RIPEFRUIT

 
 
 
 
 
Hosting Support
All About Email
Domain Names = WWW
RipeSite CMS
Network
Ripefruit Publications
Accounts & Billing
Who is Ripefruit?
Contact Ripefruit

Security Overview


To understand the security of a web page requires a basic understanding of general web terms and what they mean.

 

Getting started: Web Sites, Servers and Pages

 

A “web site” is a general term.


A web site usually refers to some collection of information that may be easily accessed by anyone with a web browser and Internet connection.

 

A “web page” is a document.

Typically, web pages reside on a “web site.” The documents themselves are really not much different than any other kind of electronic document. They may contain more than just text and links to other web pages. In fact, most web pages contain images, interactive forms, or even more dynamic content such as your bank account transaction history.

 

A “web server” is a computer.

A web server is a computer with a fast Internet connection running special web server software which allows it to “serve” or provide web pages.

 

Knowing the basics: The Internet

 

The Internet is a massive global network of networks connecting millions of computers together.

 

Information that travels over the Internet does so by the way of “protocols” or languages and instructions that determine how the information is transmitted.

 

One of the first and still most popular protocols used on the Internet is “HTTP.” The protocol was designed to be fast and easy to use, although insecure, as it transmits data in plain-text.

 

In addition to HTTP, web servers can use “HTTPS” or HTTP over a secure connection.

Internet Service Providers (ISPs) and web browser software


An ISP is a company that provides an Internet connection to a person or business. ISPs are beginning to offer different types of connections to their subscribers. Here are 3:

  • Analog modem (dial-up phone line)
  • Digital modem (ISDN/DSL phone line)
  • Cable modem (using your cable TV line)

Some ISPs provide web browser software of their own (Such as AOL or Compuserve). While others may provide no software, or just a modified version of a free web browser.

 

Microsoft’s Internet Explorer and Firefox are among the most popular web browsers in use on the Internet.

 

Web Browsers and Protocols

 

One common misconception regarding web browsers is that they are in constant communication with the web server. This is usually not true.

 

Browser/server communication is event-driven. It only takes place from the moment you click something until the next web page has loaded into your browser.

 

It’s important to know that once a web page has loaded into your browser, you are effectively “offline” as far as the web server is concerned.

 

When completing a web form there is no information sent to the web server until the form is submitted.

 

Who wants a cookie?

 

A cookie is a very small text file that is generated by a web site (such as amazon.com) and stored in your web browser.

 

This temporary storage is used mainly for identification.

 

If a web site gives you a cookie, and you later return to that web site, your browser will automatically send a copy of that cookie back to the web site.

 

Cookies are, for the most part, completely safe.

 

Third-party cookies, which are usually generated by popup or banner advertisements, can be dangerous.

 

Knowing when you’re on a secure web page.

 

Look for a security icon, a padlock or a small key, in the bottom corner of your web browser. This indicates that the current web page was sent to you securely.

 

When you move your mouse over a link look at the bottom of your web browser. You may notice that it will sometimes show you the address or “URL” for the link.

If it begins with https, it’s secure.

 

Most browsers can be set to alert you when you are about to enter or leave a secure page. Many people disable this feature, and unfortunately, this is really the only sure way to tell if your next form submission or page request will be transmitted securely. If you’re really concerned about security, you should look for this feature in your web browser and turn it on.

 

Encryption is based on cryptography, the science of secret codes.

 

Web Server software along with Web Browser software, use particular methods of encryption known as “public-key” and “symmetric-key” encryption.  Used in this form by web servers, it is more commonly known as SSL (Secure Sockets Layer), an Internet security protocol.

 

Today’s standard encryption level is 128-bit.


How SSL encryption works


The process begins when your web browser requests a secure web page.

 

Your browser will also request the server’s “digital certificate.” Consider this the digital equivalent of your state-issued ID or government-issued passport.

 

Certificates are issued by well-known certificate authorities such as VeriSign.

 

Your browser will then verify that the information provided in the “digital certificate” in fact matches the domain name (for instance: ripefruit.com) of the web server providing the certificate.

 

Your web browser will then use the “public key,” also provided in the “digital certificate” along with it’s own “private key” to send an encrypted message back to the web server, which only that web server can understand. Using this information, your browser and server create a “symmetric key” which is known only to your browser and the web server and is used for the duration of your session on the server.

 

Your browser will receive a unique “session ID” from the web server. When your session ends, the symmetric key will no longer work.

 

So how safe is it – technically?


SSL makes online transactions extremely safe. It is certainly more secure than your credit union account statement or credit card payment which may be sitting unguarded in your mailbox.

 

From a programming perspective, the only way to break an SSL encryption is with a brute-force approach. Which involves:

 

First, intercepting a sensitive piece of information, such as a credit card number or your password, in it’s encrypted form during its brief transmission over the Internet.

Next, using a computer, the string of information must be processed against every possible “key” until the correct one is found. Most keys range from 40 to 1024 digits (where each digit is either a 1 or 0). As the length of the key gets larger, the number of possible key combinations grows exponentially.

 

As mentioned previously, 128-bit encryption is the standard... a 128 digit key has

 

2128 or

 

3,402,823,669,209,

384,634,633,746,074,300,

000,000,000,000,000,000, 000,000,000,000,000,000 different combinations!

 

As you might have guessed, it would take a very long time to run through all of these combinations even for the world’s most powerful computers. This level of encryption is considered unbreakable by today’s computers.

 

Our site is tested regularly by intrusion specialists who actually attempt to “hack” into our systems. All interactive forms on our site are submitted securely via SSL to our secure server.

 

Rest Assured With RIPEFRUIT