Tag Archives: Security

A Crash Course on SSL Certificates – A MUST Read for Every Website Owner

At Superb Internet, we’re always looking out for you. That’s why we want to take the time to give you a crash course on one of the most important elements to keeping your website safe, secured, and compliant – SSL certificates.

Giving You the Lowdown on SSL Certificates

SSL stands for “Secure Sockets Layer” and an SSL certificate is a critical component to keeping your website safe, secured, and compliant.

Any ecommerce website must have an SSL certificate to ensure the safe handling of sensitive information, such as a customer’s personal and credit card information. By adding an SSL certificate, you not only protect your business but also increase customer confidence by safely encrypting your customers’ most sensitive data.

For online transactions, an SSL certificate turns sensitive data into encrypted secure code. The web browser then checks the SSL certificate to make sure that the website is legitimate. Once verified, the web browser and server processes the encoded information.

SSL Certificate 1

This helps to ensure that the sensitive data delivered between the web browser and server is handled safely, securely, and that the website is PCI (Payment Card Industry) compliant.

Why Picking the Right Certificate Authority (CA) Matters

Picking the right Certificate Authorities (CA) is integral in the entire SSL process because they’re the ones issuing these digital certificates. In essence, digital certificates, such as an SSL, are small verifiable data files containing identity credentials that help authenticate the online identity of people, websites, and devices.

Each digital certificate includes valuable information like the expiration date of the certificate, the owner’s name and other important information, along with a public key – a value provided by some designated authority as an encryption key.

ssl-5

As a trusted entity issuing these digital certificates, the CA must meet strict and detailed criteria before being accepted as a member. Once accepted, the CA is authorized to distribute SSL certificates.

The longer the CA has been operational, the more browsers and devices will trust the certificates issued by the CA. One important thing to note is that for certificates to be transparently trusted, it must have “ubiquity” where it’s capable of being backwards compatible with older browsers, including mobile devices.

Overall, CAs play a vital role in how the Internet operates today by protecting information, encrypting billions of online transactions, and enabling secure communication. Without CAs, the Internet would not be as transparent and trustworthy as it is and online transactions would be more susceptible to hacks, data breaches, and phishing.

Get the Perfect SSL Certificate(s) to Meet Your Needs

Of course, not all SSL certificates are created equal. To ensure that you pick the right SSL certificate(s) for your needs, it’s important to understand the main differences in regard to its validation level:

Server Gated Cryptography (SGC) SSL Certificates

To begin, let’s start with one of the original secured digital certificates – the Server Gated Cryptography (SGC) SSL certificate. SGC SSL certificates were made available from the mid 1990’s as a means to increase the cryptographic strength of the SSL connection from 40, or 56 bits, to 128 bits.

At that time, the goal was to force weakly encrypted browsers to use the stronger 128-bit encryption method for online financial transactions. Of course, times have changed and SGC browsers, such as Netscape, are obsolete. The once reliable, and unbreakable 128-bit encryption, is now susceptible to new vulnerabilities and are unable to support the ongoing revisions of SSL protocols.

Today, the standard SSL encryption is 256-bit and we recommend anyone with an SGC SSL certificate to replace it immediately with one of the other types of SSL certificates below based on their validation level and security requirements.

ssl-4

 

Organization Validated (OV) SSL Certificates

Organization Validated (OV) SSL certificates are more trusted because the validation process not only requires for the domain to be authenticated but also additional information and documentation to certify the company’s identity.

The CA must authenticate the company against the business registry databases held by the local government to confirm information, such as the entity’s name, city, state, and country to ensure that it’s a legitimate business. Because of this, the entire process can take anywhere from a few hours, to a few days to complete depending on the CA’s validation process.

OV certificates are considered the standard type of certificate for any commercial website because it contains all the necessary information for company validation. By giving people more visibility into who is actually behind the site when they click on the Secure Site Seal (lock icon) located on the address bar, visitors feel more comfortable sharing their personal information with the site.

Domain Validated (DV) SSL Certificates

Domain Validated (DV) SSL certificates are used on public websites and are one of the cheapest certificates to get. The validation process is very simple and is typically performed via email or DNS to confirm that the domain is registered and that someone with admin rights is aware of, and approves, the certificate request.

