In the present generation Internet plays an important role in human life by providing services in various fields such as banking, insurance, telecom, transportation, and social networking through front - end which is based on user interface logic or by back-end which runs on a database. Anonymous web browsing denotes browsing the World Wide Web by hiding the IP address of user and other personal information from the websites that a user visits. Nobody on the Internet knows who we are, but every website we visit knows where we live. Sites can learn an unbelievable amount of information about us. There's a lot we can do to browse the Web without revealing our personal details. Every website we visit knows our IP address i.e. the Internet address of our computer. Without that information the servers wouldn't know where to send the pages requested by our browser. Some sites can even report back that IP address, if we want to know about ourselves. A site can look up the geographic location of the server hosting that address and thereby learn approximately where we live by giving the IP address. It's not always accurate. The server responds and promptly forgets about us when our browser requests a specific page or object. A simple HTML-based website lives with short-term memory loss. It's a completely new interaction when next time our browser requests a page. Many sites use cookies to store session information In order to provide continuity. A simple text file that resides on our computer and accessed by the website that it created is a cookie. Cookies can store our preferences, our login credentials, or anything else the site designer chooses. That includes anything we have entered in a Web form on the site. Ad networks are big consumers of cookies. The same ad network may place banners on hundreds of different sites.
We can eliminate the possible privacy loss through cookies by wiping out all stored cookies and preventing sites from storing new cookies. That's a bit extreme, though. Some sites can't even function with cookies disabled. But do consider going into your browser's settings and disabling "third-party cookies." This prevents ad networks from using cookies to track you. Surfing without giving away anything about our self can be simple. A secure anonymizing proxy sits between your browser and the sites you visit. The site sees only the proxy. There are many ways to achieve anonymous web browsing. Anonymous web browsing is browsing the World Wide Web by hiding the IP address of user and other personal information from the websites that a user visits. This information can be used to track the user. However, by using a proxy server a certain degree of anonymity can be achieved. The proxy server works by redirecting the communication through itself. The browser's IP address is only shared with the proxy server while the target website only sees the proxy server's information. Anonymous Web Servers work by placing a wall between the user and the website that he/she is visiting. These servers can be used to bypass restrictions and visit sites that might be blocked in a specific country, office or school. If we want to know about Web pages and how they work, we have to understand four simple terms i.e. webpage, html, web browser, web server.
Web page: A Web page is a file consisting of simple text and HTML tags describing about the formatting of the text when the browser displays the text on the screen. The tags are the simple instructions to the user and explain the browser about the appearance of the page when it is displayed. The tags explain the browser about the font size, color, or arranging text in columns etc.
HTML: HTML stands for Hyper Text Markup Language. A computer language describing about the formatting of the page is known as a markup language. Displaying a long string of black and white text without formatting does not need HTML. To include some modifications in your page such as changing fonts, adding colors etc the language used is HTML.
Web browser - A Web browser is a computer program connects to a web server on the Internet and can respond to a browser's request for a page, and deliver the page to the Web browser through the Internet. It knows the interpreting of HTML tags within the page. The commonly used web browsers are Netscape Navigator or Microsoft Internet Explorer. For storing our own webpage in the complex, we need to pay rent on the space. Pages existing in the complex can be viewed by anyone all over the world. Day by day there are millions of new Web servers introduced and delivering pages to the browsers through the network called as Internet. It is possible for our browser to view the Web pages which are created from our personal system. Creating web pages and making them available on the Internet world for loading the pages and following them is widely happening in the recent times. As the Internet technology playing a major role in the human life, web based services are being targeted by the attacks most of the times in attacking the applications. Users who want to secure their sessions from being monitored they use anonymous web browsing.
Secure Email and Web Hosting:
A web hosting service is an Internet hosting service allowing individuals and organizations make their websites accessible to the World Wide Web. Web hosts provides data center space and Internet connectivity on a server, called collocation. In the small-scale file hosting, files can be uploaded by File Transfer Protocol (FTP). Many service providers provide web hosting services for Individuals and organizations. For the personal web pages Single page hosting along with an interface or control panel which manages the Web server is sufficient.
An Internet hosting service which runs email servers is known as email hosting service. Email hosting services differ from typical end-user email providers such as webmail sites. Larger enterprises usually run their own email hosting service on their own equipment using software such as Microsoft Exchange and they provide mostly to demanding email users and Small and Mid Size businesses. Email hosting providers allow for premium email services along with custom configurations and large number of accounts. In addition, hosting providers manage user's own domain name, including any email authentication scheme that the domain owner wishes to enforce in order to convey the meaning that using a specific domain name identifies and qualifies email senders. Most email hosting providers offer advanced premium email solutions hosted on dedicated custom email platforms. The technology and offerings of different email hosting providers can therefore vary with different needs.
