HTTPS

Steps to Safeguard Information Sources from Hackers

October 17, 2014 | By Editor 

Summary

Considering today’s security scenario, the Internet is becoming most vulnerable to attempts at hack and interception.

A vital data source, Web security depends on how well it is protected against all possible threats (hackers, government surveillance, intel agencies). Since the Web entices extensive readership, it makes a juicy target for hackers.

Internet Security

Types of Hackers

  • When talking about spies and snoopers, there are two types of them: Passive adversaries and active adversaries.
  • Passive adversaries are more of a Man-In-The-Middle (MITM) interceptors. They just listen to communications in transit but do not interrupt. They do not pose a serious threat because they can only glean mostly on insignificant information. However, there are exceptions.
  • Active adversaries are those who engage in more serious issues than a passive adversary. They intercept mails, read them, and use the information for malicious purposes. At times, they even impersonate a person.
  • Both the types of attackers are a menace to the Web in their respective ways. Passive attacks face the risk of being discovered while active ones depend on exploiting flaws.
  • Most of the time, as Edward Snowden revealed, spy agencies can act as a passive eavesdropper to just look into the metadata and intercept unencrypted communications.
  • The NSA can record everything a user does online, and store it for analysis purpose.
  • When a data source becomes a surveillance target, then all the collected messages are thoroughly analyzed. Recent news suggest that NSA is specifically targeting journalists who are deemed important to the U.S. government.

Important Security Protocols

Protecting against advanced and persistent threats could be quite complex and requires a lot of security work. While defending against an active adversary requires encrypted communications be validated, protecting against a passive interceptor is much easier. Only requires the basic encryption.

The protocol for reading sites, the unencrypted HTTP, exposes websites and their visitors to a host of risks.

At the minimum, a passive hacker can see every page a reader visits, the time they take to read, and loads of other information about a user’s behavior on a website.

However, the advanced Web protocol HTTPS ( “S” standing for “secure”) applies encryption to the whole connection. Most websites now support HTTPS following Google’s efforts but it is difficult to keep track of which sites do. Although, popular sites support the security protocol, some sites are still ignorant of it.

Another essential tool to encrypt is email. Advanced encryption software like Pretty Good Privacy (PGP) offers end-to-end encryption. That is message encrypted on the sender’s system and only decrypted by the recipient. This level of protection is important for people who handle sensitive information.

PGP tool adds an extra layer of complexity to sending and receiving mail, but work only when both sender and the receiver know how to use it. Mails are a favorite target for hackers.

Similar to the Web, email’s protocol Simple Mail Transfer Protocol (SMTP) does not use default encryption. Messages flow in and out without any encryption allowing even a passive hacker to eavesdrop on everything. Just like the Web, email too has its own upgraded version that supports encryption. But it works only if both the sender and the recipient are configured to use it.

Conclusion

Every business (online retailers, news organizations) should plan and implement defense systems to both their website and their mail. It is important that firms configure their mail server to encrypt data as much as possible.

The move by The New York Times to switch its site to HTTPS to better security and performance for its readers, and boost its ranking in search engines is an indicator of the same.

The paper’s chief technology officer, Rajiv Pant recently said that the daily will move its website to default HTTPS before the end of 2015.

Of course, the Internet and email are not the only things an individual or a business should think about encrypting. There are other sources such as text messages and phone calls that need protection as well. With the advent of smartphone technology and the increase in mobile hacks, a high level of encryption is needed to protect from every possible adversary.

ssl certificate

Posted in HTTPS

Be Sociable, Share!

Leave a Comment


 


* fields are mandatory