03rd May 2018 - Is your website secure?

Don’t have an SSL? Google has made some changes that you should know about!

With so many internet security breaches recently, the web (in this case, Google) are implementing extra measures to protect sensitive data. Beginning in July 2018 with the release of Chrome 68, Chrome will mark all HTTP sites as “not secure”.

So, what is an SSL and do I need to worry?

SSL stands for Secure Sockets Layer and is used to encrypt data between your web browser and the server. If your website takes text inputs in the form of login panels, contact forms, search bars, then its important you consider SSL. This will ensure that all data passed between the web server and browsers remain private and integral.

What does this mean for my website?

Data sent using HTTPS (Hypertext Transfer Protocol Secure) is secured via Transport Layer Security protocol (TLS), which provides three key layers of protection:

Encryption—encrypting the exchanged data to keep it secure from eavesdroppers. That means that while the user is browsing a website, nobody can "listen" to their conversations, track their activities across multiple pages, or steal their information.

Data integrity—data cannot be modified or corrupted during transfer, intentionally or otherwise, without being detected.

Authentication—proves that your users communicate with the intended website. It protects against man-in-the-middle attacks and builds user trust, which translates into other business benefits.

In Chrome 68, the omnibox will display “Not secure” for all HTTP pages.

 

You can read more about the recent announcement earlier this year here

What are the SSL's that we can provide?

There are a range of different SSL providers out there, some considerations must be undertaken as to what might suit your website and needs. 

Some of the considerations for an SSL provider should include: 

- Up to 256bit
- Encryption Algorithm
- Email Support Only
- Warranty
- GeoTrust Dynamic Secured Seal Trustmark

As well as an additional feature such as Extended Valuation (Green Bar) which helps provide peace of mind for website visitors to know that the site is safe:

 

In addition to this there is great value in adding  secure Daily Malware Scanning.

To find out more please visit our SSL Page

When Should I Switch to SHA-2?

SHA-2 was created by the National Institute of Standards and Technology (NIST) to replace SHA-1 after mathematical weaknesses were discovered in the algorithm. For the past few years, network security experts have warned that certificates using the SHA-1 hashing algorithm will soon be in danger of being hacked due to consistent advancements in computing technology.

Google, Mozilla, and Microsoft have already started phasing out trust for SHA-1 SSL Certificates. Chrome shows SHA-1 warnings for sites using SHA-1 certificates. Administrators who have not yet replaced their SHA-1 certificates with SHA-2 certificates should start making the switch now. 

Administrators should consider the impact this update could have on and plan for the following:

- Hardware compatible with SHA-2 
- Server software updates supporting SHA-2
- Client software support for SHA-2
- Custom application support for SHA-2

Intervolve strongly recommends that you accelerate SHA-2 deployment where possible and prepare to fully migrate your environment to SHA-2, If you have any questions or need help with your migration, please contact our support team on 1300 664 574. 

Website owners need to act now!

If you are interested in finding out more about any of the above please Contact us today for details!