Correlation between Dedicated IP and SSL

What is Dedicated IP exactly stand for? This is indeed a basic question that needs to be understood by any techno savvy person. However, before going to reveal about dedicated IP let us understand IP address. IP address serves two main functions including network interface identification and location addressing. Generally, there is 32-bit IP address is in use, which is known as IPv4 but due to growth of internet, IP designers now using 128-bit IP address, which is called IPv6. There is a lot of debate on whether to choose dedicated IP or not, we have to look at dedicated IP, and other aspects.

What is Dedicated IP?

It is easy to remember and assigned to each device that is participating in computer network used for communication. A dedicated IP is only devoted to a single server and not shared with other server. Many shared hosting providers charge normal fee to provide dedicated IP.

Speed and Dedicated IP:

Dedicated IP can also provide website speed though multiple source of traffic is handled by a single IP. Every server examines a packet, and request and then deliver the traffic to particular domain. In this case, number of destination is not significant, the process of website loading time can be slightly influenced which is not a serious concern.

Why SSL needs Dedicated IP?

When you have ecommerce website where online shoppers carry online transactions with their debit-credit card, or with online banking, you need an SSL on your website to protect ongoing transactions between the user and the company server. SSL certificate authenticates the server with IP address and verify the IP address assigned to the particular server. When a client connects to the server for a different domain name, the server gets confused about which certificate to show to the client. This process is defined in below example.

Example of SSL and Static IP:

For instance, there are two domains called www.abc.com and www.xyz.com and both domains are hosted on a single IP address (for example 000.000.0.0). Now a person has opted SSL for a domain called www.abc.com on his website with that IP address. However, the person wants to access https://www.xyz.com the browser will check for SSL and if it is fail to make secure connection for particular website, then browser will show a name mismatch error.

Advantages of Dedicated IP:

• You have less downtime compare to Shared IP.
• If you are ecommerce merchant then you should have your own SSL with a dedicated IP.
• Many web-hosting providers need a unique IP to access anonymous FTP function.
• Shared IP address may have security threat due to shared among multiple website while dedicated IP has less chance of security threats.
• With static IP, you will have easy remote access of your PC from wherever you operate it.
• There are chances of blacklisted website on shared IP address (If there is blacklisted website) on contrary, dedicated IP has less chance of blacklisted.

Alternate Solutions to Dedicated IP:

• SNI (Server Name Indication): SNI is an extension to SSL that allows the client to include hostname in the first SSL handshake so, the server identifies the correct virtual host name for which the request is made, and the server can easily set up the connection.
• Wildcard Certificate: Using Wildcard certificate user can secure unlimited sub domains under a single IP address. You can include sub domains like www.example.com, webmail.example.com etc.
• SAN Certificate: Subject Alternative Name (SAN) can secure up to 25 domain names, sub domains with a single certificate.

Finally, it is up to user and its type of business whether to choose dedicated IP or shared IP. Dedicated IP is quietly considerable in SSL and especially when you have a single website.

[Read More...]

Viber came again under attack of Syrian Electronic Army

Viber’s Apple App store is again under cyber attack of Syrian Electronic Army. It is time to rethink for cyber world because hackers are in mood to debase credibility of cyber world. If we see in the past two weeks, we have seen many hackers debasing giant companies’ account and their development center like Instagram account, Apple’s Dev Center, and famous Viber app.

Viber is a cross platform VOIP (voice over internet protocol) was established for iPhone in Dec 2010. Viber features text, image, and video messaging around all platforms like iPhone, Android and Microsoft’s Windows Phone. At present Viber holds 30 languages and is now compatible with window and Apple PC.

Moreover, Viber is the latest example of such a malicious action performed by Syrian Electronic Army that attacked on Viber’s Apple App Store account by changing the description of Viber’s IOS app.

