Security in WWW

Submitted by Karthikeyan on

Security in World Wide Web

Today security in World Wide Web is more important thing to consider.

In this article, we will see some basic ideas about the security practices followed in the websites, and how to identify and stay secure in the Internet.

1. HTTPS

Whenever the secure version of the website is available, you can use this. It's not necessary for all the website. But, it is more important and essential for the websites dealing with more sensitive content such as Online Banking, Credit card processing, E-mail etc.,

Choosing ‘secure' browsing where possible — as indicated by the ‘s' after the ‘http' on the address bar on the newer browsers — is one of the simplest, yet most effective means of fortifying privacy and enhancing security while transacting on the Internet.

Facebook https

HTTPS provides enhanced security by authenticating the identity of the websites and encrypting the information.
It embeds a mechanism to authenticate websites by signing Transport Layer Security (TLS) certificates, which identify how genuine a website is. This mechanism eliminates fraudsters purporting to be trusted websites, for the TLS certificates cannot be authenticated by them.
Encrypting information using 128-bit encryption mechanism or more sophisticated cryptography algorithms make it virtually impossible for sniffers to make sense out of the traffic flowing.

To know about enable https in Facebook see this post : Useful Tips to use Facebook securely

 

How SSL works ?

 

 

2. Phishing

This is a method where you have to bring the user to a webpage created by you which appears to be the same as the interface of the legitimate one and get him/her to enter the credentials. Then the redirect page will land somewhere else and you will get the password in your mail box as defined inside the PHP script.

For example see below (always look for the correct website address at your browser address bar).

 

3. Virtual Keyboard

Use the virtual keyboard to get away from keyloggers. Key logger are spyware programs, which logs everything you type in your computer.
While logging  into online banking websites in internet cafe you can use virtual keyboard to enter your password, username.
Then the key logger program won't able to log.

 

4. SMS Authentication

Enable SMS authentication for High level security, even any one know your username and password they can't able access your account without mobile.

All the online banking websites provides this security, if your are not enabled already, enable it immediately.

You can also enable SMS Authentication for your Google account. See this post Advanced sign-in security for your Google account

5. CAPTCHA

You can see most of the websites asks to enter a code as shown in the image to register or login to their website. Is if frustrating one> But it's one of the main method to prevent SPAM bots. It is called as CAPTCHA.  It is a type of challenge-response test used in computing as an attempt to ensure that the response is generated by a person. The process usually involves a computer asking a user to complete a simple test which the

computer is able to grade. These tests are designed to be easy for a computer to generate, but difficult for a computer to solve, so that if a correct solution is received, it can be presumed to have been entered by a human. A common type of CAPTCHA requires the user to type letters or digits from a distorted image that appears on the screen, and such tests are commonly used to prevent unwanted internet bots from accessing websites.

 

The security practices to follow in your system :-

1. Keep your Operating system up to date.

2. Keep your Browser up to date.

You can also download and use the latest Mozilla Firefox, Google Chrome browsers.

3. Keep your Antivirus & Anti spyware programs updated.

 

Category