Video Screencast Help
Search Video Help Close Back
to help

Website Security Solutions

Showing posts in English
A solid foundation for public sector security.
Andy Horbury | 20 May 2013 | 0 comments

The public sector has a somewhat mixed record when it comes to staving off security breaches within its walls. In the UK, for example, the hugely embarrassing data losses at HMRC (Inland Revenue/Taxation services) – when the personal details of 25 million people were heavily compromised, due to what were described as "serious institutional deficiencies" – still linger in the mind a few years down the line.

On the plus side, the UK government has been heavily engaged in getting its own house in order, identifying information security as a key priority for 2013 and beyond. In recent months, new initiatives to address growing cyber security threats have been announced, with a cyber security ‘fusion cell’ established for cross-sector threat information sharing. The intention is to put government, industry and information security analysts side-by-side for the first time. The analysts will be joined by members of intelligence agencies,...

Read more
How secure is your website?
Andy Horbury | 15 May 2013 | 0 comments

Nearly a quarter of IT managers don’t know how secure their website is.

2011’s security breach at Sony’s PlayStation Network, thought to be the largest data security leakage ever, was so damaging its effects are still being felt today. After an infection of 10 of its servers, over 75 million global customer account details were stolen. Questions were raised in parliaments worldwide, lawsuits were launched and user access to games was blocked for over a month.

This was a very significant and public security failing and resultant loss of trust, but according to the results of a new survey, similar vulnerabilities could exist right across the web. The problem is that most companies just don’t know.

In Symantec Website Solution’s vulnerability gap white paper we...

Read more
What you need to know to migrate from 1024-bit to 2048-bit encryption
Andy Horbury | 13 May 2013 | 0 comments

I hope by now that you are aware that the Certificate Authority/Browser Forum has mandated that Certificate Authorities stop supporting 1024-bit key length RSA certificates for both SSL and code signing by the end of this year (2013). To learn more about these changes please read the CA/Browser Forum’s paper on the Baseline Requirements for the Issuance and Management of Publicly-Trusted Certificates

What do you need to do?

Any Symantec customers with certificates expiring this year (2013) will need to renew by generating a Certificate Signing Request (CSR) of 2048 bits or higher. Any Symantec customers with certificates expiring in 2014 or later will need to replace and upgrade all 1024-bit certificates with 2048-bit RSA/DSA or 256-bit ECC certificates by 1st October 2013. All existing 1024-bit certificates will be discontinued...

Read more
A path of Least Resistance
Belinda Charleson | 09 May 2013 | 0 comments

This year’s ISTR illustrates more clearly than ever before that the path of least secure resistance is going to be the path taken by hackers.

In years past, the profile of a hacker was an idle college kid or ‘script kiddie’, and accounted for most of the damage seen on the internet. Security measures rose, and more basic tools became available to secure the network at more reasonable prices. But when the going gets tough, the tough turn pro. Zeus, SpyEye, and other Trojans can now be ordered online in Full setup packages or piecemeal the same way you can buy shoes or books online. I suppose it was inevitable – in the end, everything is going to be for sale.

And who is being targeted? Sure, we still hear about the major breaches suffered by big credit cards and banks. But what about the little companies? Symantec’s...

Read more
Lunch at Net.Finance
Jeannie Warner | 06 May 2013 | 0 comments

What is the Financial industry thinking about these days? Symantec sponsored a lunch at Net.Finance, where we invited attendees to have lunch and talk about how to increase traffic to and usage of eCommerce as a way of doing business and conducting transactions. In attendance were a variety of guests ranging from very large commercial banks to small vendors working on new transactional solutions as a service. We posed a few set questions to open up the floor for discussion, with some thoughtful responses.

 For an opener, and because it’s always most fun to start with current challenges to get people talking, we asked our guests about their obstacles to convincing customers to use online services. Demographics were the first point that came up instantly: Users over 50 are slow to embrace new technology and slow to trust unfamiliar new ideas. There was some laughter at my table, as a couple of the...

