network security Archives

Secure Sockets Layer commonly known as SSL was developed by Netscape Communications Corporation and was publicly release in 1995 for secure transmission of information over the internet. Over the years SSL has gone through several revisions, version 1 was never released to public. Version 2 was release in 1995 and in 1996 a fully redesigned version 3 was released to address security weaknesses of the previous version.

Then the first version of an improved protocol called Transport Layer Security (TLS) was introduced in 1999, the two protocols had significant differences making them incompatible. TLS 1.1 was introduced in 2006 and TLS version 1.2 was introduced in 2008.

 

SSL (and TLS) is important to online businesses as it helps you to protect confidential information of customers such as user names, passwords and credit card information by encrypting it. Encryption modifies the information in such a way a hacker would find it difficult to read the actual information like the credit card number or password hidden inside the encrypted message.

 

To implement SSL on your online business site you need to purchase a Certificate from a Certificate Authority (CA). A certificate authority will confirm your identity before issuing a certificate. This certificate can then be used by your website for customers to confirm the identity of your site as well as protect the information they exchange with you. With SSL you can increase the customers trust in your online business which in turn can increase your revenue.

 

What is Mod_Security

   Mod_security is an apache module that helps to protect your website from various attacks. Mod_Security is used to block commonly known exploits by use of regular expressions and rule sets. Mod_Security is enabled on all etandy Servers by default. Mod_Security can potentially block common code injection attacks which strengthens the security of the server. If you need to disable mod_security we can show you how, and help you do so.

When coding a dynamic website, sometimes users forget to write code to help prevent hacks by doing things such as validating input. Mod_security can help in some cases those users that run sites that don’t have security checks in their code.

This is a simple SQL injection where visiting this would cause the database to DROP and delete the users table from the database. If you are running Mod_Security on your server it will block this from running. Typically, you would see a 406 error in this case if mod_security is enabled. To read more about 406 errors read our article. You set up rules for Mod_security to check http requests against and determine if a threat is present.

Recognizing Mod_Security is pretty easy. Any website that calls a string forbidden by a mod_security rule will give a 406 error instead of displaying the page. You can also disable mod_security using the tool “set_modsec” for a single domain or entire hosting account. If you’re on a shared server and wish to disable Mod_Security contact our support department and we can take care of it for you. Customers on shared servers do not have access to this tool as it is ran from the command line and this feature is not available on shared servers.