Justin Denton, profile picture
Uploaded byJustin Denton
PPTX, PDF477 views

HTTPS

The document discusses HTTPS, explaining its importance for secure communication between web servers and browsers, as well as its limitations. It emphasizes the necessity of SSL certificates for protecting sensitive user information and outlines best practices for implementing HTTPS. Furthermore, it highlights the ongoing risks of data theft and the importance of user education in maintaining online security.

Education
Related topics:
Information Security

Embed presentation

Downloaded 10 times
How do you know if your information is secure?
Justin Denton • justindenton@mac.com • http://www.libchalk.com • Linkedin: • https://www.linkedin.com/in/j ustindenton1 • Twitter: @cyberdenton
What we’re covering today… • What HTTPS is. • How HTTPS functions. • Where to get a SSL certificates? • Why HTTPS? • How to enable HTTPS. • Where should HTTPS be implemented? • Communication and Training • Best Practices & Tips.
What is • HTTP is how a Web Server communications with Web Browsers • HTTPS is secure communication between a Web Server and Web Browsers S
Founded • Netscape Communications created HTTPS in 1994 for its Netscape Navigator web browser.[40] Originally, HTTPS was used with the SSL protocol. As SSL evolved into Transport Layer Security (TLS), the current version of HTTPS was formally specified by RFC 2818 in May 2000.
What type of sites have you been to that use HTTPS?
What does HTTPS Do? • HTTPS verifies the identity of a website and encrypts nearly all information sent between the website and the user. • Protected information includes cookies, user agent details, URL paths, form submissions, and query string parameters. • HTTPS is a combination of HTTP and Transport Layer Security (TLS). • Browsers and other HTTPS clients are configured to trust a set of certificate authorities that can issue cryptographically signed certificates on behalf of web service owners.
What Doesn’t HTTPS Do? • HTTPS has several important limitations. • IP addresses and destination domain names are not encrypted. • Even encrypted traffic can reveal some information indirectly, such as time spent on site, or the size of requested resources or submitted information. • HTTPS only guarantees the integrity of the connection between two systems, not the systems themselves. • It is not designed to protect a web server from being hacked. • If a user’s system is compromised by an attacker, that system can be altered so that its future HTTPS connections are under the attacker’s control.
Using HTTPS… • The computers agree on a "code" between them, and then they scramble the messages using that "code" so that no one in between can read them. This keeps your information safe from hackers. • They use the "code" on a Secure Sockets Layer (SSL), sometimes called Transport Layer Security (TLS) to send the information back and forth.
How can you make your site Secure? • Utilize a security certificated called a SSL certificate. • SSL = Secure Sockets Layer • SSL certification ensures website visitors that you are the owner of the website and that the information is secured using a SSL certificate authority. • Free SSL • https://letsencrypt.org/
Any individual or organization that uses their website to require, receive, process, collect, store, or display confidential or sensitive information. Some examples of this information are: • Logins and Passwords • Financial Information (e.g., credit card numbers, bank accounts) • Personal data (e.g., names, addresses, social security numbers, birth dates) • Proprietary information • Legal documents and contracts • Client lists • Medical records Who needs an SSL Certificate?
Question • You click to check out at an online merchant. Suddenly your browser address bar says HTTPS instead of HTTP. What's going on? Is your credit card information safe?
Answer • Good news. Your information is safe. The website you are working with has made attempts to ensure that no one can steal your information.
How HTTPS works…
Why HTTPS?
Has anyone ever been a Victim?
Why HTTPS? • Prevents Hackers from watching what you do over the Internet • Encrypts Data • Keeps stuff private • Keeps you safe • Prevents people from tracking your internet activity • Unencrypted HTTP request reveals information about a user’s behavior. The HTTP protocol does not protect data from interception or alteration.
Why? • Chosen as a good place to put an international message • Posting click-baity articles and spam • Posting political message • Holding for ransom • Fun / Competition • Money • Steal Personal Info • No reason at all..
High percentages of people have fell victim. More than 1 in 10 on average in the US.
10 Million affected in 2008
How are they getting in? • Unsecure POP3 Email Servers • Public Wi-Fi not secure • HTTPS is not being used on sites that you are accessing • No Anti-Spyware / Anti-Virus Software installed (or out of date) • User base not aware
Does HTTPS Solve all my worries? • A sophisticated type of man-in-the-middle attack called SSL stripping was presented at the Blackhat Conference 2009. • This type of attack defeats the security provided by HTTPS by changing the https: link into an http: link.
http://tinyurl.com/JDHTTPS Recovering from a Loss of Identity or being a victim of information Theft can be a PAINFUL process.
Enabling HTTPS… • Things you need to do… • Enable HTTPS on your Web Server • Easy for Public Hosting companies such as GoDaddy • Harder if you run your own. (Recommend engaging IT Expert.) • Hosted sites are Click and Pay. • Some configuration may be needed. • Hosting providers will have specific documentation on how to configure. • Provider Dependant • Test your site after implementing • Look for the Browser Locks
What’s your responsibility? • Provide a safe and secure environment for your customers • Implement & test Internet security measures • Register and maintain an SSL Certificate • Educate your customers
How to stay secure? Take Preventative Measures…
Does anyone in attendance do anything to protect themselves while online?
How can you be secure? • Be aware when putting in data “YOU” want to protect into a non-HTTPS secure site • Have Anti-Virus software installed and updated • Don’t go to suspicious sites • Utilize private VPN • Make sure you use Encrypted apps • Use a password manager
How can you be secure? Cont’d… • Remember to be on the “CORRECT” Site.. HTTPS doesn’t mean that the site is Secure from Hackers.. Just means that the data you enter onto the site is encrypted and protected form others that could potentially see it. • If you go to a Hacker Site with HTTPS, your data is secure, but only secure between you and the hacker
How is the Government handling this? • The HTTPS-Only Standard • A memorandum M-15-13, “A Policy to Require Secure Connections across Federal Websites and Web Services”
Best Practices… • SSL Certificates • Keep track of when they expire. • Ensure you renew on-time. • Understanding that HTTPS runs on Port 443 & HTTP runs on Port 80. (What does this mean?) • Modify firewall settings
Communication & Training • Building strategies for communication & training to consumers • Continue to inform • Have security awareness programs for employees and consumers • Have a Cyber-Safety Month • Other ideas?
What should you remember?
• There are obvious instances in which this type of secure connection is a must.  Transfer of Personal Identifiable Information  Transfer of transaction data in e-commerce  Transfer of any other sensitive data • The actual act of securing a website is a very complex process. • HTTPS does not stop attackers from hacking a website, web server or network. • It will not stop an attacker from exploiting software vulnerabilities, brute forcing your access controls or ensure your websites availability by mitigating Distributed Denial of Services (DDOS) attacks. Remember…
HTTPS

