Internet Security

Web security can be broken down into two categories:
  1. Keeping content on your computer safe as you browse the web
  2. Designing secure web pages

Keeping content on your computer safe as your browse the web

There are many facets of Internet Security. One major focus is keeping the information stored on your computer private. These days we face a number of threats. We could lose data due to a virus, a hacker, hardware failure or user error. We could be using software that secretly sends information on us to others. We could be using a broadband connection to the internet that allows hackers to take over the connection and appear as us.

Viruses

Back in the 'good old days' you could only get a virus if you ran an infected program or shared data on floppy disks. Now viruses come in all shapes and sizes. You may find a virus embedded in a Word document. You may find a virus embedded in a web page or attached to email. Of these, the most prevailant these days seems to be the virus attached to email. Simply opening a message (or displaying it in the preview pane of Outlook or Outlook Express) is enough to infect your system. Most email viruses turn around and mail themselves to everyone in your address book. For this reason, saying that you "only click on email attachments from people you know" is a poor defense. It's the people you know who are most likely to accidently send you a virus.

What can be done about this? Install and use a good virus protection program such as Norton Antivirus or McAfee's Virus Scan. A final key step is updating your virus program regularly. These progarms can only scan for viruses they know exist. Unfortunately, new viruses are invented almost daily. When a new virus pops up, the antivirus software company adds that virus definition to the database or "signature file" for it's virus detection product. The only way to protect youself against new viri is to regularly check for and download the new signature files.

Some virus information resources:
Cern PC Virus Center - http://pcvirus.web.cern.ch/pcvirus/
F-Secure Virus InfoCenter - http://www.f-secure.com/virus-info/
McAfee Advert: Virus Information Center - http://vil.nai.com/vil/default.asp
Symantec (Norton) Virus Information Center: - http://securityresponse.symantec.com/

Firewalls

A firewall is designed to prevent unauthorized access to your computer. Firewalls can be either hardware or software or both. Firewalls are most common in the workplace. With the advent of home networks and broadband (cable or DSL) connections, firewalls have found their way into the home as well.

Those using cable or DSL internet connections are more likely to experience outside attacks. Hackers look for high speed connections. When they find one, they send a 'denial of service' to the browser. If your browser requests information that you aren't authorized to see, the requestee can send a message telling the browser to get lost. Certain types of these messages can confuse the browser into dropping the internet connection. With this done, the hacker can take over your connection and can appear as you online.

If you'd like to try a firewall but don't want to fork over any money, you can use a free version of ZoneAlarm available at: http://www.zonelabs.com/store/content/home.jsp
You'll see a "Pro" version available for sale and a free version available for download.

Encryption

During the second week of this class, we did an assignment that involved using a Traceroute utility. That showed that information goes through a series of several "hops" on it's way from one place to another. To secure information, encryption is used. Encryption is the process of translating your data into a type of "secret code." There are two types of encryption:

Asymmetric encryption (also called public key) is most often used to preclude the exchange of keys among many users, particularly in situations where the users are not known to each other.

Symmetric encryption is most often used where key distribution is limited to an exchange among a few users (e.g., in banks).

Your browser already has encryption built into it. In order to get the best encryption, stay as current as you possibly can with your browser. Staying current means using the latest version that will run on your system. It also means downloading all of the security patches and upgrades for that version. If you use MSIE, you can find updates at WindowsUpdate.Microsoft.com.

Cookies

A cookie is a small file that resides on your hard drive. Cookies can store passwords or name/address/billing info so that you don't have to reenter it each time you make an order at your favorite shopping site. In order for these to work, the information must be written to a file on your hard drive. Later, the info has to be accessed (loaded) by a web page such as your favorite shopping site. This all sounds very convenient. The problem is that we can't always control who is accessing our cookies or what is being done with the information. Some companies have used cookies to gather information about our browsing practices in the hope of sending targeted ads. It is possible to turn off cookies but doing so will cause some features on web pages to stop working. Many find that the constant nagging to turn cookies back on is too annoying. If you'd like more information on Cookies, check out the Unofficial Cookie FAQ.

Browser Cache and History

If you share your computer with other users, your browser cache and history files are potential security risks. A later user can use these features to find out where you've been on the Internet and possibly even view private information.

Regularly cleaning your browser's cache can also speed up browsing. When you visit web pages, these pages are saved in your cache. When you revisit the same page, instead of downloading it from the internet, it can be called up from the cache file on your hard drive. That's much faster at first. But after time, you end up with hundreds, even thousands of pages in your cache. Each time you enter a URL, your browser first checks to see if that page is in the cache. You have to sit while it scans through all of those pages. Cleaning the cache file gives you a fresh start.

If you use MSIE 5.x or later, click Tools in the main toolbar, then select Internet Options. Under "Temporary Internet Files" click "Clear files. Next, click Clear History. You're done.

If you use an earlier version of MSIE, click Tools in the main toolbar, then select Internet Options. Click the "Advanced" tab. Under "Temporary Internet Files" click "Clear files. Next, click Clear History.

In Netscape, go to Edit. Select Preferences. Click Advanced, select Cache. Select Clear Cache.

Return to top of page


Designing Secure web pages

There are many ways to secure a website.

Secure Socket Layer

You can evoke the Secure Socket Layer or use Secure HTML. Webopedia defines these as follows:
Short for Secure Sockets Layer, a protocol developed by Netscape for transmitting private documents via the Internet. SSL works by using a private key to encrypt data that's transferred over the SSL connection. Both Netscape Navigator and Internet Explorer support SSL, and many Web sites use the protocol to obtain confidential user information, such as credit card numbers. By convention, URLs that require an SSL connection start with https: instead of http:.

Secure HTTP

Another protocol for transmitting data securely over the World Wide Web is Secure HTTP (S-HTTP). Whereas SSL creates a secure connection between a client and a server, over which any amount of data can be sent securely, S-HTTP is designed to transmit individual messages securely. SSL and S-HTTP, therefore, can be seen as complementary rather than competing technologies. Both protocols have been approved by the Internet Engineering Task Force (IETF) as a standard.

CGI Programs

You can use a CGI program. CGI stansd for Common Gateway Interface. It transfers information between a web server and a CGI program. Typically, CGI programs are stored in a cgi-bin folder on a web server. CGI programs may be written in any number of languages including C, Perl, VB, Java, etc. If you don't want to write your own program, there are many 3rd party programs available.

The three methods described above offer good security and are generally available when using a paid web hosting services. But are not usable in your Geocities space.

Options for use on Free Web Hosts such as Geocities

There are options for Geocities but they are far less secure. You can use JavaScript to password protect a web page or to make it slighly more difficult to lift images or view source.

JavaScript Password Scripts

http://javascript.internet.com/passwords/gatekeeper-in.html.
http://javascript.internet.com/passwords/login-coder.html.
http://javascript.internet.com/passwords/multiple-users.html.
http://javascript.internet.com/passwords/password-generator.html.

JavaScript "No Right Click"

These scripts prevent people from "lifting" images or seeing your source code. They're easily bypassed but should discourage the average viewer.

http://www.codelifter.com/main/javascript/norightclick1.html
http://www.dynamicdrive.com/dynamicindex9/noright.htm

Return to top of page