"We created this app to spy on you, Please Download IT”

According to 9to5Mac report hackers have taken responsibility of this attack and tried to reach to Viber authority for further clarification. Last week we noticed the attack on Viber done by the same authority called Syrian Electronic Army. It is assumed that hackers have also access to other developing functions that is indeed a serious issue for company and its customers as well. 9to5Mac’s Mark Gurman proposes the hackers could have reached access to Viber’s iTunes Connect account by a phishing fraud.

Viber authority persons gave statement in previous attack that no sensitive data was exposed and only two systems: a customer support panel and a support administration system were under attack. Below are two images of Viber spokesperson’s statement.

The two statements clearly states that the two statements are differed it seems Viber is not showing transparency to its customers. Viber was hacked on 23 July 2013 by Syrian Electronic Army intimated users to stay away from Viber. Viber has 200 million users globally.

We are facing duos situation in this cyber world as we see technology development and on other side emerging threat of hackers. A common person who relies on technology cannot understand the technical language of hackers instead rely on companies’ products by putting complete trust. Therefore, it clearly states that it is time to wake up from dream that no one seems to be secure in this unpredictable technology world, it is an alarm for the whole cyber world as you could be the next target of these culprits.

[Read More...]

Syrian Electronic Army attacked Viber - A free calling software

Viber is a free call and messaging service used for Apple and Android Platform suffered from Syrian Electronic Army’s hacking attack, yesterday on 23 July 2013 Syrian Electronic Army hacked support page and left the page with message that is shown in the below image.

Viber is a cross platform VOIP (voice over internet protocol) was launched for iPhone in Dec 2010. Viber involves text, image, and video messaging throughout all platforms iPhone, Android and Microsoft’s Windows Phone. It currently supports 30 languages and now available on window and Apple PC. Even hackers also disclosed some phone numbers, email addresses of Viber admin department and told that they have captured and downloaded some part of data backups. Viber support page now appears like this.

Hackers also said that they still possess control over the system and have deleted the page “https://wa.viber.com/csrapp/home.html”used for account management and hosted on address. Hackers have provided a screenshot that reveals phone numbers, UDID, IP address and registration details. It is really a serious damage caused to Viber. If we see the defaced webpage, all the numbers carry dialing code 963 that is of Syria.

Hackers also tweeted on Twitter “http://support.viber.com#SEA #SyrianElectronicArmy" that if you have Viber we advise you to uninstall it. Still there is no confirmation of this attack has been received from Viber’s authority persons, though Syrian Electronic Army has accepted the responsibility of this attack. Viber has more than 200 million users.

The news of Viber came out after Tango’s news revealed. Tango is also a messaging App whose data cybercriminals stole. It is guessed that attackers made some phishing page pretended to be Viber and succeed to get the username and password of admin staff then they able to use this information in hacking Viber. Viber said in report, the system breached was our CSR, used to help clients for any technical issues, the data stolen was basic, and they are working on it, and promising our clients that this will not happen again in future.

Syrian Electronic Army was previously succeeded in stealing data of True Caller and Tango app websites and deleted an article published in Daily Dot website and warned Daily Dot that if they publish any article in future, they will delete the whole website.

Cyber attacks are evolving day by day and have not even left giant social media and search engines; it causes serious concern over user’s data. It affects the credibility of a company. Phishing, man in middle attack, certificate breach, DDoS attacks are some recent attacks that have affected cyber world and forced giant corporate and social media to think over these attacks. It is a sure question arises in our mind “Do we live in hacker’s world or else hackers live in our world”.

Some sort of cyber policies should be there to fight against such hackers otherwise; the days are not far, where people avoid dealing with internet and social media.

[Read More...]

Symantec: SMBs gets benefits through Strategic IT

This info-graphics discloses about the Global SMB IT Confidence Index that was carried by ReRez in Feb-march 2013. Symantec declared this report which demonstrates the ratio of IT implementation and security prospective in top-tier and bottom-tier SMBs (Small and medium businesses).