More Related Content

PPTX
DNS spoofing/poisoning Attack
byFatima Qayyum
 
PPTX
DHCP & DNS
byNetProtocol Xpert
 
PPTX
Vpn(virtual private network)
bysonangrai
 
PPT
Virtual private network
bySowmia Sathyan
 
PPT
Proxy server
byDlovan Salih
 
PDF
VPN (virtual private network)
byNetwax Lab
 
PPTX
Virtual Private Network(VPN)
byAbrish06
 
PPTX
Cloud computing and Cloud security fundamentals
byViresh Suri
 
DNS spoofing/poisoning Attack
byFatima Qayyum
 
DHCP & DNS
byNetProtocol Xpert
 
Vpn(virtual private network)
bysonangrai
 
Virtual private network
bySowmia Sathyan
 
Proxy server
byDlovan Salih
 
VPN (virtual private network)
byNetwax Lab
 
Virtual Private Network(VPN)
byAbrish06
 
Cloud computing and Cloud security fundamentals
byViresh Suri
 

What's hot

PPTX
WPA 3
bydiggu22
 
PPTX
Digital investigation
byunnilala11
 
PPTX
Hacking (cs192 report )
byElipeta Sotabento
 
PPT
Digital forensics
byNicholas Davis
 
PPTX
Investigating Using the Dark Web
byCase IQ
 
PPTX
TLS v1.3
bySiddhartha Rao
 
PPT
Digital Forensics
byNicholas Davis
 
PPTX
Secure shell
byArjun Aj
 
PDF
Ericsson hds 8000 wp 16
byMainstay
 
PPT
WhatsApp Forensic
byAnimesh Shaw
 
DOCX
DNS spoofing/poisoning Attack Report (Word Document)
byFatima Qayyum
 
PPTX
Vulnerability Discovery in the Cloud
byDevOps.com
 
PPTX
Firewalls
byvaishnavi
 
PPTX
The Deep Web, TOR Network and Internet Anonymity
byAbhimanyu Singh
 
PPTX
The Dark Web
bySuraj Jaundoo
 
PPTX
FTP
byHikari Mori
 
PPTX
Mobile Phone Seizure Guide by Raghu Khimani
byDr Raghu Khimani
 
PPT
Virtual Private Network main
byKanika Gupta
 
PPTX
4. install and configure hyper v
byHameda Hurmat
 
PDF
Digital Forensic: Brief Intro & Research Challenge
byAung Thu Rha Hein
 
WPA 3
bydiggu22
 
Digital investigation
byunnilala11
 
Hacking (cs192 report )
byElipeta Sotabento
 
Digital forensics
byNicholas Davis
 
Investigating Using the Dark Web
byCase IQ
 
TLS v1.3
bySiddhartha Rao
 
Digital Forensics
byNicholas Davis
 
Secure shell
byArjun Aj
 
Ericsson hds 8000 wp 16
byMainstay
 
WhatsApp Forensic
byAnimesh Shaw
 
DNS spoofing/poisoning Attack Report (Word Document)
byFatima Qayyum
 
Vulnerability Discovery in the Cloud
byDevOps.com
 
Firewalls
byvaishnavi
 
The Deep Web, TOR Network and Internet Anonymity
byAbhimanyu Singh
 
The Dark Web
bySuraj Jaundoo
 
FTP
byHikari Mori
 
Mobile Phone Seizure Guide by Raghu Khimani
byDr Raghu Khimani
 
Virtual Private Network main
byKanika Gupta
 
4. install and configure hyper v
byHameda Hurmat
 
Digital Forensic: Brief Intro & Research Challenge
byAung Thu Rha Hein
 

Viewers also liked

PPTX
How to Insert your Library into the mobile sharing economy
byJustin Denton
 
PDF
Leveraging Cloud Based Technology to Increase Productivity
byJustin Denton
 
PPTX
Automating with the Internet of Things
byJustin Denton
 
PPTX
Beyond the Brick and Mortar - NEFLIN 2016 - Hot Topics User Experience Confer...
byJustin Denton
 
PPTX
Mesh Networks
byJustin Denton
 
PPTX
Leveraging Cloud Based Technologies for Increased Team Productivity
byJustin Denton
 
PPS
Minicarros antigos
byHenry Chinaglia Filho
 
PDF
6 Ways to Improve Employee Engagement and Create a Culture of Learning
byBizLibrary
 
PDF
Arvin Air Systems Inc.-President
byErika Kadar
 
PPTX
Transforming Our Vision to Enhance Library Services
bySt. Petersburg College
 
