Page 42 - Cyber Defense eMagazine - October 2017
P. 42

Digital Certificates 101



               The Basics, Sweeping Industry Changes Coming in 2018 and How to Be
               Prepared for Them

               By Doug Beattie, vice president of product management, GlobalSign

               With an incredibly active threat landscape today there are a plethora, and even perhaps
               overwhelming, number of options to consider to ensure your company’s cyber safety.
               One of the first “basic” items on your security check list should always be to have the
               proper SSL certificates in place.

               SSL  certificates  offer  the  strongest  encryption  to  ensure  your  website  is  protected.
               Customers and visitors to your site will be confident knowing their browsing session is
               safe and that information such as payment details and personal information are secure
               and encrypted.

               Security  professionals  understand  that,  among  the  varying  levels  of  certificates,
               Extended Validation (EV) certificates are the “gold standard”. They activate the browser
               padlock  and  https,  and  shows  a  company’s  corporate  identity,  which  assures  your
               customers  that  you  take  security  very  seriously.  They  also  lend  more  credibility  to  a
               website.

               All certificates should be obtained from a reputable Certificate Authority (CA). Research
               carefully  and  do  be  wary  of  lower  level  certificates,  such  as  Domain  Validation  (DV)
               certificates that are free, as some have been linked to dangerous phishing scams.

               Why SSL certificates are in the news now

               What’s got lots of tongues wagging these days is related to the fallout from Google’s
               dispute with Symantec.

               This began two years ago when Google engineers discovered Symantec accidentally
               mis-issued 127 SSL certificates. The issue rose to prominence again in March of this
               year  when  Google  announced  that  it had  uncovered more  concerns  with  Symantec’s
               certificates, alleging the company had mis-issued more than 30,000 certificates. Then in
               August, Symantec decided to exit the web certificate business and sell it to Digicert.

               The end result is that by mid-April 2018, all Symantec-issued certificates obtained prior
               to  June  1,  2016,  will  be  marked  as  untrusted  by  Chrome  66.  Then  by  the  end  of
               October  2018,  all  certificates  that  are  chained  to  Symantec's  pre-December  2017
               rooted infrastructure will be untrusted by Chrome 70.

               This  is  an  extremely  significant  development,  and  will  certainly  have  the  people
               responsible for maintaining secure systems busy as they consider their next steps.



                    42   Cyber Defense eMagazine – October 2017 Edition
                         Copyright © Cyber Defense Magazine,  All rights reserved worldwide.
   37   38   39   40   41   42   43   44   45   46   47