web analytics

SSL Certificate Reviews

Apr 30

SSL Reviews

Guys, it has been 1 months since my last blog post was really busy with stuff related SSL Certificate. I was busy with some one. In past couple of days I have found that there are many SSL Certificate Reviews.

Most of SSL Certificate Reviews are regarding brands and service provided either by vendor or their partners. SSL Certificates are not reviewed as they are available forms. There are major three SSL Certificate Domain Vetted(Verified) SSL Certificate (DV SSL Certificates), Organization Vetted(Verified) SSL Certificates (OV SSL Certificates) and Extended Validated SSL Certificate (EV SSL Certificates).

I will review SSL Certificates as their type would be much better to make you understand what SSL Certificate you should trust more:

1) Domain Vetted(Verified)( SSL Certificate (DV SSL Certificate) :

Most sold SSL Certificates are Domain Vetted (Verified) SSL Certificate. Because it is cheaper and issued within couple of minutes. Does not require much documentation and anyone can get it. Need only phone verification or email verification to email which either belongs to whois or email address as following :

  • admin@domain
  • administrator@domain
  • webmaster@domain
  • hostmaster@domain
  • postmaster@domain
  • Plus any address listed in the technical or administrative contact field of the domain’s WHOIS record, regardless of the addresses’ domains.

Mozilla Firefox is not recommending this practice because this has security risk on this. Many SSL Certificate vendor uses for example person register domain for 2 years but gets SSL Certificate for 5 years. What will happen if domain expires and another person get that domain and person who had domain and uses existing SSL Certificate to misuse it using DNS spoofing. This is highest risk certificate, I personally don’t trust DV certificates. There is DV wildcard certificate. WildCard SSL Certificate can be used for phishing. Someone can use WildCard SSL certificate for phishing attack, like installing SSL Certificate for https://paypal.xyz.com and you trust this site as it has SSL Certificate and famous payment gateway. One who trust SSL Certificate would think this is Paypal site and will do transaction there. Hence, I would not recommend to trust DV SSL Certificate because one can get SSL Certificate easily and can manipulate with internet security.

I will write about Organization Vetted SSL Certificate and Extended Validated SSL Certificate in my next blog post stay tuned to learn more about the same.

Write is Gaurav Maniar (IT Manager, SSL Support Expert @ www.thesslstore.com, MCITP, MCSE, MCSA)

Enhanced by Zemanta
Read More

SSL Tools Website Part – II

Mar 04

SSL tools website part – II

After yesterday’s update about tools by ssltool.com. I am putting other tools details which would help you a lot with SSL Certificates and checking security of your SSL Certificate.

7) self-signed certificate generator (http://ssltool.com/?action=ssGenerate)

Do you want to generate self sign certificate? Here you go? this is great tool to generate self sign certificate for newbies who don’t want to run openssl commands to generate Self Sign Certificate. You can help self sign certificate in couple of minutes.

8) certificate and key match checker (http://ssltool.com/?action=modMatcher)

Check your Certificate key match. Certificate you got from your certificate vendor and key you have on your server this would be great to check Certificate before you installing it.

9) certificate root store list (http://ssltool.com/?action=certList)

Update Certificate root list in your server computer or check latest available root certificates available many of webservers still uses old certificate roots. which may cause problems.

SSLTools.com

Another good website I just came across ssltools.com. It allows you to check your CSR and Certificate. It is simple yet useful website which would help you to consider other option available to check your CSR.

There are many other SSL Related tools available. I will review other websites as well and update you about it. Till that time Happy Security..

Write Gaurav Maniar (IT Manager, SSL Support Expert @ www.thesslstore.com, MCITP, MCSE, MCSA)

Enhanced by Zemanta
Read More

Subdomain of TechCrunch blacklisted by Google for malware distribution

Nov 11

Tim Callan’s SSL Blog – Online Security Tim Callan’s SSL Blog: Subdomain of TechCrunch blacklisted by Google for malware distribution Tim Callan’s SSL Blog Demystifying the Web’s Secure Backbone « Great session at the Online Trust and Cybersecurity Forum | Main | GeoTrust leads the pack again »

Subdomain of TechCrunch blacklisted by Google for malware distribution
As of posting time, a Google search of the phrase techcrunch crunchies yields as its first result a blacklisted result for the 2009 Crunchies award page (crunchies2009.techcrunch.com). The details page shows that on September 28 (yesterday) Google found malware distributed on this subdomain of TechCrunch.

