| Glossary |
Certificate Authority
Certification Authority is an organization or company that validates entities’ identities (individual, websites, business, or email addresses) and binds them to cryptographic keys through the electronic document issuances referred to as digital certificates.
A leading CA will:
- Be at the forefront of developing baseline standards
- Be actively involved with industry groups
- Offer resources regarding best practices, certificate management, and compliance
Certificate Transparency
Certificate Transparency works within the existing Certificate Authority infrastructure to provide post-issuance validation for the issuance of SSL Certificates.
Certificate transparency may prove useful in helping domain owners identity misissued certificates.
Certificate Transparency has two components
- CT logs
- Monitors
CT logs: maintain records of issued SSL Certificates with the entries which cannot be modified or deleted in any way.
Monitors: query CT logs and can download and store certificates for future reporting. Monitors will organize the certificates into subfields simplifying the query process for users. Read More
Discovery and Automation
Certificate discovery is the process of identifying and reporting SSL/TLS certificates on your network using sensors. Sensors are small software applications responsible for finding SSL/TLS certificates installed in strategic locations on a particular network.
Discovery and Automation is a feature that identifies, monitors and automatically renews certificates installed across a network. Discovery and Automation give users complete control over their chosen security solutions.
Benefits of Discovery and Automation
- Gain a holistic view of certificates on your networks
- Faster response to vulnerabilities and security issues
- Avoid downtime from certificate expiry
- Automated certificate lifecycle management ensuring the installation and timely renewal of SSL/TLS certificates.
- Configurable notifications and in-console alerts
Domain Validation Certificates
Domain Validated SSL certificates provide basic validation for companies. A DV certificate confirms that a business owner controls the domain in question. A few verification checks such as email verification and website registration information may be undertaken by the certificate authority (CA) to issue a DV certificate. DOMAIN VALIDATED CERTIFICATES (DV) 1-2 days to issue.
Elliptic Curve Cryptography (ECC)
Elliptic Curve Cryptography (ECC) is the latest encryption standard available. It promises more robust security, increased performance, a shorter key length. The shorter key lengths make ECC an ideal choice for devices with limited storage or resources. If we compare the RSA and DSA algorithms, a 256-bit ECC key is equal to a 3072-bit RSA key. Smaller key sizes require less computing 2power, meaning faster and secure connections. Read More
Encryption
Encryption is the process of encoding information and ensuring only authorized users can read it. It establishes privacy, and secure data integration protecting confidential information from being exploited by potential threat actors.
Encryption is an essential requirement for securing business operations, and our experts can help you implement encryption today.
Extended Validation Certificates
Extended Validation SSL certificates represent the highest level of trust and authentication available in the industry. Organizations undergo a more rigorous verification process than that required for a DV or OV certificate. Therefore, organizations with an EV certificate are granted the highest trust level by customers and professionals industry-wide. EXTENDED VALIDATED CERTIFICATES (EV) 7-10 days to issue
Malware Scanning
Hackers exploit security weaknesses on your server to gain access to your website and install malicious code. Malware scanning allows users to regularly scan their devices, networks and websites for malware and remove it before any serious damage is caused. Read More
MULTI-DOMAIN CERTIFICATE
Multi-Domain Certificates, also called SAN certificates, offer boundless flexibility and complete control over the Subject Alternative Name field. And now, any DigiCert certificate can be configured to allow multi-domain. These certificates are ideal for securing many names across different domains and subdomains. You also have the option to add, change, and delete any of the SANs on the fly to reflect the evolving needs of your network.
- www.example.com
- www.example2.com
- www.example3.net
- mail.example.net
- dev.example2.net
Organization Validation Certificates
Organization Validation SSL Certificates verify the identity of organizations and help to establish trust between companies and customers. An OV certificate issues a padlock on the website address bar communicating to customers that their information is secure for the duration of their visit. ORGANIZATION VALIDATED CERTIFICATES (OV) 3-4 days to issue.
Padlock
There are two elements to indicate that your site is encrypted with SSL Certificates.
- A closed padlock
- A URL that begins with “https:” rather than “http:”
Suppose an SSL certificate is installed on the server. In that case, the browser running the website will recognize the organization’s information stored in the SSL certificate and display the secured URL as https with a padlock.
One of the easiest ways to check the certificate details of a website is merely clicking the padlock on the address bar and then select “View Certificate.”