PPS
S.M.A.R.T Goals setting
byNisreen Mohammad
 
PPTX
setting goals
byuniversity of johannesburg
 
PPTX
2015 Technology Trends to Watch
bySt. Petersburg College
 
PPT
Setting goals
byjonchung
 
PPTX
Are You Afraid of Setting Goals?
byGeorge Hutton
 
PPTX
7 Programación Web con .NET y C#
byguidotic
 
PPT
Libraries Do Matter: Enhancing Traditional Services with Library 2.0
bySt. Petersburg College
 
PPS
Semillas Maquel 6 05
byguest255f8a
 
PPT
IYC12 - Setting Goals
byYsMenInternational
 
PDF
Do you have a DR plan in place: so, don't let a disaster defeat your business
byVelocity Technology Solutions
 
How to Insert your Library into the mobile sharing economy
byJustin Denton
 
Leveraging Cloud Based Technology to Increase Productivity
byJustin Denton
 
Automating with the Internet of Things
byJustin Denton
 
Beyond the Brick and Mortar - NEFLIN 2016 - Hot Topics User Experience Confer...
byJustin Denton
 
Mesh Networks
byJustin Denton
 
Leveraging Cloud Based Technologies for Increased Team Productivity
byJustin Denton
 
Minicarros antigos
byHenry Chinaglia Filho
 
6 Ways to Improve Employee Engagement and Create a Culture of Learning
byBizLibrary
 
Arvin Air Systems Inc.-President
byErika Kadar
 
Transforming Our Vision to Enhance Library Services
bySt. Petersburg College
 
S.M.A.R.T Goals setting
byNisreen Mohammad
 
setting goals
byuniversity of johannesburg
 
2015 Technology Trends to Watch
bySt. Petersburg College
 
Setting goals
byjonchung
 
Are You Afraid of Setting Goals?
byGeorge Hutton
 
7 Programación Web con .NET y C#
byguidotic
 
Libraries Do Matter: Enhancing Traditional Services with Library 2.0
bySt. Petersburg College
 
Semillas Maquel 6 05
byguest255f8a
 
IYC12 - Setting Goals
byYsMenInternational
 
Do you have a DR plan in place: so, don't let a disaster defeat your business
byVelocity Technology Solutions
 

Similar to HTTPS

PPTX
Understanding-Web-Communication-HTTP-vs-HTTPS.pptx
bydevilkiller2311
 
PPTX
HTTPS_Detailed_Presentation concept .pptx
byyvenkateswaracse
 
PPTX
HTTP vs HTTPS, Do You Really Need HTTPS?
byCheapSSLsecurity
 
PDF
OMB M 15-13, Policy to Require Secure Connections across Federal Websites and...
byDigitalGov from General Services Administration
 
ODP
Https presentation
bypatel jatin
 
PPT
Https
byBala Bhaskar Karakavalasa
 
PPTX
WordCamp Raleigh 2017 - Move from HTTP to HTTPS or become irrelevant - Peter ...
byPeter LaFond
 
PPTX
How the SSL/TLS protocol works (very briefly) How to use HTTPS
bywhj76337
 
PPTX
HTTPS
byR.K. University
 
PPTX
HTTPS-Request-and-Response by client and server.pptx
byAlluarjun896266
 
PDF
Let's Encrypt! Wait. Why? How? - WC Pune
byNancy Thanki
 
PDF
Beginners Guide to SSL | SSL Tutorial
byWilliam hendric
 
PPTX
Creating Secure Web Apps: What Every Developer Needs to Know About HTTPS Today
byHeroku
 
PPTX
HTTP VS. HTTPS: WHICH IS BETTER??
bySEONetsolITSolutions
 
PDF
Https
byPooya Sagharchiha
 
PDF
Let's Encrypt! Wait. Why? How?
byNancy Thanki
 
PDF
Webinar - How and Why Your Library Should Move to HTTPS 2018-07-17
byTechSoup
 
