CCNC/CCNC Module 7/The Internet/Security

Web site Security
Most web sites are unprotected. This means anyone can access them and read their contents. Other sites are protected. As soon as you attempt to access them, a dialogue will appear on-screen asking for a user id and password. Unless you can supply these, you will not be able to progress forward.

Some sites are a mixture of protected and unprotected areas.

The registration processes required to access protected sites vary. Often it will involve payment of a fee. It may come as part of some some other process. For example, if you join an organisation, you may receive a user name and password which allows you access to protected areas of a web site. A common technique is to require you to complete a questionnaire in which you give personal details. Once this has been done, a user name and password is emailed to you.

Take note of the comments in module 1 about the dangers of using unknown sites on the Internet.

Understanding Digital Certificates
A digital certificate is an electronic document that proves the authenticity of a site. They are issued by a certification authority (CA). The certification authority links a public key to the name in the certificate. (Public and private keys will be discussed in the next section.) Digital certificates are used when secure connections need to be established between a computer and a web site. If the digital certificate cannot be verified, the web browser will send a warning message to the user.

The way digital certificates work is explained in the next section on encryption.

A digital signature is an added level of security. Digital signatures have in-built mechanisms that enable recipients to verify that the sender is who he/she says and that information has not been forged. Digital signatures are described more fully in the section called “Know what a digital signature is”.

Sites using these security methods have an address that begins htts rather than http.

Know What Encryption is and why it is Used
Encryption refers to the scrambling of data so that it cannot be read without a key. This means that sensitive and confidential information can be sent across the Internet without being able to be read. For example, if you are doing banking over the Internet, a secure link called SSL (Secure Sockets Layer) is set up between your computer and the server. This involves scrambling the data so that, if it is intercepted, it appears as a meaningless set of characters.

Encryption involves the use of private keys and public keys. The public key enables the data to be encrypted by anyone. Once it is encrypted, it can only be deciphered with a private key. Only the owner of the site has this.

There's a really good graphic and straightforward explanation of keys on |Wikipedia; can I use those graphics? Do we link, and hope that the graphics and explanation stay?

When a site sends you a digital certificate, they are also sending you a public key which enables you to encrypt information which only it can read.

Be aware of the danger of infecting the computer with a virus from a downloaded file
The Internet is a wonderful source of information and software. Since there is virtually no control exercised over the Internet, it is also a source of danger and even criminal activity. There are thousands of download sites where you can obtain software, some of it legal some pirated. Whether or not the software is legal, there is always the possibility of viruses being contained in the software. This could be done deliberately by the developer of the site or because it was not checked adequately before being made available.

Before downloading software from the Internet, be sure that you can trust the site you are dealing with. There are excellent and safe download sites such as www.tucows.com so you should not need to use dubious sites.

Be aware of the possibility of being subject to fraud when using a credit card on the Internet
In order to make use of some sites or order goods or services across the Internet, you will need to pay by credit card. When you give credit card information without the merchant actually seeing the card, it is referred to as a Card Not Present or CNP transaction. There are a number of dangers to both the buyer and the seller.

Vendors need to be sure that:


 * The card is not being used fraudulently.

Purchasers need to be sure that:


 * They can afford the goods they are buying. It is very easy to spend money using a credit card on the Internet.
 * The vendor will not abuse the information and make unauthorised debits. They should not deal with any unknown sites.
 * The information will not be stolen by employees and used fraudulently. Once again, well known reputable sites will have measures in place and will generally take responsibility if anything does go wrong.
 * The information will not be stolen and used by hackers. Only use sites that are able to encrypt the information you send using a secure link such as SSL.

Understand the term firewall
A firewall is the first line of defence against hackers. It is a computer program that is installed on a computer that connects to the Internet. The firewall software analyses the packets (small groups of data that are transmitted as a unit) that pass between the computer and the Internet. It is programmed to follow certain rules which enable it to decide whether or not to allow a packet to pass. If a packet does not meet the rules programmed into the firewall software, it is rejected.