Payment Card Industry (PCI) Compliance
PCI compliance (Payments Card Industry) refers to adhering to a specific set of technical and operational rules and requirements mandated by card companies to ensure secure credit card transactions across the industry. When Credit/Debit card details are shared there is always a risk of the information falling into the wrong hands. Personal information can easily be intercepted without robust security protocols in place.
According to PCI DSS rules, card payments must be taken on web pages with HTTPS enabled. Installing an SSL certificate on your website will establish a secure tunnel between your web server and the customer’s device, ensuring the secure encrypted transmission of any shared data. All of our SSL/TLS certificates comply with PCI standards and offer the most robust encryption algorithms. Read More
Public key Cryptography
Public key cryptography or public-key encryption is an encryption method that uses two separate keys. One is the public key, which is available for anyone to use. The other key is the private key which is known to the owner of the data. The data encrypted with the public key can only be decrypted and read with the private key and vice versa, making it a secure method to protect confidential data from authorized access and exploitation. Read More
Quantum Cryptography
Quantum Cryptography is an evolution of cryptography (the art of writing and solving code) that utilizes quantum mechanics to perform cryptographic functions.
Principles of quantum mechanics
- The particles that make up the universe are unstable and can simultaneously exist in more than one place or more than one being.
- Photons are randomly generated in one of two quantum states.
- You can’t measure a quantum property without changing or influencing it in some way. Read More
RSA
RSA is an algorithm for public-key cryptography. RSA works based on a public and private key. A public key is used to encrypt data before sending it to the server on which the certificate is located. Every user attempting to connect with the site is sent to the public key. The private key is used to decrypt the data encrypted by the public key. It is essential to ensure no one has access to your private key except you as the data owner. Read More
Site Seal
A site seal is a visual indicator that lets your visitors know that your organization values online security and privacy. When a user clicks on a site seal, it displays your certificate details.
Site seal is a proven way to signal website security and boost transactions. The site seal code consists of two code parts: HTML AND JavaScript.
HTML Code
The HTML code (“div” container block) displays the DigiCert Site Seal on your web page. Paste the “div” portion of the code into your page code wherever you want the seal to appear on the web page.
JavaScript Code
The JavaScript code is used to make the site seal work (for example, the code makes the site seal appear on the page and styles the “div” container block). Paste the script portion of the page code anywhere on the page (for example, next to the “div” block).
Subdomain
Subdomains act as an extension of your domain name to help organize and navigate your website’s different sections. You can also use a subdomain to send visitors to a completely different web address, like your social media page, or point to a specific IP address or directory within your account.
Example:
shop.localhost/ssl
In this example, ‘shop’ is the subdomain, ‘sslsupportdesk’ is the primary domain, and ‘.com’ is the top-level domain. You can use any name as your subdomain, but ensure it to be easy to remember.
UC/SAN Certificates
A Unified Communication Certificate (UCC) is a digital security certificate that allows various hostnames to be protected by a single certificate. UC certificates are also recognized as SAN certificates, multi-domain certificates, or Exchange certificates.
The Subject Alternative Name field lets you specify additional hostnames (sites, IP addresses, common names, etc.) to be protected by a single TLS/SSL certificate, such as a Multi-Domain (SAN) or Extended Validation Multi-Domain Certificate.
DigiCert multi-domain certificates come with unlimited reissues. So when needed, you can add SANS to your certificate. You can also change the common name, change the order of SANs, remove SANs, change SANs, and add SANs.
Validation process
Before CA can issue any certificate, the certificate order must first go through a validation process. For OV and EV TLS/SSL, Private SSL, Code Signing, and Document Signing certificate orders, the certificate’s validation process includes organization validation and verifying the organization contact.
For certificates issued to a domain (TLS/SSL and some client certificates), the certificate order process includes domain validation.
To quicken the certificate issuance process, you’ll want to submit your organizations and domains for pre-validation. Once you’ve completed pre-validation, future certificate issuance and renewals for those domains and organizations can be done almost immediately.
Vulnerability Assessments
Vulnerability Assessments identifies risks and vulnerabilities in computer networks, hardware, applications, systems, and other parts of the IT ecosystem. The information it provides helps analyze and prioritize potential security risks.
