Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Website Security Solutions
Showing posts in English
Jeannie Warner | 06 May 2013 | 0 comments

What is the Financial industry thinking about these days? Symantec sponsored a lunch at Net.Finance, where we invited attendees to have lunch and talk about how to increase traffic to and usage of eCommerce as a way of doing business and conducting transactions. In attendance were a variety of guests ranging from very large commercial banks to small vendors working on new transactional solutions as a service. We posed a few set questions to open up the floor for discussion, with some thoughtful responses.

 For an opener, and because it’s always most fun to start with current challenges to get people talking, we asked our guests about their obstacles to convincing customers to use online services. Demographics were the first point that came up instantly: Users over 50 are slow to embrace new technology and slow to trust unfamiliar new ideas. There was some laughter at my table, as a...

Brian Wall | 01 May 2013 | 0 comments

How and when to use self-signed SSL Certificates

SSL – Secure Socket Layer – is a vital weapon in the armory of any organisation intent on ensuring its systems are safe. It is the standard behind ensuring secure communication on the Internet, integrating data cryptography into the protocol.

On your travels through the security world, you may also have come across the best-known open library for secure communication: OpenSSL (OpenSecure Socket Layer). You may even use it within your business – but that’s probably the extent of your knowledge of its inner workings. As Steve Marquess of the OpenSSL Software Foundation himself told me recently: “It is very difficult to describe [such] cryptography succinctly for laymen”, and anyone delving into OpenSSL would no doubt swiftly agree! After all, you don’t have to understand a tool fully to use it properly. Still, more information about when to use this tool can be very helpful.

Brian Wall | 01 May 2013 | 0 comments

Transported to a more secure environment

Virtual private networks (VPNs) are a real boon when it comes to reducing the cost of business communication, while at the same time extending secure remote access to teleworkers, travellers and mobile professionals. But deploying and managing a secure VPN can be challenging, to say the least. So, what are your options, if you want to be really safe?

Transport Layer Security (TLS) – successor to Secure Sockets Layer (SSL) – should certainly be high in your thoughts. For those not too familiar with the technology, this is a point-to-point communication encryption mechanism that can be used in a variety of applications for securing traffic (HTTPS, SMTPS, POP3S etc). A TLS-based VPN enables otherwise non-encrypted traffic to travel down an encrypted path. The upshot is the safeguarding of sensitive data on websites, intranets and extranets.

A VPN can be configured to only route secure traffic,...

Brian Wall | 29 Apr 2013 | 0 comments


With heavier demands for access to corporate and personal information – especially when ‘on-the-go’, via a proliferation of mobile devices  – staying safe has never been more challenging or crucial.

Coping with this is something that organisations have to manage in their working environments. As new technology evolves, the challenge is to stay ahead of the game

Virtual Private Networks (VPNs) have become a common and easy way to secure communications over the internet. VPN services are a fundamental part of distributed systems, enabling the creation of secure data tunnels to remote sites or hosts. VPNs use cryptography to scramble data, so that it's unreadable during its journey across the internet, protecting data security and integrity. Deploying VPNs allows businesses to deliver secure, encrypted connectivity for a workforce on the move, which needs access to critical corporate network...

Belinda Charleson | 29 Apr 2013 | 2 comments

eCommerce is growing worldwide, and according to recent estimates from eMarketer online sales hit USD1 trillion in 2012 – which represented a year on year growth of over 21%. And what does this mean for Australia? The numbers for AU are equally as encouraging with ecommerce sales growing to $37.1 billion in 2013 (up from $33 billion in 2012)*.

To support this growth and explore the drivers and opportunities for the region, a new conference and expo was run in Melbourne last week: The Symantec Web Security Solutions Team attended the inaugural eCommerce Conference and Expo in Melbourne, Victoria. The event consisted of a packed conference track and a large expo show floor, and was well attended from a wide ranging group of people from enterprise and technology solution providers to SMB and start-up businesses. What...

Brad | 26 Apr 2013 | 0 comments

In my last blog, I talked about how the 2012 Internet Security Threat Report points out the vulnerabilities common for small- and medium-sized businesses, and because of their mistakes for the larger enterprises that do business with them. So let’s talk about some good practices to address these risks.

First and most important is education. Employees need to understand what the company rules are on how to be secure, and understand each of their individual roles in the process. In turn, the roles and responsibilities need to support good security policies including separation of duties, access controls, and the idea of 'least privilege'. For anyone new to the concept, least privilege is illustrated most simply that a temporary secretary shouldn’t have access to the same databases at the...

rhoblit | 22 Apr 2013 | 0 comments

The Online Certificate Status Protocol (OCSP) is the protocol used by browsers to obtain the revocation status of a digital certificate attached to a website. Naturally OCSP speed is considered one of the main criteria for quality, as browsers reach out to webservers and confirm that the SSL certificate is valid.

It is the first criteria, but certainly not the only one. Most of the major Certificate Authorities (CAs) measure similarly in OCSP speeds according to reputable third party tests, some trending slightly lower or higher. Mindful investments in infrastructure and architecture keep the speed battle going, and competition is fierce. But there are four aspects to OCSP and the whole SSL certificate verification structure that should be considered, and held equal in importance.

A second factor is reliability. When a Certificate Authority is tricked into issuing a legitimate SSL certificate for third party fraudulent activities, the entire industry can suffer a loss...

Brad | 19 Apr 2013 | 0 comments

The landscape

This year’s Internet Security Threat Report is very sober reading for SMBs. Last year, targeted attacks on small companies (fewer than 2,500 employees) went up 50%. Yes, it's true: Criminals realized that money stolen from the SMB would spend just as nicely as money pulled from a large corporation, and was much easier to acquire. Smaller companies have income in the bank, employee and customer data, and sometimes very valuable intellectual property that they're hoping to make a lot of money with. Yet with all these assets, surveys last year showed that the majority of smaller business owners think they're too small to be targeted by evildoers.

A secondary problem for the SMB situation is the larger enterprise they want to do business with. With inadequate security, the vulnerabilities for an SMB can be points of entry into larger...

Leelin Thye | 16 Apr 2013 | 1 comment

Secure Hash Algorithm 256 (SHA-2 or SHA-256) support on Symantec Code Signing for Individuals and Symantec Code Signing for Organizations is available starting April 1st, 2013 on the following Symantec Code Signing platforms: Microsoft® Authenticode™, Java™, Adobe® Air® and Microsoft® Office Visual Basic® for Applications (VBA). You will be able to select the option for SHA-2 through the ordering pages, reissue process and via the Application Programmatic Interface (API) for QuickOrder, QuickInvite and Reissue.

SHA-2 was published by National Institute of Standards and Technology (NIST) as U.S. Federal Information Processing Standard.

Please note that some older applications and operating systems do not support SHA-2, for example, Windows™ XP Service Pack 2 or lower does not support the use of SHA-2. Java SDK 1.4.2 or higher...

Jimmy Edge | 08 Apr 2013 | 0 comments


More and more business is being conducted on the internet these days, with even the smallest of businesses likely to have some kind of web presence.

The web is a great arena for businesses, especially smaller outfits, to operate in. The costs are low and it’s relatively easy to build up a strong online presence.

But conducting business online does have its dangers, especially given the number of threats posed by cyber criminals these days.

This is most important when it comes to transferring sensitive data across the web. Whether it’s sending contracts or receipts via email, or transferring sensitive financial information, protecting data that is being sent via the web is vital. So, what can you do to protect it?