PPTX
HTTPS and YOU
byEric Lewis
 
PDF
HTTPS, Here and Now
byPhilippe De Ryck
 
PDF
Introduction to Information Security
byDumindu Pahalawatta
 
Understanding-Web-Communication-HTTP-vs-HTTPS.pptx
bydevilkiller2311
 
HTTPS_Detailed_Presentation concept .pptx
byyvenkateswaracse
 
HTTP vs HTTPS, Do You Really Need HTTPS?
byCheapSSLsecurity
 
OMB M 15-13, Policy to Require Secure Connections across Federal Websites and...
byDigitalGov from General Services Administration
 
Https presentation
bypatel jatin
 
Https
byBala Bhaskar Karakavalasa
 
WordCamp Raleigh 2017 - Move from HTTP to HTTPS or become irrelevant - Peter ...
byPeter LaFond
 
How the SSL/TLS protocol works (very briefly) How to use HTTPS
bywhj76337
 
HTTPS
byR.K. University
 
HTTPS-Request-and-Response by client and server.pptx
byAlluarjun896266
 
Let's Encrypt! Wait. Why? How? - WC Pune
byNancy Thanki
 
Beginners Guide to SSL | SSL Tutorial
byWilliam hendric
 
Creating Secure Web Apps: What Every Developer Needs to Know About HTTPS Today
byHeroku
 
HTTP VS. HTTPS: WHICH IS BETTER??
bySEONetsolITSolutions
 
Https
byPooya Sagharchiha
 
Let's Encrypt! Wait. Why? How?
byNancy Thanki
 
Webinar - How and Why Your Library Should Move to HTTPS 2018-07-17
byTechSoup
 
HTTPS and YOU
byEric Lewis
 
HTTPS, Here and Now
byPhilippe De Ryck
 
Introduction to Information Security
byDumindu Pahalawatta
 

Recently uploaded

PDF
How "Raiders of the Lost Ark" and "Ordinary People" Employ Non-Verbal Acting
by6x5csns4pn
 
PPTX
Biological source, chemical constituents, and therapeutic efficacy of the fol...
bySai Meer College of Pharmacy
 
PPTX
Greengnorance Toolkit Module 5 Waste Management
byKarl Donert
 
PPTX
WEEK 2 (2).pptx TLE COOKERY 10 QUARTER 4
byResynFayeCortez2
 
PDF
PHARMACOLOGY 1 ( BP 404 T) Unit 1 (Cology 1)
byChetan Mali
 
PPTX
How to Manage Reservation Method in Odoo 18 Inventory
byCeline George
 
PPTX
Greengnorance Toolkit Module 4 Active Mobility and Transport
byKarl Donert
 
PPTX
Problem and Solution (PowerPoint Game Template)
byacpaulite
 
PPTX
Chapter 1: Introduction to Strategic Management.pptx
byFJ M
 
PPTX
ECP Demo ppt.pptx Visualizing and Identifying solid figures using concrete an...
byireneodechavez1
 
PPTX
Greengnorance Toolkit Module1 Climate Change
byKarl Donert
 
PPTX
GRADE 8_WEEK 2_QUARTER 4_ENGLISH_MATATAG.pptx
byRoinelReyes1
 
PPTX
Math 8 Quarter 4 Week 3 PRIMARY DATA.pptx
byshahanieabbat3
 
PDF
Chapter 05 Drugs Acting on the Central Nervous System: Anti-Depressant Drugs
bySandeshSul
 
PDF
Tetracycline Class of Antibiotics: SAR, MOA and Uses
bymominzarinamdnajeeb
 
PPTX
How to Manage Checkout Policy & Customer Portal in Odoo 18 Website
byCeline George
 
PDF
Unit Plan and Unit Test-pdf-Dr. Rajashekhar Shirvalkar, Principal, SMRS B.Ed ...
byRajashekhar Shirvalkar
 
PDF
AI Is a Tool, Not a Voice: Radio, Trust, and the Human Factor
byN.A. Shah Ansari
 
PDF
Beyond the Absurd: A Comparative Reading of Waiting for Godot and the Bhagava...
byKruti Vyas
 
