Secure Websites

00:01

I and welcome to lesson 1.2 of the end user Cyber Fundamentals course.

00:07

This lesson will be focused on secure web browsing.

00:15

In this lesson, you will learn what a secure website is and how to recognize one.

00:21

What's https is and how our protection data

00:25

and what is a TLS handshake?

00:30

What is the secure website and how can you recognize one?

00:35

Ah, secure website is a website in which the U. R L begins with https.

00:42

You will also see a lock to the left of the URL.

00:46

This is another visual indicator that the website insecure

00:51

the S in H T T. P s stands for secure.

00:58

But what does secure actually need

01:00

secure means that your data is encrypted?

01:03

Encryption is a method of protecting your data from people. You do not want to see it.

01:08

It does this by disguising the plain text into a secret cipher that only system or people with that secret Kikkan read

01:17

to everyone else. It's just gibberish.

01:19

A good example of this is when you are on a retail site and king your credit card information. That data is encrypted so nobody can steal it.

01:30

What is h t T P s

01:34

https stands for hypertext transfer protocol secure.

01:40

It works over TCP ports 443 and is an extension of http

01:48

H T T P s uses TLS transport layer security,

01:53

which is an encryption protocol to make it secure.

01:57

This means all communication between your Web browser and an H T. T. P s web site is encrypted. Once your session has been established,

02:07

we will talk a little more about how the secure session is established. Next to make sure you have a basic understanding off how https works and how you secure session is created,

02:23

how those https secure my data

02:27

well, for a website to secure the communication, it must establish a secure connection between the Web browser and the website.

02:36

This is stone using TLS and the Public Key infrastructure,

02:40

which is referred to as P K I.

02:44

All communications over TLS. Start with the TLS handshake.

02:50

TLS uses both asymmetric and symmetric keys to establish the secure session.

02:55

Here is a very high level overview of how this works.

03:02

The TLS handshake uses asymmetric encryption

03:06

which uses to separate keys one public which is used for encryption, and one private key, which is used for decryption.

03:15

The purpose of the asymmetric encryption is to be able to securely exchange session keys, which are used to create the secure session.

03:24

Once the keys have been exchanged, the TLS handshake is done,

03:29

and the symmetric encryption takes over.

03:32

Symmetric encryption on Lee uses one sharqi,

03:37

which is a lot less overhead.

03:38

The process might sound a bit confusing,

03:42

but I think it's important to understand how recessions are secured, especially since you use secure sessions to access your banks and other confidential information.

03:53

Let's break it down.

03:57

How is my session secured?

04:00

Step one.

04:01

You open a Web browser and type in www dot google dot com and hit. Enter

04:08

your browser, reaches out to the Google Web server and requests a connection.

04:13

Step two.

04:15

The Google Server response and sends you its certificate and public key.

04:19

It keeps its own private key and secret.

04:24

Remember public ease off for encryption and private keys off for decryption.

04:30

The certificate is very important as it ensures the identity of the website.

04:35

Step three.

04:38

Once your browser receives and validates that certificate from the Google Server, your Web browser will generate 1/3 key.

04:46

This is called a session key,

04:48

if then encrypts the session key using the public he you received from the Google Server in Step two

04:57

and shares it with the Google server. So you both have a copy of the session. Key

05:03

step for the Google Server receives and decrypt the session key. Using its secret private key

05:13

and the public he asymmetric encryption is terminated. The TLS handshake is now complete.

05:20

Step five. You are now in a secure session with the server

05:25

using Onley symmetric encryption

05:29

and that's how it remains until you leave the website

05:31

every time you start a new session with a website. This is the process that takes place.

05:42

We now have a high level understanding of how https protection data.

05:46

Because of the secure connection and encryption, Https can also protect against multiple kinds of spying threats, such as man in the middle attacks and eavesdropping.

05:58

Https also provides data confidentiality and data integrity during data transport, Since the data can only be read

06:06

by the systems and persons with the secret key.

06:11

The key word here is transport, which also means after this cure connection has been established.

06:17

Anything else before that is not encrypted and protected,

06:21

meaning the website you're visiting is exposed, but not the pages you navigate to. Once you establish the session

06:30

example, you type in https colon forward slash forward slash google dot com and hit Enter,

06:38

You're Secure Connection and session is not established until you had enter an https uses TLS and PK I to establish a secure connection with the website.

06:51

Once you dio all the pages, you, Brown's within the website are confidential.

06:58

Anything you can after the session established is confidential.

07:05

Now that we know what a secure website is and what it does, let's make sure you understand what it does not do.

07:14

So. Https cannot hide the names of websites that you're visiting because they are keyed in before the secure connection is established.

07:25

Https does not hide your physical location,

07:29

and it cannot prevent you from getting viruses or malware.

07:33

Malware can exist on websites that use https,

07:39

and any type of data can travel through the secure tunnel safely, including mount where

07:48

what key is used for decrypting data.

07:56

Your private key.

07:58

Since your private key is used to decrypt data,

08:01

you should not share this key with anyone.

08:05

If your private keys exposed,

08:07

then you secure session

08:09

can be compromised.

08:13

In today's video, we discussed what a secure what site looks like and how to identify one.

08:22

We also discussed what secure means and briefly touched on the technology used to secure the websites such as https,

08:31

T l s and P K I.

08:35

We also discussed what protection https can provide and what protection it cannot provide.