Since no company information is vetted, the entire process can be complete almost immediately. If the certificate is valid and signed by a trusted authority, the browsers would indicate a successfully secured “Hyper Text Transfer Protocol Secure (HTTPS)” connection in the address bar.

DV certificates are ideal only to those wanting a quick and low cost SSL where organization validation is not a concern. With this in mind, an informed user may acknowledge that DV certificates do provide encryption and security as other certificates but they may still not trust the site with their personal information because no company information has been vetted as part of the validation process.

Extended Validated (EV) SSL Certificates

If you’re looking to go the extra mile in keeping your website(s) safe, secured, and compliant, then Extended Validated (EV) SSL certificates is the perfect solution for you. Unlike the validation process for DV and OV certificates, getting an EV certificate is more difficult because of its strict and stringent authentication procedure that requires domain ownership and additional company documentation, along with other steps and checks. Overall, there are two main phases to the authentication process.

The first phase requires the CA to conduct thorough research to identify the legal entity that controls the website. This is done by verifying the legal, physical, and operational existence of the company. In addition to verifying that the organization’s identity matches official records, the CA must also ensure that the organization has exclusive rights to use the domain specified in the EV certificate and that it has properly authorized the issuance of the EV certificate. Typically, the CA will also obtain an attorney’s legal opinion on the validity of not only the business but also the information provided to obtain the EV certificate.

The second phase assist with enabling encrypted communication of information over the Internet between the website and the user of an Internet browser. By having processes for facilitating the exchange of encryption keys to prevent hacking, phishing and malware, organizations with EV certificates have a vehicle in place to properly address online identity fraud.

Since the validation process for EV certificates are much more in-depth, the entire process can take a few days, to even a few weeks to complete. Plus, CA’s issuing EV certificates must undergo recurring audits to ensure the integrity of the SSL certificate issued.

EV certificates are an ideal solution for businesses that wish to assert the highest levels of authenticity and security. By adhering to the strictest authentication process, any company with an EV certificate is rewarded with a visible “Green Bar” that’s clearly noticeable on any modern browser. This gives visitors and customers the utmost confidence that the site is extremely secured and compliant.

Wildcard (*) SSL Certificates

Wildcard SSL certificates secures your website similar to standard SSL certificates and the requests are processed using the same validation method. These types of SSL certificates are available for most of the validation levels (DV, OV, EV) mentioned above and can help protect an unlimited number of subdomains for a single domain.

One of the key differences is that Wildcard SSL certificates uses “Subject Alternative Names (SANs)” to secure a domain and all of its first-level subdomains. Whereas, a standard SSL certificate will only secure the domain that you bought the SSL certificate for and any subdomains will be left unprotected unless you purchase a Wildcard SSL certificate or additional SSL certificates for each subdomain.

For instance, let’s take www.SSL.com as an example. By purchasing a Wildcard SSL certificate for this domain, all you would have to do is add an asterisk (*) in the subdomain area located left to the common domain name and you can secure an unlimited number of subdomains for *.SSL.com, such as the following:

  • protection.SSL.com
  • safeguard.SSL.com
  • security.SSL.com
  • browsers.SSL.com
  • internet.SSL.com

Overall, Wildcard SSL certificates is a great solution for those with multiple subdomains who want to save time, money, and to make the SSL administration process easier for securing their site. However, the drawback with Wildcard SSL certificates is that each subdomain is not individually protected. So if a certificate is revoked on one subdomain, other subdomains will be compromised and revoked as well.

Always be on the Lookout and Manage Your SSL Certificates

Having an SSL certificate is an essential part in protecting sensitive data in transit. And while SSL certificates provide additional layers of security, it can still be vulnerable and susceptible to attacks. This is where SSL certificate management comes in. You always have to be on the lookout to ensure that the SSL certificates are managed properly.

Proper SSL certificate management requires knowing the status of each certificate across sites, browsers, and networks. Through careful monitoring of these certificates, website owners can prevent major incidents from occurring, such as phishing and data breaches, which can not only be expensive to resolve but also cause long-term damage to your reputation with customers.

