OpenSSL, and Why Every IT Professional Should Know the Basics

Do you remember last year, when some security policy was not followed, an SSL certificate was not updated, or some piece of security infrastructure was not implemented correctly, a hacker or group of hackers, a disgruntled employee, or ex-employee was able to compromise the security of a network to the great embarrassment and huge financial loss of a corporation, an individual, and sometimes thousands of people? Do you remember that? I sure do! In many cases, if employees who were not in the security “loop” had a basic understanding of how security works, those problems might have been avoided.

Many people who don’t work with technology, also don’t understand it. Because they don’t understand it, there is always a willing or implicit trust that is given to IT managers about the security of sensitive information, images, and other forms of data. Unfortunately what many of those trusting people don't realize is that sometimes security technology is beyond the understanding of even the IT professionals entrusted with deploying maintaining and administering it.

In a world where data security is so important, and knowledge of the fundamentals of data security is so rare, it is no surprise that so many mistakes are made.

Of course the right thing to do is to try to understand how data security works, but that has always been a very difficult undertaking. Let me give you an example.

OpenSSL is the foundation for Secure Sockets Layer on a vast number of servers and client computers worldwide, now don’t let the sound of that name daunt you. It is after all just a name. It is the system upon which SSL protections are founded. It provides for the creation of identity and encryption certificates. It’s the part of a data security system that is used to create the certificates necessary for Secure VPN authentication, secure website traffic, secure banking traffic, secure credit card transaction traffic, secure mail and messaging traffic, and a list that frankly is too long to write here. You don’t have to understand a thing about the technology to know that it is incredibly important to you; yes you personally!

As such OpenSSL as a command line interface into the secure socket layer world is a fundamental security subject which every IT professional, whether Desktop Support or the CTO executive who never needs to do anything other than manage her team of brilliant people, should know. But it goes further than that. In my OpenSSL course at lynda.com, I have short movies that even a casual internet banking user should really watch and understand just so there is a slightly higher level of understanding of the security system, by the person who is using it.

I have done my best to make the subject of OpenSSL easier to understand, and a less time-consuming learning process than most people would think possible. I did so of course because I see the importance of IT personnel maintaining a fundamental understanding of the technologies that affect the people they are employed to serve. In a way, it is especially important that IT staff who do not work with security software should understand this extremely sensitive subject, because frequently the holes in an organization's security plan show up in the staff who are considered to be outside of the security loop. All organizations must understand that nobody is outside of the security loop so much that they need not understand how security works. SSL is a complicated, but extremely necessary technology in today's world. Maintaining a fundamental understanding of how it works is the responsibility of every computer administrator, and user too.

Sean Colins is the Founding Member of CoreQuick LLC, an Apple Technology Consulting Company providing Mac OS, and iOS consulting and software engineering services to Enterprise, Education, and Business customers worldwide. [email protected]