This result gives you an opportunity to see how a real, blacklisted site looks on Google. If you do click on the link for crunchies2009.techcrunch.com (it’s safe; don’t worry) you’ll go to a Google roadblock page that reads,

Warning – visiting this web site may harm your computer!Suggestions:Return to the previous page and pick another result.Try another search to find what you’re looking for.Or you can continue to http://crunchies2009.techcrunch.com/ at your own risk. For detailed information about the problems we found, visit Google’s Safe Browsing diagnostic page for this site.
For more information about how to protect yourself from harmful software online, you can visit StopBadware.org.

If you are the owner of this web site, you can request a review of your site using Google’s Webmaster Tools. More information about the review process is available in Google’s Webmaster Help Center.
Advisory provided by Google

I can only imagine the devastating effect this roadblock has on natural search traffic, especially for sites that directly depend on traffic or transactions for their livelihood.

The good news is that web site malware scanning is a robust technology that can help you spot and fix these problems before they infect your visitors – or get you blacklisted. I’m confident that TechCrunch will fix this problem shortly, but wouldn’t the site have been better off avoiding the lost traffic and brand damage that accompany such an incident?

Which of course is part of the reason we have included web site malware scanning with our VeriSign-branded SSL Certificates.

Read More

Unified Threat Management (UTM) – Watchguard Technologies

Oct 28

Originally coined in 2003 by IDC analyst, Charles Kolodgy, the term unified threat management (UTM) represented a ground-breaking concept in having disparate security functions – firewall, intrusion detection/intrusion prevention (IDS/IDP) and gateway anti-virus (AV) – reside in a single, integrated network security appliance.

WatchGuard Technologies, a pioneer of firewall technology since 1996, was an early innovator of UTM solutions, and was one of the first to lead the industry with high performance UTM offerings. By January, 2008, WatchGuard offerings had far exceeded the foundational elements of UTM (firewall, IDS/IPS and gateway AV) to include a host of new security and network connectivity features, such as web-based content filtering and spam blocking, as well as both IPSec and SSL VPN capabilities.

UTM appliances quickly became a network security favorite for SMB, mid-market (SME), and enterprise branch office environments. UTM devices gained substantial ground in education, healthcare, and retail segments because they helped to address regulatory mandates, such as the Children’s Internet Protection Act (CIPA), Health Insurance Portability and Accounting Act (HIPAA), and Payment Card Industry Data Security Standard (PCI DSS).

As the demand for UTM grew, so too did the industry and the number of respective solutions. By 2007, the UTM market had grown approximately 35 percent year-over-year, to reach $1.216 billion. By 2008, industry analysts estimate that sales of UTM appliances will surpass traditional firewall/VPN solutions. By 2010, sales of UTM devices are expected to exceed $2.5 billion.

WatchGuard confirms that analyst reports are on target, and that the UTM market continues to grow at a record pace. In particular, WatchGuard sees accelerated UTM market growth as appliances expand into new geographic regions around the world and move upstream into more enterprise and distributed environments. What is unclear right now is whether the current state of UTM offerings in the market is sufficient to fully meet future business demand and IT expectations.

Clearly, UTM has moved from a concept to a business and network security reality. The growth and acceptance of UTM is undeniable. However, there are factors to suggest that UTM, in its current state, will not be sufficient to tackle the next generation of looming security threats, nor capable enough to meet the needs of savvy businesses that leverage new forms of technologies to be more productive and efficient.

Threats are changing. The next generation of security threats will present unparalleled challenges and risks. The “black hat” community is not the band of miscreants that it used to be. What was once done to gain notoriety and underground fame among fellow hackers has now turned into big business, similar to organized crime syndicates. Data is valuable, and gaining control of web sites, servers, and personal computers can be lucrative.

WatchGuard sees the next generation of security threats to be more sophisticated and less conspicuous. Security threats are taking on new forms, morphing common annoyances such as spam email and mutating them into hybrid spam/phishing/malware payload-delivery vehicles. The traditional attacks on network ports and data networking protocols will change to attacks that exploit holes directly at the application layer.

Threats are becoming more stealthy and concealed, as well. Typically, when a threat reaches a broad enough audience, a “signature” can be developed to counter and neutralize the threat. Today, the writers of these attacks have learned that low profile attacks keep threats “under the radar,” and hence, avoid detection and the eventual signature that will wipe them out. Likewise, other attackers have developed automated repackaging malware applications so that the malware changes every few minutes – effectively staying ahead of any anti-virus vendors’ ability to produce a signature.

Business is changing. Several factors are all converging to change the way businesses operate. Leading this, WatchGuard sees business mobility, the “millennial” generation, the “consumerization” of IT, Web 2.0+, and new technologies, such as virtualization and Software as a Service (SaaS), all creating new dynamics for network security and data protection.

