Security and the Web
Anyone looking to publish anything on the Web, be it a Web Site or a personal blog, needs to be aware of the need for security. In this increasingly busy and often hazardous environment, security is one area that can neither be ignored nor taken lightly.
Again, in most browsers you can configure them to block cookies, but make exceptions for known sites. This gives the best of both worlds, in that only sites you have chosen to trust can place cookies on your machine.
Sending Secure Data over the Web
Most business Web pages encourage you to subscribe to, register for, or purchase products from, their web pages. The pages are usually directly, or indirectly, soliciting personal information. If you fill in a Web form, how do you know if your personal details will be securely transmitted?
Both Netscape Navigator and Microsoft Internet Explorer display a security information alert, to warn you of potential security risks. This warning tells you that you are about to send un-encrypted information, allowing you the chance to cancel the operation.
When you enter a secure site, the browser will display a different warning:
This indicates that you are about to view pages over a secure connection. When completing and submitting a form in a secure web site, encryption is used to encode the data between your computer and the web server. Therefore, even if your data is intercepted, it will be unusable.
There are several protocols that have been created to transfer information securely over the inherently insecure channels of the Internet.
- Secure Sockets Layer (SSL). SSL is a lower-level protocol that works directly on top of TCP/IP and it is easily used to add security to protocols used for Web communication. SSL functions by using a number of key-based algorithms.
- S/MIME. Secure/Multipurpose Internet Mail Extensions is emeging as the protocol of choice for asynchronous messaging over the Internet.
Digital Certificates prove the identity of an individual or company over the Web. They are equivalent to ID cards and are digitally signed by the creator of the certificate. Most often, they are created by and signed by a certificate authoroty who is a third party trusted by both the sender and receiver of the certificate.