Every time you access your favorite website like Facebook, LinkedIn or Gmail, you are communicating with a server in a data center. These data centers hold several hundred servers if not thousands and can be located anywhere in the world.
Each time you interact with a website, by logging into your email or bank’s website you are sending sensitive information over the internet. it’s similar to a letter sent to your bank or your friend by postal service. Now immagine you send a letter without an envelope to your bank containing confidential information about your account, or vice versa. You would be exposing your data to anyone who is handling your letter in transit or to all employees at your bank.
When you interact with a website thats not secure, its no different. You are exposing the data you send over the internet to anyone who can sniff data when it’s in transit.
What are the Risks ?
Lets consider a scenario where you are sipping a nice cup of hot coffee in your neighborhood coffee shop and surfing the web. When you log in to your email or bank account you are sending sensitive data over the network. Lets follow your data and look at the potential risks it faces before it reaches the target server.
A hacker who is also sipping his hot coffee in the same cafe is also sniffing the packets or data being transmitted by other customers of the cafe from their laptops onto the internet. This method known as “passive scanning” , allows a hacker to screen various radio channels for data being sent by other customers. ( i.e. the wireless signals being transmitted over different frequencies in the coffee shop)
Once your data reachers the wireless router in the cafe, it starts its journey towards the target server through multiple ISP’s ( Internet Service Providers ) starting with the ISP your cafe uses ( example : Comcast ) and onward to the backbone networks like AT&T or Verizon and finally reaching the destination. i.e. the data center where your target server is located. During this journey your data is accessible to anyone who can sniff packets. It can be a hacker or an insider
What is Secure Web Site ?
A secure website protects user’s data with the help of bidirectional encryption by the use of HTTPS protocol.
According to Wikipedia
HTTPS is a URI scheme which has identical syntax to the standard HTTP scheme, aside from its scheme token. However, HTTPS signals the browser to use an added encryption layer of SSL/TLS to protect the traffic. SSL is especially suited for HTTP since it can provide some protection even if only one side of the communication is authenticated. This is the case with HTTP transactions over the Internet, where typically only the server is authenticated (by the client examining the server’s certificate).
How to look for secure website ?
Next time when you visit a website and you have to provide your sensitive data which can be your username/password or your credit card information, make sure its over HTTPS i.e. the website is secure. If you are not sure you can find out by the following methods.
1. Look for “https://” before the name of the website in your browser navigation bar , if it is “http://” the website is not secure.
2. In Chrome you can find out by clicking on the page icon next to the website address in the navigation bar as shown in the picture below.
3. If you are using firefox click on the globe icon next to the URL of your website to know if your website is secure.
In this post we understood that not all websites are safe and secure. We also learnt how we can identify a secure website and avoid being victims on internet. In my next post we will go behind the scenes and understand how secure websites work.