Web site security is a complex and perhaps even controversial subject. On one side there are individuals whom regard themselves as the freedom fighters of the technology and information era; on the other side there are those who view this as a form of modern terrorism. Whatever the case, breaking into a computer system without consent is, without question, a crime.
It is convention to use a protected connection when gathering sensitive data such as the personal information of a visitor of a Web site. The security levels of those protected connections currently in popular use are “none”, 40-bit, 56-bit, and 128-bit listed from lowest to highest level of page security.
Encryption is a very effective tool in protecting information from unauthorized access. Data is scrambled before transmission, making it illegible until the recipient for whom the information is intended unscrambles the contents, restoring them to their original condition. While this tool is useful for safeguarding the information during transmission, it cannot guarantee privacy after the data has been deciphered on the other end.
Encryption is an algorithmic process that converts plain text into scrambled and illegible appearance known as “cyphertext” as a means to provide privacy. The recipient of the encoded or encrypted message decodes it with the use of a “key”, much like the simpler substitution codes played with by children.
Modern Web browsers can automatically encrypt text once connected or linked to a secure server, identifiable by a Web address starting with “https”. The Web server then decrypts or decodes the data when it arrives. Thus, as the data passes between computers anybody attempting to spy on the information will gather only encrypted data, useless without the key.
Encryption systems are defined as either asymmetric or symmetric. Examples of symmetric key algorithms would be AES, Blowfish and DES. They work with a single key that is distributed ahead of time and is shared by both the sender and the receiver. This “key” is used both to encrypt and decrypt the data.
Asymmetric encryption systems, such Diffie-Hellman and RSA, make use of a pair of keys. The public key is widely distributed and used by many users to encrypt information. The private key is different for each online user and is used for decrypting information.
When a browser is connected to a protected domain or Web site a secure layer of sockets holds and validates the server and confirms a method of encryption and a unique session key. This creates a session that is secured and which helps to guarantee privacy and integrity of information exchange.
It is important to remember that strong encryption only makes the data exchange private and cannot actually secure it over the long term. In order to ensure that it will remain secure, steps must be taken to make certain the receiver of the information is a legitimate and responsible entity, which is generally achieved online through the use of digital certificates or signatures. After all, the best way to keep something secret is not to share it at all.
As more become aware of the generally unsecured nature of the Internet, encryption will undoubtedly become increasingly popular. Without encryption browsing, email and also instant messaging is available for potentially everyone to read, perhaps even end up stored for many years.
The best security functions invisibly, since a professional site strives to be open and inviting in appearance. Nevertheless a nice-looking site can boast the best security. It should be a primary concern of all online users. The savvy Internet user is demanding no less than the best protection from Web site owners.