Time
1 hour 44 minutes
Difficulty
Beginner
CEU/CPE
2

Video Transcription

00:01
I and welcome to lesson 1.2 of the end user Cyber Fundamentals course.
00:07
This lesson will be focused on secure web browsing.
00:15
In this lesson, you will learn what a secure website is and how to recognize one.
00:21
What's https is and how our protection data
00:25
and what is a TLS handshake?
00:30
What is the secure website and how can you recognize one?
00:35
Ah, secure website is a website in which the U. R L begins with https.
00:42
You will also see a lock to the left of the URL.
00:46
This is another visual indicator that the website insecure
00:51
the S in H T T. P s stands for secure.
00:58
But what does secure actually need
01:00
secure means that your data is encrypted?
01:03
Encryption is a method of protecting your data from people. You do not want to see it.
01:08
It does this by disguising the plain text into a secret cipher that only system or people with that secret Kikkan read
01:17
to everyone else. It's just gibberish.
01:19
A good example of this is when you are on a retail site and king your credit card information. That data is encrypted so nobody can steal it.
01:30
What is h t T P s
01:34
https stands for hypertext transfer protocol secure.
01:40
It works over TCP ports 443 and is an extension of http
01:48
H T T P s uses TLS transport layer security,
01:53
which is an encryption protocol to make it secure.
01:57
This means all communication between your Web browser and an H T. T. P s web site is encrypted. Once your session has been established,
02:07
we will talk a little more about how the secure session is established. Next to make sure you have a basic understanding off how https works and how you secure session is created,
02:23
how those https secure my data
02:27
well, for a website to secure the communication, it must establish a secure connection between the Web browser and the website.
02:36
This is stone using TLS and the Public Key infrastructure,
02:40
which is referred to as P K I.
02:44
All communications over TLS. Start with the TLS handshake.
02:50
TLS uses both asymmetric and symmetric keys to establish the secure session.
02:55
Here is a very high level overview of how this works.
03:02
The TLS handshake uses asymmetric encryption
03:06
which uses to separate keys one public which is used for encryption, and one private key, which is used for decryption.
03:15
The purpose of the asymmetric encryption is to be able to securely exchange session keys, which are used to create the secure session.
03:24
Once the keys have been exchanged, the TLS handshake is done,
03:29
and the symmetric encryption takes over.
03:32
Symmetric encryption on Lee uses one sharqi,
03:37
which is a lot less overhead.
03:38
The process might sound a bit confusing,
03:42
but I think it's important to understand how recessions are secured, especially since you use secure sessions to access your banks and other confidential information.
03:53
Let's break it down.
03:57
How is my session secured?
04:00
Step one.
04:01
You open a Web browser and type in www dot google dot com and hit. Enter
04:08
your browser, reaches out to the Google Web server and requests a connection.
04:13
Step two.
04:15
The Google Server response and sends you its certificate and public key.
04:19
It keeps its own private key and secret.
04:24
Remember public ease off for encryption and private keys off for decryption.
04:30
The certificate is very important as it ensures the identity of the website.
04:35
Step three.
04:38
Once your browser receives and validates that certificate from the Google Server, your Web browser will generate 1/3 key.
04:46
This is called a session key,
04:48
if then encrypts the session key using the public he you received from the Google Server in Step two
04:57
and shares it with the Google server. So you both have a copy of the session. Key
05:03
step for the Google Server receives and decrypt the session key. Using its secret private key
05:13
and the public he asymmetric encryption is terminated. The TLS handshake is now complete.
05:20
Step five. You are now in a secure session with the server
05:25
using Onley symmetric encryption
05:29
and that's how it remains until you leave the website
05:31
every time you start a new session with a website. This is the process that takes place.
05:42
We now have a high level understanding of how https protection data.
05:46
Because of the secure connection and encryption, Https can also protect against multiple kinds of spying threats, such as man in the middle attacks and eavesdropping.
05:58
Https also provides data confidentiality and data integrity during data transport, Since the data can only be read
06:06
by the systems and persons with the secret key.
06:11
The key word here is transport, which also means after this cure connection has been established.
06:17
Anything else before that is not encrypted and protected,
06:21
meaning the website you're visiting is exposed, but not the pages you navigate to. Once you establish the session
06:30
example, you type in https colon forward slash forward slash google dot com and hit Enter,
06:38
You're Secure Connection and session is not established until you had enter an https uses TLS and PK I to establish a secure connection with the website.
06:51
Once you dio all the pages, you, Brown's within the website are confidential.
06:58
Anything you can after the session established is confidential.
07:05
Now that we know what a secure website is and what it does, let's make sure you understand what it does not do.
07:14
So. Https cannot hide the names of websites that you're visiting because they are keyed in before the secure connection is established.
07:25
Https does not hide your physical location,
07:29
and it cannot prevent you from getting viruses or malware.
07:33
Malware can exist on websites that use https,
07:39
and any type of data can travel through the secure tunnel safely, including mount where
07:48
what key is used for decrypting data.
07:56
Your private key.
07:58
Since your private key is used to decrypt data,
08:01
you should not share this key with anyone.
08:05
If your private keys exposed,
08:07
then you secure session
08:09
can be compromised.
08:13
In today's video, we discussed what a secure what site looks like and how to identify one.
08:22
We also discussed what secure means and briefly touched on the technology used to secure the websites such as https,
08:31
T l s and P K I.
08:35
We also discussed what protection https can provide and what protection it cannot provide.
08:46
Here are my references. Thank you. And I will see you in the next lesson.

Up Next

End User Cyber Fundamentals

This End User Cyber Fundamentals course covers Internet risks such as typosquatting, website spoofing, drive-by downloads, Malvertising, and how to protect yourself using security best practices.

Instructed By

Instructor Profile Image
Lisa Martino
Director, Information Security Governance, Risk & Compliance
Instructor