Read more
Self-Signed Certificates – How and When to Use Them | Symantec
Brian Wall | 06 May 2013 | 0 comments

How and when to use self-signed SSL Certificates

SSL – Secure Socket Layer – is a vital weapon in the armory of any organisation intent on ensuring its systems are safe. It is the standard behind ensuring secure communication on the Internet, integrating data cryptography into the protocol.

On your travels through the security world, you may also have come across the best-known open library for secure communication: OpenSSL (OpenSecure Socket Layer). You may even use it within your business – but that’s probably the extent of your knowledge of its inner workings. As Steve Marquess of the OpenSSL Software Foundation himself told me recently: “It is very difficult to describe [such] cryptography succinctly for laymen”, and anyone delving into OpenSSL would no doubt swiftly agree! After all, you don’t have to understand a tool fully to use it properly. Still, more information about when to use this tool can be very helpful.

...
Read more
TLS and VPNs the Symantec Way
Brian Wall | 01 May 2013 | 0 comments

Transported to a more secure environment

Virtual private networks (VPNs) are a real boon when it comes to reducing the cost of business communication, while at the same time extending secure remote access to teleworkers, travellers and mobile professionals. But deploying and managing a secure VPN can be challenging, to say the least. So, what are your options, if you want to be really safe?

Transport Layer Security (TLS) – successor to Secure Sockets Layer (SSL) – should certainly be high in your thoughts. For those not too familiar with the technology, this is a point-to-point communication encryption mechanism that can be used in a variety of applications for securing traffic (HTTPS, SMTPS, POP3S etc). A TLS-based VPN enables otherwise non-encrypted traffic to travel down an encrypted path. The upshot is the safeguarding of sensitive data on websites, intranets and extranets.

A VPN can be configured to only route secure traffic,...

Read more
What is an SSL VPN
Brian Wall | 29 Apr 2013 | 0 comments

SSL VPNs – DELIVERING VIP VALUE

With heavier demands for access to corporate and personal information – especially when ‘on-the-go’, via a proliferation of mobile devices  – staying safe has never been more challenging or crucial.

Coping with this is something that organisations have to manage in their working environments. As new technology evolves, the challenge is to stay ahead of the game

Virtual Private Networks (VPNs) have become a common and easy way to secure communications over the internet. VPN services are a fundamental part of distributed systems, enabling the creation of secure data tunnels to remote sites or hosts. VPNs use cryptography to scramble data, so that it's unreadable during its journey across the internet, protecting data security and integrity. Deploying VPNs allows businesses to deliver secure, encrypted connectivity for a workforce on the move, which needs access to critical corporate network...

Read more
Ecommerce Melbourne
Belinda Charleson | 01 May 2013 | 2 comments

eCommerce is growing worldwide, and according to recent estimates from eMarketer online sales hit USD1 trillion in 2012 – which represented a year on year growth of over 21%. And what does this mean for Australia? The numbers for AU are equally as encouraging with ecommerce sales growing to $37.1 billion in 2013 (up from $33 billion in 2012)*.

To support this growth and explore the drivers and opportunities for the region, a new conference and expo was run in Melbourne last week: The Symantec Web Security Solutions Team attended the inaugural eCommerce Conference and Expo in Melbourne, Victoria. The event consisted of a packed conference track and a large expo show floor, and was well attended from a wide ranging group of people from enterprise and technology solution providers to SMB and start-up businesses. What they all had in...

Read more
2012 Threats in Review - Part 2
Brad | 26 Apr 2013 | 0 comments

In my last blog, I talked about how the 2012 Internet Security Threat Report points out the vulnerabilities common for small- and medium-sized businesses, and because of their mistakes for the larger enterprises that do business with them. So let’s talk about some good practices to address these risks.

First and most important is education. Employees need to understand what the company rules are on how to be secure, and understand each of their individual roles in the process. In turn, the roles and responsibilities need to support good security policies including separation of duties, access controls, and the idea of 'least privilege'. For anyone new to the concept, least privilege is illustrated most simply that a temporary secretary shouldn’t have access to the same databases at the same level of...

Read more