Site Security: There is No Magic Key for Protection

December 12, 2013 | By Kevin Judge

Endpoint SecurityInternet site security requires a layered approach, at least if you want to sleep well at night! No single layer provides 100% protection. Encryption ensures that no one can “listen in” on a conversation between a browser and a web server. However, hackers may be able to divert or send a user to a fraudulent site pretending to be yours. If you operate an e-Commerce site, your site visitors need to be assured that your site is exactly what it purports to be. That is what assurance is all about. A high level of assurance is required with your SSL protection so that site visitors have the confidence to do business with you.

Does encryption plus assurance equal 100% protection?
Not quite. It’s close enough that Comodo can offer generous warranties.

However, there have been some very rare cases where the certificate validation system has been compromised. More important, however, is that your network and web server must also be protected to ensure that hackers do not compromise web pages and page objects.

In addition to strong network firewalls, your site should undergo a regular vulnerability scan from a service such as Comodo HackerGuardian. HackerGuardian PCI Compliance Scanning is a vulnerability assessment scanning solution designed to achieve and maintain industry compliance and retain the ability to accept card payments. Using a secure online interface, administrators can remotely run scans to PCI standards on their externally facing IP addresses that touch the credit card acceptance, transmission and storage process.

Since a network is only as vulnerable as its weakest link, it is important that a company also use an Endpoint Security Management System, such as Comodo ESM. Comodo’s new CESM 3 platform provides Comodo’s top ranked anti-malware suite that proactively protects your servers, workstations, laptops and netbooks, while offering advanced, real-time management and control over critical system resources.

The bottom line is that securing your web site and protecting your customers begins with SSL encryption and assurance, but a comprehensive and layered approach is required for complete protection of your site.

Be Sociable, Share!

    Tags:

    Comments

    steve December 15, 2013 at 11:59 am

    No it clearly doesn’t.. Make comodo dragon v33 already instead of spending time talking about the obvious.

    Reply
      Kevin Judge December 16, 2013 at 7:32 pm

      Steve, it may seem obvious to you that no layer of protection provides 100% protection. I take it that you are well informed
      However, we frequently get this question from Comodo customers and prospective customers who have various levels of technical knowledge, sometimes minimal.
      If you think about, there is plenty of room for confusion if you are not very knowledgeable about the technology.
      When we say SSL provides secure, encrypted communication it would be easy to assume that means the site is 100% secure.
      As we tried make clear in the blog, SSL blocks a critical line of attack by hackers yet is only one line of attack.

      Oh, and have no fear. The team that updates blogs.comodo.com is unrelated to the Dragon Browser team.
      And you are correct. With the continued onslaught from disturbingly resourceful hackers, they have no time to wast.

      Reply
    Aggravatorx March 21, 2014 at 8:36 pm

    I would take a safe browser anytime over updating it to another version every week my god between firefox and google updating there version 34-60 wars its getting silly both would be better off fixing there security problems.put the browser in the cloud and do updates silent.and have us all safe from malaware and scam sites.and block those annoying popups.consumers just want to be safe making a purchase from the internet.

    Reply

    Add new comment

    Your name
    Comment

    You may use these HTML tags and attributes: <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>