Secure and Anonymous Browsing - Literature review Example

Secure and anonymous browsing Name: Number: Course: Lecturer: Date: Introduction With internet connectivity and the rise of the use of the internet, there has been a rise in cyber attacks and cyber security. Secure browsing is a concept that should be looked into to make sure that the users and their content are taken care of. Internet users need to be protected from internet attacks. This is more so given the fact that these users do not have enough computer security and will do things which will compromise their security. This is the reason as to why there is a need to have secured browsing in organizations. There is a need for organizations to have secure environments where users will browse without being monitored. This paper will focus on the way in which secure browsing can be achieved (Chalmers 2008, pg 64). How internet browsing works The way the internet works comes with a lot of loopholes that could lead to attacks being experienced. The internet user will start typing the uniform resource locator (URL) in the browser and pressing return. This will bring the page that the user wants to access. The browser will get the connection with the web server that the user wants to get a connection with. There is a need to have a connection with the web server so that the computer so that the web page can be accessed (Ciampa 2009, pg. 64). The web page is hosted in a web server. The browser will break down the URL that is supplied by the user into three parts, that is the protocol, the name of the server (that is www.servername.domain), and the file name that is being accessed. The browser had some communication with a name server so that the server name (that is www.servername.domain) is converted from the human name to an IP address. The IP address is the one that is used to connect the server and the browser. The browser will then have a connection with the server using port 80. With the use of HTTP protocol, the browser will make a GET request for a file that is stored in the server. The server will then return the HTML text for the file name that the browser was requesting. The HTML text that the browser gets has tags that are understandable to web programming. The browser will then change these tags to text that can be read by humans. This is the basic working of the internet and how internet services are made (Cole 2011, pg. 241). How user activities are tracked When we browse, we are normally being tracked by many agencies who are interested with the data that we interact with. This data could be used either positively or negatively. Every time we access the internet, we live a lot of information that are of interest to many agencies (Harwood, Goncalves & Pemble 2010, pg. 121-122). This information could be used to increase the productivity of a company or to make use of our interests. Productivity can be achieved when companies know what the browsers are searching for on the internet. This information is very important. Another way in which internet users can be tracked is by stealing passwords that could be used to transfer funds from the users’ bank accounts online (Holtmanns et al. 2008, pg. 53). One way in which user activities are monitored and tracked as they surf is by use of cookies. Cookies are pieces of text which are set by server systems and are also taken to be part of requests which the server sends to the clients (James 2010, pg. 85). The hypertext transfer protocol cookies are used for granting of access to the authorized users, maintenance and monitoring of particular information which belong to the user like the calls, comments about the liked sites and the contents of their electronic digital shopping carts. The client machines are expected to return the request when they have not been altered or tampered with (Jere 2012, pg. 63). This initiates a state which is a memory location for the current activities and is always not in line with all the other contents of the same source page.When a cookie is returned to the browser in the web, it gives the server machine a way of establishing a connection of the previous page with other pages on the browser. The main thing to note here is that with the lack of or without cookies, the access of a web page even its retrieval becomes very hard hence it will be hard to locate other pages which relate to a particular page on the web by the use of a web browser.Apart from being set by the web browser, cookies are also set through programming languages like JavaScript that is if it is supported by the system and also enabled by the browser. The application anticipates and the individual user is held responsible to give the tokens back to various variants of systems so that they interact with the very application that is without disturbing anything (Kim & Solomon 2010, pg. 72). Apart from the use of cookies, there are other many ways in which users can be monitored. The use of browser and the way users browse their internet is one way in which they can be monitored. Most browsers leave history information about a user and this information canbe used to track the way users use their internet (Kleidermacher & Kleidermacher 2012, pg. 62). Few people who know how to secure themselves from this will from time to time erase the settings of their browsers so that they do not record information. There are many who are oblivious of this act and will just use their browsers in strange places. They will fail to secure their online activities. They leave information which can be used to track what they did on the internet. This is something that should be avoided (Ledford & Yvette 2009, pg. 72). How to achieve on secure browsing There are many ways in which secure browsing can be achieved. Caution can be taken by users themselves by making sure that they make use of secure browsing ethics (Melanie & Herndon 2012, pg. 92). SSL SSL is popular way that users can install to have secured browsing. The secure socket layer (SSL) protocol was developed so that web browsers and servers could be able to exchange sensitive processed facts and figures, without permitting programs from getting access to the sensitive information which is being exchanged. Though the name has been changed to TSL, it is still being widely referred to as SSL. It will be referred to as SSL in this paper as well (Shelly & Campbell 2012, pg. 18). Connections using HTTPS to any website can only be trusted if and only some conditions are met. One of the conditions is that the user must