PPTX
Q4_PPT MUSIC & ARTS 7 week 1-2, matatag curriculum
byZEN
 
How "Raiders of the Lost Ark" and "Ordinary People" Employ Non-Verbal Acting
by6x5csns4pn
 
Biological source, chemical constituents, and therapeutic efficacy of the fol...
bySai Meer College of Pharmacy
 
Greengnorance Toolkit Module 5 Waste Management
byKarl Donert
 
WEEK 2 (2).pptx TLE COOKERY 10 QUARTER 4
byResynFayeCortez2
 
PHARMACOLOGY 1 ( BP 404 T) Unit 1 (Cology 1)
byChetan Mali
 
How to Manage Reservation Method in Odoo 18 Inventory
byCeline George
 
Greengnorance Toolkit Module 4 Active Mobility and Transport
byKarl Donert
 
Problem and Solution (PowerPoint Game Template)
byacpaulite
 
Chapter 1: Introduction to Strategic Management.pptx
byFJ M
 
ECP Demo ppt.pptx Visualizing and Identifying solid figures using concrete an...
byireneodechavez1
 
Greengnorance Toolkit Module1 Climate Change
byKarl Donert
 
GRADE 8_WEEK 2_QUARTER 4_ENGLISH_MATATAG.pptx
byRoinelReyes1
 
Math 8 Quarter 4 Week 3 PRIMARY DATA.pptx
byshahanieabbat3
 
Chapter 05 Drugs Acting on the Central Nervous System: Anti-Depressant Drugs
bySandeshSul
 
Tetracycline Class of Antibiotics: SAR, MOA and Uses
bymominzarinamdnajeeb
 
How to Manage Checkout Policy & Customer Portal in Odoo 18 Website
byCeline George
 
Unit Plan and Unit Test-pdf-Dr. Rajashekhar Shirvalkar, Principal, SMRS B.Ed ...
byRajashekhar Shirvalkar
 
AI Is a Tool, Not a Voice: Radio, Trust, and the Human Factor
byN.A. Shah Ansari
 
Beyond the Absurd: A Comparative Reading of Waiting for Godot and the Bhagava...
byKruti Vyas
 
