Categories
Newss Software Development Web Security

Revamped Sectigo Channel Partner Program offers increased profitability and visibility to partners

Global leader in digital web security solutions—Sectigo (formerly Comodo CA), is revamping its Channel Partner Program to provide a new level of support and benefits to the partners.

Sectigo Channel Partner Program is dedicated to build partnerships with web hosts, managed service providers, direct market resellers and domain registrars to develop and deliver website security solutions. The program provides required training, certifications, rewards, support and benefits to the partners, so that they can deliver valuable services to customers.

With the revamped program, partners will get additional support, tools and discounts, which will allow them to expand into new segments within the cybersecurity market.

Partners can now resell the complete suite of services offered by Sectigo. These services include TLS/SSL Certificates, SMIME/Email Certificates, Signing Certificates, Certificate Manager, IoT Manager, and PCI Compliance and Website Vulnerability Scanning.

Sectigo Channel Partner Program will also bring new revenue streams for partners, increased benefits per tier, partner Marketing Development Funds (MDF), and deal registration.

“Sectigo is providing our partners with the necessary resources to increase visibility and profitability, and ensure their future success,” said Heather Bell, Vice President of Enterprise Partners, Sectigo. “The initial input we have received about the new Channel Partner Program has been very positive – and we will continue to explore ways to make it mutually beneficial.”

The certificate authority experienced significant growth in revenue last year, which was partly driven by progress in its global partner revenue. According to the company, the partner revenue increased by 27% year-over-year. By expanding the partner program, Sectigo is planning to boost its growth in 2019.

Also read: Comodo Cybersecurity partners with 1-grid to expand its web security solutions to South Africa

“It’s evident that Sectigo is committed to making our partnership successful,” said James McGuire of The SSL Store, a Platinum Partner of Sectigo. “With the program tiers, it’s reassuring to know that as our business needs scale, so do the levels of support and benefits. Sectigo has also built in rewards, which are obtainable regardless of the level of partnership, partners will appreciate this flexibility as they grow their business.”

Image source: Sectigo

Categories
Newss

Plenty of plugins and PHP libraries disabling TLS validation, leaving sensitive data at risk

A massive number of websites today are powered by PHP and content management systems like WordPress, Joomla and Drupal. These sites come with plugins to provide functionalities and improve user experience.

However, a large number of such plugins and PHP libraries are restricting the SSL/TLS certificate validation on websites. This is leaving websites and their customers open to risk of data breach.

This issue was discovered by Scott Arciszewski, Chief Development Officer at Paragon Initiative Enterprise.

“The issue lies between the webserver and other webservers,” explained Scott to Daily Host News.

“For example, if you submit your credit card number to shopping.example.com and it forwards it to an Authorize.net gateway to process the transaction, if the server-to-server link between shopping.example.com and the ANet gateway isn’t secured with properly-configured HTTPS, attackers between the two sites can slurp up credit card numbers. This attack would be completely invisible to end users, too.”

He said that websites are using many of these plugins and libraries to set connection to servers of payment providers. These servers handle financial transactions and transmit confidential user data like credit card details.

“This exposes you to extremely trivial man-in-the-middle attacks. All the intercepting proxy needs to do is offer a self-signed certificate and PHP will just trust it,” wrote Scott, in a blog post.

The issue exists in the way creators of these plugins and PHP libraries configure their code, especially in cURL options. The cURL is used to transfer data between remote servers. It is used by plugins and PHP libraries for several purposes like downloading, sending, and uploading data to remote servers.

The following code snippets exists in a PHP file that uses cURL extension.

  • curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
  • curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);

Scott discovered that developers of these plugins and libraries are setting cURL to false rather than true, in snippets of code.

“If you disable this check, you’re opting out of the Certificate Authority infrastructure, which means you’ve elected to blindly accept self-signed certificates,” added Scott.

The developers are setting code to false to avoid security-related errors on the servers of customers. Users might not like a plugin that causes errors to servers. Hence, the developers unknowingly disable SSL validation.

Also read: Websites running PHP 5 will be vulnerable to attacks in just a couple of months

To address the issue, Scott has introduced a new open source software library called Certainty. It keeps the cacert.pem file always up to date, even when the webserver is misconfigured.

Categories
Newss Web Security

Comodo CA and Korea Information CA expand partnership in Asia

Comodo CA and Korea Information CA (KICA) are expanding their partnership in Asia, to offer digital web security solutions in Vietnam and Indonesia.

KICA is a prominent certification authority in Asia, while Comodo CA is a global leader in digital web security solutions. The partnership will help both the companies to further expand their footprints in the region.

As a part of the partnership, Comodo CA will be able to leverage localized sales and support of KICA in Asia to reach more enterprises and customers and offer web security services.

“KICA has strong relationships throughout Asia and specifically in emerging geographical regions primed for rapid adoption of digital web security solutions,” explained Michael Fowler, President Channels and Partners, Comodo CA.

