Website Security Solutions

Website Security Solutions allow companies and consumers to engage in communications and commerce online with trust and confidence. With more than one and a half million web servers using our SSL certificates, an infrastructure that processes more than four and a half billion certificate checks daily, and a trust mark that is seen more than half a billion times a day in 170 countries, the Norton Secured seal is the most recognized symbol of trust on the Internet.

Follow Us on Twitter
  • 0
    Created: Brook R. Chelmo 16 Apr 2014

    Heartbleed, Y2K and misplaced worry.

    Over the past week news about the Heartbleed OpenSSL vulnerability draws some similarities and also some dissimilarities to the Y2K bug; remember that?  In early 1999, there were stories of people building our survival bunkers in the basements of their homes in order to prepare for the potential fallout from the Y2K bug.  As you may recall IT companies scrambled, airlines were fraught with angst , and governments paid very large sums of money to ensure the sky wouldn’t fall down on us.  As we know now New Year’s Day 2000 came and went with nary a hitch, although companies were left to pay some hefty Y2K consultant bills (it was reported at the time that AT&T paid over $500...
  • 9
    Created: Tom Powledge 09 Apr 2014

    Heartbleed in OpenSSL: Take Action Now!

    This week a vulnerability dubbed “Heartbleed” was found in the popular OpenSSL cryptographic software library (http://heartbleed.com).  OpenSSL is widely used, often with applications and web servers like Apache and Nginx.   OpenSSL versions 1.0.1 through 1.0.1f contain this vulnerability, which attackers can exploit to read the memory of the systems.  Gaining access to the memory could provide attackers with secret keys, allowing them to decrypt and eavesdrop on SSL encrypted communications and impersonate service providers. Data in memory may also contain sensitive information including usernames and passwords. Heartbleed is not a vulnerability with SSL/TLS, but rather a...
  • 1
    Created: Elliot_Samuels 04 Apr 2014

    Applying for an SSL certificate? Do your homework first!

    If you need an SSL certificate to protect your website or some other business-critical application such as email or storage systems, then you need to remember your ABCDs. A is for the Appropriate certificate There are a few different types of SSL certificate out there for different applications. For example, there are Unified Communications Certs (UCC) and code signing certificates. But the most common type is designed to secure a website, authenticate it and encrypt the traffic between the site and the user. Within this group there are SSL Wildcard certificates that are ideal if you want to protect multiple subdomains of the same address, for example if you had multiple sites for different languages such as uk.company.com and us.company.com. For other certificates, you have a choice of Extended Validation certificates which give site...
  • 0
    Created: Jane Broderick 26 Mar 2014

    Internet safety in the Netherlands

    ‘The attacker still has the upper hand,’ says the Dutch government’s most recent Cyber Security Report. The report continues: attackers are getting smarter, more devices are being connected to the internet and yet many incidents could have been prevented by implementing basic security measures. The human and business consequences are high. In 2011, for example, internet banking fraud alone resulted in Dutch losses of €35 million, according to the report.  Over 3 million Dutch citizens in 2013 said that they have been victims of cybercrime in the last 12 months according the Norton Cybercrime Report. In 2012, one in eight Dutch adults were the victim of cybercrime,...
  • 0
    Created: Elliot_Samuels 05 Mar 2014

    Do you need your own private Certificate Authority?

    Stronger, resilient Private CA removes risk while lowering costs On 1 October 2016 in line with the CA/Browser Forum’s Baseline Requirements, publicly trusted SSL certificates can no longer be issued to reserved IP addresses or Internal Server Names. To overcome this: 1. You can update all your internal servers to use publically resolvable domains names or fully qualified domain names 2. You can set up an internal self-signed certificate authority 3. Or you could use Symantec’s Private CA offering A key part of Symantec’s Managed PKI for SSL product this allows you to continue to use reserved IP addresses or Internal Server Names utilising Symantec’s Private Certification Authority (CA) that provides a hosted private SSL certificate hierarchy and end-entity certificates specifically built to secure internal servers. Symantec’s Private CA uses the same solid infrastructure, which has 100% up-time track record* and robust business continuity programs, organisations meaning companies can put aside the security and disaster recovery infrastructure required to develop, store, and secure private keys. * since 2004
  • 1
    Created: Jimmy Edge 27 Feb 2014

    10 rookie SSL mistakes and how to avoid them

    Choosing based on price. Not all certificate authorities (CA) are the same. The security of your certificates depends in part on how secure the CA is, so it pays to choose wisely. In addition, when you’re installing new SSL certificates you need a company that can provide a full range of services and the backup to make the installation go smoothly. (Symantec secures more than one million Web servers worldwide, more than any other Certificate Authority.) Not being prepared. Before you apply for a certificate, you will need...
  • 0
    Created: Brook R. Chelmo 18 Feb 2014

    How to Manage the SHA-1 Deprecation in SSL Encryption

    For many website owners and network security admins 2013 was the final push to move older websites and servers off of 1024-bit RSA SSL certificates to 2048-bit RSA certificates. This was an industry wide effort and one that was essential to safeguard the future of SSL/TLS. For us here at Symantec it was a year of education, communication, and mobilization.  Although many people were comfortable with SSL certificate administration and the base functions of the technology, many did not understand the core aspects of SSL encryption.  Our webinars, blogs and other publications on the subjects of algorithms and encryption levels became highly popular; and still are. Now that 2013 has come to a close and the migration from 1024-bit SSL certificates are becoming a distant memory it is time to switch your mind to hash algorithms (e.g. SHA-1) as we embark on another migration to higher cryptographic standards before 2017. Once again this is an industry wide push to ensure...
  • 3
    Created: Andy Horbury 12 Feb 2014

    Code signing 101: Why developers need digital certificates for applications

    Code signing does two things extremely well: it confirms who the author of the software is and proves that the code has not been altered or tampered with after it was signed. Both are extremely important for building trust from customers and safely distributing your software.
  • 1
    Created: Andy Horbury 06 Feb 2014

    How customers really react to web browser security warnings

    The University of California, together with Google, recently undertook a study to track real-world clickthrough rates from browser security warnings in two of the most popular web browsers Google Chrome and Mozilla Firefox. The results reveal a much more security-conscious population than you might expect.
  • 0
    Created: Jimmy Edge 29 Jan 2014

    Understanding Always On SSL and SEO

    ‘I don’t know of any reason why you[r website] wouldn't be able to rank with just HTTPS,’ says Matt Cutts of Google.