Surfing the net safely

tutname=Das sichere Surfen im Netz|tutautor=[[en:psycore]]|tutversion=1.0|tutquelle=tut:basics:ssl

Dangers lurk everywhere, especially on the Internet. We surf most sites without any protection worth mentioning. From a purely technical point of view, it is easy to record and read such data packets. To prevent this, banks etc. use so-called secure connections. What are secure connections? These are established as usual via the browser, but via TLS or SSL. This article is about this encryption and how to recognise that it has been established.

Before we address this topic, we should first make sure that Windows has the necessary basic protection has the necessary basic protection.

How do I recognise that the website I am about to register on is sending my data in encrypted form? There are a few criteria that must be met for a secure connection. The first should be to check the protocol. Sounds more difficult than it is:

1. We look at the address bar of the browser
2. if there is no http: or https: is displayed, we click once in the address bar
3. Now the complete link should be visible

The standard protocol would be http, but we want a secure connection so the protocol must be https. It should look something like this:

So the first feature is checked: We are using the correct protocol.

The other features deal with certificates and the differences between them.

Now we check the certificate to see whether the browser accepts it or not. To do this, we click (in Firefox) on the blue or green coloured area to the left of the address bar. We get a window similar to this one:

We can see from the information for whom the certificate was issued and that the connection is secure. This is the basic protection that should be in place when sending private data. It prevents the connection from being intercepted. However, this is not enough for certain applications, as we will see in the next chapter.

Some data is so sensitive that we cannot simply rely on having a secure connection. We need to be sure that the website really is who it says it is. This is where trusted connections come in.

We can recognise these by the green bar in the address bar. In Firefox, for example, it looks like this:

This type of certificate is also called, EV certificate. These are currently a fairly secure method of authenticating websites and are mostly used for online banking. These certificates are relatively expensive to purchase and are therefore rarely found in smaller online shops.

All the theory is often overwhelming, so you should ask yourself the following questions when accessing a website that could transmit sensitive data:

1. Is the link to the page correct? (Phishers like to spoof the domain)
2. Does the site use a certificate to send sensitive data?
3. Is this certificate fit for purpose? (Banks only use EV certificates)
4. Does the browser return an error when checking the certificate? (e.g. no longer valid, etc.)

Does it apply to smaller online shops?

1. Read the reviews on independent review portals
2. Does the shop have a legal notice and valid contact information?
3. Does the shop have a VAT ID?
4. Are there links to this shop from trustworthy sources?

If you stick to the tips from the practical test, you can be very sure of what sites are safe and what are not. It is important to keep your eyes and ears open and to be aware of the dangers that the Internet harbours.