The effective solution for the anonymous browsing are:
TOR: The Onion Router (TOR) is a free software and open network system which is proposed to enable online anonymity. Tor protects us against a form of network surveillance that threatens privacy and personal freedom, relationships and confidential business activities, and state security called as traffic analysis. Traffic analysis can be used to infer who is talking to whom over a public network. Tor protects us by bouncing our communications around a distributed network of relays. Tor prevents somebody watching our Internet connection, and it prevents the sites we visit from learning our physical location. It makes more difficult to trace Internet activity, including online posts, instant messages visits to Web sites. It is intended to protect users' personal and privacy freedom, and the ability to conduct confidential business by keeping their internet activities from being monitored. Tor works with many of our existing applications, including web browsers, instant messaging clients, remote login, and other applications based on the TCP protocol. Tor was originally designed, implemented, and deployed as a third-generation onion routing project. It was originally developed for the primary purpose of protecting government communications. To improve the privacy and security of the Internet a network of virtual tunnels allows people and groups in Tor. It also enables to create new communication tools with built-in privacy features by software developers. Without compromising the privacy tor provides the foundation for a range of applications that allow organizations and individuals to share information over public networks.
Tor keeps websites from tracking them and their family members, and to connect to instant messaging services, news sites or when these are blocked by their local Internet providers. Without needing to reveal the location of the site tor's hidden services let users to publish web sites and other services. For example, if a person is travelling abroad and he connects to his employer's computers to check or send mail, he can accidently reveal his country and professional affiliation to anyone observing the network, even if the connection is encrypted. Tor makes it possible for users to hide their locations while offering various kinds of services, such as web publishing or an instant messaging server. Each without knowing the other's network identity tor users can connect to these hidden services. Tor only focuses on protecting the transport of data.
Tor can't solve all anonymity problems. We can use protocol-specific support software if we don't want the sites we visited to see our identifying information. We should not provide name or other revealing information in web forms to protect our anonymity. Onion Routing refers to the layered nature of the encryption service: The original data are encrypted and re-encrypted multiple times, then sent through successive Tor relays, each one of which decrypts a layer of encryption before passing the data on to the next relay and, ultimately, its destination. This reduces the possibility of the original data being unscrambled or understood in transit. Onion Routing is a network designed for applications like web browsing, se-cure shell, and instant messaging. Users choose a path through the network and build a circuit and the traffic flows down the circuit in fixed-size cells, which are unwrapped like the layers of an onion at each node and
relayed downstream. In the design of Onion Routing a single hostile node initially records the traffic and afterwards compromises the successive nodes in the circuit and forces them to decrypt it. Instead of using a single onion to lay each circuit, Tor is now using an incremental design, where the initiator negotiates session keys with each successive hop in the circuit. If once these keys are deleted, then com-promised nodes cannot decrypt old traffic.
Onion Routing requires a separate application proxy for each supported application protocol and uses the standard SOCKS [32] proxy interface, allows us supporting most TCP-based programs without modification. It originally builds a separate circuit for each application-level request, requiring multiple public key operations for every request, and provides a threat to anonymity from building so many circuits. Tor uses well-known onion routers for tracking changes in network topology and nodal state, which includes keys and exit policies. Each directory server acts as an HTTP server and helps users in fetching the current network state. Onion routers will publish signed statements
of their state to each directory which combines the information with their own views of network and generates a directory of the entire network state. Users' software consists of a list of the directory servers and their keys. When a directory server receives a signed statement it checks for the recognition of an identity key. For avoiding attacks from hijackers when a router connects to all the directory servers and refuses to relay traffic from other routers, then the directory servers should build circuits and use them to anonymously test router reliability. But this defense system is not yet designed.
Use of directory servers is simpler and more flexible technique than using flooding.
Proxy server:
Proxy server is a server in a computer network that acts as an intermediary for requests from clients seeking resources from other servers. To simplify and control its complexity connects to the proxy server and evaluates the request. Today most proxies are web proxies. A proxy server has a variety of purposes, including: security i.e. to keep machines behind it anonymous. To prevent downloading the same content multiple times. When cross-domain restrictions prohibit the browser from directly accessing the outside domains the browser makes web requests to externally hosted content on behalf of a website. A proxy server receives a request for an Internet service from a user. The proxy server assumes it as a cache server, if it passes filtering requirements, which looks in its local cache of previously downloaded Web pages. It returns it to the user without needing to forward the request to the Internet if it finds the page. Proxy uses one of its own IP addresses to request the page from the server out on the Internet if the page is not in the cache, the proxy server acts as a client on behalf of the user.
