McAfee guard dog 2 User Manual
Internet Security and Privacy
64
McAfee Guard Dog
If SSL is so great, what is the problem?
SSL is affected by a couple of problems. One problem is that not everyone has
an SSL-enabled server or browser. Some Web administrators don’t want to use
SSL because they have to pay for it, and it can also slow down server
transactions. A more onerous problem that affects SSL is the way it is
implemented. It turns out that some developers made incorrect assumptions
about SSL, which means some older browser versions are less secure. The
good news is that Microsoft and Netscape now coordinate their security
efforts, which means a more secure, universal standard for Web security.
an SSL-enabled server or browser. Some Web administrators don’t want to use
SSL because they have to pay for it, and it can also slow down server
transactions. A more onerous problem that affects SSL is the way it is
implemented. It turns out that some developers made incorrect assumptions
about SSL, which means some older browser versions are less secure. The
good news is that Microsoft and Netscape now coordinate their security
efforts, which means a more secure, universal standard for Web security.
What about authentication?
Authentication is a method of assuring that both parties to an Internet
transaction are who they claim to be. For example, if you get account balance
information from your bank, you want to be sure that you are contacting the
bank, and not some unauthorized entity. In addition, the bank wants to be sure
that they are providing the information to you, and not just to a person who
happens to know your bank account number.
transaction are who they claim to be. For example, if you get account balance
information from your bank, you want to be sure that you are contacting the
bank, and not some unauthorized entity. In addition, the bank wants to be sure
that they are providing the information to you, and not just to a person who
happens to know your bank account number.
Authentication usually entails entering a user ID and a password. To
circumvent intercepted passwords and IDs, authentication employs
encryption to scramble this information before transmitting it.
circumvent intercepted passwords and IDs, authentication employs
encryption to scramble this information before transmitting it.
NOTE: Certificates are a Microsoft technology designed to guarantee a
person’s identity and Web site security. Personal certificates verify that
you are who you claim to be. Web site certificates verify that a Web site
is secure and what it claims to be (so Web sites can’t falsify their identity).
When you open a Web site that has a certificate, Internet Explorer checks
if the certificate is correct. If the certificate is not OK, Internet Explorer
warns you. Certificates are great, in theory. The problem is that they only
establish a security standard—Web sites are free to choose to use
certificates, or not.
you are who you claim to be. Web site certificates verify that a Web site
is secure and what it claims to be (so Web sites can’t falsify their identity).
When you open a Web site that has a certificate, Internet Explorer checks
if the certificate is correct. If the certificate is not OK, Internet Explorer
warns you. Certificates are great, in theory. The problem is that they only
establish a security standard—Web sites are free to choose to use
certificates, or not.
How does encryption work?
The only way to keep a secret is if you do not tell anyone, and if you do not jot
it down. If you need to share the secret, you can hide it within another
message, and let the intended recipient know how to find it. Computer
encryption hides messages by making the original data unintelligible. The
intent is to garble the data for anyone for whom it is not intended: Having
access to the encrypted data itself is useless.
it down. If you need to share the secret, you can hide it within another
message, and let the intended recipient know how to find it. Computer
encryption hides messages by making the original data unintelligible. The
intent is to garble the data for anyone for whom it is not intended: Having
access to the encrypted data itself is useless.