“Through our partnership, Comodo CA is well positioned to further extend our offerings throughout new regions within Asia and benefit from KICA’s leadership in integrated authentication.”

On the other hand, KICA will now exclusively provide Comodo CA’s TLS/SSL certificates to enterprises in Vietnam, Indonesia and Republic of Korea.

“We have historically had great success with our Comodo CA partnership, enabling us to sell high volumes of digital certificates to organizations of all sizes, across many industries,” said Mr. Sangjun Kim, CEO of KICA.

“The expanded relationship enables KICA to exclusively offer a variety of certificates from the world’s largest and longest-standing CA.”

TLS (Transport Layer Security) and SSL (Secure Sockets Layer) are security protocols, used to establish a secure link between a web server and a web browser. Enterprises need TLS/SSL certificates to implement these protocols.

Importance of these certificates have increased all the more for enterprises as Google now marks all the websites without SSL as ‘not secure’. The ‘not secure’ warning tells the website visitors that the website doesn’t encrypt the connection, hence the confidential information submitted on the site is not secure.

Also read: 400 million unique malware samples detected globally in Q2 2018: Comodo Global Threat Report

Last month, Comodo CA acquired website disaster recovery leader CodeGuard to expand its offerings and help enterprises with one-click restore for website issues.

Image source: Comodo

Categories
News

Chrome will stop showing secure padlock icon for HTTPS websites from September

From September 2018, with the release of Chrome 69, the websites with SSL certificates will not show the green address bar, HTTPS wording and the padlock icon.

With most of the websites on internet adopting HTTPS, Google said that the websites without any indicators will be safe by default.

Currently, the Chrome shows “Secure” indicator with a padlock icon for secure websites, and “HTTP” for websites that are not secure. The ‘S’ in the HTTPS stands for secure.

The uncertified websites can migrate to HTTPS by installing an SSL certificate. SSL reduces the risk of confidential information from getting into the hands of hackers and thieves.

With Chrome v69, the “Secure” wording will be removed and only the padlock icon will be visible for secure websites.

Further, with the release of Chrome 70, Google will remove the padlock icon as well.

Chrome 69 and Chrome 70

“We’ll step towards removing Chrome’s positive security indicators so that the default unmarked state is secure,” wrote Emily Schechter, Product Manager, Chrome Security, in a blog post.

Using Chrome version 70, if a user enter data on a HTTP website, the browser will start flashing a red “not secure” warning in the web address bar.

Chrome 69 not secure

“We hope these changes continue to pave the way for a web that’s easy to use safely, by default. HTTPS is cheaper and easier than ever before, and unlocks powerful capabilities – so don’t wait to migrate to HTTPS!” added Emily Schechter.

Also read: Let’s Encrypt to now issue free Wildcard certificates through ACMEv2

Categories
Cloud Cloud News Web Security

CenturyLink unveils new network security solution for remote internet users 

CenturyLink, the second largest U.S. based communications provider, announced a new network security solution which will enable businesses to protect their critical information in an increasingly complex cybersecurity landscape by enabling remote workforce to securely connect to private network resources and internet using any personal device and unsecured WiFi.

The new solution, called Adaptive Network Security Mobility (ANSM), is a cloud-based security service, targeted at enterprises. It combines the firewalling capabilities like intrusion defense systems, anti-malware sandboxing, URL and web content filtering etc. to secure the connections.

“Businesses today are embracing a global and mobile employee base. Thanks to the need for a constant connection on the devices of our choice, the concept of a ‘security perimeter’ can be difficult to define,” said Chris Richter, vice president of Global Security Services for CenturyLink. “Compounding matters is the unfortunate fact that public WiFi remains highly susceptible to hacking, and mobile devices are prime targets, which is why enterprises need secure mobility solutions that do not hinder performance and flexibility. Our customers need to be confident their employees’ connections are secure regardless of connection type or device.”

ANSM provides secure VPN access to the remote users in corporate networks through IPsec or SSL-based internet connections and a web browser, with complete encryption and tunneling.

Users can connect using any remote device like laptop, smartphone, or tablet, and ANSM will take care of authentication, resource policies, and user-role mapping. It can be accessed through a constellation of worldwide security gateways distributed across Asia Pacific, Europe, Middle East and Africa, and North America. All are connected through CenturyLink’s global VPN backbone.

“With the expansion of remote and mobile workers, enterprises would be well-served to incorporate secure mobility as part of a comprehensive, cloud-based network security strategy, rather than an add-on, piecemeal approach,” noted Christina Richmond, security service practice program director for IDC. 

Also read: Megaport unveils virtual cloud router for cloud to cloud connectivity

Adaptive Network Security Mobility can be purchased for concurrent use sessions as per the anticipated number of users at a given time, with payment for active sessions, rather than buying individual licenses.

