1 hour 44 minutes
I and welcome to lesson 1.2 of the end user Cyber Fundamentals course.
This lesson will be focused on secure web browsing.
In this lesson, you will learn what a secure website is and how to recognize one.
What's https is and how our protection data
and what is a TLS handshake?
What is the secure website and how can you recognize one?
Ah, secure website is a website in which the U. R L begins with https.
You will also see a lock to the left of the URL.
This is another visual indicator that the website insecure
the S in H T T. P s stands for secure.
But what does secure actually need
secure means that your data is encrypted?
Encryption is a method of protecting your data from people. You do not want to see it.
It does this by disguising the plain text into a secret cipher that only system or people with that secret Kikkan read
to everyone else. It's just gibberish.
A good example of this is when you are on a retail site and king your credit card information. That data is encrypted so nobody can steal it.
What is h t T P s
https stands for hypertext transfer protocol secure.
It works over TCP ports 443 and is an extension of http
H T T P s uses TLS transport layer security,
which is an encryption protocol to make it secure.
This means all communication between your Web browser and an H T. T. P s web site is encrypted. Once your session has been established,
we will talk a little more about how the secure session is established. Next to make sure you have a basic understanding off how https works and how you secure session is created,
how those https secure my data
well, for a website to secure the communication, it must establish a secure connection between the Web browser and the website.
This is stone using TLS and the Public Key infrastructure,
which is referred to as P K I.
All communications over TLS. Start with the TLS handshake.
TLS uses both asymmetric and symmetric keys to establish the secure session.
Here is a very high level overview of how this works.
The TLS handshake uses asymmetric encryption
which uses to separate keys one public which is used for encryption, and one private key, which is used for decryption.
The purpose of the asymmetric encryption is to be able to securely exchange session keys, which are used to create the secure session.
Once the keys have been exchanged, the TLS handshake is done,
and the symmetric encryption takes over.
Symmetric encryption on Lee uses one sharqi,
which is a lot less overhead.
The process might sound a bit confusing,
but I think it's important to understand how recessions are secured, especially since you use secure sessions to access your banks and other confidential information.
Let's break it down.
How is my session secured?
You open a Web browser and type in www dot google dot com and hit. Enter
your browser, reaches out to the Google Web server and requests a connection.
The Google Server response and sends you its certificate and public key.
It keeps its own private key and secret.
Remember public ease off for encryption and private keys off for decryption.
The certificate is very important as it ensures the identity of the website.
Once your browser receives and validates that certificate from the Google Server, your Web browser will generate 1/3 key.
This is called a session key,
if then encrypts the session key using the public he you received from the Google Server in Step two
and shares it with the Google server. So you both have a copy of the session. Key
step for the Google Server receives and decrypt the session key. Using its secret private key
and the public he asymmetric encryption is terminated. The TLS handshake is now complete.
Step five. You are now in a secure session with the server
using Onley symmetric encryption
and that's how it remains until you leave the website
every time you start a new session with a website. This is the process that takes place.
We now have a high level understanding of how https protection data.
Because of the secure connection and encryption, Https can also protect against multiple kinds of spying threats, such as man in the middle attacks and eavesdropping.
Https also provides data confidentiality and data integrity during data transport, Since the data can only be read
by the systems and persons with the secret key.
The key word here is transport, which also means after this cure connection has been established.
Anything else before that is not encrypted and protected,
meaning the website you're visiting is exposed, but not the pages you navigate to. Once you establish the session
example, you type in https colon forward slash forward slash google dot com and hit Enter,
You're Secure Connection and session is not established until you had enter an https uses TLS and PK I to establish a secure connection with the website.
Once you dio all the pages, you, Brown's within the website are confidential.
Anything you can after the session established is confidential.
Now that we know what a secure website is and what it does, let's make sure you understand what it does not do.
So. Https cannot hide the names of websites that you're visiting because they are keyed in before the secure connection is established.
Https does not hide your physical location,
and it cannot prevent you from getting viruses or malware.
Malware can exist on websites that use https,
and any type of data can travel through the secure tunnel safely, including mount where
what key is used for decrypting data.
Your private key.
Since your private key is used to decrypt data,
you should not share this key with anyone.
If your private keys exposed,
then you secure session
can be compromised.
In today's video, we discussed what a secure what site looks like and how to identify one.
We also discussed what secure means and briefly touched on the technology used to secure the websites such as https,
T l s and P K I.
We also discussed what protection https can provide and what protection it cannot provide.
Here are my references. Thank you. And I will see you in the next lesson.