When accessing a Web site, the content of the Web page that is returned is sent across the network in plain text. If you have a network sniffer, either a hardware device or software tools like Ethereal (http://www.ethereal.com), you can capture all the network traffic that passes through your device.
If your Web site is on the Internet, any user accessing the Internet Service Provider's site can potentially see the data passing between your Web server and whoever is accessing it. If your Web site is an intranet, then anyone on the same physical network, in other words, most employees, can see the data.
If the data is private or confidential, then you should secure it. On an Internet site, confidential information might be credit card details or customer information; on an intranet site, it might be salary details or bank account information if you are using a Web-based HR/payroll application.
Securing this traffic is fairly easy; you must enable HTTP/S or Secure Socket Layer (SSL) for HTTP on your Web server. HTTP/S encrypts the data flowing between your Web server and the client process (normally a Web browser) using Public Key Cryptography. You will need a Digital Certificate to allow this encryption to take place.
You can purchase SSL certificates for a public Web site from Verisign (http://www.verisign.com), Thawte (http://www.thawte.com), GeoTrust (http://www.geotrust.com), and others. These sites also have documentation explaining SSL and the process for purchasing, installing, and configuring SSL on many popular Web servers.
Note: You should purchase the highest level of encryption possible for your locality. Most countries now allow 128-bit SSL, while some are still limited to 40-bit. The Digital Certificate provider will let you know the highest level that you can purchase.
If you are hosting a private Web site or an intranet, then you can generate your own certificates. This has the benefit of being free, but the users of your site will have to accept their Web browser's warning that the certificate from your site is not trusted. To generate your own certificates, see your Web server's documentation.
After you have enabled SSL, you can use https instead of http as the URL protocol for your Web site, and then the data will be encrypted. For example, if your Web site address is:
