10 Transport Layer Security: How the internet is secured
This chapter covers
- Understanding how Transport Layer Security (TLS) secures communication over untrusted networks
- Discovering what TLS protects you against and what it doesn’t
- Applying TLS across browsers and servers
- Identifying and avoiding common pitfalls in TLS configuration
The internet is like a noisy city full of people who love to listen in. Every time your phone or computer sends something, logging into your bank, ordering sushi, or sending a file, it’s a bit like whispering a secret in a crowded Starbucks. If you’re not careful, anyone nearby can hear. Even worse, someone might grab the message, change your tiramisu to cheesecake, or pretend to be your bank.
TLS gives you an encrypted briefcase (so no one can read your message), a signature wax seal (so the recipient knows it’s from you), and a way to confirm that the recipient isn’t some villain in disguise. TLS is the technology behind that little padlock in your browser. Without it, the web would be a free-for-all of stolen passwords, fake websites, and identity theft (figure 10.1).
Figure 10.1 When surfing the internet from a public network, you never know who’s sharing the network with you. For this reason, all communications must be secured.
