Understanding the URL – Uniform Resource Locator – is key to keeping yourself safe online. More commonly known as a web address, the URL is the friendly, human readable equivalent of the numeric location of every device, folder or file on the internet.
The first part, running up to the first single slash or port number, is converted to digits by a Domain Name System (DNS) server and is entirely case insensitive. Everything else is handled by the host server that, depending on its configuration, may be case sensitive. This could allow hackers who gain access to the server to insert a malicious file called, for example, INDEX.HTM alongside an existing index.htm.
Being directed to the capitalized file by an email, IM or other web page could open you up to attack. Limit your exposure to scams by employing your browser’s phishing protection tools. In Chrome, visit chrome://settings, click ”Show advanced settings…” and check the box beside ”Enable phishing and malware protection.”
In Safari, open Preferences, click the Security tab and check ”Warn when visiting a fraudulent website.” These tools compare your entered URLs against lists of malicious sites and pop up a warning if it finds a match.
The domain name (or host name), which is the name of the server on which the resource is located. Often preceded by www, which can sometimes be omitted.
The active protocol. Browsers default to HTTP (HyperText Transport Protocol) so you can leave it off, but alternatives include, among others, FTP, SMB and HTTPS.
Port number. This directs your request to a specific position on the remote network if the default web traffic port — port 80 — wouldn’t resolve to the server you need. You don’t often actually see this.
Specific path to the requested resource. If the server is set up with default file names, omitting the part after the final slash loads the default file for the selected directory.
The Padlock
The padlock isn’t the only clue that you’re using a secure connection. The protocol identifier at the start of the web address will also change to HTTPS, which stands for HyperText Transfer Protocol Secure. Don’t log in to any shopping site that doesn’t include this prefix, and don’t get complacent later in your browsing session just because you saw it on the password page. An HTTPS-prefixed page that redirects to regular HTTP for any other page after you’ve logged in won’t keep you secure since the rest of your session will be unencrypted.
SSL certificates only last for a specified period and need to be renewed by the certificate holder from time to time. They are issued by certificate authorities, in return for a per-year or multi-year fee. They can be revoked prior to the end of their life if they’ve been compromised, in which case they are added to a blacklist that browsers can interrogate using the Online Certificate Status Protocol (OCSP) which allows the browser to throw up an alert if you’re about to visit an unsigned or insecure site. All browsers since Firefox 3 — plus all editions of Safari and Chrome — support OCSP.
