SecurityHERMES members should take all possible precautions to keep their sites secure against attacks from the Internet. The first line of defence is a wise choice of passwords, see Passwords in the submenu.
Passwords, no matter how wisely chosen, may be stolen (sniffed out) on their way to the servers if sent over in an open text, not encrypted. Encryption is provided by so-called secure protocols of connections to the servers: https (for browsers), smtps and pop3s (for outgoing and incoming mail respectively, in email clients), and ftp-over-ssh (for upload of files to the servers by ftp clients).
Secure use of browsersPracticaly all modern browsers facilitate secure data transfers between the browser and the server on which the visited site resides. When a browser is given an address of a secure site. i.e. beginning with https:, it
If the site presents a form to be filled-out with your personal/financial/sensitive data, make sure the form URL begins with https and the browser shows some symbol indicating a secure site, usually a padlock. Do not submit the form otherwise.
- checks the certificate of the server to be sure of the site authenticity,
- accepts encrypted data from the site and decrypts it before it is displayed,
- encrypts all data that is to be sent to the site before actually sending it, password included.
Normally, site certificate is issued by one of Certificate Authorities, e.g. Verisign, Thawte, etc. Some sites, however, use so-called selfsigned certificates which are no proofs of their authenticity. In such cases your browser displays a warning to that effect and asks if you wish to continue or cancel any further browsing of the site. An example of a site with selfsigned certificate is this one, see the Login option on the left. Its only purpose is to transfer members' username/password combinations in an encrypted form against being sniffed out by so-called sniffing programs that may happen to monitor data transfers within relevant networks. The site has no forms asking for any personal data like credit card numbers, social security ids, etc.
Our selfsigned certificate may be installed in one's system, thus preventing repetition of the warning issued by the browser every time one clicks the Login option. Your browser may ask you if the presented selfsigned certificate should be accepted in the future. Otherwise, you can click this, save the incoming file, hermesweb.crt, and install (run) it later.
Secure use of mail clients
A majority of mail clients (MS Outlook, Outlook Express, Windows Mail, Eudora, Thunderbird, etc.) provide options to use secure connections (SSL) to mail servers for both, receiving and sending, mail, usually in their advanced settings. If only your mail servers facilitate such connections, your mail client should be configured so as to use them.
Secure use of ftp clientsFtp (file transfer protocol) has been formulated a long time ago, with no security issues taken into the consideration. That is why securing one's password in ftp connections requires certain special arrangements that may be different for different ftp servers.
To encrypt your login and password for connections to our ftp server, you can use a so-called SSH tunnel, see FTP-over-SSH in the submenu.