Web Server

Stands for “Secure Sockets Layer.” SSL is a secure protocol developed for sending information securely over the Internet. Many websites use SSL for secure areas of their sites, such as user account pages and online checkout. Usually, when you are asked to “log in” on a website, the resulting page is secured by SSL.

SSL encrypts the data being transmitted so that a third party cannot “eavesdrop” on the transmission and view the data being transmitted. Only the user’s computer and the secure server are able to recognize the data. SSL keeps your name, address, and credit card information between you and merchant to which you are providing it. Without this kind of encryption, online shopping would be far too insecure to be practical. When you visit a Web address starting with “https,” the “s” after the “http” indicates the website is secure. These websites often use SSL certificates to verify their authenticity.

While SSL is most commonly seen on the Web (HTTP), it is also used to secure other Internet protocols, such as SMTP for sending e-mail and NNTP for newsgroups. Early implementations of SSL were limited to 40-bit encryption, but now most SSL secured protocols use 128-bit encryption or higher.

Providers

Worldwide, the certificate authority business is fragmented, with national or regional providers dominating their home market. This is because many uses of digital certificates, such as for legally binding digital signatures, are linked to local law, regulations, and accreditation schemes for certificate authorities.

RankIssuerUsageMarket share
1Comodo8.1%40.6%
2Symantec5.2%26.0%
3GoDaddy2.4%11.8%
4GlobalSign1.9%9.7%
5IdenTrust0.7%3.5%
6DigiCert0.6%3.0%
7StartCom0.4%2.1%
8Entrust0.1%0.7%
9Trustwave0.1%0.5%
10Verizon0.1%0.5%
11Secom0.1%0.5%
12Unizeto0.1%0.4%
13QuoVadis< 0.1%0.1%
14Deutsche Telekom< 0.1%0.1%
15Network Solutions< 0.1%0.1%
16TWCA< 0.1%0.1%

 

 

 

There is a good news for all guys who are passionate about using SSL but don’t ant to spend money. Let’s give LetsEncrypt a try.

Each certificate is issued for 90 days and then you will have to reissue them, that too is free. 🙂

 

Just contact your provider for the same as they may have a cPanel/Plugin setup for you to get it in a click. 🙂

Read more

PCI standard or Payment Card Industry Data Security Standard

The Payment Card Industry Data Security Standard (PCI DSS) is a proprietary information security standard for organizations that handle branded credit cards from the major card schemes including Visa, MasterCard, American Express, Discover, and JCB.

The PCI Standard is mandated by the card brands and administered by the Payment Card Industry Security Standards Council. The standard was created to increase controls around cardholder data to reduce credit card fraud. Validation of compliance is performed annually, either by an external Qualified Security Assessor (QSA) that creates a Report on Compliance (ROC) for organizations handling large volumes of transactions or by Self-Assessment Questionnaire (SAQ) for companies handling smaller volumes.

Basics of getting PCI Compliant.
–+-
1) First of all, if is hardly possible of a Shared hosting environments as they will not mitigate certain threats coz others customers will have multiple issues connecting to the services.

2) If you own a Dedicated server/VPS you are good to go.

3) There are tonnes of companies who provide PCI scan reports and will finally get you the PCI Compliant seal that you can proudly put on on your site.

4) There are major three type of ratings that you will see, High >> Red, Normal >> yellow and Pass >> green.

High are potential threats and needs to be mitigated at the earliest.

Medium and pass can be ignored, as they don’t really matter.

5) There is a good point that you wanna keep in mind, if you are running Old CentOs versions or any other flavours like Ubuntu 12.x or below you should seriously upgrade first and then submit for the PCI scan.

For guys with CentOS servers 6.8 and above you really do not need to do anything special. Redhat and CentOS come in with a feature called backporting, and they down;load the patched on the current builds so no matter what comes out you are alwaye secured. You may want to call in your host and get them to check if all the CVE are backported.

Get the results that they give you and provide the same to the scanning commany so that they can whitelist the results oin the next scan. This way it may take a couple of scans but you will get the goal at hand. 🙂
—-

To whom does the PCI DSS apply?

