Tag: HTTPS

HTTP vs HTTPS

Both HTTP and HTTPS are protocols being used for transmitting and receiving information across the Internet.

HTTP is the acronym for Hypertext Transfer Protocol. HTTP has been the standard communication protocol pretty much since the internet was developed.

HTTP: HyperText Transfer Protocol:

Hypertext Transfer Protocol (HTTP) is a system for transmitting and receiving information across the Internet. HTTP is an “application layer protocol,” which ultimately means that its focus is on how information is presented to the user, however, this option doesn’t really care how data gets from Point A to Point B.

It is said to be “stateless,” which means it doesn’t attempt to remember anything about the previous web session. The benefit of being stateless it that there is less data to send, and that means increased speed.

Here is the fact of HTTP:

  • The Term HTTP is originated by Ted Nelson.
  • HTTP connections uses a port 80 by default.
  • HTTP URLs begin with “http://”.
  • The first version of HTTP was introduced in 1991 that is HTTP V0.9.
  • HTTP V1.0 is specified in RFC 1945 that officially introduced and recognized in 1996.
  • HTTP V1.1 is specified in RFC 2616 and was released in January 1997.
  • HTTP V2.0 is specified in RFC 7540 and was published in May 2015

HTTPSHyper Text Transfer Protocol Secure:

Hyper Text Transfer Protocol Secure (HTTPS) is the secure version of HTTP, the protocol over which data is sent between your browser and the website that you are connected to. The ‘S’ at the end of HTTPS stands for ‘Secure’. It means all communications between your browser and the website are encrypted. HTTPS is often used to protect highly confidential online transactions like online banking and online shopping order forms.

 

HTTP vs HTTPS

Web browsers such as Internet Explorer, Firefox and Chrome also display a padlock icon in the address bar to visually indicate that an HTTPS connection is in effect.

 Here is the fact of HTTPS:

  • HTTPS uses a port 443 by default to transfer the information.
  • HTTPS URLs begin with “https://”.
  • The HTTPS is first used in HTTPS V1.1 and defined in RFC 2616.

 HTTPS provides three key layers of protection

  • Encryption. Encrypting the exchanged data to keep it secure.
  • Data Integrity. Data cannot be modified or corrupted during transfer without being detected.
  • Authentication proves that your users communicate with the intended website.

There is a belief among many around the web that HTTPS is slower. Fortunately, this is a myth. HTTPS is actually much faster than HTTP.

Difference between HTTP and HTTPS

  • In HTTP, URL begins with “http://” whereas URL starts with “https://”
  • HTTP uses port number 80 for communication and HTTPS uses 443
  • HTTP is considered to be unsecured and HTTPS is secure
  • HTTP Works at Application Layer and HTTPS works at Transport Layer
  • In HTTP, Encryption is absent, and Encryption is present in HTTPS as discussed above
  • HTTP does not require any certificates and HTTPS needs SSL Certificates

http-vs-https

Picture12

 

Is HTTP dying?

HTTP isn’t really dying, per se. It’s just being forced to evolve. As we mentioned earlier, the browsers are basically our de facto vehicle for getting around the internet. The vast majority of us could not use the internet without a browser. And that puts the browsers in position to influence the internet as they see fit.

Right now, they’re mandating SSL. The initiative began a few years ago with a soft push. Google announced HTTPS would become a ranking factor for SEO, then the browsers started making new features exclusive to sites with SSL. Gradually they incentivized encryption more and more.