Q4_PPT MUSIC & ARTS 7 week 1-2, matatag curriculum
byZEN
 

HTTPS

  • 1.
    How do youknow if your information is secure?
  • 3.
    Justin Denton • justindenton@mac.com •http://www.libchalk.com • Linkedin: • https://www.linkedin.com/in/j ustindenton1 • Twitter: @cyberdenton
  • 4.
    What we’re coveringtoday… • What HTTPS is. • How HTTPS functions. • Where to get a SSL certificates? • Why HTTPS? • How to enable HTTPS. • Where should HTTPS be implemented? • Communication and Training • Best Practices & Tips.
  • 5.
    What is • HTTPis how a Web Server communications with Web Browsers • HTTPS is secure communication between a Web Server and Web Browsers S
  • 6.
    Founded • Netscape Communicationscreated HTTPS in 1994 for its Netscape Navigator web browser.[40] Originally, HTTPS was used with the SSL protocol. As SSL evolved into Transport Layer Security (TLS), the current version of HTTPS was formally specified by RFC 2818 in May 2000.
  • 7.
    What type ofsites have you been to that use HTTPS?
  • 8.
    What does HTTPSDo? • HTTPS verifies the identity of a website and encrypts nearly all information sent between the website and the user. • Protected information includes cookies, user agent details, URL paths, form submissions, and query string parameters. • HTTPS is a combination of HTTP and Transport Layer Security (TLS). • Browsers and other HTTPS clients are configured to trust a set of certificate authorities that can issue cryptographically signed certificates on behalf of web service owners.
  • 9.
    What Doesn’t HTTPSDo? • HTTPS has several important limitations. • IP addresses and destination domain names are not encrypted. • Even encrypted traffic can reveal some information indirectly, such as time spent on site, or the size of requested resources or submitted information. • HTTPS only guarantees the integrity of the connection between two systems, not the systems themselves. • It is not designed to protect a web server from being hacked. • If a user’s system is compromised by an attacker, that system can be altered so that its future HTTPS connections are under the attacker’s control.
  • 10.
    Using HTTPS… • Thecomputers agree on a "code" between them, and then they scramble the messages using that "code" so that no one in between can read them. This keeps your information safe from hackers. • They use the "code" on a Secure Sockets Layer (SSL), sometimes called Transport Layer Security (TLS) to send the information back and forth.
  • 11.
    How can youmake your site Secure? • Utilize a security certificated called a SSL certificate. • SSL = Secure Sockets Layer • SSL certification ensures website visitors that you are the owner of the website and that the information is secured using a SSL certificate authority. • Free SSL • https://letsencrypt.org/
  • 12.
    Any individual ororganization that uses their website to require, receive, process, collect, store, or display confidential or sensitive information. Some examples of this information are: • Logins and Passwords • Financial Information (e.g., credit card numbers, bank accounts) • Personal data (e.g., names, addresses, social security numbers, birth dates) • Proprietary information • Legal documents and contracts • Client lists • Medical records Who needs an SSL Certificate?
  • 13.
    Question • You clickto check out at an online merchant. Suddenly your browser address bar says HTTPS instead of HTTP. What's going on? Is your credit card information safe?
  • 14.
    Answer • Good news.Your information is safe. The website you are working with has made attempts to ensure that no one can steal your information.
  • 15.
  • 16.
  • 17.
    Has anyone everbeen a Victim?
  • 18.