Now is the Time to Protect Yourself, Your Business, and Your Customers

Thinking about getting an SSL certificate for your website? Let us help keep your website safe, secured, and compliant. Whether you’re thinking about getting an SSL certificate to encrypt sensitive information, authentication, PCI compliance, to gain your customers trust, or to prevent phishing and data breaches, we have a wide-array of trusted brands to choose from.

ssl-6

Start now and easily compare SSL certificates from major global CA’s like GeoTrust, Comodo, and Symantec. See our latest line of secured, reliable, and affordable SSL certificates below. Get trusted, be protected, and stay compliant today!

Certificate Authority Certificate Name Validation Level(s) 1 Year 2 Year 3 Year
Comodo EssentialSSL DV $11 $20 $28
GeoTrust RapidSSL DV $18 $26 $38
Comodo InstantSSL OV $39 $79 $99
GeoTrust True Business ID OV $119 $199 $289
Comodo EV SSL EV $179 $359 N/A
GeoTrust True Business ID with EV OV/EV $299 $469 N/A
Comodo EssentialSSL Wildcard DV/WC $179 $289 $399
GeoTrust RapidSSL Wildcard DV/WC $129 $249 $369
Comodo PremiumSSL Wildcard OV/WC $199 $398 $597
GeoTrust True Business ID Wildcard OV/WC $499 $998 $1,497

Recommended Validation Level(s):

Domain Validated (DV) SSL Certificates:

DV certificates are ideal only to those wanting a quick and low cost SSL where organization validation is not a concern.

Organization Validated (OV) SSL Certificates:

OV certificates are the standard type of certificate and contains all the necessary information for company validation.

Extended Validated (EV) SSL Certificates:

EV certificates are an ideal solution for businesses that wish to assert the highest levels of authenticity and security.

Wildcard (WC) SSL Certificates:

WC certificates are a great solution for those with multiple sub-domains who want to save time and money.

Keeping Your Website Safe, Secured, and Compliant – SSL Certificates

What are SSL Certificates?

SSL stands for “Secure Sockets Layer” and an SSL certificate is a critical component to keeping your website safe, secured, and compliant.

How SSL Certificates Work?

Any ecommerce website must have an SSL certificate to ensure the safe handling of sensitive information, such as a customer’s personal and credit card information. By adding an SSL certificate, you not only protect your business but also increase customer confidence by safely encrypting your customers’ most sensitive data.

For online transactions, an SSL certificate turns sensitive data into encrypted secure code. The web browser then checks the SSL certificate to make sure that the website is legitimate. Once verified, the web browser and server processes the encoded information.

This helps to ensure that the sensitive data delivered between the web browser and server is handled safely, securely, and that the website is PCI (Payment Card Industry) compliant.

SSL Certificate Management

Having an SSL certificate is an integral part in protecting sensitive data in transit. And while SSL certificates provide additional layers of security, it can still be vulnerable and susceptible to attacks. This is where SSL certificate management comes in.

Proper SSL certificate management requires knowing the status of each certificate across sites, browsers, and networks. Through careful monitoring of these certificates, website owners can prevent major incidents from occurring, such as phishing and data breaches, which can not only be expensive to resolve but also cause long-term damage to your reputation with customers.

Let Us Protect Your Website

Thinking about getting an SSL certificate for your ecommerce website? Let us help keep your website safe, secured, and compliant. With our easy-to-follow SSL comparison table, you can effortlessly find the right SSL certificate that’s perfect for your website.

Whether you’re thinking about getting an SSL certificate to encrypt sensitive information, authentication, PCI compliance, to gain your customers trust, or to prevent phishing and data breaches, we have a wide-array of trusted brands to choose from.

How do I Install an SSL Certificate for my Website(s)?

Here are the steps to follow when installing an SSL certificate for your website(s) with us:

1. From the “myCP” homepage, click on “Account Options” and select “Order Upgrades / Add-Ons.”

myCP

2. Scroll down to the SSL certificate section and choose the SSL certificate you want, including the quantity and timeframe. Click “Next” once you’ve finalized on your SSL certificate.

