How Secure Servers Work

When sharing your information online you should be looking for the signs that you’re communicating with a secure server.

The more observant internet user will have noticed small changes occurring in the address bar of their web browser. These include the address bar turning green, a yellow padlock appearing and a letter ‘s’ joining the http:// address prefix. These changes indicate a connection has been established with a secure server, helping to ensure data transfers between host and recipient machines are conducted with optimal levels of security.

During normal usage, data packets are fired across the internet with the primary aim of arriving at their destination as quickly as possible. These packets are unsecured, which means their contents could be viewed by anyone from Government agencies to cyber-criminals. Clearly, when personal or financial data is being communicated greater care needs to be taken to distribute those packets. A secure connection will encrypt a data stream prior to sending and decrypt it upon receipt, ensuring any contents are protected from prying eyes while in transit.

A secure server is established when a web browser initiates a secure session with a website’s host server. Once the server’s security certificate has been authorised by the browser, an encrypted session key is shared between the two. This encrypts and decrypts data without any risk of interception along the way, since nobody else can unlock the conversation; any eavesdropping would instantly be detected, and any tampering would render the contents unusable.

The calibre of encryption is governed by independent Certification Authorities, who grant websites a certificate acknowledging their use of Transport Layer Security (formerly known as Secure Socket Layer) cryptographic protocols. These certificates are hard to acquire but are highly prized, and various organisations have been established to help new businesses achieve TLS certification.

Certified sites must use one of three methods of data encryption, of which the most robust involves 2048-bit encryption known as Extended Validation. This is the current gold standard for financial transactions, and it’s the one used by many banks and financial platforms. Extended Validation encryption is recommended by the international Payment Card Industry Data Security Council, whose eponymous Standard sets global benchmarks for the protection of personally identifiable information to minimise fraud or data loss. This information is always being revised as new vulnerabilities are identified relating to protocols, configurations or implementation.

One potential issue with TLS is that older web browsers (particularly previous generations of Microsoft Internet Explorer) may not be compatible with the latest protection methods, and sometimes fail to recognise current security certificates. Different browsers handle such occurrences in different ways, though the resulting warning messages frequently do more to deter potential customers than reassure them. Any programmer or site designer should ensure as far as possible that older web browser versions will recognise TLS certificates, to minimise the risk of incompatibility or conflict.

The advantages of TLS certification go far beyond heightened security for clients. As well as generating considerable peace of mind, http:// prefixes achieve higher search engine rankings. They provide reassurance that a certified website or business is legitimate and conscientious, which helps to increase conversion rates, and they also protect the company’s own data from theft or malicious use.