Hacker Highschool Security Awarness for teens:10.1 Fundamentals of Web Security
What you do on the World Wide Web is your business. Or so you would think. But it's just not true. What you do on the web is about as private and anonymous as where you go when you leave the house. Again, you would think that it's your business and many, including ISECOM, would agree with you. However, consider a private investigator following you around town, writing down what you saw and who you spoke with.
The focus of this lesson is to get you learn how to protect yourself on the web and to do that, you will have to learn where the dangers are.
The World Wide Web works in a very straight-forward manner. Once connected to the Internet through you ISP, you open a browser, tell it a website, and you get that website on your screen. However, the truth is in the details. How does the web really work?
A quick trip to the World Wide Web Consortium (W3C), those fine folks who make standards for the web, will teach you all you want to know about the web. http://www.w3.org. Even the history of the web: http://www.w3.org/History.html The problem is, will definitions and standards teach you how to be safe? Apparently not. The people who want to hurt you do not necessarily follow the standards.
10.1.1 How the web really works
The steps involved in connecting to the Internet and then to the web are very detailed even if it does seem to be smooth from the user end.
So what happens for real when you just want to get to the ISECOM website? Assuming you are already connected to the internet, here are the steps that occur in order:
- You open your browser.
- You type in the URL (website name).
- Website name saved in History Cache on the hard disk.
- Your computer looks up the name of the address to your default DNS server to find the IP address.
- Your computer connects to the server at the IP address provided at the default web port of 80 TCP if you used “HTTP://” or 443 TCP if you used “HTTPS://” at the front of the web server name (by the way, if you used HTTPS then there are other steps involved using server certificates which we will not follow in this example).
- Your computer requests the page or directory you specified with the default often being “index.htm” if you don't specify anything. But the server decides t's default and not your browser.
- The pages are stored in a cache on your harddisk. Even if you tell it to store the information in memory (RAM), there is a good chance it will end up some where on your disk either in a PAGEFILE or in a SWAPFILE.
- The browser nearly instantaneously shows you what it has stored. Again, there is a difference between “perceived speed” and “actual speed” of your web surfing which is actually the difference between how fast something is downloaded (actual) and how fast your browser and graphics card can render the page and graphics and show them to you (perceived). Just because you didn't see it doesn't mean it didn't end up in your browser cache.