    Why HTTPS? • PreventsHackers from watching what you do over the Internet • Encrypts Data • Keeps stuff private • Keeps you safe • Prevents people from tracking your internet activity • Unencrypted HTTP request reveals information about a user’s behavior. The HTTP protocol does not protect data from interception or alteration.
  • 20.
    Why? • Chosen asa good place to put an international message • Posting click-baity articles and spam • Posting political message • Holding for ransom • Fun / Competition • Money • Steal Personal Info • No reason at all..
  • 21.
    High percentages ofpeople have fell victim. More than 1 in 10 on average in the US.
  • 22.
  • 23.
    How are theygetting in? • Unsecure POP3 Email Servers • Public Wi-Fi not secure • HTTPS is not being used on sites that you are accessing • No Anti-Spyware / Anti-Virus Software installed (or out of date) • User base not aware
  • 24.
    Does HTTPS Solveall my worries? • A sophisticated type of man-in-the-middle attack called SSL stripping was presented at the Blackhat Conference 2009. • This type of attack defeats the security provided by HTTPS by changing the https: link into an http: link.
  • 25.
    http://tinyurl.com/JDHTTPS Recovering from aLoss of Identity or being a victim of information Theft can be a PAINFUL process.
  • 26.
    Enabling HTTPS… • Thingsyou need to do… • Enable HTTPS on your Web Server • Easy for Public Hosting companies such as GoDaddy • Harder if you run your own. (Recommend engaging IT Expert.) • Hosted sites are Click and Pay. • Some configuration may be needed. • Hosting providers will have specific documentation on how to configure. • Provider Dependant • Test your site after implementing • Look for the Browser Locks
  • 27.
    What’s your responsibility? •Provide a safe and secure environment for your customers • Implement & test Internet security measures • Register and maintain an SSL Certificate • Educate your customers
  • 28.
    How to staysecure? Take Preventative Measures…
  • 29.
    Does anyone inattendance do anything to protect themselves while online?
  • 30.
    How can yoube secure? • Be aware when putting in data “YOU” want to protect into a non-HTTPS secure site • Have Anti-Virus software installed and updated • Don’t go to suspicious sites • Utilize private VPN • Make sure you use Encrypted apps • Use a password manager
  • 31.
    How can yoube secure? Cont’d… • Remember to be on the “CORRECT” Site.. HTTPS doesn’t mean that the site is Secure from Hackers.. Just means that the data you enter onto the site is encrypted and protected form others that could potentially see it. • If you go to a Hacker Site with HTTPS, your data is secure, but only secure between you and the hacker
  • 32.
    How is theGovernment handling this? • The HTTPS-Only Standard • A memorandum M-15-13, “A Policy to Require Secure Connections across Federal Websites and Web Services”
  • 33.
    Best Practices… • SSLCertificates • Keep track of when they expire. • Ensure you renew on-time. • Understanding that HTTPS runs on Port 443 & HTTP runs on Port 80. (What does this mean?) • Modify firewall settings
  • 34.
    Communication & Training •Building strategies for communication & training to consumers • Continue to inform • Have security awareness programs for employees and consumers • Have a Cyber-Safety Month • Other ideas?
  • 35.
    What should youremember?
  • 36.
    • There areobvious instances in which this type of secure connection is a must.  Transfer of Personal Identifiable Information  Transfer of transaction data in e-commerce  Transfer of any other sensitive data • The actual act of securing a website is a very complex process. • HTTPS does not stop attackers from hacking a website, web server or network. • It will not stop an attacker from exploiting software vulnerabilities, brute forcing your access controls or ensure your websites availability by mitigating Distributed Denial of Services (DDOS) attacks. Remember…

