CYA: Securing IIS 6.0: Cover Your A** By Getting It Right the First Time

Secure Sockets Layer is an industry standard method of encrypting traffic. While it is typically used for securing HTTP traffic, the technology can also be used for securing other types of traffic such as Simple Mail Transfer Protocol (SMTP). SSL should be used whenever you need to send sensitive information between client and server (for example, authentication credentials or user-supplied information such as credit card numbers). This is particularly important when using basic authentication, as user credentials are passed in an unencrypted format (see Configuring Authentication in this chapter for more information on basic authentication). The technologies that SSL uses can also be used to certify the identity of a server (or client), so you should use SSL whenever you need to certify the identity of your server or clients.
Secure Sockets Layer is a public key-based security protocol that is used by Internet services and clients to authenticate each other and to ensure message integrity and confidentiality. Certificates are used to authenticate the server (and optionally the client), and cryptography is used to ensure message confidentiality and prevent tampering.
SSL should be used to secure the transmission of any sensitive data, including user credentials and user supplied data (such as credit card numbers). Use of SSL however, does place an additional resource burden on the server, as there is an overhead involved in encrypting and decrypting packets.
SSL uses certificates and public key cryptography to establish the identity of the...