Categories
Hosting Interviews News Start-Ups Technology Tube

“We Are The One Stop Shop For Any SMB or Entrepreneur to Come & Grow Online”- Rajiv Sodhi, GoDaddy

India has over 137 million users million users logged onto the internet, a number big enough to make it the third biggest country in terms of internet users in the world, but still relatively small keeping in perspective the country’s 1.2 billion population. The internet adoption rate in India is growing at a year on year rate of 26%, with small towns and the lower rungs of the economic ladder getting online faster than ever before.

This growing internet usage is also changing the way Indian SMBs reach out to their customers. Indian SMBs with a website have 51% higher revenues, 49% more profit, and 7% broader customer bases than their offline-only counterparts, a recent industry report revealed. However, only a 5% of Indian SMBs have a web presence, reflecting a clear lack of skill, resources, awareness and knowledge among the remaining 95%. Getting online still remains too daunting a task for a majority of Indian SMBs who are IT novices and need help and guidance to establish a strong online presence.

GoDaddy, the world’s largest domain name registrar is a top platform for small businesses and provides them with a wide range of web services. India, for obvious reasons, is a big potential growth area for GoDaddy. The company launched full-scale operations in India in June 2012 and has seen significant growth since.

We sat with Rajiv Sodhi, Vice President and Managing Director, GoDaddy India a while back to discuss the current state of the Indian SMB market and how GoDaddy plans to enable Indian SMBs to get their businesses online, and then run and grow them successfully. The complete video of our interaction is below, and a print version follows it.

Web Hosting business is not about a hit and run, where you sell the solution and go away. A lot of time, customers need advice as to what should they be doing, should they go in for, let’s say, a shared server or a dedicated server. Customers need to have this at the back of their mind that they are betting on a credible player who would be able to provide support to them.

– Rajiv Sodhi, Vice President and Managing Director, GoDaddy India.

Rajiv Sodhi,  Vice President and Managing Director, GoDaddy India.
Rajiv Sodhi, Vice President and Managing Director, GoDaddy India.

Q: Before we begin, please tell our readers about your journey from GrapeCity India to GoDaddy.

A: I started working with Grapecity India about 15 years back as a software developer, looking at the engineering side of things. Post that, I moved to Microsoft, where I started out with Developer Evangelism practice and built out the entire ISV Evangelism business. I then graduated to start the cloud business for Microsoft and in my last stint, I was leading the entire SMB and Cloud business for Microsoft in India. That’s when I decided to take this opportunity with GoDaddy to lead their business operations in India.

Q: GoDaddy in universally synonymous with domain names and the 55 million domains it manages are testament for the same. In an interview earlier this month, Mr. Blake Irving remarked, “Very few people actually know what GoDaddy is, or they think it is only domains. They certainly don’t see the potential.” So what are other services that GoDaddy provides which are equally good but relatively unknown?

A: I think Blake is absolutely right, while we are known for domain names, that’s not the only thing we sell. I spoke about GoDaddy being the one stop shop for small businesses and entrepreneurs worldwide, including India, in my talk earlier today too.

We look ourselves as the largest platform on which a business can build its entire online presence, all the way from basic identity, like having a domain name and website, to advanced hosting solutions, SSL etc. We also have in our product portfolio marketing tools for SMBs, like email marketing, search engine visibility etc. and security solutions like our website scanner that can protect your website. So we’ve a whole range of solutions that can enable SMBs to get their businesses online, and then run and grow them successfully.

Q: Top-shelf customer service and dominance among SMBs are two of GoDaddy’s strongest fortes. So, why do you think that the quality of customer service is comparatively more important in the web hosting industry and is sort of a ‘Litmus test’ for checking the reliability of a web host?

A: Customer support is one of the most important aspects of this business, especially in India, because as Internet penetration in India increases, a new breed of customer is coming online. This customer probably does not understand IT completely. He is not bothered about understanding or mastering the aspects of IT, he is more concerned about growing his business, and therefore, a lot of hand holding is required, a lot of support is needed as he grows on this internet journey. That’s point one.

The second point is, this business is not about a hit and run, where you sell the solution and go away. A lot of time, customers need advice as to what should they be doing, should they go in for, let’s say, a shared server or a dedicated server. Customers need to have this at the back of their mind that they are betting on a credible player who would be able to provide support to them.

So customer support becomes one of the hallmark any which way. And again, this is one area where our tech support offering excels, because you can call into our care center free of charge and take advice from our consultants as to what kind of solution you would need.

Q: If you were to mention 3 reasons that make GoDaddy the ‘go-to’ choice for SMBs round the globe, what would they be?

A: Three reasons are pretty simple I think. The first thing is, obviously, we are the one stop shop for any SMB or entrepreneur to come online. Whatever the solutions customer needs, he gets everything under one roof.

Second, you are never alone with GoDaddy. Once you take the bet with GoDaddy, our customer support will always be there with you in your time of need or when you want to grow your business or when you want to buy more and do more stuff on the internet.

