Clickstream is a term used to fetch the data from a web server where the data is generated by the traffic on the website. There is lot of useful information and patterns which can be analysed to make sense out of raw data. Security of the data is very important and here comes the need of SSL/TLC.
SSL is secure socket layer and TLS is Transport layer security
Poodle attack and end of SSl 3.0.
Poodle attack is similar to beast attack. By this attack the
attacker can gain access to cookies and private data of the user. Because of such incidents HIPAA (Health Insurance Portability and Accountability Act)-
says to stop using ssl 3.0 for all health related websites.
Every website which wants to use SSl has to have a SSL
Certificate.
Thawte or Verisign are the two companies which provide SSL
certificate to websites for a stipulated timeframe.
SSL Certificate is nothing but the a public and private key
for that particular website.
If Client doesn’t trust server , Client-side SSL
certificates are used and server has to verify the same.
If both client and
the server trusts each other , a symmetric key is generated by client and the cipher to be used.
Then this symmetric
key or the password is encrypted and send to Server . Only Server can decrypt
this key
Rest of the data can be transmitted using the key and the
chosen cipher.
Keys used for SSL are 2048 bit and ciphers are 128bit to
make it more secure