Mobility, mobile workers, and remote office technologies accelerate business opportunities, but at the same time, create new venues for security risks. According to a recent survey conducted by Stanford University and Hong Kong University of Science and Technology, “92 percent of Fortune 500 respondents agreed that uncoordinated mobility initiatives lead to security risks and high integration costs. But 93 percent reported that mobility can provide a significant competitive advantage.”1 The traditional desktop is being redefined by mobile devices and mobile applications. As this happens, IT staff must address the inherent security risks that accompany this trend.

Likewise, the next generation of workers, the “millennials”, mirrors the benefits and risks associated with mobility. The millennial generation is instrumental in adopting new technologies, particularly, IM, peer-to-peer, and social networking tools, yet shows lackluster awareness and even disdain towards the risks that go with these technologies. In a recent blog post titled, “IT Risk and the Millennials,” Samir Kapuria talks about what could turn out to be one of the most pressing issues for IT. Kapuria points out, CIOs are trying to figure out how to cope with this generation.

“The Mobility Manifesto: What enterprise mobility means and how to make the most of it” – Nokia Corporation https://forums.symantec.com/syment/blog/article?message.uid=306119 Using Second Life as a Business-to-Business Tool, Information Week (April 26, 2007) http://www.informationweek.com/blog/main/archives/2007/04/using_second_li_2.html Electronic Commerce: A Managerial Perspective, Turban, E., (2008) “The Pros and Cons of Virtualization,” Business Trends Quarterly, Mann, Andi (April 21, 2008); “Virtualization 101,” Enterprise Management Associates (EMA), Mann, Andi (Oct. 29, 2007)
“Millennials are used to freely downloading software from the Internet, such as Skype; using applications like Facebook; and bringing their iPods and laptops into the office—all of it blurring the lines between personal and work life.”2

Relative to this is the “consumerization” of IT and Web 2.0 technologies. Designed to foster more collaboration, greater efficiencies, the sharing of information, and more productivity, the IT landscape of “consumerized’ technologies (iPhones/iPods, USB drives), and Web 2.0 applications (mash ups, peer-to-peer and social networks) is also creating new security and information leakage concerns. It has been noted that some consumer-oriented applications, such as Facebook or LinkedIn,` are being used as contact managers or even as CRM substitutes. Businesses that rush out and adopt these new tools may also find themselves in uncharted security waters.

For example, the media recently reported on a popular online consumer game, World of Warcraft, and how malware associated with the game is stealing user passwords and account data. For a consumer, that is a serious threat. By analogy, if one applies this type of scenario to something like Second Life, which quickly morphed from a game into a business-to-business3 vehicle for corporate events, sales, training, marketing, and demand generation, then we see how deleterious this type of malware could be if it could capture corporate passwords and corporate data. Bottom line is businesses have yet to experience the risks associated with consumer technologies and Web 2.0 applications in the work environment.

New business technologies are shaping security profiles. This ranges from VoIP to Virtualization. For example, virtualization is the general term used to describe the abstraction of IT resources. Virtualization hides the physical characteristics of computing resources from their users, be they applications or end users.4 This includes making a single physical resource (such as a server, an operating system, an application, or storage device) appear to function as multiple virtual resources; it can also include making multiple physical resources (such as storage devices or servers) appear as a single virtual resource.5 As businesses adopt virtualization, they must understand the security risks associated with it.

Software as a Service (SaaS) presents similar security challenges for IT staff. With industry heavyweights, such as Cisco, Google, and Microsoft, pushing for more IT services to be “in the cloud,” questions arise of who controls the data, how is it protected, which laws and regulations apply, how is it audited, and what recourse is available should something happen? Assuming that SaaS is an inevitable reality, businesses will need XTM solutions to ensure secure connectivity to the cloud, as well as to protect the integrity of applications and data interactions.

Likewise, as businesses deploy new technologies, they must address protection in new ways. For example, mobility and data in motion is changing the concept of how to secure the network perimeter. Protecting the end point device will be subjacent to protecting users and data as they move through networking, web, and messaging platforms.

Lastly, businesses and IT administrators will have to do more with fewer resources. A recent Goldman Sachs report stated that security budgets are down from previous forecasts. As global economic issues create turbulent markets, companies are expected to react by reducing IT expenditures.

All of these factors – the next generation of threats, changing business dynamics (i.e. mobility, “millennials,” consumerization of IT, and Web 2.0 applications), and new business technologies – dictate how network security will operate in the future. WatchGuard believes that the UTM industry is at an inflection point, and that the current state of UTM appliances is insufficient to fully address these factors. Therefore, what business and technical decision makers will need is the next generation of UTM – XTM, or extensible threat management solutions.

