Web site security is a complex and perhaps even controversial topic. On one side, there are persons who regard themselves as the freedom fighters of the technology and information era; on the other side there are those who view this as a form of modern terrorism. Whatever the case and without question, breaking into a computer system without consent is a crime.
It is convention to use a protected connection when compiling sensitive data such as the personal information of a visitor of a Web site. The security levels of those secured connections currently in popular use are “none”, 40-bit, 56-bit, and 128-bit listed from lowest to highest level of page security.
Encryption is a very effective tool in protecting data from unauthorized access. File is scrambled before transmission, making it illegible until the recipient for whom the information is intended unscrambles the contents, restoring them to their original condition. While this tool is useful for protecting the information during transmission, it cannot guarantee privacy after the data has been deciphered on the other end.
Encryption is an algorithmic process that converts simple text into scrambled and illegible appearance known as “cyphertext” as a means to provide privacy. The recipient of the encoded or encrypted message decodes it with the use of a “key”, much like the simpler substitution codes played with by kids.
Modern Web browsers can automatically encrypt text once linked or connected to a secure server, identifiable by a Web address starting with “https”. The Web server then decodes or decrypts the data when it arrives. Therefore, as the data passes between computers anybody attempting to spy on the information will gather only encrypted data, useless without the key.
Encryption systems are defined as either symmetric or asymmetric. Examples of symmetric key algorithms would be Blowfish , AES, and DES. They perform with a single key that is distributed ahead of time and is shared by both the sender and the receiver. This “key” is used both to encrypt and decrypt the file.
Asymmetric encryption systems, such as RSA and Diffie-Hellman, make use of a pair of keys. The public key is widely used and distributed by many users to encrypt information. The private key is different for each online user and is used for decrypting data.
When a browser is connected to a protected Web site or domain, a secure layer of sockets holds and validates the server and confirms a method of encryption and a unique session key. This creates a session that is protected and which helps to guarantee privacy and integrity of data exchange.
It is important to remember that strong encryption only makes the information exchange private and cannot actually secure it over the long term. In order to ensure that it will remain protected, steps must be taken to make certain the receiver of the information is a legitimate and responsible entity, which is generally achieved online through the use of digital certificates or signatures. After all, the best method to keep something secret is not to share it at all.
As more become aware of the generally unprotected nature of the Internet, encryption will undoubtedly become increasingly popular. Without encryption browsing, email and also instant messaging is available for potentially everyone to read, maybe even end up stored for many years.
The best security works invisibly, since a professional site strives to be open and inviting in appearance. Generally, a nice-looking site can boast the best security. It should be a top concern of all online users. The savvy Internet user is demanding no less than the best security from Web site owners.
Filed under: Virus Problems