There are lots of discussions nowadays
about computer security as more people are using email and more services such
as banking, mail orders and subscriptions through the Internet. In this report
I’ll explain the definition of Internet security, its objective, methods,
importance, examples, and benefits.
Internet security is the ability to browse
the web peacefully, knowing that no one is looking over your shoulders whereas
others see it to be the ability to conduct financial and commercial
transactions safely.
(2011 Best Internet Security
Suites Software)
Its objective is to
establish rules and measures to use against attacks over the internet and many
different methods are used to protect the transfer of data.
Internet security is important for
internet users for it increases the e-commerce and online business which
happens using cryptographic methods and protocols developed for securing
communications on the Internet. These protocols include SSL and TLS for web
traffic, PGPforemail, and IPSec for the network layer security. (August 05,
2009, Grass Roots Design)
What are SSL Certificates?
The SSL is a protocol
created by Netscape and to which is a short form for secure socket layer
certificate. This technology is used widely in the Internet transactions to
make them secure. The protocol works in the following manner. First, web
browser requests a secure page from the client side. Second, if the website
already has it, certificate will be sent along with its public key by the web
server. After receiving it; client’s side web browser checks for the validity
of the certificate. If it is still valid and if it’s been issued by a trusted
party ( normally tested through a Certificate Authority (CA)). If it
fails on any of the checks the browser will display a warning to the end user
to let them know. Then; the web browser uses its public key to encrypt the data
and sends it to the web server with the encrypted URL required and any other
encrypted http data. Decryption of the symmetric encrypted key will take place
at the web server by the web server using its private key and the symmetric key
to decrypt the URL and http data. Next, the web server sends back the requested
html document and http data in the encrypted form; the web browser at the
client side decrypts them and displays the information.
Normally a SSL certificate
contains the company name, domain name, address with country, state, and city
along with the details of your CA and your SSL certificate expiration date.
(SSL Certificates HOWTO, September 2010)
Network layer security
TCP/IP can be made secure
with the help of cryptographic methods and protocols that have been developed
for securing communications on the Internet. These protocols include SSL and
TLS for web traffic, PGP for email, and IPSec for the network layer security.
IPSec security protocol is designed to protect communication in a secure manner using TCP/IP. It supports network-level peer authentication, data origin authentication, data integrity, data confidentiality (encryption), and replay protection by providing security and authentication at the IP layer by using cryptography. To protect the content, the data is transformed using encryption techniques. There are many types of transformation that form the basis of IPSec; the Authentication Header (AH), encapsulating Security Payload (ESP) and Internet Engineering Task Force (IETF) standards. (6 November 2005, Network Layer Security – Structure and Challenges)
Examples on websites using
this protocol to obtain confidential user information are paypal, shipwire,
regionalone, etc…
Computer security is a vast topic that is
becoming more important because the world is becoming highly interconnected,
with networks being used to carry out critical transactions. The environment in
which machines must survive has changed radically since the popularization of
the Internet.
References
:
Internet Security Suites Available
IPSec,
2011, available from:
IPSec
http://www.grassrootsdesign.com/intro/security.php
Network Layer Security – Structure and
Challenges
https://www.cs.columbia.edu/~smb/talks/netsec-dimacs/index.htm
No comments:
Post a Comment