BEST INTERNET SECURITY

BEST  INTERNET SECURITY

 The Internet has become a tremendous asset to human life. It provides access to comprehensive information literally at our fingertips. Even more than that, the Internet plays host to one of the great discoveries of the 20th Century; e-commerce. Besides having the ability to access virtually limitless information at our fingertips, it has, at our ready disposal is the ability to buy just about anything we want, from the comfort of our own homes. E-commerce means we can buy books, computers, holidays, flights even cars and more, without having to leave our homes. Although this is a very appealing concept, it was rather slow to take off in the beginning because people feared that placing their credit card details and bank details into a “black hole”, was just too much of a risk. Even though the risk was minimal, the risk still existed.

 The risk was largely due to the fact that credit card details etc, were sent as plain text. This means that un-encoded information intercepted by a thief using electronic methods, could read the numbers and use them for fraudulent purposes. To overcome this problem and protect the consumer, various technologies have been developed, thus instilling confident and encouraging people to purchase online.



S-HTTP (Secure Hypertext Transfer Protocol)

 As we have seen from previous modules, a Web site is really an HTTP server that responds to HTTP requests. The HTTP protocol provides no security, and so in order to create a secure Web site, a way of encrypting the information that is passed using HTTP, needs to be found. An organisation called NCSA created a new, secure version of the HTTP protocol, called S-HTTP.

 S-HTTP is a secure version of the standard HTTP command set used to communicate with a Web site. The fact that it is not a proprietary standard, is a great advantage, and although it is supported by almost all Web server software, it is not so well supported by commercial Web browsers. Netscape, who produces the rival secure protocol SSL, has said that it will attempt to include support for S-HTTP within its products in the near future. When this happens, users will be able to use a browser to communicate with either a S-HTTP or SSL server.

 S-HTTP works between the TCP/IP layer and the HTTP protocol; whenever HTTP requests information to be sent to another server, it passes the request to S-HTTP which then ensures that the information is encrypted and authenticated before passing the newly encrypted information to TCP/IP for transmission.

 S-HTTP provides a number of services to ensure security. It:

 - Encrypts information to ensure that only the intended recipient can read the information. A wide range of encryption standards are supported.



- Provides authentication to ensure that the sender is the author and to ensure that the information has not been tampered with en-route.

 - Supports digital signatures to confirm the sender is who he claims to be.



- Will work with a client who does not have a client public key certificate, which means the user does not need to register a client key and so instantaneous secure session can be established.



- Will only encrypt a compete document or form rather than just parts of the document or form. This means that a form requesting names, addresses, telephone numbers etc, will be completely encrypted, thus providing greater security.SSL (Secure Socket Layer)

Modern browsers use a technique called SSL, which stands for Secure Sockets Layer, to encrypt the information that flows between your browser and the web server receiving your order. When the lock or solid key is showing at the bottom of the browser window, it means that the browser has established a secure encrypted connection with the server, meaning it is safe to send sensitive data like your credit card. It is the second and dominant standard used for secure HTTP sessions. This standard is included in just about every commercial Web server product that is aimed at online business users.

How SSL Works

 SSL installs a transparent layer rather than building on HTTP. This means that the system works with any standard protocol including HTTP, FTP, Telnet or Gopher. The system works by establishing a separate secure channel for all messages using HTTP. This secure channel is set up by the SSL protocols on the server and browsers. The initial handshaking defines the keys used and establishes the connection – a conversation would sound like this:

1. The browser communicates with the Web server.

 2. The browser and server exchange ID information containing authentication details.

 3. The browser checks the server’s ID information and uses this to generate a new key.

 4. The browser now asks for a server-verify of a new key.

 5. The browser now authenticates the server with the key and the previous authentication details.

 6. The key can now be used to encrypt all information over the newly established secure channel, i.e. credit card details etc.

 Please note. SSL only secures the connection between your browser and the web server. It does nothing to protect the information once it is on the server.