Third, we are deeply invested in creating an ecosystem around us. There are partners and other players who can help you come online. So if you need support, it’s going to be very close to you.

Q: GoDaddy announced ‘Cup of Coffee’ Campaign in India a few days back, which aims to provide first-hand experience of how SMBs can register a domain name, build a website, get an email address and promote it as well, within minutes. Can you tell what is the modus operandi of this campaign and how you’re planning to execute it in order to get best results?

A: The core theme of the campaign is that you can get online in minutes, in the time you finish a cup of coffee, which is about 30 minutes. We have a multipronged approach for executing this.

First, we have placed trained executives on the ground in 3 cities in India – Delhi, Mumbai and Hyderabad. These trained executives actually go door to door meeting SMBs, showing them a demo of how they can come online, telling them how easy it is to come online and then if the customer chooses, they configure the website for the customer right there in the time he finishes a cup of coffee.

Second, we have positioned mobile-experience-zones, where we’re offering a first-hand experience of how SMBs can register a domain name, build a website etc.

Third, we are advertising on prominent sites, billboards, radios etc., so that there is an awareness around this initiative and people come forward to get online.

Q: Although India is one of the largest Internet markets in the world, it also has one of the lowest PC penetration rates in the world. With Indian businesses always shying away from investing in IT, how do you plan to get around the uphill task of opening people up to the various opportunities that lie online?

A: I think India has historically lacked both in PC penetration and Internet penetration. Although we are the third largest internet connected country, we are still 10 percent penetrated when it comes to our population!

If you look at players like GoDaddy, our products are pretty simple to use and affordable, so it’s not a big barrier for people to come online. The biggest challenge is that they perceive it to be inherently complex and they have issues around security, availability etc. The Cup Of Coffee campaign that we spoke about is one initiative where we are trying to work towards making sure that people actually find it very easy to come online.

We will also have to come up with relevant solutions so that people see the value in coming online. If you are a small business, you should see how coming online contributes to your business growth. So it’s a matter of education, creating awareness and making sure there are tangible results attached to it. I think if we solve these problems then definitely India is going to go online.

Q: You also made a very interesting remark last year that “….the world is largely a DIY market, while in India it is DIM (Do it for Me)”. Can you elaborate more on this?

A: I think culturally India is a Do It For Me market. If you look at the western world, it is largely a Do It Yourself market. There, if you want to fix your car, garden or garage, you have fantastic tools that you can use and fix things yourself. In India, you can be a relatively middle class person and you will have a gardener coming in, a mechanic coming in or a maid coming in, so it’s a largely Do It For Me country.

The same applies to the internet as well. If we want the Indian SMBs and customers to come online, we will actually have to reach out to them and do it for them rather than they doing it themselves. And again, this is one of the reasons why we initiated the Cup Of Coffee campaign, where rather than the customer coming to us, we are going to the customer and getting him online.

Q: While GoDaddy is in the catbird seat when it comes to being a OneStopShop for everything related to web presence globally, the Indian market has fairly big providers in the same league like Directi, Net4, ZNetLive etc. who’ve been in the industry for a decade and have a strong foothold in the web community. In your year long experience in India, have you noticed visible competition or general tendency among organizations to go for providers they’ve been accustomed to through the years?

A: Actually if you ask, now that we have spent 12 months in India, I would say our biggest competition has been the market. At 10 percent penetration, I don’t think we should be worried about competition because there is such a big market that is out there waiting for us. The biggest competition is breaking the perceptions and the barriers in the customer’s mind as to why he should come online. So as long as we do our job of reaching out to the customer, explaining to him how simple it is to come online and making him come online, we should be fine.

Q: Since GoDaddy is on a recruitment drive right now for its new Seattle Office and Indian one as well, what would you like to tell your potential employees about the work and culture at GoDaddy?

A: I have been with GoDaddy for about an year and I think the work and culture here is pretty phenomenal. If you want to work in an environment which gives equal opportunity regardless of where you come from, then GoDaddy is the place to be. Your merit and the work that you do is most important here. As Blake said a while back, there is just so much more to be done and this is definitely one company that can lead the change in the world. So if you are looking for a place where you can change the world, then GoDaddy is pretty much it.

Q: Wrapping up, what are some of the key initiatives GoDaddy plans to come up with?

A: As an organization, we are mainly focused on two things. First is making the internet relevant to India and you have seen the Cup of Coffee campaign come out of it and we’re going to continue with it as we go along. The second thing is creating a very robust platform for all the partners and resellers in the country so that they can do business with us and actually help us in this journey of getting India online.

These are the two broad themes – building partnerships and making internet relevant – that we will continue to work on. You will see various campaigns and activities that will come on but I don’t think we will deviate from these two paths.