SSL certificate section

3. Fill in all the required information on the SSL certificate order form:

  • Contact First Name
  • Contact Last Name
  • SSL Domain Name

            * Note: Enter the domain name using the SSL certificate (usually www.yourdomain.com).

  • Company Name
  • Company Address
  • Company City
  • Company State or Province
  • Company Phone Number
  • Company Postal / Zip Code
  • Contact Email
  • Country

SSL Order Form

4. Please create a Certificate Signing Request (CSR) if you are a dedicated server customer. Follow the link for additional details from SSL vendor for generating a CSR.

CSR Generation

CSR Generation Part II

5. Before submitting the order, please ensure that the email “admin@example.com” exists on your server where “example.com” is the site that you’re ordering the SSL certificate for.

SSL email example

6. Copy and paste the CSR into the designated area on the order form and click “Complete Order.”

CSR Code Paste section

 

 

Start now and easily compare SSL certificates from major brands like GeoTrust, Symantec, Comodo, and Rapid. See our SSL comparison table for additional details.

 

How to improve your ecommerce server security & love yourself – Part 3

 

English: A candidate icon for Portal:Computer ...

This series is focused on developing the best possible security for an ecommerce server. We seek to go beyond industry standards such as PCI compliance. Perhaps needless to say, PCI-DSS parameters are extremely stringent and thorough because the credit card companies (Visa, MasterCard, etc.) have developed them. However, the density of these rules disallows a simple, step-by-step action plan. We are looking at basic steps we can take to strengthen security.

Servers must be secure, sure: we all know that. Another form of security must be remembered at all times though: security of the self. When we feel that the centers of our souls are disintegrating into tiny little wisps of nothingness, when we fear that the integrity of our entire lives and structural makeups is separating from us and forming new relationships with outside entities (gradually removing us from Earth), we must take action. Below, we will finalize our comments on that subject as well.

Up to this point we have discussed the following subjects: choice of hosting service, development of a security plan, SSL certificates, website backups, vulnerability scan software, monitoring and updates, selection of payment gateway, and the general issue of balance. Today, we will focus specifically on passwords.
Continue reading How to improve your ecommerce server security & love yourself – Part 3

Firewalls 101: Hardware, Software & Web Application Firewalls – Part 3

Web Applications in Real Life
Web Applications in Real Life

Okay everyone… As we are learning in this series, it turns out what our grandparents have been telling us since we were born (first conveyed to us via crudely hand-drawn pictures and a primal, baby-rattle version of Morse code) is accurate. You really can never get enough information about firewalls. For that reason, we are discussing them at length: first firewalls in general; then distinctions between hardware and software firewalls; and finally, in this post, Web application firewalls (WAFs).

The primary articles cited for this series are from the Michigan Cyber Initiative (“Hardware Firewall vs. Software Firewall”); Open Web Application Security Project (“Best Practices: Use of Web Application Firewalls”); PCWorld (“What You Should
Continue reading Firewalls 101: Hardware, Software & Web Application Firewalls – Part 3

Firewalls 101: Hardware, Software & Web Application Firewalls

 

SVG version of Image:DMZ network diagram 2 fir...
DMZ network diagram 2 firewalls

Firewalls: We all know they are vital for Internet security, but what are their basic purposes and flavors? This series serves as a basic beginner’s guide to firewalls of the three major types: hardware, software, and web application (WAFs).

For this three-part series, we will look at information from several different sources. The primary ones will be “Hardware Firewall vs. Software Firewall,” from the Michigan Cyber Initiative; “Best Practices: Use of Web Application Firewalls,” from the Open Web Application Security Project (OWASP); and “What You Should

Know About Firewalls,” by Michael Desmond for PCWorld. This first part will focus on firewalls generally. The second part will target the differences between hardware and software firewalls; and web application firewalls will be explored in-depth in the third installment.
Continue reading Firewalls 101: Hardware, Software & Web Application Firewalls

Best cPanel Plugins, Part 1

 

Logo

Using cPanel/WHM for hosting is greatly enhanced by taking advantage of the many plugins that have been built by third parties to increase the functionality of cPanel. Administration is simplified by these plugins. The speed and effectiveness of your capabilities using your cPanel system will get a huge boost by becoming familiar with some of the best options out there.

