SSL Doesn't Protect Everything

Remember the tunnel that SSL sets up to protect your transactions? It is important to understand that the tunnel is the only protection that SSL gives you. Although the tunnel is safe and secure, the computers at each end of it might not be. SSL only protects information in transit. After your credit card or any other information has made it across the Internet, it sits on a server in a database. SSL cannot protect the database or the server from being attacked. The server still needs the basic kind of protections that we discuss throughout this book. Firewalls, antivirus software, the latest operating system patches, and good security awareness are some of the fundamental protections that are needed.

Your personal computer needs similar protection. After you have performed a credit card transaction, your Web browser might cache a local copy of the receipt page that displays all of your personal information, including address, credit card number, and purchase details. If you are not aware that this page has been stored on your computer, you might fail to properly remove or secure it. If your computer is not protected with some of the basic security controls we discuss throughout this book, it might be an easy target for an attacker.