Categories
Cloud Cloud News Hosted Cloud Apps Hosting Innovation Interviews New Products News Partnership Technology

Anturis to Provide Comprehensive IT Infrastructure Monitoring For ReadySpace’s Business Customers

Anturis Inc. today announced that its cloud-based monitoring & troubleshooting solution has been selected by ReadySpace, a cloud and managed hosting services provider to provide comprehensive IT infrastructure monitoring solutions for its business customers. ReadySpace will now offer Anturis’ solutions as an integrated addition to its Managed Service packages.

Anturis came to market early this year in beta phase and recently emerged from beta with the launch of its commercial product availability.

In an interview with DailyHostNews today, Sergey Nevstruev, CEO, Anturis, said:

ReadySpace selected Anturis for its IT infrastructure monitoring and troubleshooting needs because of two key reasons:

  • infrastructure model representation (i.e. users work with real-life entities like a database or a web-server, rather than with separate metrics) – which makes Anturis best suited to the needs of server monitoring.
  • integration with Parallels Automation platform via APS – which let Anturis have rather deep integration (including billing and customer portal) very quickly.
Anturis is the perfect addition to our suite, and will be utilized as the primary tool set of our technical team for monitoring and troubleshooting our customers’ various IT services.
– David Loke, CEO, ReadySpace.

David Loke, CEO, ReadySpace.
David Loke, CEO, ReadySpace.

ReadySpace will deploy Anturis to support its over 5,000 business customers, primarily in the Asia Pacific region, and especially in Singapore and Hong Kong.

Offered in ReadySpace’s Managed Service platform, the new Anturis IT monitoring solution delivers:

  • Website Monitoring: Monitoring the uptime and performance of websites. It checks for DNS, SSL, HTTP, network and application-level problems.
  • Server Monitoring: Keeps an eye on servers’ resources utilization and software performance (CPU, memory, swap, disk, OS processes, log files and more).
  • Web App Monitoring: Uses synthetic transactions to ensure visitors can successfully sign up, search, check out, log in and otherwise interact with your website.
  • MYSQL Monitoring: Watches over key database performance metrics, such as slow query rate, connection usage, Innodb buffer pool usage, and more.
  • Network Monitoring: Keeps watch over LAN and WAN connectivity and network devices using ICMP ping, SNMP and TCP checks and other network protocols.

The commercially launched version of Anturis comes with several new features and enhancements, including numerous GUI and usability enhancements, such as improved wizards. It also includes extended diagnostic data for faster troubleshooting, such as presenting the list of top five CPU-consuming processes at the time of CPU overload.

“As an international leader of cloud and managed hosting services, we are always looking for ways to improve and enhance our Managed Services,” said David Loke, CEO, ReadySpace.

“Anturis is the perfect addition to our suite, and will be utilized as the primary tool set of our technical team for monitoring and troubleshooting our customers’ various IT services.”

DailyHostNews used Anturis earlier this year to monitor its own IT Infrastructure and found it an extremely feature rich, affordable, compressive and promising product.

Categories
Articles Cloud Datacenter Hosted Cloud Apps Hosting New Products News Technology

Anturis IT Infrastructure Monitoring Software Delivers Great Features at Affordable Prices

Small and medium-sized businesses (SMBs) are growing, and with this growth, they’re changing the way they use technology to run their businesses. However, with their purse strings drawn tight and not having a clear road map of IT implementation, SMBs generally invest in IT in a phased manner. The problem manifolds for them as th? present market only offers solutions that are either expensive and bloated or open-source with a great need for fine-tuning and customizing. With limited knowledge of technology and their budgets tight, none of the options seem feasible for SMBs.

This is where a product like Anturis comes in. Promising features at par with enterprise-level IT monitoring softwares, without the exorbitant prices that generally accompany them, Anturis sounds like a pretty solid service that can play a strategic role in businesses of all sizes, helping companies do more with less to realize cost savings and profitability.

Modus-operandi

Configuring Anturis is an easy task and requires little effort. Once you create your account, you can choose which component of your infrastructure you want to monitor, including server, desktop, database, firewall, printer, application etc. You can do so easily on the main page of the Anturis control panel.

We chose to monitor one of our servers based in Mumbai, India. Once we chose it as a component, it became listed on the left side of the control panel as well as appeared as an icon in the main area, clicking on which showed the results of the monitoring session (more on it later).

Anturis Infrastructure Monitoring Software review

In order to monitor servers, a Private Agent needs to be installed on your system. The Private Agent sends collected data to the Anturis service via a secure HTTP connection to the Anturis cloud data center. A special agent software first needs to be downloaded from the Locations&Agents tab in the Anturis Console. The Agent installation (as well as all its subsequent maintenance) can be done easily with its own desktop GUI . Your user account credentials are required to connect the agent to the Anturis service. Once we supplied the correct information, the agent got connected and became visible in the list of ‘Available agents’ at the Anturis control panel.

