Without An SSL Certificate, The Ministry Of Industry's Website Is Not Safe To Access
JAKARTA - The website of the Ministry of Industry (Kemenperin) was not accessible to the public. Because the Secure Socket Layer (SSL) certificate on that page has expired.
On the face screen, the Ministry of Industry's website had the words 'Connection is not private', indicating that the address of this site did not pass the SSL protocol. But by noon, this website could be accessed again, it's just that the open address is http://www.kemenperin.go.id, and not https://kemenperin.go.id.
The purpose of installing SSL is as an encryption protocol between the browser and the server, so that third parties cannot access the site's data. So what are the risks, if a website doesn't have SSL?
Cyber security expert from CISSReC, Pratama Persadha, explained that websites without SSL will be very vulnerable to cyber attacks. Even if the site doesn't renew its SSL immediately, it is likely to reduce its reputation as a trusted website.
"If the site is without SSL / expired, the data can be changed first or the data is compromised, which can cause the system to be infected with malware, viruses and other damage," Pratama said when contacted by VOI, Monday, July 27.
Therefore, Pratama added that some browsers such as Google Chrome by default refuse to open sites without a digital certificate. Meanwhile, when opened, the information "not secure" will appear on the side of writing the URL address.
"This (should) warn site managers and visitors that the site is not safe (to be accessed)," said Pratama.
It is known, in addition to protecting data, the existence of SSL also increases public trust, because it is easily visible through the website address with the addition of the letter S on HTPPS. Not only that, digital certificates can also help secure the online payment process via internet sites.
Then, Pratama stated that government-owned sites are very often found without SSL or their certificates have expired. Therefore, many recent government site breaches have been caused by the absence of an SSL certificate.
"Yes, it is relatively easy to hack, because the creators must be less aware of information security. This is also what makes government-owned sites often become targets of attacks by hackers who are training or looking for names (script kiddies),"
Pratama Persadha
Contacted separately, cybersecurity experts from Vaksincom Alfons Tanujaya also advised the public not to arbitrarily access or provide personal data to sites that do not have an SSL certificate.
"If the SSL expired (expired), it should be avoided to access or enter important data (credentials) and other important data to the site because it is vulnerable to being tapped," explained Alfons.
He explained, websites without an SSL certificate will be very easy to tread. The reason is, the site will be dangerous and very easy to insert malware.
"Because this site if faked is not monitored and the accesser is difficult to distinguish from the real site because they both do not have a legitimate SSL. So if they access a fake site, malware or data entered on this fake site may be stolen," he concluded.