IT Svit is now HTTPS-secured
We continue to improve our website and we’re happy to announce that now https://itsvit.com provides you with enhanced security thanks to HTTPS protocol.
Any action in Internet is data exchange – any time you are loading your favorite video or website, sending a message in social network, your computer sends requests to specific server and receives answers from it. Generally, these data exchanges are established using HTTP protocol. It both sets transferring rules and transports information according to these rules.
Despite the popularity and simplicity, HTTP protocol has one huge disadvantage – security, because data are sent unencrypted and are secured in no way. So if there is a hijacked computer on the way of your request that processes and transfers it to other computers, there is a high possibility that your request will be intercepted and then compromised. In order to overcome this disadvantage HTTPS protocol is used.
Actually, HTTPS is not a separate protocol – it’s just an extension to HTTP protocol to support encryption in order to improve security. In HTTPS protocol data are sent over cryptography protocols SSL or TLS. They ensure protection against different network attacks – for example, sniffing and man-in-the-middle.
In most of cases HTTPS is used in services that handle sensitive user information: logins, passwords, email accounts, credit card numbers, etc. You may have already noticed that email services, e-commerce websites, payment gateways, admin panels, feedback and submit forms use HTTPS protocol because they handle user information. The best thing about it is that all modern browsers support HTTPS out-of-the-box with no additional configuration – it is automatically enabled when and where needed.
While having HTTPS on board, your users are less likely to navigate to a fraudulent site, lose personal information, including passwords, credit card numbers, history of visits. This increases the credibility of your business.
How HTTPS works
At first, when establishing a secure HTTPS connection, computer and server select a common secret key and then exchange data between each other using that key. This common secret key is generated anew for each new connection session and it is hardly to be hijacked and brute-forced because it consists of more than 100 characters. This key is used to encrypt connection between browser and server. However, secret key is just one thing to ensure secure data exchange sessions.
Another important part is to ensure that secret is used by legitimate persons on each side (in other words to confirm that “you” are “you”, not someone else). Without this verification it is possible for attacker to intercept the secure connection, decrypt all the messages and even inject new ones, whereas both legitimate persons believe they are talking directly to each other over a private connection, when in fact the entire conversation is controlled by the attacker. These malicious actions are well-known as man-in-the-middle attacks. To avoid them secure certificates are used – documents that verify server’s identity.
Each server that tries to establish a secure connection to your website must have a secure certificate. It assures the following aspects:
- A person to whom a certificate is issued does exist
- This person is the only owner of the server specified in the certificate
Certificate identity verification is the first thing that browser does when establishing HTTPS-connection. Data exchange won’t start unless verification is completed successfully.
HTTPS for our company
The idea of introducing more security for our corporate website is based on loyalty for our visitors and potential clients. Despite the fact that our website doesn’t handle sensitive user data as much as for example, e-commerce website do (except for feedback form), we want to make sure that their data are fully protected from external intrusion, thus bringing trust and self-confidence.
Furthermore, HTTPS connection is also a good way to show that the website, as well as its content are both valid, so by navigating to some specific pages you can be sure that they provide you with exactly the information you want to receive.
Aside from security, HTTPS protocol is also more trusted from search engines side, which had been confirmed by Google in the HTTPS as a ranking signal article. It may have long-term benefits in ranging the website a bit higher in search results. We hope that this will also positively impact the attendance of our resources.
Feel free to browse through the latest insights and hints on the DevOps, Big Data, Machine Learning and Blockchain from IT Svit!
Upcoming DevOps Conferences 2019
Huge DevOps conferences like AWS re:Invent, DevOps Days, QCon or Jax DevOps always attract lots of attention. We list the events you might want to attend in 2019.
Why perform a periodic IT infrastructure audit?
The product you run and the services you offer are supported by some IT infrastructure. Periodic infrastructure audit helps keep it in check — resilient, performant, reliable.
IT Svit deployment evolution — from 3 hours to 2 minutes
One of IT Svit products is Hurma — an integral HR & recruiting system we developed from scratch. This is the story of how we reduced its deployment time from 3 hours to 2 minutes.
Shortening the feedback loop with Continuous Integration and Continuous Delivery
Every business that has a product or service in continuous development wants to deliver new features as quickly as possible. This is how CI/CD pipelines help shorten the feedback loop.