have a trust for the certificate authority that they can vouch for only websites which are legitimate without having names which are misleading. Another condition which must be met is that the website should be able to provide a certificate which is valid. In cases where the certificates are not valid, the website will throw a lot of security warnings. The certificate should also be in a position to identify the website correctly without diverting from the correct link that leads to the website. The last condition is the fact that the hops which are intervening in the Internet are supposed to be of trustworthy nature on the Internet. The protocol’s layer of encryption should also be in a position of countering attacks (Nahari & Krutz 2011, pg. 128). HTTP over SSL Hypertext Transfer Protocol Secure (HTTPS) is a combination of two protocols: Hypertext Transfer Protocol with the security protocol, SSL/TLS. This combination is done so that security is provided through encryption of the data that is sent on the Internet. HTTPS connections are usually used to process payment transactions over the Internet and also used to process transactions which are sensitive in information systems used by corporate (Morley 2008, pg. 82). HTTPS is available in all modern browsers. This protocol is used mainly for client-to-server end-to-end encryption of traffic which includes authentication information like usernames and passwords, and the content of forms which have been submitted (Guttmann, Michael & Viktor, 2007). The HTTPS also helps in the acquisition of the credentials of the server like the hostname and the site operator. There are other times that it will help one in authenticating the user credential which is supplied to the server. This process will require the user to have the user certificate. This is not common at the moment. Currently the cost of having a commercial certificate is $100. There is a possibility of someone signing their own certificates but most of the times the browsers will give a lot of warnings when one accesses the site. There are instances where the warnings have been enabled for some sites which have intranet connections (Miller & Gregg 2011, pg. 128). VPN A virtual private network (VPN) is a private network that uses a public network which is usually the Internet to connect remote users together. Instead of using dedicated, real-world connection like leased lines, a virtual private network uses a virtual connection which is routed through the Internet from the company’s private network to the remote employees (Melanie & Herndon 2012, pg. 712). VPN also offers better security for the sensitive information that is being shared and stored in the organizations. This information needs to be stored in a safe and only shared in a private. The security of applications and the systems that are running in firms, and more so, accounting, firms, is a matter of great concern for most of the organizations. As more operations and business processes are done from the Internet, there is a lot of concern for their security. This has resulted in companies researching on the ways and solutions for overcoming this (Cole 2011, pg. 62). Onion routing This is also another good security feature for sensitive information. This is a mechanism or technique where pieces of data or packets are transmitted via a network of randomly chosen or selected proxy servers before they are delivered to the final destinations. It works on a principle that instead of an application making a direct connection to the destination system, it first has to make a socket connection to an onion routing proxy which in turn creates or builds an anonymous connection via various other onion routers along the communication route. Every single onion router will be able to identify the adjacent onion routers along the route. Before the facts and figures are sent over an anonymous connection, an encryption layer is added to the first onion router for each onion router in the router. Every router eliminates or removes one of the layers of encryption as data moves via the anonymous connection and finally arrive at the destination as plain text or unencrypted (Jere 2012, pg. 214). Cookies control This is also another solution to secure and anonymous browsing. A cookie is a piece of information that is stored on the web browser. They are the ones which allow various entities like companies to acquire some important information about a specific person or firm and use it in a manner that is not right. They are used to track users’ online behavior, and by ensuring that there is cookies control among the browsers, will assist in securing important information. Various ways can be used to control cookies. This will depend on the type of browser that has been installed. Different browsers have different forms of deleting or limiting the type of cookies on a browser (Cole 2011, pg. 72). Browser extension Modern browsers have extensions that are developed so that they can help have secure browsing. The use of browser extensions helps in deciding how the user can make use of the browser. They are able to customize the browser so that it suite their intentions and uses respectively. Ghostery One example of browser extension that can be installed is ghostery. This browser extension helps in securing or protecting the users' privacy through the tracking of the web browser and blocking any suspicious intrusions. If any firm or company is interested in the activities you carry on, ghostery, is able to view this invisible web, the detecting trackers, web bugs, pixels and beacons which are placed on the web pages by social media like Facebook, Google analytics and various other ad networks and is able to block them (Cole 2011, pg. 74). Web of Trust (WOT) Another form of browser extension is the web of Trust (WOT) browser extension which is a very secure and safe browser extension. It accesses its database once the user goes online via the use of a browser. This is for the purpose of ensuring that the outcome or results are secure. It does this by placing circles with different colors, green to mean that the site is safe, yellow to show that the user should proceed with caution and finally red to indicate danger (Jere 2012, pg. 129). HTTPS everywhere Another browser extension is the HTTPS everywhere which helps in securing the web from the browser. This is supposed to be installed by the user and upon installation, the extension allows the user to connect to secure site through the rewriting of the requests to an HTTPS