The survey shows the attempts of SMB in matching the progressively technology-centric business world. The findings are as under. They reviewed 2452 SMBs across 20 countries includes Americas, Western Europe/the Middle East and the Asia Pacific region including 10 to 250 employees who are conducting company’s technology management. The reliability of this survey is about 95% with a 5% marginal difference.

Get SSL Certificate at lowest price from ClickSSL.com

[Read More...]

Protect your Organizations against Online Attacks

To get protection against online attacks and vulnerabilities online merchants must have SSL (secure socket layer) security, which is in interest of business and customers. Different types of attackers (serious hackers, computer beginners, or dissatisfied current or former employee) could induce a possible threat into organization’s information security. Many attackers take advantage of poor policy and procedure related to information security. Today with the help of internet, anyone can find the information regarding how to manipulate the system by exploiting security weakness on your online business. Attackers may also break security by applying automated tools to look into network systems, and exploits any known security weaknesses to get illegal access to the network.

Attacks and Threat Trend: Symantec has published “Threat Trend report 2013” in which some shocking facts have come out which is worth thinking for online industries. The facts are as below:

• The average number of malicious website-blocked ratio is increased by 30% in 2012. There were 247,350 websites were in the list of blocked website in 2012 compared to 190370 websites in second half of 2011.
• The number of malicious blocks ratio was 37% higher than its annual average.
• The most exploited website categories and (percentage) of infected website are as below.

• There are 7.7% websites were malicious was assorted in blogging category.
• 43% compromised religion websites were infected with fraud antivirus attacks.
• 28% compromised business sites were infected with fake antivirus attack.

What is Online Attack: Attack is a term where attacker plays role of a genuine verifier and changes the authentication channel to access the network authentication. There are different types of network attacks, which can bring disasters in network system.

We would like to share the latest security attacks and steps to protect your online business from such attacks.

Backdoor Attack:

Back door also called trap door. It is a part of program code, which is written into application without the awareness of the users and the administrator. It allows fast access to programmers to make easy debugging or monitoring the program. Backdoors typically allow programmers to make use of the software or hardware with the most important rights such as root or administrator. When programmer neglects to remove backdoor after debugging then, a backdoor becomes a serious trouble. Backdoors work mutely in the background and are tough to find out.

Steps against Backdoor: There are some tips to save your system against backdoor attacks.

• You can run antivirus to close the backdoor attacks.
• Turn your firewall protection to get alert of any backdoor attack.
• Regular checks the entire program integrity.
• Make rigorous control process and system development.

Brute Force:

Brute Force attack is used against encrypted data then using software to crack the code and gain right to use of USER ID and password. With user ID attacker gains access of privileges and can generate a backdoor for future approach. Brute-force attack includes tries multiple key combination to discover the right password that will unlock the encryption. The higher the encryption is the longer it will take time.

Steps against Backdoor: There are some tips to save your system against backdoor attacks.

• Use strong encryption technology and effectual key management technology to protect User ID, password.
• Periodically change your password
• Run penetration testing to discover vulnerability.
• Give enough education to customers and employees on security precautions.

Denial of Service(DOS):

Denial of Service is a disrupting attack which do not target network access but disturb the network traffic flow by injecting more information on the server than it can control. This kind of attack can be generated at single or multiple sources. Dos attack makes web resources unavailable for common users by flooding the URL with numerous requests.

Steps against DOS: Some tips which can help you to prevent DOS attack and save your system.

• Tell Internet service provider to arrange traffic from authorized sources only.
• Arrange sufficient backup and recovery arrangements.
• Perform penetration testing for assessing the network ability.

In recent time, DDOS attack brings down the internet speed with enormous unnecessary request flaws or dummy traffic. DDOS attack was targeted at Spamhaus, a spam filter company that maintains filters email spammers. The DNS requests used in this attack was 300Gbps.

Hijacking Attack:

It is a network security attack that allows attacker to take control of an established connection during its running process. Hijacking attacks generally happen on a remote computer like personal computer. The attacker intercepts the message in a public key exchange and replaces his own public key for the requested message. Therefore, two original parties will appear for communication with each other like server to the client and the client to the server. Thus, attacker seems to be legitimate connection can interpret the message during the transmission.

