How secure is this Internet stuff? Security is a hot topic for examiners. Want to learn a little about SSL, encryption and firewalls? If so, proceed below.
Security
Below we have outlined the methods many Web sites utilize to secure the information that is transmitted across the Internet. These (and other similar methods) are especially useful when transacting Internet Banking for your customers.
Digital Ids from VeriSign Many Internet Banking Web sites use digital IDs certified by VeriSign, an industry leader in digital identification certificates, to authenticate user information and provide access to the data through the system.
How do digital IDs work? Digital IDs work off of a matched key setup where the server has a "private" key issued only to the server and a "public" key widely distributed to the bank's customers. A digital ID requires a matched pair of keys that are unique to each other to encrypt and decrypt data. With this setup, transactions created, encrypted, and transmitted by bank customers using the public key can only be decrypted by the other key in the pair running on the server.
Encryption strength is measured by the size of the numbers used in the keys. The most secure Web sites today use 128-bit (2128) encryption, the strongest system available.
Secured Data Transmission The Internet Banking System combined with digital ID authentication through VeriSign allow the server to implement Secure Sockets Layer (SSL) protocol, the standard technology for secure web-based communications. With SSL, data traveling between the bank and customer is encrypted and can only be decrypted through the pairing of the public and private key pair. SSL capability is built into server hardware and browsers, but requires a digital ID to be functional.
Server Access Server access is often protected using a firewall computer and a leading firewall software, CheckPoint's Firewall-1. Firewall computers provide secure access to the Web Server and Checkpoint's software by only allowing authorized traffic to hit the Server.
The Math Behind Encryption Let’s try and put this whole encryption thing in perspective. It would take one computer, capable of calculating one million instructions per second, over 100 years to decipher one piece of information encoded with 40-bit (240) encryption.
However, keep in mind that messages transferred over the Internet are not sent in one piece: During the transmission process they are broken into small random packets which must be encrypted, routed, located, decrypted and assembled before a meaningful message can be interpreted. Therefore, to decode a complete message, you first have to find all the pieces; an almost insurmountable task in itself.
128-bit encryption is 300 septillion (1x1024) times stronger than 40-bit. No one has ever come close to cracking a message encrypted with a 128-bit key. In fact, 128-bit encryption is so powerful that the U.S. Government restricts the export of this technology outside of the United States and Canada because such strong encryption is classified as munitions.
What You Can Do For your part, we ask that you take some simple precautions. Please treat your User ID and Password with the same care and security that you treat your Credit Card or ATM Personal Identification Number (PIN).
Plus, you should take the standard precautions to keep your computer free from viruses that could be used to capture password keystrokes.
Important Notice Regarding E-mail The WSUG cannot guarantee the confidentiality of information sent via e-mail on the Internet. For this reason, we strongly urge you not to include any private information within your e-mail communications with us (or anyone else for that matter).
Our e-mail responses to any inquiries you may have will never contain any confidential information. The WSUG will not be responsible for any damages you sustain if you transmit private or sensitive information to us by e-mail.