‘This connection is not secure’

‘This connection is not secure’

15th July 2020

HTTPS vs HTTP – What’s the difference?

We’ve all noticed that little green padlock at the top of our browser which tells us that this website is ‘Secure’ – But what is it about HTTPS that makes it so secure, and should we be scared of ‘unsecure’ HTTP Traffic?

What is HTTP?

First of all, before we learn about HTTPS, we should understand the basic process of HTTP traffic. HTTP, an acronym for Hyper Text Transfer Protocol, it’s the service used to transfer data between a client and website.

When a computer is trying to access a website, it will send a request to the server via HTTP (after DNS has been resolved), this packet will include basic information on the computer such as the Operating System used.

Once the server receives this request, it will return a packet with all the website information, which will be specific for that Operating System.

This process will repeat as the client browses through multiple pages, and more HTTP packets will be transferred between the client and the server.

This process will repeat as the client browses through multiple pages, and more HTTP packets will be transferred between the client and the server.

And… What’s the problem?

Any web traffic using HTTP is not encrypted, meaning that if any packets were intercepted, the contents could be viewed in plain-text. Generally, this isn’t a problem as information such as the Operating System Version would not be considered ‘sensitive’ in most cases. However, when making payments and logging in with a username/password, it is imperative that you ensure your connection is using HTTPS, otherwise your personal data will be at risk.

So, what is HTTPS and how does it work?

HTTPS (Hyper Text Transfer Protocol Secure) is the Secure version of HTTP. The process is near enough the same, however an encrypted connection is established prior to sending any sensitive information.

This is where things get a bit more technical…

The HTTPS service uses TLS (Transport Layer Security) which is a cryptographic protocol used to encrypt HTTP traffic. Essentially, this ensures all data is encrypted before being transmitted to the client or server.

If any HTTPS traffic gets intercepted by an attacker, the data will be unreadable. This is why HTTPS is vital when filling out any sensitive forms (Paying for goods, logging in).

A message to take away...

All in all, basic HTTP traffic is not something to fear, and that ‘Dangerous Site’ message in the top corner warning you that your connection is not ‘Secure’ may be slightly misleading. If you’re not filling out a form, making a payment, or doing anything which involves typing your sensitive data into a website, then there’s no need to close that web browser!

Ollie
Witten by Oliver Boughton-Thomas - Cyber Security Apprentice