universal resource locator whenever one visits many sites supported by HTTPS everywhere. Collusion is another type of browser extension that helps in tracking and locating where the information of the user goes when served a cookie. It simply tracks the destiny of the information prior to the issue of a cookie. It is common with the Google Chrome browser. Many firms collect the users’ personal information and figures secretly as they use the web and generate web connections between the sites the user visit and trackers he or she is not aware of. Collusion, therefore, indicates or rather graphically presents the user data from sites to trackers, in a real timely manner, so as to expose the hidden connections. The extension has to stay in the browser so as to monitor the shadowy connections and creating graphs which indicate the progress (Harwood, Goncalves & Pemble 2010, pg. 89). Noscript Noscript is another security mechanism for web browser. It authorizes active content to execute only from sites that are trusted by the user and allows the user to protect themselves from clickjacking attacks and XSS. This is the best secure method of protecting the web browser and is a must have browser extension (Chalmers 2008, pg. 391). Tor Tor is also another security methodology which helps in the reduction of uncertainties or risks both from the simple and sophisticated traffic analysis through the distribution of the users’ transactions over various places in the global network or networks. For one to generate or create a private network pathway with Tor, the users program or software will have to build a circuit of password protected or encrypted connections via relays on the network (Ledford & Yvette 2009, pg. 65). How to implement secure and anonymous browsing Compared to private browsing, that tries to protect users from local intruders, secure and anonymous browsing serves to reduce the amount of identifying the facts and figures which are available to a remote intruder. There are various ways in which I would implement secure and anonymous browsing. I would use anonymous web proxy servers where the web traffic originating from the user’s browser is led to the web proxy which will behave as an intermediary. A simply or fully anonymous proxy transmits or sends web requests on the user's behalf to the sites visited and helps redirect responses to the user's computer. An anonymous or secured HTTP conceals the identity of the use as well as the IP address from the web addresses visited by the user (Ledford & Yvette 2009, pg. 592). Before implementing security mechanism in the web and its applications, I will bear in mind various security details. These are standard features that I will implement, apart from the first one; ensure that user authentication is implemented, page access control is also allowed, where the user has to decide the kind of pages they wish to open as regards the role or their access rights and finally to devise ways of protecting or preventing security attacks. Authentication assists in protecting the user’s application where the user has to login and the system determines the role of the user. Forms will be employed here. The forms authentication will require that they are configured in the web and set as the login page. This form for logging in will be provided any time the user wishes to view or access the web, through the web browser prior authentication hence promoting security (Harwood, Goncalves & Pemble 2010, pg. 72). The use of secure virtual desktops is also another very important way for implementing secure and anonymous browsing. It helps keep the identity of the user and sensitive facts and figures or data safe of a computer. Given the fact that it behaves like the unseen or an invisible shield, secure virtual desktop makes the user anonymous to the sites they visit and delete or do away with all the records or traces of all the tasks or activities immediately their session comes to an end or completes (Ciampa 2009, pg. 71). Demonstration of how to secure web browsers One process that can be done to secure secure browsing is installing plugins that will make the browsing sessions to be offline. This way the user will be secured from the tracking of their activities. After installing the browsers, users should ensure that they have ways in which the tracking will be disabled. The current browsers have these features that will enable users to have secure browsing (Cole 2011, pg. 82). Step 1 The first step is to check the version of the browsers that the user is using. Step 2 If it is an old browser, there should be updates run so that security is enhanced for the browsers Step 3 Ensure that security holes are always patched so that the browsers are up to date. Step 4 Care should be taken so that there is general security policies concerning the whole organization. This will ensure that suspicious links are not allowed access. References Chalmers, K 2008, A Gender Study of Internet Web Browsing: Internet Usage Surveys Compared to Actual Router Data Logs, ProQuest, Uta. Ciampa, M 2009, Security Awareness: Applying Practical Security in Your World, Cengage Learning, New York. Cole, E 2011, Network security bible, John Wiley and Sons, New York. Harwood, M, Goncalves, M & Pemble, M 2010, Security Strategies in Web Applications and Social Networking, Jones & Bartlett Publishers, New York. Holtmanns, S, Niemi, V, Ginzboorg, P, Laitinen, P & Asokan, P 2008, Cellular Authentication for Mobile and Internet Services, John Wiley and Sons, New York. James, KL 2010, The Internet : a User's Guide, PHI Learning Pvt. Ltd, New York. Jere, WA 2012, M86 Securebrowsing, Equ Press. Kim, D & Solomon, M 2010, Fundamentals of Information Systems Security, Jones & Bartlett Learning. Kleidermacher, D & Kleidermacher, M 2012, Embedded Systems Security: Practical Methods for Safe and Secure Software and Systems Development, Elsevier, New York. Ledford, J & Yvette, D 2009, Web Geek's Guide to Google Chrome, Que Publishing, New York. Melanie, N & Herndon, D 2012, Facebook All-in-One For Dummies, John Wiley & Sons, New York. Miller, D & Gregg, M 2011, Security Administrator Street Smarts: A Real World Guide to CompTIA Security+ Skills, John Wiley and Sons, New York. Morley, D 2008, Understanding Computers in a Changing Society, Cengage Learning, New York. Nahari, H & Krutz, R 2011, Web Commerce Security: Design and Development, John Wiley and Sons, New York. Shelly, G & Campbell, J 2012, Discovering the Internet: Complete, Cengage Learning, New York. Read More