Secure Internet Connections
Secure Connections on the Internet
No matter what you are doing on the Internet, there are ways to increase the security of your activities. There is an inherent trade-off between security and convenience, but it's always good to be aware of your options so you can make an informed decision. Below, we present recommendations for using your Pacific Internet services in secure ways. These tips should generally apply to all online activities as well.
Surfing the Internet
These are some things to keep in mind when browsing the Internet and especially before submitting any sensitive or personal information.
- Web sites that you visit "out there" on the Internet may be forgeries (copies) of real sites.
- Never submit sensitive information to a site unless the site's address begins with "https:" and not just "http". This by itself does not guarantee safety, but it is one good indicator that a site is run by who it claims to be. It also indicates that information transmitted between you and the site is encrypted.
- Pay attention to any browser warnings or errors and do not ignore or simply click through them.
- Don't provide more information than you believe a web site needs. It is your information after all.
- We recommend against using public terminals, kiosks, or other shared computers to access any service that requires sensitive information. If you must use a shared computer (at a school, library, friend's house, etc.), be sure to close all browser windows when you are done and use a virtual keyboard to log in if one is available. Pacific Internet Webmail provides a virtual keyboard for this purpose. You might also ensure private browsing is enabled in the browser.
Developing & Web Sites
Not all information contained in a website is intended to be public. Developers should be aware that FTP is an inherently insecure protocol. Secure alternatives include FTPS, SFTP, SSH (via scp or rsync), and more. Most of our hosted accounts require FTPS.
Email is another technology that was designed before the modern Internet. In the early days, security was not a primary concern, if at all. Several technologies have been developed to enhance the security of email, but you must be sure to use them.
POP3 & IMAP
These mail protocols dictate how you retrieve mail from the server. By default, POP3 and IMAP use plain text authentication in most email clients. This is not secure, particularly in public places (do you use email on your phone?), as you will be transmitting your username and password in cleartext. You can use POP3 and IMAP over TLS/SSL in order to encrypt the transmission of your data. While this is not currently a requirement, expect it to be in the future. Encrypted sessions can be initiated with the mail server by setting the appropriate configurations in your mail client. Typically, you will need to enable TLS or SSL and connect to either ports 110 or 995 (POP3) or 143 or 993 (IMAP).
The Simple Mail Transfer Protocol dictates how you send mail. In most email clients, SMTP is unencrypted by default and you username and password transmitted in cleartext. This is not secure. SMTP can also use TLS/SSL to encrypt the data transmission. You may also have an option to use STARTTLS. All mail must be submitted on port 587.
Webmail uses an encrypted "https" connection to your web browser, so all webmail activities are securely encrypted when using Pacific Internet Webmail. If you have questions about a specific email program or other software configuration, please contact our support dept at (707) 463-8214 or use our online Support Form.