I have been asked this question more times than I can remember. In fact the first time I was asked I did not really understand the process myself and now, even though I do understand the process, it can still be a challenging question to answer. This is because encryption is not without its share of complexities. In some ways it is these complexities that help protect your personal information, credit card data, passwords etc.
I am going to attempt to walk you through the SSL , or Secure-Socket-Layer, process over the course of the next two posts and hopefully once you have read all parts of the series you will understand and feel better about using your sensitive information on the web. If nothing else maybe you will understand all those “certificate error” messages you have ignored all these years.
So how does SSL protect your information? Well first we need to understand some basic fundamentals regarding encryption and the SSL process. You see like so many things with technology, you have to understand the basics before the big picture can be made clear.
First of all there are two types of encryption keys used in the SSL process. These two types of encryption perform very specific tasks and each has unique capabilities.
The first of these is known as Synchronous Encryption. With synchronous encryption the same key is used to encrypt and to decrypt data. It is fast, uses little computer resources and, when used correctly, is very secure.
The second type if encryption is called Asynchronous Encryption. You may have heard it referred to as Public-Key encryption. Asynchronous encryption has almost the opposite characteristics of synchronous. It is much slower in comparison, it uses a key pair, rather than a single key, and it uses a lot more computer resources to perform the encryption and decryption processes. Now, while there is a lot more to these two forms of encryption, this covers what you need to know for this discussion.
Next there is the SSL Certificate.This certificate, contains information about the owner of the certificate, like e-mail address, owner's name, certificate usage, duration of validity, resource location and the certificate ID of the person who certifies this information. It also contains the public key (asynchronous encryption) and a hash to ensure that the certificate has not been tampered with.
Finally, there is the Certificate Authority, or CA for short. There are many of these providers available, but a couple of the more popular are Verisign and Entrust. The service these companies provide is very important to you the consumer and yet their service does not cost you a dime. Here is how it works. An entity desires to provide services to you which need the protection of encryption while in transit over the hostile network known as the Internet. So they set up a web server and configure this server to use SSL. In doing so the web server is used to generate a CSR, or Certificate Signing Request. The company setting up the secure site then contacts a CA and requests an SSL Certificate be generated for their web server and they provide the authority with the CSR that was just generated on the server, along with other information about the company. Then, for a fee, the CA will generate the SSL certificate. However before they do so, they perform validation checks to ensure that the company requesting the SSL certificate is who they claim to be. Then the CA's certificate ID is added to the SSL certificate as indicated above. So that when you conduct business with this companies web server, if no errors are generated by your web browser, you can be assured that you are sending your sensitive information to the right persons.
So there are the basics, not too bad I hope. Next we will put it all together and explain how all of these components contribute to the SSL encryption of your information and, if used properly, grants you the security you need when submitting sensitive information on the web.
Steve
Monday, November 30, 2009
Tuesday, November 24, 2009
Anti-virus advice and common sense protection
A few years back, when people would ask me about virus protection for their computers, I would tell them “Don’t open attachments from senders you don’t know and don’t let your kids download tons of shareware and you should be fine. If spending $60 for an anti-virus application makes you feel better then go ahead but you are probably wasting your money."
My thoughts back then were that most viruses were caused by users carelessly opening unsolicited emails, which they were for the most part. Plus, most users would buy anti-virus and not only think they were impervious to attacks, but they rarely, if ever, downloaded updates or new signatures for their anti-virus software.
Times have definitely changed. The attacks have become more sophisticated and luckily so has the software designed to protect the average user. These days viruses are the least of our worries. With phishing scams, backdoor Trojans, worms and malicious code designed to attack via pop-ups the lowly virus hardly gets much press anymore. When it does it is usually a “generic” description for any one of the aforementioned nasties. Luckily, the software companies have done a pretty good job at keeping up with the bad guys and they have even been kind enough to build automatic updates into their software so we can now safely install it and forget it. Still, one should never just assume that the pc they just sat down at to read their email is safe and impenetrable. Today more than ever, a little common sense and following best practices goes a long way to prevent problems down the road. What follows are common sense steps you can take to prevent the loss of your computer or your valuable data.
Steve
My thoughts back then were that most viruses were caused by users carelessly opening unsolicited emails, which they were for the most part. Plus, most users would buy anti-virus and not only think they were impervious to attacks, but they rarely, if ever, downloaded updates or new signatures for their anti-virus software.
Times have definitely changed. The attacks have become more sophisticated and luckily so has the software designed to protect the average user. These days viruses are the least of our worries. With phishing scams, backdoor Trojans, worms and malicious code designed to attack via pop-ups the lowly virus hardly gets much press anymore. When it does it is usually a “generic” description for any one of the aforementioned nasties. Luckily, the software companies have done a pretty good job at keeping up with the bad guys and they have even been kind enough to build automatic updates into their software so we can now safely install it and forget it. Still, one should never just assume that the pc they just sat down at to read their email is safe and impenetrable. Today more than ever, a little common sense and following best practices goes a long way to prevent problems down the road. What follows are common sense steps you can take to prevent the loss of your computer or your valuable data.
- I used to advise to not open attachments from someone you don’t know. These days you cannot follow that rule because that person you trust may be victim to a worm that is now sending itself out from your friend’s pc without their knowledge. Turn off the preview attachment option if your email, if it is so equipped. Save the attachment out to your hard drive and make sure it is scanned by your anti-virus prior to opening. Some AV software now embeds itself into your email client and scans attachments as they come in. But be warned, this may not work if you are using a web based email service like hotmail, or yahoo.
- If your home internet access is provided by anything other than dial-up get yourself a security router. Good devices can be found today for well under $100 and while they are nowhere near as advanced as enterprise they will provide the average user with a wealth of protection. How these devices work are simple yet very effective. Stay tuned to the IT Guardian Angel, I plan to devote a post to these devices alone and how they protect you from the wilds of the internet.
- Backup your data. If you do get a virus or other malicious code on your PC. It is possible that the only way to fix the problem is to format your hard drive. That means any files you had are also gone. CDs are cheap, so are DVD’s and a backup once a month is a small price to pay for the comfort of knowing your data is safe. There are also online backup services that keep your data safe in the event of system loss. Carbonite and Mozy are two of the more popular services. (These are for a fee services and I am not affiliated with either of these services, I simply offer that they are a possible solution for backing up your data.)
- Keep your computer up to date. Many times by the time a virus or other attack is running loose on the internet there is already a patch or hotfix available that will prevent your computer from being vulnerable to the attack. An ounce of prevention……….
- Be wary of internet file sharing applications such as limewire. While there is nothing wrong with using these services, so long as you are not engaged in obtaining illegal copies of software or other digital property, many times the files that are made available by these services contain malicious code. Sometimes accidentally, sometimes intentionally.
- Don’t believe everything you read or see. It has become commonplace for pop up adds and email to warn you that you have a virus in an attempt to lure you to follow a link where you will promptly obtain a virus that you did not have before. Also, never forward emails warning of the latest virus threat, there is a good chance that you may be unknowingly contributing to the problem.
- Lastly, get a good anti-virus program. There are many good ones available today and believe it or not some of them are absolutely free for personal/home use. Additionally the most reputable anti-virus providers will many times off virus removal tools for known viruses. While they won’t protect you, they can help prevent the need to format your system and lose all your data. Regarding free anti-virus programs my favorites are AVG and Avast! Both companies offer advanced offerings that will have additional features. If you like the product then by all means purchase the upgrade. It will help them keep the free versions available for the masses.
Steve
Subscribe to:
Posts (Atom)
Posts
