Product Guide 103
Internet Security and Privacy
When you visit an SSL-secured site, the latest versions of Netscape
Communicator and Microsoft Internet Explorer use a visual cue to tell you
that the site is secure. For more information, see How can I tell if a Web site is
secure?
TIP
McAfee Internet Security’s Security Check lets you know if your
Web browser is up-to-date. The latest browser versions usually
offer an enhanced degree of security.
How can I tell if a Web site is secure?
Today, many sites use SSL to set up secure commerce on the Web. In addition
to Web server security, the most common Internet browsers provide feedback
about the security level of the site to which you are currently connected. For
example, Netscape Communicator displays a lock icon in the lower left corner
of the browser window. If the lock icon is broken, the site is not secure. If the
lock symbol is not broken, the site is secure. In addition, if the lock symbol has
a gold background, the site is using strong, 128-bit encryption.
Recent versions of Microsoft Internet Explorer and America Online browsers
also display security information. For more information about how your
browser indicates the security level of sites, refer to your browsers online help,
or the printed documentation.
If SSL is so great, what is the problem?
SSL is affected by a couple of problems. One problem is that not everyone has
an SSL-enabled server or browser. Some Web administrators don’t want to use
SSL because they have to pay for it, and it can also slow down server
transactions. A more onerous problem that affects SSL is the way it is
implemented. It turns out that some developers made incorrect assumptions
about SSL, which means some older browser versions are less secure. The
good news is that Microsoft and Netscape now coordinate their security
efforts, which means a more secure, universal standard for Web security.
What about authentication?
Authentication is a method of assuring that both parties to an Internet
transaction are who they claim to be. For example, if you get account balance
information from your bank, you want to be sure that you are contacting the
bank, and not some unauthorized entity. In addition, the bank wants to be
sure that they are providing the information to you, and not just to a person
who happens to know your bank account number.
Authentication usually entails entering a user ID and a password. To
circumvent intercepted passwords and IDs, authentication employs
encryption to scramble this information before transmitting it.