Using the Internet is a dangerous place full of areas that can get you into trouble. Time and time again I see people who are not aware of these dangers get themselves, their homes and their places of work in trouble. All it takes is a bad link to a website that looks legit to ruin your day. Identity theft, malware, viruses or worse can happen to you without your knowledge until the damage is done unless you are careful. I wanted to write a series of posts that covers the basics of Internet use. Think of it Internet Safety 101. The more you know the more aware you can be when you come across something that appears to be fishy or out-of-place. More importantly I hope that these series of posts are simple enough in explanation to be sent by you out to those you know that are not as savvy in the Internet lingo. Those are the ones that will get bit by a mistake.
This blog entry is about the Internet browsers. The tool to access all the webpages, email, games, social sites and videos that you consume. The screenshots in this post will be from Internet Explorer 10 but all the browsers will function similarly and allow you to view the same information. There are many software tools you can use that allow you to browse the Internet. I will direct the average user to the top 4, my top 4 preferred browsers. They are:
When you browse to a webpage it is important to know that there are two basic security modes of a webpage. HTTP and HTTPS. HTTP is an un-encrypted method that most websites use for general display. HTTPS is the encrypted, secure method. In the browser here’s how you can tell the difference and I will explain why this is critical to know this information.
For no particular reason I will use Bank of America’s website as the example. In the address bar, the text box at the top where the web address is, you will see http:// or https:// before the www.site.com address. This is the first piece of information to ensure the security level of a website. Any website that has your financial, personal, business, or any other protected data should ALWAYS be HTTPS. NEVER login to a website where the login page is HTTP. The reason is that if there is a hacker watching that website your username and password can be seen in clear text. Wide open for anyone to grab. HTTPS encrypts or scrambles the text so only the website can understand and read it.
The second step to validate is to look at the information of the HTTPS security. There is a component called a certificate that site on those servers. The certificate is what handles the encryption. Clicking on the green bar the certificate information pops up. The browsers today will prove enough links and information to help you determine if you can trust a website or not.
This box will tell you that the certificate is trusted, who issued it and who it was issued to. If you click on View certificates you will get more information to give credibility to the security. Most of the times you don’t need to check this, but it’s there if you want to. Especially on new websites you are not familiar with.
NOTE – Just because the website looks like your bank, always check the address bar to make sure. Anyone can make a webpage look like your bank’s. Unless you slow down and do these simple verification you may be freely giving your username and password to a phishing website. This is how simple it is to get into trouble. The majority of identity thefts are not accomplished through true front door hacking, they are socially engineered by tricking users into putting their security information into a site that looks legit but is not.
HTTPS should always be used for any bank. If you don’t see HTTPS, get off the page immediately. Even Facebook switched over to HTTPS as the default for their site.
Your Internet browser will tell you everything you need to know about a site you are visiting but it won’t tell you if it’s where you intended to be or not. Sometime the built-in blockers will tell you if the site is dangerous but never rely on that. You are responsible for know where you are going and where you are putting your critical keys.
That’s basic Internet security overview 101. How to trust a site or not. The best practice is if you are unsure, lean toward safety and don’t use it. In later posts I will detail out on the practice of using multiple email addresses and userids for kinds of websites you use. No matter where you go the browser is the first line of defense of your protection. Never assume.
The last point I want to make and this goes for any type of software is to stay current with the updates. All of the browsers makers release updates to the software regularly to address any bugs and to always improve the security strength of their products. Just because you use a browser today, hackers are always trying to find holes to exploit to get at your data. The more up to date you are on the updates the better protected you maintain.
Share this with your less than educated family members, get them to read and learn about the Internet beyond Candy Crush on Facebook. One day they may click on something and unknowingly hand over their username and password to their bank and before they realize it their accounts are drained to zero.
Like the old 80s shows and PSAs would say, knowledge is power, the more you know, knowing is half the battle and so on.
End of Line.
Binary Blogger has spent 20 years in the Information Security space currently providing security solutions and evangelism to clients. From early web application programming, system administration, senior management to enterprise consulting I provide practical security analysis and solutions to help companies and individuals figure out HOW to be secure every day.