Protecting truckloads of data on the information superhighway

SSL Journal

Subscribe to SSL Journal: eMailAlertsEmail Alerts newslettersWeekly Newsletters
Get SSL Journal: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


Top Stories

Open Source SSL Accelerator solution not as cost effective or well-performing as you think o3 Magazine has a write up on building an SSL accelerator out of Open Source components. It's a compelling piece, to be sure, that was picked up by Slashdot and discussed extensively. If o3 had stuck to its original goal - building an SSL accelerator on the cheap - it might have had better luck making its arguments. But it wanted to compare an Open Source solution to a commercial solution. That makes sense, the author was trying to show value in Open Source and that you don't need to shell out big bucks to achieve similar functionality. The problem is that there are very few - if any - commercial SSL accelerators on the market today. SSL acceleration has long been subsumed by load balancers/application delivery controllers and therefore a direct comparison between o3's Open ... (more)

WebLogic Server - Identity vs Trust Keystores

In computing most technologies have lots of terms and acronyms to learn, it's par for the course, you get used to it. However in computer security the frustration is multiplied as there are often many different terms that mean the same thing. It makes implementing security hard, because understanding it is hard, and I'm not surprised why security is considered badly implemented because the average Joe will struggle (and for the record I'm the average Chris so I struggle too ;-). I've been trying recently to get straight in my head what is stored in the WLS identity and trust keystores, and what the difference between identity and trust is anyhow. Thanks to kind assistance from Gerard Davison, I think I can now post my understandings, and as usual, hopefully the post is helpful to other readers. As noted however security to me is a difficult area, and so be sure to c... (more)

Google SPDY Protocol Would Require Mass Change in Infrastructure

Google’s desire to speed up the web via a new protocol is laudable, but the SPDY protocol would require massive changes across networks to support ArsTechnica had an interesting article on one of Google’s latest projects, a new web protocol designed to replace HTTP called SPDY. SPDY uses a single SSL-encrypted session between a browser and a client, and then compresses all the request/response overhead. The requests, responses, and data are all put into frames that are multiplexed over the one connection. This makes it possible to send a higher-priority small file without waiting for the transfer of a large file that's already in progress to terminate. Compressing the requests is helpful in typical ADSL/cable setups, where uplink speed is limited. For good measure, unnecessary and duplicated headers in requests and responses are done away with. SPDY also includes re... (more)

HTML5 WebSocket Security is Strong

This is a two-part blog post that discusses HTML5 WebSocket and security. In this, the first post, I will talk about the security benefits that come from being HTTP-compatible and the WebSocket standard itself. In the second post (coming soon) I will highlight some of the extra security capabilities that Kaazing WebSocket Gateway offers, things that real-world WebSocket applications will want to be fully secure. A WebSocket connection starts its life as an HTTP handshake, which then upgrades in-place to speak the WebSocket wire protocol. As such, many existing HTTP security mechanisms also apply to a WebSocket connection — one of the reasons why the WebSocket standard deliberately chose the strategy of being HTTP compatible. Unified HTTP and WebSocket Security Thanks to the HTTP/WebSocket unified security model, the following is a list of some standard HTTP securit... (more)

Configuring JBoss 7 with Apache

There are a number of articles out there about deploying applications to JBoss and about how to monitor JBoss, and in them the web application is usually accessed by pointing a browser to the web container running on port 8080. In enterprise production environments however, the application server does not exist in a vacuum – JBoss is usually fronted with the web server (most often Apache). This kind of setup brings about several benefits: Improved security by limiting access to the app server. In an Internet application the web server is accessed directly by the clients. Separating the web server from the app server allows us to place the former in a Demilitarized Zone (DMZ), while the app server can live on a more protected corporate network. If the web server is compromised, there is an additional barrier for the hackers to overcome before they can get access to yo... (more)

Ericom Software Extends Microsoft Windows Server 2003 x64 Edition Terminal Servers

