Web and Hosting Tips
Written by Natalie Lehrer
Thursday, December 11th, 2014
Confidence is so important on the Internet. Any site that acquires a reputation for unreliability, insecurity or dishonesty can expect to see traffic dwindle to zero. On the other hand, a site that can prove it takes security seriously can attract more visitors. And that can be good, whether your hosted web site is for a community, a membership service, or e-commerce. Surfers and online shoppers also increasingly recognize the on-screen presence of a small padlock icon or a website address that begins with “https://…” as signs that they can trust the site they’re connecting to. That’s SSL or ‘secure sockets layer’ in action. So how does SSL help you gain visitors’ trust?
Protecting Information As It’s Transmitted
SSL operates between a visitor’s browser and your site or application. It’s an industry-standard mechanism that ensures the encryption of data being passed backwards and forwards, so that no unauthorized person can spy on the information and hack it. It also prevents cyber criminals from diverting visitor traffic to their own site using their own encryption, and gaining access to your data that way. All major web browsers have SSL capability built in. But for a website to have SSL capability means acquiring a specific SSL certificate.
How Do You Get an SSL Certificate?
You have to apply to an authorized issuer of SSL certificates and be vetted. Such an authorized entity is known as a Certificate Authority (CA). Browser companies like Microsoft, Google, Apple and so on trust the CA to only issue CCL certificates to other trustworthy companies. The CA has its own Root Certificate (so there aren’t many of these in the world!), which it uses to generate individual SSL certificates. It also checks that you have the right to use the domain name under which your website operates and may also make checks on your company identity (depending on the ‘strength’ of the SSL certificate you want.). SSL certificates are then installed on the web servers concerned as data files.
What Does SSL Do For You?
Lots of things! It makes your site or system look more professional. SSL certificates have to be earned. It helps clinch a decision by a visitor to sign up as a member or to make payment through your site. If you sell online and you use a reputable online payment partner, that partner will have SSL implemented. However, there are additional reasons for having your own SSL, such as protecting visitors’ personal details – and also protecting any confidential information that you may send back to them (access to a private server, administrator privileges, cash voucher numbers, etc.)
What Does SSL NOT Do For You?
Again – lots of things, because SSL is designed to exclusively protect the integrity of data while it’s in transit between one system and another. If the information happens to contain a virus, SSL will faithfully transmit that virus. If it contains an attempt to gain illicit access to your web site or database files, SSL will transmit that as well. In other words, while SSL is excellent for protecting data on the move in a network link, both browser users and web site owners must still take all required precautions to prevent any malware from circulating or any undesirable actions within the systems themselves. So add good system security (or find a web hosting provider who can guarantee it) to SSL and you’ll be a step ahead all round in enhancing your website experience and visitors’ confidence.
Natalie Lehrer is a senior contributor for CloudWedge. In her spare time, Natalie enjoys exploring all things cloud and is a music enthusiast. Follow Natalie’s daily posts on Google Plus, Twitter @Cloudwedge, or on Facebook.
Image source: http://upload.wikimedia.org/wikipedia/commons/9/90/Welcome_multilingual_Guernsey_tourism.jpg
Written by Jeremy Jensen
Tuesday, November 18th, 2014
Amidst our globalized world where everything and everyone is getting connected online, it’s easy to get caught up in cyberspace and forget that you are using a technology barely fifty years old. That’s right, the Internet originated in the early 60’s and yet the Web seems to now infiltrate every facet of our everyday lives. Be it in your content consumption, your car, your home, or even your own body.
Integrating growing technologies and the best methods, the Internet is truly evolving faster than we could ever have imagined, not just becoming a larger part in our lives, but life itself. And thus, I dare introduce to you, the latest prediction as to the Internets next grand step — Web 3.0.
“Wait,” you’re thinking “so when did Web 2.0 happen?” Believe it or not, you’re reading this on 2.0 right now. Although Web 2.0 leads you to believe that you somehow downloaded some official upgrade from the 1.0 static version without knowing it, be informed that there is no formal patch or update.
