The Basics of Web Security

Security on the Internet is a very important, complicated topic. Because this is not an Internet book, you won't find much detail in this section. But there are really only three things you need to know.

If you are looking at an unsecured page, everything you see and everything you provide via forms can be intercepted by a third party. Unsecured Web pages do not have the Lock icon in the bottom-left corner of the Internet Explorer window and their URLs begin with "http."

If you are visiting a site and don't see the lock, don't provide any data that you don't want someone else to see such as credit card information, your Social Security number, and so on. In fact, this is a general principle you should follow while you are on the Net. Unless you are sure that the service you are using is secure, don't provide any information you don't want transmitted to the world.

This sounds pretty dramatic, and it is a bit overstated. I believe that the chances of anyone intercepting any particular data on the Net are pretty small, but if the potential loss is great, even that small risk may be too much. It's up to you to choose how much risk you want to assume.

Fortunately, you can provide data via a secure connection to sites that are running the proper server software. A secure connection is one in which the data transmitted is scrambled, encrypted, or both. This data may still be intercepted, but the person intercepting it won't be able to do anything with it. Only the server receiving the data will be able to decode and unscramble it. Although this system isn't perfect, it's about as close to perfect as you'll get. After all, the only way to be perfectly safe is to never do anything at all.

How do you tell that you are using a secure connection? Look for the lock at the bottom of the window. If it is there, you are using a secure connection. You can also tell by looking at the URL. If it begins with an https instead of just http, you are visiting a secure location.

You can usually find secure sites in places where you have the opportunity to buy things and need to transmit your credit card information to do so. Of course, how you want to deal with sensitive data is up to you. Some people can accept more risk than others. However, here is the guiding principle that I use:

Do not transmit via an unsecured means any data for which you can't accept the risk of a third-party intercepting that data.

Like me, you may find shopping via the Web extremely convenient, easy, and inexpensive, but I suggest that you only transmit credit card data via secure sites. And always remember: Do not judge what you do on the Net against a perfect world (where there is no chance of your data being misused). Consider the risks you are willing to accept in the non-Net world. For example, you probably think nothing of using your credit card in one of those gas pumps with an integrated card reader. That is certainly no more secure, and might be much less secure (especially if your card number is printed on the paper receipt), than using your credit card on a secure Web site.

Web browsers have many security features, and you configure them with the browser's Preferences window. The details of these settings are beyond the scope of this book, but you can explore them on your own to see whether you need to make changes the default settings work for most people.

Third, some sites provide digital certificates that are used to verify from data from that site. When you view a site that uses such a certificate, you will see a window that gives you some options. One will be to install the certificate on your machine. When you do so, the certificate will be installed in the appropriate directory and your browser will be able to access that certificate as needed. You can also choose to always trust data from the site so that you don't see any security warnings during future visits.