Self-Signed Certificates: Beware, Free Can Very Costly.

A6H8PY7Y496C All things being equal, free is my favorite price range!

The caveat I would add is that things are almost never equal when we talk about free.

It might be tempting to use free “self-signed” certificates to implement SSL on your web site, unless you fully understand what you are not getting with it. We all know about what happens when we are penny wise!

When a user connects to an SSL site a message is sent with the certificate information required to setup a secured connection. It must include the name of the certificate "signer" which is either:
the creator of the certificate (self-signed) or
a third party called a Certificate Authority.

There are scams where hackers trick users into thinking they are connected to one site and they are actually communicating with another. This is a so called “man in the middle” scam where a hacker gets in between the communication between a browser and a web site.

Self-signed certificates leave your users vulnerable to these predators. It adds about as much value as “co-signing” a loan to yourself! It does nothing to avoid users providing personal and financial information to criminals engaged in fraud.

A Certificate Authority (CA) provides assurances to the browser that the site it intends to connect to is in fact that site. Only with a CA-signed certificate does the browser know that the key it receives to encrypt messages is from the actual owner of the site.

Because of this, most browsers will display a warning message that a site with an unsigned certificate may be a danger. The user can bypass the message, but it does not leave the user with a warm and fuzzy feeling about the site.
And the warning message is correct. If your web site has been hacked by a scammer your users are in peril if they proceed.

Let’s be crystal clear about this.
You NEVER want to use a self-signed certificate on a public internet site.

If you need secured communication for a “customer facing” web site, such as an e-Commerce site. You would be exposing your customers and your business reputation to unwarranted risk. Every time your customers visit your site their browser will remind them that you are not a trustworthy operation.

Free could turn out to be very costly, indeed!

So what about internal intranet sites? Do self-signed certificates ever make sense?
Yes, but you also need to be cautious before using them on intranet sites.

More and more employees are accessing intranet sites remotely though the internet, from outside the company firewall. That may create opportunities for the hackers if you do not use a signed certificate.

Furthermore, users will also be disturbed by the browser warnings. The risks aside, it does not create a professional appearance.

It is probably best to limit the use of self-signed certificates to test labs where the data entered is not real and the testers can be warned to ignore the browser messages.

Read more ►

Compare SSL: Protecting Multiple Sites Under a Single SSL Certificate

Do you operate multiple web sites and domains that need SSL Certificates?

SSL Certificates are essential if you operate a web site that exchanges personal information with visitors. They provide secured, encrypted communication where the visitor’s browser can verify it is connecting to your site and not some criminal that has hacked in to your site.

However, if you operate a lot of sites that require SSL Certificates it can get expensive and difficult to manage. Certificate Authorities charge annual fees for them and each certificate has an expiration date. If you have a large number you want to be sure that you do not leave any expired or revoked certificates in service. Browsers will display warnings for expired and revoked certificates that the site might not be trustworthy. That’s not the kind of messages you want your visitors to see if you value your reputation.

But there is good news!

There are two different types of SSL Certificates that could help you efficiently operate multiple sites, but you need to understand what they cover and their limitations before you decide what to use.

Wild Card SSLs for Subdomains

If you need SSL for multiple subdomains you should consider a Wildcard SSL. You can purchase one wildcard SSL that will cover a site and all its sub sites.

For example, you can apply one wildcard SSL that covers jelly.com, grape.jelley.com, strawberry.jelley.com, etc. The possibilities are literally endless!

The more subdomains that you operate the greater the benefit.

However, before you implement a wildcard SSL you need to understand two significant factors. First, wildcard SSLs are not issued with EV (Enhanced Verification). They are appropriate for many purposes on the public internet and internal intranet sites, but if you need the highest degree of assurance you need an EV Certificate.

An EV Certificate not only assures your visitors that you own the site, it assures them that you are a trustworthy business operation. This is critical for financial transactions, such as on shopping cart sites or other online payments.

Second, you should also consider that if one server or subdomain covered by the wildcard is compromised all of the others for that certificate are at risk.

The bottom line is that wildcard SSLs can be great, but make sure you use them wisely.

UC SSLs for Multiple Domains

If your organization uses an MS Exchange or Office Communications Server (OCS) environment, you can consolidate all of your certificates into a single Unified Communications (UC) SSL Certificate

UC SSL Certificates can be applied to multiple domains and host names. One UCC SSL certificate can be used for a domain and up to 99 alternate names, called Subject Alternate Names (SANs).

For example, you can protect both www.kjudge.com and www.kjudge.net with a single certificate.

A UC SSL Certificate differs from others only in that it includes a SAN field to list domains that the certificate will protect in addition to the primary domain. With Microsoft Exchange, you can easily update the SAN field to add or subtract domains.

Do you want to host multiple web sites on the same server? With a UCC SSL and SANs you can do that without having to use a unique IP Addresses for each site.

The only consideration here is that browsers display certificate information that shows the primary domain and all SANs. This is only a concern if you do not want your users to associate the sites.

Do you use Outlook Web Access?

If your operation uses Outlook Web Access (OWA) it is critical that all of your Exchange domains be protected by an SSL certificate. Otherwise, any sniffer could pick up userid and passwords and compromise your corporate communications.

UC SSL is an efficient way to cover all of your Exchange domains. Any additional costs from using SSL Certificates are nothing compared to the potential damage from a breach of your email system.

Read more ►

Comodo System Utilities – A Free Download better than Most Paid Programs

Computer users worldwide who are looking for personal computer software that can tune up a lethargic system should investigate the Comodo System Utilities, which is a free computer security product which allows consumers to download free internet security. The free Comodo System Utilities software is comparable; if not better than many of the paid system utility products on the market. 

When you’re looking to download internet security; what features are important to you? Fortunately, the Comodo System Utilities package includes everything you need to install an effective clean-up for the Windows registry system. This free download removes or repairs any entries that are corrupted. It also includes a disk cleaner that defrags the disk so as to free up and improve performance and a cleaner for privacy that deletes cache and history and cookies so as to protect one’s identity and privacy on their computer.

The Utilities are easy to use and navigate through. There are two sections on the interface—the main content area and a side bar on the left with the various options for cleaning one’s system. Clicking on any one of these options activates that utility in the main content area.

There is a general purpose “Clean My Computer” button, which cycles through all the available utilities but one can also choose the individual utilities such as “Privacy Cleaner," “Registry Cleaner” and “Disk Cleaner” on an as-needed basis. The Active Clean option deletes temporary files and other types of files without needing intervention from the user, which makes it a simpler process.

Another positive when you’re looking to download internet security software is the auto run manager in Comodo’s System Utilities; which can help a user to select those programs that are launched when the computer starts up. When some of these programs are deactivated, the boot time of a PC can be increased, but one needs to be careful with certain obscure programs or services so as not to deactivate those that may be essential to a computer’s operation.

Comodo System Utilities also includes some other nifty programs. There is a “Wiper” utility that can completely clean a drive which is useful when giving away or selling one’s computer. “Safe Delete" is another handy utility that enables one to recover files that were permanently deleted by mistake and can restore one’s computer to state previous to one in which the deletion of these files may have caused problems with the running of one’s computer. There is also a live customer support module that can be installed called “Comodo Geek Buddy” that provides immediate help to those having trouble with using the utilities and is found on the interface in the upper-right corner. 

Finally, many have found that the performance of their computers was greatly improved after using the Comodo System Utilities, making them a worthwhile investment for any PC user. So, when you’re looking to download free internet security, make sure you take the time to look into the Comodo System Utilities program. It’s definitely worth your time and will save you a lot of money and stress in the long run.

Read more ►