Page 70 - Cyber Defense eMagazine - November 2017
P. 70

DIGITAL CERTIFICATES


               THE BASICS, SWEEPING INDUSTRY CHANGES COMING IN 2018 AND HOW

               TO BE PREPARED FOR THEM



               by Doug Beattie, vice president of product management, GlobalSign



               With  an  incredibly  active  threat  landscape  today  there  are  a  plethora,  and  even  perhaps
               overwhelming, number of options to consider to ensure your company’s cyber safety. One of the
               first  “basic”  items  on  your  security  check  list  should  always  be  to  have  the  proper  SSL
               certificates in place.

               SSL certificates offer the strongest encryption to ensure your website is protected. Customers
               and  visitors  to  your  site  will  be  confident  knowing  their  browsing  session  is  safe  and  that
               information such as payment details and personal information are secure and encrypted.

               Security  professionals  understand  that,  among  the  varying  levels  of  certificates,  Extended
               Validation (EV) certificates are the “gold standard”. They activate the browser padlock and https,
               and shows a company’s corporate identity, which assures your customers that you take security
               very seriously. They also lend more credibility to a website.

               All  certificates  should  be  obtained  from  a  reputable  Certificate  Authority  (CA).  Research
               carefully and do be wary of lower level certificates, such as Domain Validation (DV) certificates
               that are free, as some have been linked to dangerous phishing scams.

               WHY SSL CERTIFICATES ARE IN THE NEWS NOW

               What’s got lots of tongues wagging these days is related to the fallout from Google’s dispute
               with Symantec.

               This  began  two  years  ago  when  Google  engineers  discovered  Symantec  accidentally  mis-
               issued 127 SSL certificates. The issue rose to prominence again in March of this year when
               Google announced that it had uncovered more concerns with Symantec’s certificates, alleging
               the company had mis-issued more than 30,000 certificates. Then in August, Symantec decided
               to exit the web certificate business and sell it to Digicert.

               The end result is that by mid-April 2018, all Symantec-issued certificates obtained prior to June
               1,  2016,  will  be  marked  as  untrusted  by  Chrome  66.  Then  by  the  end  of  October  2018,  all
               certificates  that  are  chained  to  Symantec's  pre-December  2017  rooted  infrastructure  will  be
               untrusted by Chrome 70.





                   70    Cyber Defense eMagazine – November 2017 Edition
                         Copyright © 2017, Cyber Defense Magazine,  All rights reserved worldwide.
   65   66   67   68   69   70   71   72   73   74   75