Information Technology Whitepapers

Hackers and cybercriminals are constantly refining their attacks and targets; which means you need agile tools to stay ahead of them. Download this white paper, Reducing the Cost and Complexity of Web Vulnerability Management, to learn how you can reduce the risk of hackers finding your site and attacking it by using automated vulnerability assessments to identify exploitable weaknesses and take corrective action.

What underlies SSL certificates is a well-established method for securing communication and authenticating services. To better understand how SSL certificates can protect online business, it helps to know something about the inner workings of SSL. Working with SSL certificates is a bit like driving a car - you do not need to be an auto mechanic to drive a car, but it can help to know the basics of how your engine and transmission work.

This chapter is organized into three sections:
• How SSL certificates work
• Web applications with and without SSL certificate protection
• Authentication and trust

The first section looks under the hood of an SSL certificate to describe its components and how they work to secure communications and support authentication. The second section continues the look-under-the-hood approach and considers how an application without SSL certificate protections operates differently than one using SSL certificates. In the third section, continuing our regimen of delving into the implementation details of SSL certificates, we look at how SSL certificates are created, the different types of SSL certificates, and the role of SSL certificate providers in establishing and maintaining a trust relationship between providers of SSL certificates, businesses that use them, and customers that expect the kinds of protections they provide.

Businesses face an increasingly complex set of threats to their Web applications—from malware and advanced persistent threats (APTs) to disgruntled employees and unintentional data leaks. Although there is no single security measure than can prevent all threats, there are some that provide broad-based mitigation to a number of threats. The use of SSL encryption and digital certificate-based authentication is one of them. Changes in the way we deliver services, the increasing use of mobile devices, and the adoption of cloud computing compounded by the ever-evolving means of stealing information and compromising services leave Web applications vulnerable to attack. SSL encryption can protect server-to-server communications, client devices, cloud resources, and other endpoints in order to help prevent the risk of data loss. A later chapter provides a step-by-step guide to assessing your needs, determining where SSL encryption and digital certificate-based authentication may be helpful, planning for the rollout of SSL to Web applications, and establishing policies and procedures to manage the full life cycle of SSL certificates. In this chapter, we turn our attention to the combined risk of losing data and losing customer trust.

As organizations implement EHRs—or as they ramp up their existing systems to make them more robust—concerns about patient privacy will move to the forefront. This report looks at the challenges surrounding the new world of EHR technology, including the requirements that govern protecting confidential patient data online, as well as security breaches and other risks that come with storing and accessing that information with web-based systems. The report also details the measures that organizations need to start taking right now to prepare for the upcoming changes in the healthcare industry.

While most people know that SSL secures e-commerce transactions, SSL is also a cornerstone for securing many communication technologies, including email, instant messaging (IM), and voice-over-IP (VOIP). SSL is used to both authenticate your Exchange server and service as legitimately yours, and to trigger an encrypted session each time a user connects to your Exchange environment. When you request an SSL certificate, a third party (such as VeriSign Authentication Services) verifies your organization’s information and issues a unique certificate to you incorporating that information. This is known as the authentication process.

Many cloud service providers can deliver the security that enterprises need and SSL (Secure Sockets Layer) certificates are part of the solution. More specifically, SSL is the solution for securing data when it is in motion. The goal of this white paper is to help enterprises make pragmatic decisions about where and when to use cloud solutions by outlining specific issues that enterprises should raise with hosting providers before selecting a vendor, and by highlighting the ways in which SSL from a trusted certificate authority can help enterprises conduct business in the cloud with confidence.

The recent release of the Firesheep Wi-Fi attack tool has increased awareness among both users and attackers of the inherent insecurity of unprotected HTTP connections. Firesheep allows an attacker connected to the local network to monitor the web sessions of other users on that network. As experts proclaimed in reaction to Firesheep, the best solution to the problem is to use TLS/SSL for all connections to web sites, including the home page. Download Protecting Users From Firesheep and other Sidejacking Attacks with SSL to learn how to avoid these attacks.

TLS (Transport Layer Security), widely known as SSL (Secure Sockets Layer), is the most well known method to secure your web site. But it can also be used for much more.

Read the white paper, "Best Practices and Applications of TLS/SSL," to learn how TLS works, best practices for its use and the various applications in which it can secure business computing.

Gaining the trust of online customers is vital for the success of any company that requires sensitive data to be transmitted over the Web. Most consumers are concerned that their sensitive information will be intercepted in-transit, or perhaps the destination web site is manned by imposters with malicious intent.

Read this white paper and learn how to best implement a security strategy that keeps consumers' information secure and instills the confidence they need to proceed with transactions.

With the threat of identity theft and other types of fraud rampant on the internet, many consumers are reluctant to release their details, even if that means abandoning a sale.
Read this white paper and learn how the proper IT security policies can actually drive more sales. It also discusses how Extended Validation (EV) works, why phishing is such a problem, and how to get better results using EV SSL.