Archives
  Columns
  Features
  Print Archives
1994-1998
  Special
  BYTE Digest
  Michael Abrash's Graphics Programming Black Book
  101 Perl Articles
  About Us
  How to Access BYTE.com
  Write to BYTE.com
  Advertise with BYTE.com

Newsletter
Free E-mail Newsletter from BYTE.com
 
    
  HOME   ABOUT US   ARCHIVES   CONTACT US   ADVERTISE   REGISTER
Visit the home page Browse the four-year online archive Download platform-neutral CPU/FPU benchmarks Find information for advertisers, authors, vendors, subscribers Request free information on products written about or advertised in BYTE Submit a press release, or scan recent announcements Talk with BYTE's staff and readers about products and technologies

ArticlesSupport A Safe Internet: Secure Your Site

August 1995 / BYTE Lab Product Report / Support A Safe Internet: Secure Your Site

Transmitting sensitive information, such as credit-card numbers or corporate financial data, across the Internet can be risky. By default, data that's sent across a TCP/IP network is transmitted as raw data. Thus, any clever thief can read the information as it's being sent, create fake data requests, and forge responses. With the prevalence of HTML (Hypertext Markup Language) forms and the development of publicly accessible Internet banking, Internet security has become a particularly sensitive issue.

Another equally vital consideration is the security of data on the client and server sites. Allowing external-site access to your server implies that people outside your site will have at least limited access to your file systems. Merely existing on a global ne twork lets outsiders steal your data.

Finally, both user and provider must consider the problem of confirming that the other person is who he or she claims to be. Just as a server wants to confirm that persons ordering a service are who they claim to be, users need to confirm the sites to which they send sensitive information.

Three main techniques can secure server sites and data transmissions: firewalls, encrypted transmissions, and user/server authentication. When you install a firewall , you set up a single computer or a router to act as a filter that stands between all internal and external transmissions and allows only certain types of data to pass from one side to the other. An insecure site might allow almost anything to pass through; a more secure site can restrict transmissions to mail or nonanonymous FTP. Ports through a firewall can be either absolute (allowing everyone, or no one, to go through) or user-secure (allowing only select users with passwords to go through).

Encrypted transmissions encode data transmissions. S-HTTP and SSL have been proposed as alternative methods of encoding transmitted data. S-HTTP provides encryption services to WWW browsers, while SSL provides security and encryption services to any application at the socket, or intercomputer communications, level.

Two common encryption techniques are public-key (e.g., RSA) and private-key (e.g., DES) encryption. Public-key encryption lets you broadcast an encoding key while maintaining a private decoding key. You can encrypt a message with the public key; however, without knowing the private key, the recipient can't effectively decrypt the message. "Signing" a message is also possible: If you encode the message with your private key, someone can decode it with the public key, which proves that it was you who actually sent the message.

With private-key techniques, on the other hand, the sender and the receiver must share key information. While a public-key system allows the transmission of public keys across unsecured paths, letting you secure a channel by passing the public key, it's slower than private-key encryption.

A combination of public- and private-key transmission is normally used to create secure channels. Public-key encryption is often used to sign and transmit private keys; the private keys are used for the bulk of the session to improve performance.

Finally, authentication confirms the identity of a user or a server. At a simple level, this can be done with the use of passwords and user IDs. More complex schemes allow you to store a digital signature that identifies the server site; the browser software must then request, compare, and verify the returned signature.

Up to the BYTE Lab Product Report section contentsGo to previous article: Dubious AchievementsSearchSend a comment on this articleSubscribe to BYTE or BYTE on CD-ROM   
Flexible C++
Matthew Wilson
My approach to software engineering is far more pragmatic than it is theoretical--and no language better exemplifies this than C++.

more...

BYTE Digest

BYTE Digest editors every month analyze and evaluate the best articles from Information Week, EE Times, Dr. Dobb's Journal, Network Computing, Sys Admin, and dozens of other CMP publications—bringing you critical news and information about wireless communication, computer security, software development, embedded systems, and more!

Find out more
BYTE.com Store

BYTE CD-ROM
NOW, on one CD-ROM, you can instantly access more than 8 years of BYTE.
 
The Best of BYTE Volume 1: Programming Languages
The Best of BYTE
Volume 1: Programming Languages
In this issue of Best of BYTE, we bring together some of the leading programming language designers and implementors...

Copyright © 2005 CMP Media LLC, Privacy Policy, Your California Privacy rights, Terms of Service
Site comments: webmaster@byte.com
SDMG Web Sites: BYTE.com, C/C++ Users Journal, Dr. Dobb's Journal, MSDN Magazine, New Architect, SD Expo, SD Magazine, Sys Admin, The Perl Journal, UnixReview.com, Windows Developer Network