Steps against Hijacking: Below are steps that can be put into practice for the system to save from hijacking.

• Apply strong authentication methods like implementation of SSL security for sending sensitive data.
• Apply firewall setting wherever it fits.
• Monitor network traffic and use scanning tools.
• Implement enough network security.
• Get more.

Sniffers Attack:

Sniffer attack catches network packets it is also called network protocol analyzers that is also applied by hackers for hacking network. Hackers can capture network traffic if it is not encrypted. Once the packet is taken over then attacker can read the message of that particular packet. The message contains passwords, account information, or other confidential information, etc.

Steps against Sniffers: Below are steps that can be placed into practice for the system to save from sniffer attack.

• Apply strong SSL security for sensitive sessions.
• Regularly monitor network traffic and use scanning tools.
• Apply enough network security.
• Provide guidance to customers and employees about security precautions.

Spoofing Attack:

Spoofing attack means to do trick or betray network system. Spoofing allow attackers to hide their identity or communicate with a fake identity which pretend to be a legal identity. Therefore, network recognizes the unauthorized network as an authorized network. Attacker can easily gain access the sensitive data. Spoofing can be done through email spoofing, IP spoofing, fake identity.

Steps against Spoofing: Spoofing is a simple way to make others victim by making a fake username. To prevent from it user can take following steps.

• Apply firewall setting wherever it fits.
• Apply strong SSL security for sensitive sessions.
• Regularly monitor network traffic and use scanning tools.

Man in the Middle Attack:

Man in the middle (MITM) attack also refers to bucket brigade attack in this case attacker sniffs the information transferring between the sender and the receiver like the server and the browser or between two servers. Such information is not encrypted. Attacker collects the information and intercepts it then sends it to the receiver.

Steps against MITM: Following are some useful steps to avoid MITM attack.

• Download the latest version of high security web browsers.
• Use Extended Validation (EV) certificate for the highest protection against MITM attack.
• Use two-factor authentication for sensitive accounts.
• Never respond unknown or spam emails.

Phishing Attack:

In Phishing attack, attacker personates to be a legal person or business through fraud emails or websites and illegally acquire sensitive information like username, passwords, credit card information, and bank account details. There should be SSL security (EV certificate) that can provide protection against phishing. Besides, user training and technical measures also need to be implemented.

From the above discussion about different online attacks, we can definitely understand that how much essential the SSL is not only from preventing online threats but also helps gain fame and trust from the visitors. It is therefore required to have a strong security called SSL protocol for your online business.

SSL - Secure bridge of Online information:

Now we can imagine that how online attacks have influenced online industries. In this situation, SSL (secure socket layer) can secure your entire website with robust security. SSL is an encrypted technology, enabling the server and the browser to transfer the information in a secure environment. SSL encrypts the information so the hacker could not identify it and user information will remain secure over the web. SSL uses public key and private key to encrypt and decrypt the information.

How SSL Works?: What comes out when a Web browser connects to an SSL secured Website?

• The first step is that the browser attempts to connect to the website.
• The browser demands the Web server to confirm whether the web site is equipped with SSL security or not.
• The server of the site transmits a copy of the SSL certificate for the visitor's web browser confirmation.
• The next step is confirmation of the SSL security certificate.
• The browser assures that the certificate sent by the SSL web server is trustworthy.
• If the certificate is legitimate, the browser transmits a message to the web server.
• However, if it fails, the browser makes a warning and stimulates the user to authorize or deny the legitimacy of the web server certificate.

At the end, we can summaries that online attacks are expanding their horizon and it is sensible to have a strong network security to prevent online attacks. In this case, SSL stands alone in security criteria that have utmost protection for described online attacks. It allows a secure bridge in which the sender and the receiver can transmit data in a secure environment.

[Read More...]