Extensible threat management (XTM) is the next generation of unified threat management (UTM), integrated network security appliances. As stated by IDC analyst, Charles Kolodgy, in SC Magazine (May 2, 2008):

“IDC believes that UTM will remain the primary security solution for distributed environments, but within the enterprise it will evolve into an eXtensible Threat Management (XTM) platform. XTM platforms will take security appliances beyond traditional boundaries by vastly expanding security features, networking capabilities and management flexibility. Future XTM appliances should provide automated processes – such as logging, reputation-based protections, event correlation, network access control and vulnerability management. Adding to the networking capabilities will be management of network bandwidth, traffic shaping, throughput, latency and other features, including unified communications.”

Based on this definition, WatchGuard foresees XTM as an extension of the UTM category. XTM will expand on what UTM has delivered, but will include additional substantive developments in three core areas:

More security featuresGreater networking capabilitiesMore management flexibility

Extensibility means having the ability to extend or add on to. This is what WatchGuard is innovating with its UTM family of security and connectivity solutions. The vision is to provide XTM solutions that deliver extensibility. WatchGuard’s extensible components are:

Extensible protectionExtensible managementExtensible choiceExtensible ownership

Extensible protection derives from the unique WatchGuard approach to network security. WatchGuard utilizes a security scheme built upon its “intelligent layered security” architecture that incorporates myriad security technologies, including application proxy technology to defend against spyware, malware, viruses, outside attacks and other harmful events. This approach of extensible protection guards against port and protocol-specific threats, as well proactively protecting businesses at the application layer, thus creating an “application aware” defense posture.

Extensible management addresses the need to incorporate more network and management capabilities. This includes integration of networking technologies, such as WAN optimization, active/active failover for high availability (HA), and management software that allows one-touch control over hundreds of WatchGuard XTM appliances. As well, extensible management includes having open, standards-based management hooks, thus allowing businesses to leverage and utilize existing management suites, such as HP OpenView, to seamlessly manage their XTM appliances as part of one console.

Extensible choice speaks to providing complete device flexibility. This means that WatchGuard XTM appliances will have the ability to be configured for optimal deployment in any kind of network or business environment. As well, this means administrators will have the ability to pick and choose security services that best meet their organization’s needs. For example, a school administrator may only want firewall and web-content filtering on their XTM, while a business may opt for all security services, minus gateway AV, for their WatchGuard XTM deployment.

Extensible ownership revolves around growth-oriented options that yield superior total cost of ownership (TCO) and return on investment (ROI). WatchGuard XTM solutions will continue to support a software upgradeable path, which allows users to upgrade security services, subscriptions and capabilities on the fly, without ever having to swap out hardware. Not only does this extend the life of the appliance, but gives owners more flexibility in determining how they utilize their security investment. As well, WatchGuard is working to ensure XTM appliances have the greatest degree of network systems interoperability. This way, regardless of the network topology mix (Cisco, Juniper or Extreme), WatchGuard XTM appliances will provide maximum interoperability.

For business decision makers, XTM offers an ideal cache of reliable security and superior TCO. XTM allows businesses to utilize mobility, consumer technologies, Web 2.0, and other new business applications in a highly secure manner.

Because of the inherent flexibility found in XTM, these solutions will help businesses address the needs of regulatory compliance and future changes that are bound to come.

With greater networking and security capabilities, XTM solutions also eliminate the costly need to purchase and manage multiple routing and stand-alone security appliances. For example, small businesses that currently purchase low-end routers and then supplement them with firewall devices will be able to use a single XTM device for both routing and security. Likewise, instead of utilizing separate appliances, such as a spam firewall, web application filter, and IDS/IDP solution, with XTM businesses can utilize all of these services in one device. This makes the cost of XTM acquisition, as well as the cost of management, much lower than traditional best-of-breed, stand-alone appliances.

For technical decision makers, XTM offers greater management, real-time user control and superior security. As the network perimeter changes and users pass through network, web and messaging platforms, administrators will look to XTM appliances to provide “common reputation services” so that regardless of the device or location, the user and data are always protected. XTM will offer administrators new capabilities in “policy migration” as well. This way, as older appliances such as firewalls are replaced, newer devices can extend and enforce existing security policies.

Finally, technical decision makers who are not security experts will be able to rest assured, knowing that their networks are highly protected with proactive, XTM-based security. The intelligent layered security architecture from WatchGuard offers an unmatched array of security technologies, designed to protect against unknown, “zero day” threats.