Anturis Infrastructure Monitoring Software review 1

The modus-operandi of the Anturis Private Agent is better shown in the figure below:

Anturis Private Agent Installation

After installing the Private Agent, you need to create a person who’ll be notified in case of problems. Notifications can be delivered via email, SMS or phone call, and the notification method depends on problem severity. Once you assign a newly created person to be responsible for an application, you can also configure various other factors to customize the monitoring as per your needs, like the Error threshold, Monitor Period (the time interval between two subsequent checks of a monitored object) etc.

Over the next few days, we received regular daily status emails including a couple of warnings about problems with the server. We were also able to access the daily log report form the Anturis control panel.

Conclusion

As mentioned earlier, configuring Anturis is straightforward and doesn’t require technical skills. It monitored our web services effectively, from both user and infrastructure perspective, and provided us with truly valuable information and immediate feedback about errors that could have cost us significant time, resources and money, had they not been addressed timely.

Delivering features at par with enterprise-level IT monitoring softwares, without the grotesquely high prices that generally accompany them, Anturis comes across as an affordable, compressive and a very promising product, especially for the SMBs who cannot afford to spend an exorbitant amount of money on monitoring IT services.

Anturis was in the Beta at the time we used it for monitoring out infrastructure and is now available commercially with various new features and enhancements. There is also a free plan available for those who want to use limited services. For more details, click here.

Categories
Articles Cloud Hosting Start-Ups Web Hosting

8 Important Factors To Consider Before Choosing A Web Host

Choosing a good web hosting provider is the first and perhaps the most important decision one needs to make to build a successful online presence. With a plethora of web hosts put there, choosing the best one can be confusing task for the beginners. So here are 8 most important factors you need to keep in kind while choosing a web host to derive maximum benefits:

1) Pricing: Pricing is the first and one of the most important factors that you need to consider while  choosing a web host. Avoid going for cheap plans as they  have limited features and hence aren’t best suited for the long run.  That said, an expensive doesn’t guarantee value for money either.  Choose the one that offers you with the diversity of selection within affordable expenses.

2) Technical Support: When choosing a host for your company it is very important to consider thequality of technical support and customer services provided. Look at the services they offer. How is the support for these services offered- live chat, mails, phone calls, or ticket system. Is it available 24×7 or just specific times in a day? Do they’ve  toll free numbers? All these are important criteria that need to be paid due attention to.

3) Software: Software is yet another important factor. Always check if their software is compatible with yours or not. Do they support your web design software? Are they willing to provide you with the online storage space and bandwidth? Does the hosting provider support Email, POP3, SMTP, IMAP, Autoresponders, Email forwarders etc? This is very vital if you have a big website which is growing rapidly. It will not be wise to buy a plan that offers only limited space.

4) Data Transfer: Go with the company that offers you with the higher data transfer allowance. There are some companies that claim to offer an unlimited data allowance which is not entirely true. So be sure that you read the terms and the conditions of the companies carefully. For a small to medium sized business website, 5-10 gigabytes bandwidth is enough.

5) Reputation: The reputation of the company is important to consider while choosing a web host. Watch the online space, there are a lot of forums  where you can find active discussions and critique of most hosting companies. Are there too many negative feedbacks for the web host you’re considering to opt for? If yes, you can give it a skip.

6) Server Space: Again, like the server space and data allowance, there are companies that will offer you with loads of email accounts that you will hardly ever use. ‘Unlimited accounts’ is the only selling point of these companies.  If you have a large organization with  thousands of employees working under you, such offers might be beneficial for you. But if you’re an SMB, ten to fifteen email accounts should do the job.

7) Mailing Script: Regardless of the type of online business you have,  you will require installation of CGI script. Whether it is a contract through processor, management mailing script or any other fancy credit card script, your hosting account needs to have them installed to run properly. These  scripts make sure that the performance of the server is never affected.

8) Features: Features are something that can break or make your website. Always have a look at the different add-ons a company is offering. Do they offer an option of adding cart to the site, integration of social media, website builder tools, SSL certificate, mobile website builder etc?

Wrapping things up:
After taking into consideration all the factors listed above, take your time searching for a web host. It is a one time thing as transferring a site from one host to another is a very cumbersome process. You’ll be with the company you choose for at least a year, so make sure that you make a wise decision.

Categories
Hosting Innovation Interviews New Products News Technology Tube Web Security

“DNSSEC Will Become a Standard Part of Any Offering Over time,” Dr. Burt Kaliski, Verisign

Change has been constant in almost every facet of life throughout the past, and technology industry is no exception.

There is no uniformity in technology; it keeps on developing, improving, re-inventing itself, and in the process also changing the way it diffuses across the society.

It’s always a pleasant sight to have people and organizations that support, facilitate and ensure adoption of these changes. If not for them, we’d still be stuck in the world of dial-up internet, huge computers, and rotary dial telephones. Heck, we wouldn’t even have been able to reach that world itself.

And Verisign is one such organization. Through its efforts to ensure operational deployment of DANE, DNNSEC , IPv6 and many more protocols/products that seek to replace the traditional systems in place today, Verisign strives to build a better and stronger Internet.