Rather, Web 2.0 is a blanket term for the generation of interactive social media functions on most modern sites. Instead of a basic webpage that only allows passive content viewing, Web 2.0 incorporates a virtual community where the user may engage in a dialogue and interact with the site’s creator and others; for example, a 2.0 site could be a product’s site with a review board, a blog with a comments section, or even an Ask-Me-Anything page on Reddit. Also known as the Social Web or the Mobile Web, 2.0 strives to be a communication tool for collaborating and sharing with one another– people connecting with people.
Building upon 2.0’s notion of connecting people, the next generation will attempt to link us with information and be a “Smart Web.” Though some are skeptical at the very mention of artificial intelligence, most of us subscribe to the idea that technology, science, and people are all working symbiotically at an unprecedented rate to create more efficient tools. Whether or not this means sentient, free-thinking machines and The Singularity one day is up for debate, but what is clear, is that humans are using the Internet much like an extra brain. And this is precisely where Web 3.0 comes in — it’s a “Semantic Web” that would provide a uniform framework so that data could be shared, analyzed, and reapplied across all applications and platforms for unlimited function, maximum effectiveness, and with minimal human interaction. This essentially means that there would be a such a sophisticated element in the web that it could actually “understand” you and interpret what you want.
Sci-fi crazy nonsense? Some may think so, but I think it is closer than most people would care to believe. Take Siri for example. She is a “Knowledge Navigator” that utilizes a natural language user interface that adapts to individual preferences and eventually customizes results for you. Now if you can consider an Internet experience that would combine this technology with all your personalizations collated and surmised from Big Data collection, it doesn’t seem so far fetched. Through the sites that you frequent, the past searches you have made, products you have bought, links you have posted, pages you have liked, personal descriptors you have provided, a semblance of the user’s identity is formulated. It then uses this personalized data as a metric in which to measure, screen, and ultimately select what is best suited to your needs. In layman’s terms, Web 3.0 will attempt to be an online version of yourself that does all of your surfing for you.
The Future of the Web
The convergence of emerging and developing technologies will continue to reshape, innovate, and disrupt current web standards; however, it is imperative to remain objective to a point with its role. As technology becomes ubiquitous, it will be increasingly difficult to ask ourselves the hard questions, like are we missing a natural and organic method to our own madness by letting the Internet pervade all stages of humanity?
This is not to say that we should be wary of The Terminator or The Matrix coming true (if it hasn’t already), but rather ask if there ever should be lines drawn. In light of Edward Snowden’s leaked government documents on mass surveillance and data mining, it is safe to say that technology is quickly becoming a double-edged sword that every person will have to wield. Will it be the machete that cuts a path or will it be the blade in our own Seppuku? The choice is ultimately ours.
Written by Jeremy Jensen
Monday, October 20th, 2014
As unfortunate as it may be to say, 2013 marked a monumental year in data breaches, mainly for businesses that weren’t prepared with the necessary level of cyber security. According to Symantec’s annual Internet Security Threat Report there was a 493% increase in stolen identities since 2012, amounting to over 550 million affected customers.
Many remember recent headlines involving breaches in Apple’s iCloud, but most of us will never hear about the smaller targets data thieves have been cleaning out due to the lack of media attention. The National Small Business Association put out a survey, through which they found nearly half of all small businesses reported being victim of a cyber-attack.
With a reported 66% of all small businesses depending on the internet for day to day operations, there is still a resounding unawareness to to how damaging a data breach can be to your company’s future and reputation.
Thankfully those coding for cyber security are always a few steps ahead. October is recognized by the Tech Community as National Cyber Security Awareness month, so we wanted to compile a comprehensive guide for small businesses to prevent any such data breaches from occurring as we head towards the end of 2014.
Using four levels of protection will ensure your data stays safe.
