" ssl certificate Archives - LuxSci

Posts Tagged ‘ssl certificate’

SMTP TLS: All About Secure Email Delivery over TLS

Monday, October 2nd, 2017

TLS stands for “Transport Layer Security” and is the successor of “SSL” (Secure Socket Layer). TLS is one of the standard ways that computers on the Internet transmit information over an encrypted channel. In general, when one computer connects to another computer and uses TLS, the following happens:

  1. Computer A connects to Computer B (no security)
  2. Computer B says “Hello” (no security)
  3. Computer A says “Lets talk securely over TLS” (no security)
  4. Computer A and B agree on how to do this (secure)
  5. The rest of the conversation is encrypted (secure)

In particular:

  • The meat of the conversation is encrypted
  • Computer A can verify the identity of Computer B (by examining its SSL certificate, which is required for this dialog)
  • The conversation cannot be eavesdropped upon (without Computer A knowing)
  • The conversation cannot be modified by a third party
  • Other information cannot be injected into the conversation by third parties.

TLS (and SSL) is used for many different reasons on the Internet and helps make the Internet a more secure place, when used. One of the popular uses of TLS is with SMTP for transmitting email messages between servers in a secure manner.  See also:

Read the rest of this post »

Creating Secure Web Pages and Forms: What You Need to Know

Monday, September 25th, 2017

Fred is a busy small business CEO.  He hired a cheap developer online to setup his secure medical web site for him.  The developer got an SSL certificate and setup pages where patients can make appointments and the doctor can receive patient requests and notices, “securely”.  However, the developer didn’t have any real training in security, none in HIPAA, and as a result, PHI was being sent in the clear, there were no audit trails or logs, SSL security was not enforced, and may other serious issues plagued the site.  The worst part — No one knew.

Luckily, Fred was made aware of the situation before a serious security breach happened (that he knew of); however, he had to re-do the site from scratch, more than doubling his time and money costs.

Creating a web site that has “secure” components requires more than slapping together some web pages and adding an SSL Certificate.  All such a certificate really does is create a thin veneer of security — one that does not go very far to protect whatever sensitive data necessitated security in the first place.  In fact, naive attempts at security can ultimately make the data less secure and more likely to be compromised by creating an appetizing target for the unscrupulous.

So, beyond paying big bucks to hire a developer with significant security expertise, what do you do? Start with this article — its purpose is to shed light on many of the most significant factors in secure web site programming/design and what you can do to address them.  At a minimum, reading this article will help you to intelligently discuss your web site security with the developers that you ultimately hire.

Read the rest of this post »

The Case For Email Security

Tuesday, March 31st, 2015

We all know that regular email is insecure; however, it may surprise you to learn just how insecure it really is. For example, did you know that messages which you thought were deleted years ago may be sitting on servers half-way around the world? Or, that your messages can can sometimes be read and modified in transit, even before they reach their destination? Did you know that forging email is very, very easy?  Can you trust what you read in an email?  Email security was never designed in to the internet from the beginning and as a result, many different solutions have evolved to plug the multitude of resulting issues.

This article is designed to teach you about how email really works, what the real email security issues are, what mitigations to these are generally in use, and what else you can to to protect you email.

Case for Email Security

Information security and integrity are centrally important  as we use email for personal and business communication: sending confidential and sensitive information over this medium every day. While you are reading this article, imagine how these security problems could affect your business, your personal life, and your identity…. if they have not already.

Read the rest of this post »

Do I need to Buy an SSL Certificate to use Secure Email?

Monday, September 23rd, 2013

Our sales staff have been asked this question countless times.  It is a natural assumption that because SSL and TLS encryption of email (and web sites) requires use of an “SSL certificate“, that one must buy an SSL certificate in order to use such a service.  Fortunately, the answer is always

You do not need to buy your own SSL certificate to use secure email.

We’ll explain why.

Read the rest of this post »

Extended Validation (EV) SSL Certificates

Wednesday, December 30th, 2009

Standard SSL Certificates are issued by an Certificate Authority (CA) such as Thawte after the CA performs some basic standard validation on the identity of the certificate request to ensure that the certificate is not issued to “the wrong hands”.

The types of validation performed for standard SSL certificates vary by the type and cost of the certificate, but include:

  • A confirmation email message sent to the domain administrator as specified in the domain’s entry in the WHOIS database
  • A confirmation email message sent to a standard administrative email address at the domain itself, such as “admin@domain.com”.
  • The name of the organization owning the domain name may be validated.

You should purchase SSL Certificates that use the above forms of validation in order to:

Read the rest of this post »

LUXSCI