We recently had an opportunity to interact with Dr. Burt Kaliski Jr, Senior Vice President and Chief Technology Officer, Verisign at WHD. India 2013 and he talked at great length about some of Verisign’s such initiatives. Some highlights of our session with him are below, and a print version of the whole interaction follows it.

IPV6 is a complete breakthrough, because it has 4 times as many bits, and that’s an enormous exponential increase in the number of possible addresses. There is no foreseeable period in which IPv6 addresses would run out. In fact, IPv6 makes it possible to give out unique addresses for everything at every point in time.
– Dr. Burt Kaliski Jr, Senior Vice President and Chief Technology Officer, Verisign.

Dr. Burt Kaliski Jr, SVP and CTO, Verisign
Dr. Burt Kaliski Jr, SVP and CTO, Verisign

Q: Before we begin, please tell our readers about your journey from RSA Laboratories to Verisign.

A: RSA laboratories was the place where I started my career in security after getting a PhD. While I was there back in the startup days, that’s when Verisign spun out of RSA to offer certification services.

I stayed with RSA well into my career and eventually moved into EMC Corporation after it acquired RSA. But then two years ago, I took an opportunity to move back to Verisign, which I had been following all along. In a way, it was like returning back where I started.

Q: What according to you are some of the major flaws in the modus-operandi of X.509 – CA model currently in place that seriously jeopardize the Internet users’ security?

A: The X.509 certificate authority model has been around since the 1980s and it’s the basis for electronic commerce sites; we have been using it for a number of years. It’s a good model in many respects, but, as in a number of systems, there can be too much of a good thing. And in the case of the X.509 certificate authority model, there are too many certificate authorities, all of which , in many settings, are treated the same. That means that a compromise on any one of the certificate authorities could lead to an attack on the system. What we’ve looked at as a security industry , are the ways to mitigate that compromise, so that you can get all the benefits of X.509 – CA model , but with some checks and balances in place that can prevent attacks from occurring.

Q: What is DNS-based Authentication of Named Entities, and how does DANE protocol successfully deploy DNSSEC to thwart MitM cases that are rife in the CA model?

A: Let’s start with DNSSEC. The security extensions for DNS were developed to provide additional assurance above and beyond the relationship that the parties might have when they are exchanging the DNS information, and that additional assurance comes in the form of a digital signature. This means that the DNS, in addition to returning the IP address associated with a given domain name, will also return a digital signature on that information, so that a relying party can confirm that the correct information was presented, even if that relying party wasn’t directly interacting with DNS.

DANE, the DNS-based Authentication of Named Entities protocol, takes this step further and says, if we can get this additional assurance for IP addresses, why not get additional assurance for other information associated with a domain name. In particular, you can have this assurance provided as a check and balance for information that otherwise is prepared by certificate authorities.

So as I mentioned, there can be potential attacks because of too many certificate authorities. A counter measure to those attacks, is for the owner of a domain name to say exactly which certificate authority, the very one CA, it intends to work with, and then if there were any compromises on any of the other ones, those would not be able to undermine the security of the domain name owner.

Q: Since DANE needs DNS records to be signed with DNSSEC, isn’t DNSSEC validation a major issue that heavily limits DANE’s use?

A: Applications and services often will evolve in tandem. DNSSEC capabilities are built into nameservers starting at the root, moving through top level domains like .com and .net operated by Verisign, and then moving into the next levels. Some records are already signed and so they can be validated if a relying party requests it. But you don’t need to validate everything or sign everything in order to add security for a particular set of records. If there is some application that needs the extra assurances provided by DANE (establishing a secure connection with a web server for banking transactions or enabling secure email), that application can stand by itself. So you don’t need everyone to accept DNSSEC in order to have a greater security and the use of DANE within your own application.

Q: How do you see the future of DNSSEC in the Internet security space?

A: I think we will continue to rely on DNSSEC as a building block. It will become a standard part of any offering. As the new generations of nameservers, recursive nameservers, applications, relying parties and so on are developed, they’ll build a better foundation because the technique is available. So DNSSEC will gradually become a commonplace.

There will be certain applications that will drive its demand faster than others, and think those are the ones that will have the additional value from what it will effectively become – a global distributed directory of signed information.

Q: How can Web Hosting providers, ISPs, Hardware vendors and Software developers each play their part in supporting DNSSEC?

A: If you are a hosting provider, you want to differentiate your services by offering DNSSEC for some or perhaps all of your customers. That means as a hosting provider, you want a nameserver that has DNSSEC capabilities or you outsource to someone else that has those capabilities for you.

If you are an application developer preparing a browser, an operating system or a mobile client, then you want validation (of the DNS information that comes back either doing it locally or relying on a recursive nameserver that does it for you and presents confirmation that calculation is complete) to be an option in your implementation.

So each party has the options of putting these services in place. But the real key is to put them in place where they make a difference. If there is a particular application that benefits from this distributed global directory of signed information, that’s the place to put most of the emphasis at first and then you can pull the other parts along.