Securing Your Foundation
Regardless of how big your business is, there are mandatory steps to ensuring the foundation of your cyber security is rock solid. Just like you lock away your valuable possessions, you’re going to need to categorize and document what digital files you’re keeping in vulnerable areas. These categories should be broken down like this:
- Highly Confidential – All of your most sensitive data should be placed in this tier. This includes anything that if stolen could impact your customers, employees, or business as a a whole. Think identity information, things like: passwords, social security numbers, credit-card info, or names and addresses.
- Sensitive – The fine line between sensitive and highly confidential is what couldn’t destroy something if stolen in the financial sense. Sensitive documents are things you wouldn’t want seen externally of your business for privacy reasons. Reports on your employees, marketing plans, contact info, or performance data are all sensitive and would be best stored separately.
- Internal Use Only – Information that is available to all your employees, but still would be best unknown to the public can be classified as internal only. This data may not harm your company, but still is considered items you won’t post publicly.
Securing the foundation also means safeguarding all your devices, should a hard drive or thumb device get lost.
Level 1 Threat Protection
- Restrict Access Points - Knowing which data is the most sensitive will help in choosing who can access it, the less people capable of opening the bridge the less likely a hacker will be able to get in. Always be conservative here, if there’s a document someone will need there will usually be an Admin capable of getting it for them.
- Train Employees On Digital Security Basics - Using email, and having to download software isn’t always black and white in terms of what is safe, and what might have some nasty malware zipped up inside. Provide the resources necessary to help your company recognize what threats may be present in the forms of phishing schemes, identity thieves, or even scammers calling in over the phone.
- Consider Storing Data On A Device Disconnected From Any Network – If your company has no reason to transfer crucial data remotely, don’t make it available anywhere except in the office, on a machine where employees can access it in person.
- Use Reputable Free Software- Not all Cyber Security comes with a hefty subscription fee, check out some verified by the National Cyber Security Alliance on this list.
Level 2 Protection
- Two-Factor Authentication – This is for the most sensitive data. Not only will employees need a password, they will also need a second step such as a PIN number, or ID card.
- Encryption - Encryption essentially mixes up data to look like a bunch of nonsense to those unauthorized to access it. The encryption you use will need to meet the Federal Information Processing Standard (FIPS-Certified), otherwise there’s still potential hackers can read the data by cracking your key.
- Hire A Security Specialist - This might mean paying to send a current employee to get certified as a security compliance officer, or consulting a local IT Professional to secure all the devices and networks with current protection capabilities.
Level 3 Protection
- Physical Facility Lock Down – Despite the transcendence into digital storage and remote access points, much of what can be stolen is still buried in physical machines and data units that can be broken into once removed from your facility. Preventing criminals from entering your building altogether cuts down the possibility what’s inside can be accessed.
- Consult Security Tests - Hiring an outside specialist who knows how to test infiltration points is your best friend when it comes to knowing for sure whether or not your system’s security is air tight. If they can get in, you’re not losing everything, and will know what to improve upon.
- Personal Device Protocol – Personal electronic devices can be detriments to certain access points. Smart phones that employees have connected to the wifi is as simple as it gets to allowing hackers to tap the network and get whatever data they want being transferred between the device and server. Your IT team can set up minimum security requirements so these outside devices won;t be able to access the network in the first place.
Small businesses have it especially tough when it comes to maintaining the security of their data. One breach can ruin the trust of an entire community, which is usually how small businesses thrive in the first place. Don’t allow your business to suffer.
Written by Patrick Pelanne
Tuesday, October 14th, 2014
Tonight Google announced a flaw in the design of SSL v3. We have been tracking this issue after we heard whisperings in private security circles last week. Upon disclosure of the details we began remediating immediately.
The vast majority of end users should not experience any issues as a result of the changes we’re making. In fact, Google estimates this change will affect less than 1% of the internet. (The SSL 3.0 protocol is almost 15 years old but has remained in place to support users running older browsers.)
The attack vector for this vulnerability has prerequisites and is very sophisticated. As such, the real world severity is far below the recent Heartbleed & Shellshock vulnerabilities.
Check out Google’s Security blog for details.
If you would like to be 100% protected, you can disable SSLv3 in your browser settings. Information on how to do this in a few popular browsers can be found here.