03 9695 5408 info@melbournecityit.com.au
Melbourne City ITMelbourne City IT
  • Home
  • Services
    • – Website development
    • – Web Hosting
    • – IT consulting
    • – VoIP
    • – IT Support
    • – Cyber Security
    • – Linux
    • – Cloud Solution
  • Contact
  • Blog
  • Home
  • Services
    • – Website development
    • – Web Hosting
    • – IT consulting
    • – VoIP
    • – IT Support
    • – Cyber Security
    • – Linux
    • – Cloud Solution
  • Contact
  • Blog

Security

  • Home
  • Blog
  • Security
  • Why should use HTTPS instead of HTTP

Why should use HTTPS instead of HTTP

  • Categories Security
  • Date May 5, 2020
What is HTTP and HTTPS

HTTP stands for Hypertext Transfer Protocol. At it’s most basic, it allows for the communication between different systems. It’s most commonly used to transfer data from a web server to a browser in order to allow users to view web pages. It’s the protocol that was used for basically all early websites. HTTPS stands for Hypertext Transfer Protocol Secure. The problem with the regular HTTP protocol is that the information that flows from server to browser is not encrypted, which means it can be easily stolen.

How vulnerable http is

 

I will show you how vulnerable HTTP is in the below lab:

First, I logged on a BBS which does not do traffic encryption:

Open Wireshark to capture the traffic, we will see which one we will use in this connection.

 

Unfiltered

We can see that the browser used the address 168.1.8.244, so we only need to focus on the connection between local pc and this site. Click in the text field after Filter, type "ip.addr==168.1.8.244".

Filtered result
Filtered result

 

Now is the TCP three handshake in the first few lines.

We can see the connection establish request (SYN) in line 1-6. (why there are 6 times request).  Then the step 2 [SYN, ACK]  acknowledge 1st step, and synchronize the connection parameters. Step3, acknowledge that both sides agree to establish the connection.

Password sniffing

 

For the password transferred in http, which is plain text, you can easily find the password by looking for the Post action in the Info tab. Then check the HTML Form URL Encoded: application/x-www-form-urlencoded, there are some form item. you can find the username and password there.

http_wireshark

And you can see that the username and password are all in plaintext !

Other benefit

Not only secure, you can also benefit from HTTPS:

  1. On top of security, Google itself has confirmed that HTTPS websites get a boost in search ranking. So a company like Melbourne City IT always recommend you deploy your website with HTTPS and migrate to it if you have not.
  2. Most browsers support HTTPS, which provides an enhancement over the old HTTP version of websites. When HTTPS is enabled, online users will experience faster browsing speed
Solution

 

To secure your website and protect your customer's info, the best practice is migrate to HTTPS, contact "Melbourne City IT" to discuss the most cost effective solution for your website security!

 





    Tag:Cyber Security Melbourne, https implement, Melbourne City IT, website security

    • Share:
    Frank Fu

    Next post

    Time To Move On To VoIP
    May 6, 2020

    You may also like

    • Melbourne_IT_security_IP_Blocker-512
      Block IP addresses by Country in 3CX
      4 September, 2020

    Services

    • Consulting
    • IT support
    • Telephony (VoIP)
    • Cyber Security

    Recent Posts

    • Block IP addresses by Country in 3CX
    • Fix Remote desktop Frozen issue
    • Prevent your email from being marked as spam
    • Time To Move On To VoIP
    • Why should use HTTPS instead of HTTP

    SERVICES

    • Website Development
    • Website Hosting
    • Cloud Solution
    • Cyber Security
    • Conslting
    • VoIP Service
    • IT Support
    • Linux Service
    • Backup And Recovery

    CONTACT US

    • info@melbournecityit.com.au
    • 03 9695 5408

    Blog

    Block IP addresses by Country in 3CX
    Frank Fu
    September 4, 2020

    Block IP addresses by Country in 3CX

    Fix Remote desktop Frozen issue
    Frank Fu
    July 7, 2020

    Fix Remote desktop Frozen issue

    Prevent your email from being marked as spam
    Frank Fu
    May 20, 2020

    Prevent your email from being marked as spam

    © Melbourne City IT 2020