When the page is returned, the proxy server relates it to the original request and forwards it on to the user. The proxy server is invisible to the user; all Internet requests and returned responses appear to be directly with the addressed Internet server. Proxy servers cache can serve all users is one of advantages. Proxy servers are likely to be in the proxy's cache, if one or more Internet sites are frequently requested, which will improve user response time. There are special servers called cache servers. A proxy can also do logging and the functions of proxy, firewall, and caching can be in separate server programs or combined in a single package. There are a number of advantages by using proxy services 1. They allow users to access Internet services directly i.e. any user needs to log into the host before using any Internet services by using dual- homed host approach. With proxy services, users think they're interacting directly with Internet services but they are usually transparent to users. Proxy services allow users to access Internet services from their own systems, without allowing packets to pass directly between the user's system and the Internet. 2.They are good at logging because proxy servers allows logging in a particularly effective way i.e. an FTP proxy server logs only the commands issued and the server responses received resulting in a more useful log. An application-level proxy knows about the particular application for which it provides proxy services for understanding and interpreting the commands in the application protocol. A circuit-level proxy creates a circuit between the client and the server without interpreting the application protocol. In general, application-level proxies are based on modified procedures, and circuit-level proxies' use modified clients. A hybrid gateway can simply intercept connections. An application-level proxy can get that information in the application protocol. A circuit-level proxy needs to have the information supplied to by using a modified client that gives the server the destination address. Application-level proxies are designed for taking the advantage of application protocol knowledge. Circuit-level proxies cannot use modified procedures, and they use modified clients. The main advantage of a circuit-level proxy is providing service for a wide variety of different protocols. Most circuit-level proxy servers are also generic proxy servers which can be adapted to serve almost any protocol. Protocols like FTP, which communicate port data from the client to the server, require some protocol-application-level knowledge. The disadvantage of a circuit-level proxy server is that it controls connections on the basis of their source and destination and can't easily determine whether the commands going through it are safe or not. A dedicated proxy server serves a single protocol; a generic proxy server serves multiple protocols. Dedicated proxy servers are application-level, and generic proxy servers are circuit-level. A proxy server can do a great deal more than simply relay requests; one that does is an intelligent proxy server. CERN HTTP proxy server caches data, which makes multiple requests for the same data don't go out across the Internet. Proxy servers provide better logging and access controls than those achieved through other methods.
SSL/TLS:
The Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocol allows client server applications to communicate across a network. It is necessary to indicate the server whether the client is making a TLS connection or not. Most of the protocols can use either with or without TLS or SSL. The transport layer and secure sockets layers are cryptographic protocols that provide communication security over the Internet. To prevent eavesdropping and tampering the TLS protocol allows client-server applications to communicate across a network in a way it is designed. To encrypt and decrypt the data they send to each other and to validate its integrity the client and the server use the session keys. By using a handshaking procedure they negotiate a stateful connection, once the client and server have decided to use TLS. Using asymmetric cryptography for key exchange, symmetric encryption for confidentiality, and message authentication codes for message integrity the TLS and SSL encrypts segments of network connections at the Application Layer for the Transport Layer. The client and server agree on various parameters used to establish the connection's security during the handshake. Several versions of the protocols are in widespread use in applications such as web browsing, electronic mail, Internet faxing, instant messaging and voice-over-IP. SSL allows for certificates in both the server and the client, the most common model is that the server identifies itself with a certificate and the client by using a password or by credit card details. The purpose of a certificate on the server makes the purchasers not to make any registration with the site prior to making purchases. Registration is the nuisance process and necessary to distribute the password by a method separate from the Internet. Sometimes password distribution is done by post office mail and need to visit the Web site and register and later receives a mailed letter containing the password used for log in purpose. By using certificates with SSL provides in identifying and validating the Internet traders immediately and also providing a secure link for credit card details. SSL was built into the Netscape browser and is the standard method for secure Web transactions providing a way for authentication and opening a private communication channel with encryption and integrity checking. Transport-layer security protects the confidentiality and integrity of the synchronization data stream as it passes between a client and the Sybase IQ server. Transport-layer security allows a client application in verifying the identity of a Sybase IQ server therefore user applications can ensure that they synchronize only with Sybase IQ servers they trust. This security is provided by means of digital certificates. You can achieve a variety of security objectives using different types of certificates and configuring them in different ways. TLS uses a number of different types of certificates which works on similar principles for authentication. A certificate is typically delivered by the server for the client to verify; sometimes the server may also request a certificate from the client. Client certificates can be used only when there is an in-house certificate authority. Certificates are generally based on public key cryptography making more computations needed to encode and decode messages than for symmetric key operations. TLS will not use public key encryption for bulk data transfer and it uses symmetric keys which are agreed between the parties during the public key phase. The handshake protocol mainly uses the certificates for performing the public key cryptography during the authentication process and uses the public key cryptography for exchanging some session keys which are used by the record layer for encrypting data during the session and thereby reducing the workload.