Q: Moving on, the recently published technical report by Verisign, titled “New gTLD Security and Stability Considerations” warns that addition of hundreds of new gTLDs over the next year could perhaps destabilize global operations of the DNS, along with other significant consequences. Can you highlight main areas of focus in the report and some potential problems/issues that you think need to be timely resolved?

A: Earlier in 2013, Verisign published a research report outlining some of the concerns that we have on security stability and reliability as new generic top level domains are introduced.

Now we have observed the operation in the gradual pace of growth for generic top level domains and the country code top level domains, but the addition of so many new gTLDs is unprecedented. It’s a huge multiplier of the use of the root servers with different kinds of usage patterns that may not have been anticipated previously.

We do commend ICANN for its commitment to ensuring security, stability and reliability of the root servers and the internet in general as the new gTLDs are introduced, which is why we have raised the concerns.

Some of the high points of these concerns: One is that the rapid pace of change for the root servers, by effectively adding an order of magnitude to the number of objects and perhaps even more to the amount of traffic, needs to be measured carefully. There is no one root server. There are in fact 13 different root servers by design with multiple independent operators. So to have a full picture of the impact, it’s important to have the right measurements in place. The reason that these measurements are important is that the root servers are not always used in the way you might expect them . In fact, we have seen that 10% of the traffic to the root servers is coming from generic top level domains that actually don’t exist. These requests are coming from throughout the internet to resolve things like .corp or .local, which are built-in to applications but are not generic top level domains.

So it’s important to understand the impact of this set of requests – which represents applications throughout the internet that assume that these gTLDs can be reserved for their own local use.

And that’s where the stability, security and reliability issues come in – If these applications are assuming that some generic top level domains have not been delegated, what happens when they are? How would we measure and see the impact? Could that compromise security? Could that cause systems to fail? That’s the area we ‘d like to have more study on.

Q: Do you personally think that new-gTLDs will have as significant impact on the domain industry as it is touted to be? Because new-gTLD launches of the past like Biz, Info, Travel, Mobi, etc. failed have to marginalize .COM’s dominant position.

A: The gTLD program which Verisign participates in a number of ways, is another way to give more choice to the users and the owners of the resources who’re looking for better ways to connect to each other, different ways of describing the servers that they’re present on the internet, different languages, different characters sets etc., because these are all that’ll make the internet easier to use and more accessible.

The objectives of the new gTLDs are very significant. I don’t know what can happen as these gTLDs progress or comment on any specific gTLD in particular, because in any area of innovation, industry learns over a period of time. But we do expect that the established domain names, net and .com in particular, will continue to be relied on for a long time to come.

Q: This one is regarding another one of Verisign’s initiatives. How serious is the IPv4 address shortage problem? Also, can you tell how IPv6 resolves the problems associated with IPv4?

A: IPv4 is a great example of unexpected success. When the internet first started, everything was so small that it was thought that 32 bits worth of address would certainly be enough for the stage of the experiment they were working on at that time. And it has been enough to take us till just recently, when the last block of IPv4 address was allocated.

Now, over the years, the internet community has found ways of using that same set of IPv4 addresses as effectively as possible with all kinds of sharing, reuse, mappings, translations etc. And that can continue, depending on what application you are trying to build, maybe for a few years or maybe even longer. But eventually, it becomes too difficult to keep putting all this patchwork in place on a set of addresses that has run out. You can imagine the same happening in other domains as well. If you run out of mobile phone numbers, you need to put in new area codes.

So, IPV6 is a complete breakthrough, because it has 4 times as many bits, and that’s an enormous exponential increase in the number of possible addresses. There is no foreseeable period in which IPv6 addresses would run out. In fact, IPv6 makes it possible to give out unique addresses for everything at every point in time. And the protocols and the parallel stacks of implementations are already being rolled out. Last year, there was an IPV6 day, where everyone who was participating enabled IPV6 so that you could reach their websites using the IPV6 protocol.

I think we will see co-existence for a period of time because the existing IPv4 systems are already working. But in new applications, especially in the mobile internet, we will drive the use of IPV6 and then pull all the rest along.

Q: To wrap up, what developments can we expect from Verisign labs in Q3 &Q4 of 2013?

A: Well, at Verisign labs, we are looking at the next generation of protocols and architectures for DNS and the way that it’s used. We have been active in promoting the DANE in DNSSEC for a period of time and I think that people can expect to see more of that.

We have also been looking closely at the security, stability and the impact of new gTLDs and we would likely have more to say on that too. In fact, Danny McPherson, the company’s Chief Security Officer, has started a blog series on Verisigninc.com that outlines many of the points that have some concern from our perspective and others as well.

We are also in the process of incubating some interesting new ideas that could be quite transformative so perhaps some of those could come out of the lab in Q3 and Q4 of this year also.

Page 1 of 5
1 2 3 5