India Cyber Lab - Powered by NASSCOM 4e Framework


	Articles ٠ Safe Use of Internet

	Resource on Privacy

	India Cyber Cop Awards 2005

Safe Use of Internet

Using the Internet conveniently and safely
By Kanda Muniasamy (kmuniasamy@verisign.com)

Internet, a convenient medium for people

Internet has become an all pervasive medium shrinking geographies and connecting billions of people across the globe. E-mail, web browsing and instant messaging are popular applications for many in India. Online train and flight ticket reservation is catching up fast. Online banking, bill payment and shopping are examples of convenient activities one could accomplish from home.

Identity and Security with Internet

In the offline world, physical verification such as seeing the person, introduction by a trusted source, checking the photo id are some ways of identifying the person in high value interactions. In the online world, for casual web browsing no identity is needed. For applications such as e-mail, online shopping and banking, web sites use secure http ( https ) connections. Https connections use Secure Sockets Layer ( SSL ) protocol to identify the web site to the browser using the site's Digital Certificate and to encrypt the communication for securely exchanging personal data. While entering personal information such as user id, password and credit card no, you need to make sure that the web address starts with https and a locked yellow padlock such as this in MicroSoft's Internet Explorer is seen in the bottom right of the browser. If you click on the yellow lock, you can verify the name of the web site in the Certificate displayed. Digital Certificates are issued to web sites by trusted Certificate Authorities such as VeriSign, Thawte and GeoTrust after sufficient offline verification.

Another way to ascertain the legitimacy of a shopping or banking site that is new to you is to look for ‘Secured Seal' issued by VeriSign. You can click on the Seal to verify the company name and the SSL Certificate status presented in a page from https://seal.verisign.com/.

Important Safety Tips

Do's

Use strong passwords for internet accounts containing at least 8 characters with a combination of uppercase and lowercase letters, numbers and one or more symbols such as !, @, # and ,. Do not use easily guessable names as passwords. Keep your passwords safe.

Always look for https url and the locked yellow padlock before entering personal and credit card information. When in doubt, click on the padlock to verify the web site name in the Certificate. With shopping sites, review their credit card use, privacy and merchandise return policies.

Always type your bank web addresses in the browser to access your bank web site. Book mark these addresses so that you can select them from your favorites in the browser.

Always log off after an online banking or shopping session.

Always back up periodically important data such as tax returns and other personal information.

Use latest Anti-Virus and Anti-Spyware software from reputed companies such as (Norton AntiVirus from Symantec, virunsscan from McAfee) in your PC to scan periodically for viruses and to remove them.

Don't's

Never enter your user id, password or other personal information in an unprotected http session, where you do not see the locked yellow padlock.

Never go to your online banking site following a link in your e-mail.

Never click on enticing pop-up screens. Simply close them or kill them.

Never access your online bank or shopping sites from computers in Internet Cafés, Libraries, and other public sites.

Never select "remember my password" when prompted by your browser. These make passwords pointless because anyone who gains access to your computer could gain access to your online bank and shopping accounts.

Never click on ‘Yes' or ‘OK' when the browser displays a Security Alert regarding Digital Certificate verification. This is a built in security warning in the browser against Certificates that are invalid or those issued by hackers.

Never provide your user id and password, when pretentious websites, e-mails or people solicit such information. No one from a bank or a shopping site will ask for your user id and password in an e-mail. Remember the offline credit card world. You only provide personal information when you call the credit card company for them to identify you, not when someone calls you because you have no way of knowing who you are talking too.

Never send sensitive information such as your password, credit card number or password in e-mails or instant message conversations.

Never open e-mails with attachments from unknown persons or attachments with names ending in .exe, .pif, or .vbs as these are commonly used for carrying viruses.

Surf safely and enjoy the convenience

Though it seems like a lot of do's and don't's, some of the tips are not new to many people and other precautions come by practice. There is no technology without risk. By taking appropriate security measures, one can utilize Internet as a convenient medium to do many things online more efficiently and cost effectively than offline.

Kanda Muniasamy runs VeriSign Security Services R & D center in Bangalore. He has been with VeriSign 4+ years and led Secure Payments, Authentication and SSL projects at VeriSign HQ office in Mountain View. Prior to VeriSign, Kanda was with Netscape/AOL working on Electronic Wallet, Certificate Server and Portal technologies. His current interests include raising consumer awareness on safe Internet usage and applying security technologies to solve Authentication and Network and Application Security problems for the Enterprises and the Governments.