Blog: Cybersecurity

Secure Web Connections

August 11, 2015 - by Synoptek

As the web browser becomes more and more of an everyday tool, we are increasingly accessing and uploading information about ourselves, our finances, and company data through it. Most banks offer web portals where you can perform any action from viewing your account numbers to depositing scanned checks to making wire transfers.

How is the connection between you and the website protected? What stops malicious users from intercepting, altering, stealing this information, or even logging in as you?

High-Level Overview of Secured Connections

Your connection to a website is going to be encrypted using HTTPS, which means the layering of Secure Socket Layer (SSL)/Transport Layer Security (TLS) and HTTP protocols to create secure communications. HTTP being a protocol for displaying websites. HTTPS websites must establish a secured connection between your web browser and the web server before any information is passed between them. This is called a Handshake.

During the handshake the web server sends a copy of its SSL Certificate. The Certificate contains information about the website such as its domain name (paypal.com for example), its public key, information about the company which owns the certificate, expiration, and (most importantly) who signed the certificate.

Your browser checks the certificate against its known trusted signers (Verisign, Digicert, Comodo, etc), a revocation list, and the domain providing the certificate to determine if the connection should move forward and be trusted. Your browser then works with the server to generate a temporary session key to encrypt the communication between the two. All data at that point is transmitted over an encrypted channel.

Why is SSL Important?

SSL/TLS protects the data secured by it from interception, alteration while keeping it private. SSL/TLS also provides authentication such that it validates that the website you are connecting to is who they say they are. In order to be issued a certificate the Certificate Authority must validate the identity of the owner.

For example, while phishing websites will present you with an authentic looking website (a fake paypal website), the SSL Certificate fingerprint cannot be faked. You can use the following website to double check certificate fingerprints and the validation section to find that information.

SSL also protect your login information. Before Facebook defaulted its website to HTTPS, it was possible to use a FireFox plugin called FireSheep to intercept the login credentials of users logging onto Facebook on the same network as yourself. You could then use these credentials to login as that user!

You can use browser plugins to help ensure that you are using HTTPS when it is available, such as HTTPS Everywhere.

Validation

Remember to look for the lock symbol in the address bar of your web browser before logging into a website. See the below examples for certificate checking.

IE:

ie1

 

Chrome:

chrome1

Example Certificate Information View

ie2

Credits and Additional Resources

Article on Firesheep

http://www.pcworld.com/article/208727/Firesheep_Brings_Hacking_to_the_Masses.html

Nokia Decrypts Encrypted Browser Traffic

http://www.zdnet.com/nokia-hijacks-mobile-browser-traffic-decrypts-https-data-7000009655/

SSL Fingerprinting Validation and Information

https://www.grc.com/fingerprints.htm

Overview of SSL by Symantec

http://www.symantec.com/page.jsp?id=how-ssl-works

HTTPS Everywhere

https://www.eff.org/HTTPS-everywhere

Related Insights

Blog

The Importance of Cloud Security

Blog

Creating a Cybersecurity Culture

Case Study

Vulnerability Assessment Helps a Marketing Technology Company Greatly Minimize Threat Level

Blog

How Can Healthcare Companies Stay Vigilant When Giants like UHG Have Fallen?

Blog

Healthcare Cybersecurity: Increasing Threats Require Increased Capabilities
View more Insights

Talk to Experts