LIS 525 - Security

Why Is Security Important?

Some Types of Attack

Some Ways of Breaching Security

Security Measures

PKI

The combination of software, encryption technologies, and services that protects the security of an organization's communications and transactions on the Internet is referred to as the public-key infrastructure or PKI.

The leading service for PKI is Verisign. For a summary, see

Secure Internet communication uses public key cryptography, in which each recipient has a secret private key and a public key that is published. The sender uses the recipient's public key to encrypt the message, and the recipient uses the private key to decrypt the message.

128-bit encryption is currently considered so difficult to break that it can be used to protect important data.

The leading security protocol for the Internet is Netscape's SSL (Secure Sockets Layer). SSL is included in the Transport Layer Security (TLS) protocol.

You can see something about your browser's SSL settings. In Netscape Navigator, look under "Privacy & Security" in the "Preferences" dialog. In Internet Explorer, look under "Security" at the "Advanced" tab in the "Internet Options" dialog. In Firefox, click on "Advanced" in the "Options" dialog and look under "Security". In Opera, click on "Security" in the "Preferences" dialog and then click on the "Security Protocols..." button.

User Security

In addition to securing your own site and facilities against attack, you should also avoid doing anything that might compromise the security of your users. For example, if you ask users to register using their e-mail addresses, this could leave them open to customized phishing attacks based on hostile profiling: in hostile profiling, an attacking program tries logging in or registering using a large number of possible e-mail addresses and logs those attempts that result in a response indicating that the address is already registered.

For More Information


Home

Last updated October 31, 2007.
This page maintained by Prof. Tim Craven
E-mail (text/plain only): craven@uwo.ca
Faculty of Information and Media Studies
University of Western Ontario,
London, Ontario
Canada, N6A 5B7