These plugins are across a broad spectrum. They all, in one way or another, help with configuration, management, and/or tools – a broadening of what cPanel can offer as a server administration control panel.

For this piece, I referenced a piece on GK~root. The GK~root article specifically recommends the ConfigServer plugins, which are available as a complete package through Way to the Web. This article (the one you’re reading or having read to you in a dramatic whisper by your executive assistant, Sheila ) also cites the cPanel site directly, listing the three apps that are rated the highest by users: Google Apps Wizard, WHAM!, and Atomicorp Modsecurity Rules.

Below I will provide summaries of the plugins, as well as the origins of their names. Be aware as you are installing plugins that the entire cPanel system can be plugged into another cPanel system. There is no reason to do that, however, and it will send cPanel spiraling on a repeating loop that will eventually make it develop artificial intelligence (as it sees itself seeing itself), grow increasingly despondent for several days, and then “willingly” self-destruct.

Atomicorp Modsecurity Rules

This plugin is a firewall with a database of 15,000 signatures. It also is fully customizable and makes it easy to develop your own firewall system.

Origin: The name was derived from the developer’s initial desire to use nuclear fission to attempt to make starfish “speak their thoughts” (who knows what he meant by that, although I’m pretty sure I just heard a starfish say that he’s tired).

ClamAV Scanner

Clam Antivirus (ClamAV) enables you to scan for antivirus and spyware on the server. Once installed, you will see a Virus Scanner icon within cPanel.

Origin: The creator of ClamAV ate clam chowder, and as you can imagine, contracted a horrible stomach virus. He came up with both an antidote for chowder-induced food poisoning and this plugin.

Clean Backups

This plugin allows you to save backups of any accounts that are removed from the system. These accounts are saved to the backup drive and remain there until they are manually removed.

Origin: Clean Backups is named after the Scottish tradition of storing a second bar of soap in the bathroom for hygiene emergencies.

ConfigServer Explorer (cse)

This app provides a graphical user interface (GUI) for managing your file system, along with a window that allows you to use cPanel within any of the major Internet browsers (serving essentially as a browser add-on in that capacity).

Origin: This application was called Explorer not because it explores the files, but because Ponce de Leon wrote the full code for this plugin in his diaries during a fever when he was thought to be losing his mind.

ConfigServer Mail Manage (cmm)

This plugin means that you don’t need to log in to a specific user’s account in order to be able to manage email. Instead, you have immediate configuration options accessible through this app.

Origin: “Mail manage” were the final words of Marlon Brando. It is thought that he was concerned his subscriptions to Guns & Ammo and People would continue indefinitely if someone did not go through all of his scattered paperwork.

ConfigServer Mail Queues (cmq)

This allows you to control the network’s email queues through a GUI with various features for exim administration via WHM.

Origin: This plugin was inspired by the 2002 song of the same name by the Indiana-formed folk-punk band Ghost Mice. The band reportedly hated having to wait in line to send out care packages to their girlfriends, all of whom were in prison.

ConfigServer ModSecurity Control (cmc)

This gives you a GUI in WHM so that you can better see and control the mod_security module.

Origin: ModSecurity Control was originally named MobSecurity Control until it was used to attempt to control angry mobs during a poorly refereed championship high school soccer game in Newport, Rhode Island. It was then realized that it could only provide virtual control.

ConfigServer eXploit Scanner (cxs)

This app specifically provides security against exploitation whenever a file that scans is loaded onto the server.

Origin: eXploit Scanner is the name given in Australia to a man hired by a bachelor to go to a bar with him to scan the clientele for potential exploits or adventures (typically attractive members of the opposite sex, although anyone with access to helicopters and kangaroo hunting equipment is also targeted).

ConfigServer Security&Firewall (cxs)

This plugin protects Linux servers with a firewall, detects against intrusion, and provides additional security features.

Origin: Security&Firewall is named after the first-born daughter of Charles II of England, the first-recorded usage of an ampersand (“&”) in a name. Security&Firewall went on to develop a new and innovative way to look dainty and not say anything (strange why her name should be used for a security plugin).

