Internet Security and Privacy

When you visit an SSL-secured site, the latest versions of Netscape Communicator and Microsoft Internet Explorer use a visual cue to tell you that the site is secure. For more information, see How can I tell if a Web site is secure?

TIP

McAfee Internet Security’s Security Check lets you know if your Web browser is up-to-date. The latest browser versions usually offer an enhanced degree of security.

How can I tell if a Web site is secure?

Today, many sites use SSL to set up secure commerce on the Web. In addition to Web server security, the most common Internet browsers provide feedback about the security level of the site to which you are currently connected. For example, Netscape Communicator displays a lock icon in the lower left corner of the browser window. If the lock icon is broken, the site is not secure. If the lock symbol is not broken, the site is secure. In addition, if the lock symbol has a gold background, the site is using strong, 128-bit encryption.

Recent versions of Microsoft Internet Explorer and America Online browsers also display security information. For more information about how your browser indicates the security level of sites, refer to your browsers online help, or the printed documentation.

If SSL is so great, what is the problem?

SSL is affected by a couple of problems. One problem is that not everyone has an SSL-enabled server or browser. Some Web administrators don’t want to use SSL because they have to pay for it, and it can also slow down server transactions. A more onerous problem that affects SSL is the way it is implemented. It turns out that some developers made incorrect assumptions about SSL, which means some older browser versions are less secure. The good news is that Microsoft and Netscape now coordinate their security efforts, which means a more secure, universal standard for Web security.

What about authentication?

Authentication is a method of assuring that both parties to an Internet transaction are who they claim to be. For example, if you get account balance information from your bank, you want to be sure that you are contacting the bank, and not some unauthorized entity. In addition, the bank wants to be sure that they are providing the information to you, and not just to a person who happens to know your bank account number.

Authentication usually entails entering a user ID and a password. To circumvent intercepted passwords and IDs, authentication employs encryption to scramble this information before transmitting it.

Product Guide 103

Page 103
Image 103
McAfee 5 How can I tell if a Web site is secure?, If SSL is so great, what is the problem?, What about authentication?