you will see painful eyes later.

Start the next -generation website constantly SSL with Shimantech

　SSLs are always attractive, but there are many voices that there are few transfer know -how.In particular, there are not many companies that are always challenging SSL in Japan, so there is a problem that what kind of work is needed for the transition and that the project cannot be estimated.In response, public SSL implementation guidelines have been provided in Japan, and Symantech itself is preparing seminars and white paper.

^{[White Paper] "Always SSL/TLS", which converts all pages of the successful "SSL conversion" website for the web person and the server representative, has become a major trend.On the other hand, some of the web and server representatives understand the significance, but always think that SSL/TLS will require special skills and effort.Isn't there too?In this book, we will explain the points that web creators and server representatives who are responsible for the website design and operation site in order to always step into SSL/TLS will be explained in an easy -to -understand manner.click here to download}

　Users who are worried about the trouble of operation management can also use hosting services and clouds that are always provided by SSL."Many major cloud vendors have a partnership with Symantech and provide the SSL environment at all times. We will continue to proceed with partnerships in Japan," Abe says.In addition to evolving services and tools that automate certificate management, the number of businesses that adopt SNI (Server Name Indication), which can use multiple virtual domains in one IP address, is increasing, and the threshold of SSL introduction is constant.It can be said that it is definitely going down.

　SSL server certificates are important weapons, especially in companies that aim for globalization and inbound markets to ensure the reliability of the site.Mr. Nakagawa said, "When I asked customers who have always introduced EV SSL certificates in SSL, the address bar is to appeal whether companies that are inadequate overseas are reliable.He said that he needed a green EV SSL certificate. The number of customers who understand the authentication value is definitely increasing. "

"The number of customers who understand the value of authentication is definitely increasing."

　Of course, security measures on websites do not end with SSL server certificates alone.Attacks on websites are becoming more intense and not for many companies.In that regard, Symantech, a security -only vendor vendor, has a wide range of portfolios, not only SSL server certificates, but also WAF, targeted attack countermeasures, and information leak measures, and strongly supports the operation of secure and stable websites.It should be.

(Provided by Symantec Website Security)