How to Install an SSL on a Core/Unmanaged Ubuntu Server

Reading Time: 8 minutes

Why do I Need to Install or Reinstall My SSL Certificate?

According to Globalsign;

The Certificate Authority (CA) industry was alerted of compliance implications related to the inclusion of a specific extension (OCSP-signing extended key usage) in CA certificates which has, under certain conditions, unintended compliance and security implications. A number of GlobalSign Issuing CAs have been impacted by this issue. While no key compromise or security incident has taken place, we will be revoking these Issuing CA’s as part of our remediation plan in accordance with the CA/B Forum Baseline Requirements and the GlobalSign CPS. Revoked intermediate certificates can cause errors in the validation of certificates signed by these Intermediate Certificates.

Globalsign.com
Continue reading “How to Install an SSL on a Core/Unmanaged Ubuntu Server”

How to Install an SSL on a Core/Unmanaged CentOS Server

Reading Time: 7 minutes

Why do I Need to Install or Reinstall My SSL Certificate?

According to Globalsign

The Certificate Authority (CA) industry was alerted of compliance implications related to the inclusion of a specific extension (OCSP-signing extended key usage) in CA certificates which has, under certain conditions, unintended compliance and security implications. A number of GlobalSign Issuing CAs have been impacted by this issue. While no key compromise or security incident has taken place, we will be revoking these Issuing CA’s as part of our remediation plan in accordance with the CA/B Forum Baseline Requirements and the GlobalSign CPS. Revoked intermediate certificates can cause errors in the validation of certificates signed by these Intermediate Certificates.

GlobalSign.com
Continue reading “How to Install an SSL on a Core/Unmanaged CentOS Server”

How to Implement Zero Trust Security in 5 Steps

Reading Time: 6 minutes

What is Zero Trust Security?

Zero Trust security is the concept, methodology, and threat model that assumes no user, system, or service operating within a secured internal environment should be automatically trusted. It put forward that every interaction must be verified when trying to connect to a system before being granted access. This concept uses micro-segmentation, and granular edge controls based on user rights, application access levels, service usage, and relation to the location to determine whether to trust a user, machine, or application seeking to access a specific part of an organization.

Continue reading “How to Implement Zero Trust Security in 5 Steps”

How Was My Website Compromised? 

Reading Time: 7 minutes

In this tutorial, we will look at several methods that are used to compromise a website. In today’s world, websites use multiple procedures that represent the core functions of a modern business. Whether you have an eCommerce site or a business card site, a website is essential for driving business growth. We can safely state that a website is a unique image of your respective business. 

Continue reading “How Was My Website Compromised? “

SSL vs TLS

Reading Time: 4 minutes

What is the relationship between an SSL and TLS? Most of us are familiar with SSL (Secure Socket Layer) but not TLS (Transport Layer Security). Both protocols are used to transmit online data securely between two endpoints. SSL is older than TLS, but all SSL certificates can use both SSL and TLS encryption. TLS is the replacement protocol to SSL as TLS is the updated version of the SSL protocol. TLS operates similarly to SSL by using encryption methods to ensure secure communication.

Continue reading “SSL vs TLS”

Lynis: A Security Auditing Tool For Linux

Reading Time: 20 minutes

What is Lynis?

Lynis is a well known, seasoned security tool for Linux based systems (including macOS and/or other Unix-based operating systems. It performs an extensive health scan of your systems to support system hardening and compliance testing. The project is open-source software with the GPL license and available since 2007.

Continue reading “Lynis: A Security Auditing Tool For Linux”

What Is PCI Compliance?

Reading Time: 2 minutes

What Is PCI Compliance?

For any business that handles Credit Card data, in anyway, there is a set of rules and standards they must follow. These rules and regulations are called Payment Card Industry Data Security Standard. Or PCI-DSS for short, however this is often simplified to just ‘PCI Compliance’. These standards were put in place by major Credit Card companies to ensure data security. These standardized rules greatly simplify securing credit card data as they allow businesses to track a single standard. In the past each credit card network had their own standard which made it hard for users to be compliant. Continue reading “What Is PCI Compliance?”

Ensure Your Electronic Payments are PCI DSS Compliant

Reading Time: 6 minutesIf you process credit cards on a website, your site needs to be in compliance with the Payment Card Industry Data Security Standard. (This is abbreviated as PCI DSS, and even more often referred to simply as PCI.) PCI compliance certifies that your organization takes all necessary steps to protect sensitive customer data and provides a set of standards for your infrastructure and server setup. While Liquid Web does not offer full PCI compliance certification, we do offer a separate service that scans your server to see that PCI DSS requirements are met, a great tool during the compliance process. Continue reading “Ensure Your Electronic Payments are PCI DSS Compliant”