Editor's Notes

  • #9 HTTPS verifies the identity of a website or web service for a connecting client, and encrypts nearly all information sent between the website or service and the user. Protected information includes cookies, user agent details, URL paths, form submissions, and query string parameters. HTTPS is designed to prevent this information from being read or changed while in transit. HTTPS is a combination of HTTP and Transport Layer Security (TLS). TLS is a network protocol that establishes an encrypted connection to an authenticated peer over an untrusted network. Browsers and other HTTPS clients are configured to trust a set of certificate authorities [2] that can issue cryptographically signed certificates on behalf of web service owners. These certificates communicate to the client that the web service host demonstrated ownership of the domain to the certificate authority at the time of certificate issuance. This prevents unknown or untrusted websites from masquerading as a Federal website or service.
  • #10 What HTTPS Doesn’t Do HTTPS has several important limitations. IP addresses and destination domain names are not encrypted during communication. Even encrypted traffic can reveal some information indirectly, such as time spent on site, or the size of requested resources or submitted information. HTTPS only guarantees the integrity of the connection between two systems, not the systems themselves. It is not designed to protect a web server from being hacked or compromised, or to prevent the web service from exposing user information during its normal operation. Similarly, if a user’s system is compromised by an attacker, that system can be altered so that its future HTTPS connections are under the attacker’s control. The guarantees of HTTPS may also be weakened or eliminated by compromised or malicious certificate authorities.
  • #19 Data sent over HTTP is susceptible to interception, manipulation, and impersonation. This data can include browser identity, website content, search terms, and other user-submitted information.
  • #20 Not only websites are being targeted.. Even Facebook, twitter, Pintrest, etc.. Anything that is popular and drives awareness.. Smaller sites that are hacked are usually people that are playing around testing there skills.. Large sites hacked are to distribute a message.
  • #21 American Library Association’s Facebook page and posted an endless stream of clickbaity articles and spam.
  • #25 Taking advantage of the fact that few Internet users actually type "https" into their browser interface: they get to a secure site by clicking on a link, and thus are fooled into thinking that they are using HTTPS when in fact they are using HTTP. The attacker then communicates in clear with the client.[38] This prompted the development of a countermeasure in HTTP called HTTP Strict Transport Security.
  • #26 https://www.idology.com/wp-content/uploads/2014/07/infographic_stolen_ID_Identity_Theft.jpg
  • #33 It provides guidance to agencies for making the transition to HTTPS and a deadline by which agencies must be in compliance.