The PCI DSS applies to ANY organization, regardless of size or number of transactions, that accepts, transmits or stores any cardholder data

Am I PCI compliant if I have an SSL certificate?

No. SSL certificates do not secure a web server from malicious attacks or intrusions. High assurance SSL certificates provide the first tier of customer security and reassurance such as the below, but there are other steps to achieve PCI compliance.

A secure connection between the customer’s browser and the web server
Validation that the website operators are a legitimate, legally accountable organization

What is a vulnerability scan?

A vulnerability scan involves an automated tool that checks a merchant or service provider’s systems for vulnerabilities. The tool will conduct a non-intrusive scan to remotely review networks and web applications based on the external-facing Internet protocol (IP) addresses provided by the merchant or service provider. The scan identifies vulnerabilities in operating systems, services, and devices that could be used by hackers to target the company’s private network.

References:
[1]. https://en.wikipedia.org/wiki/Payment_Card_Industry_Data_Security_Standard
[2]. https://www.pcicomplianceguide.org/pci-faqs-2/#2

Read more

different typesweb hosting

Shared, Dedicated, VPS, and Cloud hosting Different types explained

All sites and blogs on the Internet start with hosting.

Web Hosting 

is one of those beasts with so many variables that everyone gets lost, even developers with plenty of prior knowledge. In this article I’ll clear up the differences between the most common hosting types: shared, VPS, dedicated and cloud, let’s get started.

Shared Hosting – Cheapest, Best for Beginners

Shared hosting is the budget option. It is extremely cheap, but also not very good.
Some of the most well-known hosts in this segment are Bluehost, Siteground, and A Small Orange.

VPS Hosting – More powerful than Shared hosting

VPS stands for Virtual Private Server and is probably the most popular service to upgrade to and it can be the most well-balanced one as well.

A VPS server is still a shared environment, but the way it is shared is very different.

First of all, a VPS server is usually limited to 10-20. This decreases stress in itself, but the real improvement comes in the form of the hypervisor – which is the coolest name for something ever.

A VPS server is literally split into as many parts as there are users. If there are 10 users, 10GB of RAM and 200GB of hard drive space on the server, each user will be able to expand 1GB of RAM and 20GB of space. Once you hit the RAM limit your site may go down, but the others will remain stable. The hypervisor is the one responsible for managing the virtual machines that create this separation within the server.

Dedicated Hosting – If Your Site Exceeds 100k Visits/month

This is the hosting service that negates all bad neighbour issues because you are all alone on a server. This provides a host of benefits, but also comes with quite a few downsides.

Since you get a computer all on your own, many companies allow you to customise it extensively. You may be able to choose the amount and type of memory, the OS to install, and other hardware elements that make up a computer. This gives you a lot of flexibility which may be needed for some specialised software.

The downside here is that you actually need to know quite a bit about computers and server technology. While there are managed dedicated hosting solutions you’ll still need to do a lot more on your own.

Cloud Hosting

Cloud hosting is essentially the same as VPS hosting. Some companies don’t even call their service VPS anymore, the say Cloud or Cloud VPS. Let’s look at what cloud computing is first, and get back to what this has to do with hosting.

Until now we’ve been talking about computing that is similar to buying unit based products. If I buy a one-use battery and put it in video camera I can use it for a set amount of time until the battery runs out.

Cloud-based computing is similar to how utilities work. If I plug my video camera into the mains I can use it as much as I need and it will take as much power as it requires at the moment. If it is on standby it will use very little power when it is recording it will use a lot more but the electric system can handle the changes in power requirements.

 

Conclusion

Choosing a hosting package can be pretty difficult. The first step is understanding the type of hosting you need: shared, VPS, dedicated or cloud. Hopefully, this article has given you the background to figure that out.

If you’re just starting out (building your first blog/site) – go with shared hosting. It’s cheapest and usually more than you need at the beginning.
As the next step, you should take a look at a bunch of companies, I recommend checking our top rated hosts to find the best ones. Look at what’s on offer and compare the RAM, disc space, CDN usage, bandwidth and other quantifiable resources. Then take a look at any additional features on offer.

At the end of the process, you should have 2-3 favourites at which point it will boil down to personal preference. Perhaps a short talk with support – to gauge their helpfulness – will go a long way.

Read more