The scanning process involves four steps, vulnerability identification, analysis, risk assessment, and remediation. Once the initial scan is complete, a vulnerability assessment rescans your entire website to confirm that any identified vulnerabilities have been removed. Read More
Wildcard Certificate
An SSL Wildcard certificate is a single certificate with a wildcard character (*) in the domain name field. This allows the certificate to secure multiple subdomain names (hosts) of the same base domain.
For example, a wildcard certificate for *.(domainname).com, could be used for www.(domainname).com, mail.(domainname).com, store.(domainname).com, in addition to any additional sub domain name in the (domainname).com.
SiteLock
Phishing
The practice of sending spam e-mails to attempt to deceive people into visiting a malicious site or providing personal information to an unintended recipient. This is not only through emails.
Spam Verification
Spam scan will check 3rd party spam lists to make sure that the customers IP address is not reporting. If a website was found on one of these blacklists, all outgoing emails are likely to bypass the recipient’s inbox and go straight in to their spam folder until the IP is removed from the list.
Open-source platform
Refers to software that is provided free of charge for anyone to use. Many SiteLock customers use Open-Source Content Management Systems (CMS), such as:
- WordPress
- Joomla
- Drupal
- osCommerce
- phpBB
- Zen Cart
- Magento
- Open Cart
Malware
Short for malicious software, malware is designed to harm or secretly access a website without the owner’s knowledge. Websites hosting or linking to malware or malicious sites will eventually be blacklisted by search engines (e.g. Google) and anti-virus tools, preventing them from being viewed by most customers.
SQL Injection
SQL Injection (pronounced “sequel” injection) is a technique often used to attack data driven applications. This is done by Including portions of SQL statements in an entry field in an attempt to get the website to pass a newly formed rogue SQL command to the database (e.g., dump the database contents to the attacker). SQL injection is a technique that exploits security vulnerabilities in an application’s software.
XSS
Cross-site scripting is a vulnerability of weak coding. XSS enables attackers to inject script into web pages viewed by other users (to modify the page’s appearance and/or behavior). A cross-site scripting vulnerability may be used by attackers to bypass access controls by gaining access to a visitor’s cookies or other personal data. XSS also allows a hacker to create a page content within an existing iframe. Cross-Site Scripting will usually lead to some type of phishing.
Backdoor File
This is a file that a hacker inserts into a website that behaves like a rogue control panel. It provides the ability to modify, delete or add content to a website. It is an entry point for a hacker to control the site.
Network scan
SiteLock’s network scan checks the thousands of ports on a server to make sure only the appropriate ones are open for your server type.
Root Directory
In website file systems, the root directory is the first or top-most directory in a hierarchy. It can be likened to the root of a tree, the starting point where all branches originate. It would be like the C:\ drive on your personal computer.
IP address
An Internet Protocol address (IP address) is a numerical label assigned to each device (e.g., computer, printer) participating in a computer network that uses the Internet Protocol for communication.
Cloud Computing
The use of hardware and software that are delivered as a service over the Internet. This is how SiteLock distributes our scans
Expert Services (ES)
The act of providing a manual malware clean or vulnerability fix by our security engineers. ES will not repair any design damages done by a hacker.
Bandwidth
Bandwidth in the computing world refers to the amount of data that is transferred to and from a website or server that website is sitting on. Usually this is measured in BPS or bits per second.
Control Panel (Cpanel)
A customers Control Panel is where they manage everything for their hosting account. Collecting these logins allows SiteLock to clean websites as well as configure the (WAF) Web Application Firewall as long as the DNS records are managed here as well. Most of our customers use either CPanel, Parallels Plesk or V Deck.
Index File
The index file is the file within a website that is in charge of displaying the initial page you see when a website is viewed. During some hack attempts this file is deleted or a new one with a higher order of precedence is uploaded and displayed.
| index.html | index.php5 | default.html |
| index.htm | index.php4 | default.htm |
| index.shtml | index.php | index.php3 |
| index.cgi | home.html | home.htm |
Blacklisted
In the security industry this is as bad as it gets. When Google, Yahoo, Bing, etc. crawl a website for rankings but find malware they will blacklisted the site. This means that they will insert a header for the site when searched that says something along the lines of “WARNING: Visiting this site could harm your computer.” Would you visit that site? If the site is access directly there is usually a red screen that has a giant warning message like this one.