Domains Statistics

This app provides organized statistical information for any of the URLs that you are running on the server.

Origin: The origin of “Domains Statistics” is unknown. It is widely believed that it is simply a description of what the plugin allows, but conspiracy theorists believe it is a code phrase used by the CIA to refer to all Americans as statistics just waiting for eminent domain to steal all their stuff (dreams included).

Google Apps Wizard (cPanel #1 Rating)

This plugin integrates WHM with Google Apps so that you can more easily manage the service on any sites hosted on the server. To use Google Apps with any of your domains, the wizard requires only two clicks. This plugin is the highest rated one on the cPanel site, with a score of 4.4 out of 5 stars.

Origin: The wizard in its name is based on the use of DNA from a medieval wizard in its code. Note that the plugin sometimes accidentally creates a potion that makes your server disappear, appear briefly in a parallel reality light years away, then reappear four feet away from its original location.

Installatron Applications Installer

This plugin allows for one-click installations of any apps you might want to add to your site – making the installations faster and providing easier management.

Origin: Installatron is the name of a demonic drywall installation overlord-bot who ruled despotically over the Iowa commercial construction market throughout the 1970s, installing drywall haphazardly and using cancerous chemicals to attempt to bring Iowa to its knees (no dice!).

Munin Service Monitor

Munin monitors resources and conducts analysis to understand what events on the network slow down its performance. The app is intended to be extremely user-friendly and intuitive. It can be installed via a standard setup that consists of a series of instructional images.

Origin: The makers of Munin claim that it was a raven of Odin, the King of the Gods in Norse mythology, and that it means “memory.” This is actually untrue. Munin was in fact a chronically rabid bear that belonged to Pimtad, the guy who cleaned up for the Norse gods after they finished meals or games of “Let’s Throw a Bunch of Stuff Around.”

Restore Manager

Easily restore backups of such elements as files, email, and databases. You can choose specific files or folders, for example, and restore the selected items all at once. This plugin allows you to go into the backup and make those selections rather than having to download and work with the entire backup.

Origin: Restore Manager was inspired by a store manager reemerging as a beacon of leadership for an Ace Hardware store in Biloxi, Mississippi. Though many people at the time said, “You’re not using the word ‘restore’ correctly,” the manager, Neil Lemon, went against all odds and kept referring to himself by the improper designation.

WHAM! (cPanel #2 Rating)

WHAM! allows management of all of your servers through one control panel. Its features, then, allow you to perform numerous administrative functions with access to all the information and files on your network. Its features include the following:

•    Account location to find account or duplicates of accounts on any of your servers

•    Account management to create, edit, or delete accounts

•    Firewall to disallow access to the system unless requests are coming from specified IP addresses

•    Addition of other users, with the ability to grant certain access privileges

•    Logging of all activities – especially helpful if you have additional users entering the WHAM! control panel

•    Quick and easy configuration & restarting of the cPanel platform

•    Settings that allow modifications to email notification preferences, your timezone, and other parameters

•    DNS-related tools including DNS details, WHOIS lookups, and checks of RBL.

•    Manage cPanel itself – including plugins, domains and subdomains, and email.

This plugin is the second-highest rated app on the cPanel site, with a score of 4.3 out of 5 stars.

Origin: “WHAM!” was Neil Armstrong’s actual statement when he first set foot on the moon. He then made some disparaging remarks about the Russian space program and started complaining about how hot it was inside his spacesuit.

Summary & Conclusion

Check out some of the above plugins. Each of them can make your server administration easier. You can use full-spectrum solutions for management of your network, such as WHAM!, a kind of overlay control panel to place overtop of WHM and pull in all your server information for easy management. You can use any of the ConfigServer options to configure your server. Restoring, monitoring, installing, and getting a sense of traffic stats are all improved with the other user-friendly plugins.

Note that the only way to save cPanel if you do make the mistake of plugging it into itself is to then, in turn, plug the cPanel with cPanel plugged into it back into the original cPanel. This forms a pretzel arrangement that confuses and subdues cPanel. Also please be aware that playing classical music to your network makes it grow faster, so don’t do that.

by Kent Roberts and Richard Norwood