HTTPS:
For a secure communication over a computer network with especially wide placement on the Internet a Hypertext Transfer Protocol Secure (HTTPS) is widely used communications protocol. It is not a protocol technically in itself rather, it is a simply layering the Hypertext Transfer Protocol (HTTP) on top of the SSL/TLS protocol, by adding the security capabilities of SSL/TLS to standard HTTP communications. In its popular arrangement on the internet, HTTPS protects against Man-in-the-middle attacks and it provides authentication of the web site and associated web server that one is communicating with it. Additionally, it protects against eavesdropping and tampering with and/or forging the contents of the communication as it provides bidirectional encryption of communications between a client and server. In practice, by ensuring that the contents of communications between the user and site cannot be read or forged by any third party, one is communicating with precisely the web site that one intended to communicate provides a reasonable guarantee. HTTPS is important over unencrypted networks. Without having some of its contents loaded over HTTP, or the user will be vulnerable to some attacks and surveillance a site must be completely hosted over https. A side from its scheme token, https is a URI scheme which has identical syntax to the standard http scheme. However, to protect the traffic https signals the browser to use an added encryption layer of SSL/TLS. SSL is especially suited for HTTP. Even if only one side of the communication is authenticated it can provide some protection. Only the server is authenticated with http transactions over the Internet in this case. To create a secure channel over an insecure network is the main idea of HTTPS. This assures reasonable protection from eavesdroppers and man-in-the-middle attacks, provided that adequate cipher suites are used and that the server certificate is verified and trusted. Web browsers know how to trust HTTPS websites based on certificate authorities. To provide valid certificates Certificate authorities are being trusted by web browser creators. The browser software correctly implements HTTPS with correctly pre-installed certificate authorities are trusted by user. The website provides a valid certificate, which means it was signed by a trusted authority. Hypertext Transfer Protocol over Secure Sockets Layer (SSL), secures the communication between the browser client and the tomcat server, and uses a certificate and a public key for encrypting the data which is transferred over the Internet. HTTPS also ensures the user about the user login password transportation securely via web. Hyper Text Transfer Protocol Secure (HTTPS) is a secure version of the Hyper Text Transfer Protocol (http) and allows transactions, such as online banking etc. Web browsers such as Internet Explorer and Firefox display a padlock icon indicating that the website which we are using is secure, as it displays https:// in the address bar when a user connects to a website via HTTPS, the website encrypts the session with a digital certificate. A user can tell whether they are connected to a secure website when the website URL begins with https:// instead of http://. Secure Sockets Layer uses a cryptographic system that encrypts data with two keys. When a SSL Digital Certificate is installed on a web site, users can see a padlock icon at the bottom area of the navigator. When an Extended Validation Certificate is installed on a web site, users with the latest versions of Firefox, Internet Explorer or Opera will see the green address bar at the URL area of the navigator.
VPN:
A Virtual Private Network is a method used to add security and privacy to private and public networks, like Wi-Fi Hotspots and the Internet. To protect sensitive data VPNs are most often used by corporations. A VPN can connect multiple sites over a large distance just like a Wide Area Network (WAN). Large corporations, educational institutions, and government agencies use VPN technology to enable remote users to securely connect to a private network. The user's initial IP address is replaced with one from the VPN provider which increases the VPN privacy. From any gateway city the VPN service provides uses this method which allows subscribers to attain an IP address. Security is the main reason why corporations have used VPNs for years. To intercept data traveling to a network there are increasingly simple methods. To hack information Wi-Fi spoofing and Fire sheep are two easy ways. A VPN protects your data on the web and useful analogy is that a firewall protects your data while on the computer. VPNs use advanced encryption protocols and secures tunneling techniques to encapsulate all online data transfers. Most savvy computer users wouldn't dream of connecting to the Internet without a firewall and up-to-date antivirus. Evolving security threats and ever increasing reliance on the Internet make a VPN an essential part of well-rounded security. A VPN encapsulates the data for one network inside of an ordinary IP packet and transports that packet to other network and it is unwrapped and delivered to the appropriate host on the destination network when the packet reaches the destination. No data is lost and the connection has not been hijacked is ensured by Integrity checks. This method is preferred to proxies as all traffic is protected.VPN technology is designed to provide employees with the ability to connect to corporate computing resources, regardless of their location, a corporation must deploy a scalable remote access solution. Typically, corporations choose either an MIS department solution, where an internal information systems department is charged with buying, installing, and maintaining corporate modem pools and a private network infrastructure; or they choose a value-added network solution, where they pay an outsourced company to buy, install, and maintain modem pools and a telecommunication infrastructure.