CLOSTER, NJ -- (MARKET WIRE) -- 04/25/05 -- Ericom® Software, Inc., a leading provider of enterprise application access & Server Based Computing solutions, today at Microsoft's WinHEC, announced the release of PowerTerm® WebConnect with newly added 64-bit support, in tandem with Microsoft's exciting Windows Server 2003 x64 Editions release. PowerTerm WebConnect is a comprehensive solution for secure local and remote access to enterprise applications, residing on Windows Terminal Servers and Legacy systems. Ericom's support for servers running Microsoft's Windows Server 2003 x64 Edition operating system will enable users to take advantage of the latest 64-bit hardware based on Intel EM64T and AMD64 processors. Ericom supports the Microsoft Terminal Server platform with features including Application Publishing, Seamless Windows applications, Load Balancing, SSL Gatew... (more)

Server Based Computing Network in Just a few Mouse Clicks

BERLIN, February 9 /PRNewswire/ -- - The 2nd Edition of the Remote Desktop Suite has a Best Practice Wizard and innovative sales concept to enable setup of a secure Remote Desktop environment within minutes In front of 200 partners at the fourth ThinPrint International Channel Conference in Berlin, ThinPrint, the experts for infrastructure solutions and for printing in distributed networks, announced the Second Edition of the Remote Desktop Suite Standard. The software targets small and middle- sized businesses that want to set up a low-cost, secure server based computing architecture using Microsoft Terminal Services with Windows Server 2003. The Best Practice Wizard is an extremely easy-to-use program that allows businesses to turn a Windows Server 2003 into a secure Remote Desktop environment incl. print management and certificate based SSL encryption in only 5-... (more)

Considering the SOA Reference Model

(SYS-CON Media) - The main drivers for SOA-based architectures are to facilitate the manageable growth of large-scale enterprise systems, to facilitate Internet-scale provisioning and the use of services, and to reduce the cost of organization-to-organization cooperation - SOA RM When approaching a SOA implementation, I would like to consider two fundamental questions that many developers ask: 1)  What's the difference between service-oriented and service-based architectures? 2)  What special architecture elements are defined by the SOA RM? In my opinion, the answer to the first is in the difference between the words oriented and based. I believe that smart IT organizations offer a lot of services already because the technical benefits of services have been well known for a while. However, the applications based on these services are still monolithic and don't provide ... (more)

Innovating Staging of Two-Factor Authentication Succeeds for Rhode Island Bank

To prevent online fraud, financial institutions that offer online banking are required by the Federal Financial Insitutions Examination Council (FFIEC) to double-check that the person logging in to the system is a valid customer. When BankNewport in Rhode Island adopted a Two-Factor authentication plan, its concern was to make the transition as easy as possible on its customers. In addition to requiring online customers to use a password, the bank chose to install digital certificates from Comodo on each customer's computer. The process looked simple: the first time the customer tried to log in, the bank would send the customer a digital certificate, a small document. The document would install itself on the customer's computer. Every time the customer tried to log in after that, the bank's computer would check for the certificate. As required by the FFIEC, BankNewpo... (more)

Can the Cloud survive regulation?

One of the greatest strengths of the Cloud is that, like the Internet, it knows no boundaries. It crosses industry and international boundaries as if they do not exist. But as is often the case, your greatest strength can also be your greatest weakness. Take Google, for example, and it’s myriad Cloud-based application offerings. A new complaint made by Epic (Electronic Privacy Information Center) to the US Federal Trade Commission urges the regulatory agency to “consider shutting down Google’s services until it establishes safeguards for protecting confidential information.”  From a recent FT.com article: In a 15-page complaint to the FTC, the Electronic Privacy Information Center (Epic) said recent reports suggested Google did not adequately protect the data it obtained. It cited vulnerabilities that revealed users' data in its Gmail webmail service, Google Docs ... (more)

Attorneys Protect Email Communications with Comodo Secure Email

Patent-pending technology from Comodo allows attorneys and clients to communicate at the speed of the Internet and yet to protect their privileged communications easily. Without exchanging public keys, senders can encrypt confidential information in transit. Jersey City, NJ, May 05, 2009 - Attorneys sometimes need to transmit vast amounts of sensitive data, rapidly. If they choose to do so by email, they must consider that email, though convenient, is not secure Press release about Comodo Secure Email for Attorneys.. More information about Comodo Secure Email. ... (more)