Monday

Website Security Concepts

How can we tell if a web page is secure?

Anytime a web page asks you for sensitive information, you need to be able to identify if the page is secure or not. The ability to recognize a secure web connection is extremely important as online fraud cases have increased substantially from year to year. This FAQ is intended to guide you to safer online shopping.

What exactly do we mean by "secure"?

Anytime you view a web site information is sent from your computer to the web server and from the web server to your computer. The transmission of this information is normally sent in "plain text", meaning anyone would be able to read it should they see it. Now consider this. Each piece of information transmitted traverses many computers (servers) to reach its destination.

Try it! - Windows Users, to see just how many machines your information traverses, follow these steps:

1) On your computer, click Start, then Run
2) Type "cmd" and click "OK" (or press Enter)
3) Type this in exactly: tracert www.website-quality.blogspot.com
4) Press Enter

Each listing in the window is a different computer/router/switch (a "node" in networking terms). Each "node" represents a point at which any data you send might be recorded! It is not uncommon to see 20-30 listings.

Big deal, right? Consider this the next time you type in a password or your credit card number. Ah! Therein lies the problem. The solution to this problem is to encrypt this data for transmission. Secure Sockets Layer (SSL) was created for this very purpose.

SSL uses a complex system of key exchanges between your browser and the server you are communicating with in order to encrypt the data before transmitting it across the web. A web page with an active SSL session is what we mean when we say a web page is "secure".

ALL WEB PAGES ASKING YOU FOR SENSITIVE INFORMATION SHOULD BE SECURED USING SSL!!!

How can we tell if a web page is secured?

There are two general indications of a secured web page:

1) Check the web page URL

Normally, when browsing the web, the URLs (web page addresses) begin with the letters "http". However, over a secure connection the address displayed should begin with "https" - note the "s" at the end.

Try it! - Visit our home page (http://www.ssl.com). Note the URL begins with the "http" meaning this page is not secure. Click the link in the upper-right hand corner to "Log in". Notice the change in the URL? It now begins with "https", meaning the user name and password typed in will be encrypted before sent to our server.

2) Check for the "Lock" icon

There is a de facto standard among web browsers to display a "lock" icon somewhere in the window of the browser (NOT in the web page display area!) For example, Microsoft Internet Explorer displays the lock icon in the lower-right of the browser window:



As another example, Mozilla's FireFox Web Browser displays the lock icon in the lower-left corner:



THE LOCK ICON IS NOT JUST A PICTURE! Click (or double-click) on it to see details of the site's security. This is important to know because some fraudulent web sites are built with a bar at the bottom of the web page to imitate the lock icon of your browser! Therefore it is necessary to test the functionality built into this lock icon. Furthermore, it is very important to KNOW YOUR BROWSER! Check your browser's help file or contact the makers of your browser software if you are unsure how to use this functionality.

Try it! - Visit our home page (http://www.ssl.com). Click the link to "Log in" to initiate a secure session. Note the lock icon display in YOUR browser. Click the icon, or double-click (varies by browser), and examine the security information displayed about the web site. If there is no display at the bottom of your browser try clicking "View" in the main menu and make sure "Status Bar" is checked.

Other Indicators of a Secured Web Page

Many SSL Certificate vendors (Verisign, GeoTrust, SSL.com, etc.) also provide a "site seal" to the owners of these web sites. Common characteristics of these site seals include:

High Visibility - Online merchants want you to see these site seals. They want you to know they have made every effort to make their site a safe shopping experience. Therefore, the site seal is usually located where you, the customer, can easily see it.
Difficult to Duplicate - The site seals are designed to be difficult for thieves and scammers to duplicate. Many times the site seal will have a date and time stamp on it.
Verification Functionality - The site seal should have some functionality whether by clicking on the seal or by hovering your mouse over the seal. The functionality should display detailed information about the web site you are visiting.
These site seals should not necessarily be trusted on their own, but should serve as a reminder to "investigate further"...

1) Check for that "https" in the prefix of the web page address.

2) Click on that "lock icon" in the status bar of your browser.

If everything looks good, the company or individual(s) running that web site have provided you with a safe means of communicating your sensitive information. The web page is "secure".

Browse Safely and Enjoy!

Source: "http://info.ssl.com/article.aspx?id=10068".

2 comments:

Eventure Internet said...

hey guys great post!! I think small buiness really need to more to protect there pc's , also take out websiteinsurance!

Anonymous said...

Hey - I am definitely delighted to find this. cool job!

Providing tips to improve website quality, website speed, website design and website performance is the main objective of this blog. Improving website quality and website performance increases website traffic and page rank. Details on Web technologies, Quality website design, SEO concepts, Developer guides, and website related in IT industry.