By: aathishankaran Viewed: 613 times Printer Friendly Format
Although the risk of using the Web is small, it still merits some consideration. The basic question that you need to ask is," What do I have to lose?" If you use your PC purely for recreation and don't perform any financial transactions over the Web, then the answer is, "Not much." However, if you use your PC to store your diary and sensitive company documents and use the Web to make online purchases, then you may want to examine your risk more closely.
Dealing with Executable Content
A Trojan horse is a program that appears to provide a useful function while, in reality, it is attacking your system. The name comes from the legend of the huge wooden horse that was left as a gift at the gates of Troy. When the Trojans opened the gates of their city to bring in the horse, Greek soldiers who had been hiding inside the horse poured out and attacked the Trojans.
Each of the three major browser-programming technologies uses a different approach to protecting against Trojan horses:
Java code executes in the Java Virtual Machine (JVM), which is part of the Java runtime system. The runtime system is designed to prevent operations that would violate the browser's security policy.
*ActiveX components do not provide any inherent protection against damage. Instead, these components are digitally signed. The signature provides a high degree of assurance that the component originated from the organization that it claims.
Navigator and Internet Explorer 4 also support signed Java applets. The signature can be used to determine whether the applet should be given extra privileges beyond those allowed by the default Navigator security policy.
Java's approach is next best when it comes to security. The Java runtime system is capable of supporting multiple security policies. For example, Java programs that are loaded from your hard disk are allowed more privileges than applets that are loaded over the network. Signed applets are given more a single tooth indicates that international security (40-bit) encryption is in use. A solid key with two teeth indicates that domestic security (12- bit) encryption is in use.
Both international and domestic security uses the Secure Sockets Layer (551) for encryption. SSI uses public key cryptography to exchange keys that are used for private key encryption. Digital certificates are used to verify the identity of the organization with you are communicating.
How strong is the security provided? If no encryption is used, then you should assume that whatever information you send could be intercepted.
If international (40-bit) encryption is used, then your encrypted communication is probably secure from a hacker without many computational resources, but not from anyone else. This encryption scheme has already been broken several times.
If domestic (128-bit) encryption is used, then you are probably secure from most eavesdroppers. However, absolute security cannot be guaranteed. SSL only protects information while it is in transit. Whatever information you send is unprotected before it is transmitted by your browser and after it is received by the server.
How private is your interaction with the Web? Not very private. Whenever you request a document from a Web server, your request is usually logged by that server. The log record doesn't identify you by name, but it does include your IP address. It you use a static IP address, then you are positively identified. If you use a dynamic IP address, then the log information could apply to other users of your Internet service provider.
Most Viewed Articles (in JSP )
Latest Articles (in JSP)
Comment on this tutorial
- Cloud Computing
- Java Beans
- Mac OS X
- Office 365
- Tech Reviews