XTM is the next generation of UTM, and it is predicated upon the substantive expansion of three foundational elements: more security, greater networking capabilities, and more management flexibility. From this foundation, WatchGuard adds to extensibility by offering: extensible protection, extensible management, extensible choice, and extensible ownership. Although the changing landscape of business dynamics and technology developments has created new efficiencies and accelerated business opportunities, these carry with them new forms of sophisticated threats and risks. The current state of UTM will not be enough to address these changes, hence the need for the next generation of UTM – WatchGuard XTM solutions.

View the original article here

Read More

SSL Certificate Security

Jul 04

SSL Certificate Security Part – I

SSL Security is part of PCI Compliance, only installing SSL Certificate won’t secure you from other SSL related vulnerabilities. To check your SSL Certificate and make sure that there is any vulnerabilities that would help you to fix the issue. Please check ssllabs.com to know more about SSL Certificate and ratings given to them.

Couple of days ago, I was reintroduce to ssllabs.com from Qualys. You can check your SSL Certificate and if there is any known vulnerability present on your server side encryption or SSL Protocol Supported by your server. There is also cipher suit supported by server.

I have checked many websites which we think are secured and found they are vulnerable.  I tried to find the fixes of them and found Apache/Linux fix for Cipher security and following are steps for the same.

Steps to fix Apache/mod_ssl Cipher & SSL Protocol Vulnerability:

This changes you need to do at httpd.conf file :

1) To Disable Old SSv2 in Mod_SSL. Add following in httpd.conf

"SSLProtocol all -SSLv2" without Quotation.

2) To disable cipher with weaker encryption key please do following steps. Add following in httpd.conf:SSLCipherSuite HIGH:MEDIUM

Steps to fix Apache/OpenSSL Cipher & SSL Protocol Vulnerability:

This changes you need to do at httpd.conf file or ssl.conf file :

1) To Disable Old SSv2 in OpenSSL. Add following line in httpd.conf"SSLProtocol all -SSLv2" without Quotation.

2) To disable cipher with weaker encryption key please do following steps. Add following line in httpd.conf:"SSLCipherSuite HIGH:MEDIUM" Without Quotation.

In next part I will let you know how to fix the issue with Weak Cipher and SSL Certificate with Windows and Other Servers. Please check your SSL Certificate at http://www.ssllabs.com. SSL Cipher and Protocol Security is must for PCI Compliance.

Author: Gaurav Maniar – MCITP – Windows Server Specialist Window Hosting Security,Exchange Messaging SystemServer Security AuditDomain (ADS) Infrastructure

Read More

AntiPhishing

May 14

Anti-Phishing, I am writing my second article about phishing. After getting good response over my last phishing article. I thought to start again. I know, I  have been away from blogging since last week. It was tiring week at office though. Deadlines and Deadlines..

So,  lets start about Anti Phishing..

What is Antiphishing?

As you have read in my previous article about social engineering and hacking your account.  Hacker would still your confidential personal and financial information.

Now a days, we are hearing more social networking site’s security flow. Like we heard lot about facebook and yelp this week. Please read following URL:

http://techcrunch.com/2010/05/11/another-security-hole-found-on-yelp-facebook-data-once-again-put-at-risk/

That would help hackers/phishing attackers to get access to your personal data.

Here are couple of AntiPhishing software or tools which would help you with phishing attacks:

NetCraft Antiphishing toolbar:

http://toolbar.netcraft.com/

Google Safe Browsing for Firefox and Chrome:

http://www.google.com/tools/firefox/safebrowsing/

Bit Defender Anti-Phishing Tool

http://www.bitdefender.com/PRODUCT-2237-en–BitDefender-Antiphishing-Toolbar-2009-(without-ask.com).html

PhishTank:

http://www.phishtank.com/

Earthlink:

http://www.earthlink.net/software/domore.faces?tab=toolbar

McAffee SiteAdvisor:

http://www.siteadvisor.com/

GeoTrust TrustWatch:

http://geotrust.com/?dmn=trustwatch.com

There are couple of tools available at server level as well to protect your network from phishing:

Untangle AntiPhishing toolkit:

http://www3.untangle.com/Pricing/Value-Packages

Above all software would help you to prevent for any phishing attacks. Make sure that your AntiVirus and Anti spyware would also helps you with phishing attacks.

Author: Gaurav Maniar – MCITP – Windows Server Specialist Window Hosting Security,Exchange Messaging SystemServer Security AuditDomain (ADS) Infrastructure

Read More