Neither of these solutions provides the necessary scalability, in terms of cost, flexible administration, and demand for connections. Therefore, it makes sense to replace the modem pools and private network infrastructure with a less expensive solution based on Internet technology so that the business can focus on its core competencies. With an Internet solution, a few Internet connections through Internet service providers (ISPs) and VPN server computers can serve the remote networking needs of hundreds or thousands of remote clients and branch offices.
Uses of VPN:
VPN service maintains the privacy of the information while providing remote access to the corporate resources over the public Internet. Instead of making a call for long distance, the user can call a local ISP where the VPN software will create a virtual network between the user and outsourced network server. VPNs can connect to local area networks 1. By using dedicated lines connecting branch office to a corporate LAN by a local ISP connecting to the Internet. VPN service software creates a virtual private network by using the local ISP connections and the Internet between the corporate hub and the branch office router. 2. By using a dial-up line which connects a branch office to the corporate LAN, the router at the branch office can call the local ISP which creates a VPN service between the branch office and the corporate router. In the above applications connecting the branch office to the corporate offices to the Internet are local. The corporate router acting as a VPN server must be connected to a local ISP with a dedicated line and the server should be available 24 hours a day for incoming VPN traffic. VPN service makes the department's LAN connecting physically to the corporate internetwork and separated by a VPN server which does not act as a router between the corporate hub and the department LAN. A router connects the two networks and allows user accessing the sensitive LAN.
Basic Requirements for a VPN solution:
Verifying VPN client's identity and restricting VPN access to the authorized users and should provide audit and accounting records showing the information about the user who has used it and the time when it was used.
VPN client's address should be assigned on the intranet and the addresses are kept private.
Data present on the public network should be made unreadable to unauthorized clients.
The solution must generate and refresh encryption keys for the client and the server.
Handling of common protocols such as IP and Internetwork packet Exchange which are used in the public network.
Functions of a VPN:
Provides authentication for the data by Validating the data which was received is actually from the sender or not.
It provides access control by limiting the unauthorized users from accessing the network.
Maintains the data Integrity by ensuring that the data has not been modified.
Maintains the data confidentiality by preventing the data to be read or copied.
Use of browser extensions:
Ghostery is a cost free privacy browser extension tool available for Firefox, Chrome, Safari, Opera, Internet Explorer, as well as a standalone app available for iOS. The companies whose code is present on the webpage we are visiting, It scans the page for trackers scripts, pixels, and other elements and notifies. It enables which are objects embedded in a web page and its users to easily detect and control web bugs, invisible to the user, that allow the collection of data on the user's browsing habits. These trackers often aren't otherwise visible and are often not detailed in the page source code. If the user chooses, the ghostery allows you to learn more about these companies and their practices, and block the page elements from loading. Ghostery also has a privacy team that creates profiles of page elements and companies for educational purposes.
Collusion is a form of secret agreement between two or more people. These individuals typically meet secretly, reaching an agreement which is designed to deceive or defraud someone else, an organization, or the government. Individuals may have found themselves the victim of a lesser form as some point, Collusion can take a number of forms, which are illegal. It must be demonstrated that the parties involved met knowingly and with the intent to deceive in order to charge of collusion to be proved.
No Script:
The no script element has only one purpose i.e. for security reasons it provide content for people accessing the web page with a browser that either doesn't support client-side scripting, or that its script support disabled by the user. No script can use the same HTML elements that we would include the body element. However, we can't use no script inside the head to provide alternatives. For JavaScript functions, as that would involve writing content inside the head element. To follow when they're indexing our site, regardless of whether the users ever see that content, a simplified navigation block within the no script element can provide a route for search engines. Secure and anonymous browsing is done by using the above solutions.