For a detailed explanation on SSL/TLS protocols, check my earlier post: SSL/TLS

Picture11Keep reading, Keep learning 😊

 Source: Sanjay Barot, geeksforgeeks, i-techgeeks, instantsslBhavesh Patel

SECURITY+ Acronyms

Acronym

Stands for

3DES Triple Data Encryption Standard
AAA Authentication, Authorization and Accounting
ACL Access Control List
AES Advanced Encryption Standard
AES 256 Advanced Encryption Standards, 256-bit
AH Authentication Header
ARP Address Resolution Protocol
AUP Acceptable Use Policy
BCP Business Continuity Planning
BIOS Basic Input/Output System
BOTS Network Robots
CA Certificate Authority
CCTV Closed-Circuit Television
CERT Computer Emergency Response Team
CHAP Challenge Handshake Authentication Protocol
CIRT Computer Incident Response Team
CRL Certification Revocation List
DAC Discretionary Access Control
DDOS Distributed Denial of Service
DEP Data Execution Prevention
DES Data Encryption Standard
DHCP Dynamic Host Configuration Protocol
DLL Dynamic Link Library
DLP Data Loss Prevention
DMZ Demilitarized Zone
DNS Domain Name Service
DOS Denial Of Service
DRP Disaster Recovery Plan
DSA Digital Signature Algorithm
EAP Extensible Authentication Protocol
ECC Elliptic Curve Cryptography
EFS Encrypted File System
EMI Electromagnetic Interference
ESP Encapsulated Security Payload
FTP File Transfer Protocol
GPU Graphic Processing Unit
GRE Generic Routing Encapsulation
HDD Hard Disk Drive
HIDS Host-Based Intrusion Detection System
HIPS Host-Based Intrusion Prevention System
HMAC Hashed Message Authentication Code
HSM Hardware Security Module
HTTP Hypertext Transfer Protocol
HTTPS Hypertext Transfer Protocol over SSL
HVAC Heating, Ventilation, Air Conditioning
IaaS Infrastructure as a Service
ICMP Internet Control Message Protocol
ID Identification
IKE Internet Key Exchange
IM Internet Messaging
IMAP4 Internet Message Access Protocol v4
IP Internet Protocol
IPSEC Internet Protocol Security
IRC Internet Relay Chat
ISP Internet Service Provider
KDC Key Distribution Center
L2TP Layer 2 Tunneling Protocol
LANMAN Local Area Network Manager
LDAP Lightweight Directory Access Protocol
LEAP Lightweight Extensible Authentication Protocol
MAC Mandatory Access Control / Media Access Control
MAC Message Authentication Code
MBR Master Boot Record
MDS Message Digest 5
MSCHAP Microsoft Challenge Handshake Authentication Protocol
MTU Maximum Transmission Unit
NAC Network Access Control
NAT Network Address Translation
NIDS Network-Based Intrusion Detection System
NIPS Network-Based Intrusion Prevention System
NOS Network Operating System
NTFS New Technology File System
NTLM New Technology LANMAN
NTP Network Time Protocol
OS Operating System
OVAL Open Vulnerability Assessment Language
PAP Password Authentication Protocol
PAT Port Address Translation
PEAP Protected Extensible Authentication Protocol
PGP Pretty Good Privacy
PKI Public Key Infrastructure
PPP Point-to-Point Protocol
PPTP Point-to-Point Tunneling Protocol
PSK Pre-Shared Key
RA Recovery Agent
RADIUS Remote Authentication Dial-in User Server
RAID Redundant Array of Inexpensive Disks
RAS Remote Access Server
RBAC Role Based Access Control
RSA Rivest, Shamir & Adleman
RTP Real-Time Transport Protocol
S/MIME Secure/Multipurpose Internet Mail Extension
SaaS Software as a Service
SCAP Security Content Automation Protocol
SCSi Small Computer System Interface
SDLC Software Development Life Cycle
SDLM Software Development Life Cycle Methodology
SHA Secure Hashing Algorithm
SHTTP Secure Hypertext Transfer Protocol
SIM Subscriber Identity Module
SLA Service Level Agreement
SLE Single Loss Expectancy
SMS Short Message Service
SMTP Simple Mail Transfer Protocol
SNMP Simple Network Management Protocol
SSH Secure Shell
SSL Secure Sockets Layer
SSO Single Sign-On
TACACS Terminal Access Controller Access Control System
TCP/IP Transmission Control Protocol/Internet Protocol
TLS Transport Layer Security
TPM Trusted Platform Module
UAT User Acceptance Testing
UPS Uninterrupted Power Supply
URL Universal Resource Locator
USB Universal Serial Bus
UTP Unshielded Twisted Pair
VLAN Virtual Local Area Network
VoIP Voice Over IP
VPN Virtual Private Network
VTC Video Teleconferencing
WAF Web Application Firewall
WAP Wireless Access Point
WEP Wired Equivalent Privacy
WIDS Wireless Intrusion detection System
WIPS Wireless Intrusion Prevention System
WPA Wireless Protected Access
XSRF Cross-Site request Forgery
XSS Cross-Site Scripting