07 Mar 2019

Does your domain name belong to you?

Who is indicated as the owner of the domain name?

Since they already have an account with the host, many webmasters register the domains automatically in their own name. Thus, they do not waste time creating identifiers for each of their customers. Fast, effective, you think you will save time and that it will do one less thing to manage? Big mistake, it’s a very bad solution!

If one day you have problems with your provider and you want to communicate directly with your host, this will not be possible. Legally speaking, the domain name or the hosting service belongs to your webmaster and if you wish to take possession of it, you will be obliged to buy it at the price defined by its owner or to yield to a possible blackmail.

Who is informed in administrative contact?

The e-mail filled in as the administrative contact of your domain is the one that will be contacted in case of need of authorization for a transfer. Thus, if one day you are no longer happy with your host and you want to put your website elsewhere, you would need the agreement of the person in administrative contact. Even if you no longer work with your provider, the transfer of your site and all the information stored there will depend on it. And let’s not talk about the case where the provider has locked the key or left without leaving an address. You will then have to start heavy administrative procedures to recover your domain or your website.

Do you own code rights, graphics files and databases?

Even if it is not explicitly mentioned in the contract, the intellectual property code will apply on your website. This means that creators will always have ownership of different graphic files or lines of code. You will have the right to use them but not to resell them.

If you wish to own the copyright (in addition to the rights of use), you must specify it in your contract.

We advise you to be careful when you entrust your site to an external provider. Make sure you have all the necessary rights on your site and that the domain name is registered in your name. The best is of course to be a direct client at HOSTEUR, to be the owner of the server that will host your sites or your emails and especially your domains, so tomorrow, in case of conflict, with your provider, he can not suspend you or cut the service because it is YOU and YOU alone who will be the owner.

If you have doubts about a provider or questions, do not hesitate to contact us, we will be happy to help you and give you more information.

Source: Gozil

Partager
07 Mar 2019

Web hosting: a short story

The advent of the Internet and web hosting

Even though web hosting is still young, its story has gone through several stages of development. Its year of birth is considered to be 1991: this is the time when the National Science Foundation in the United States (NSF) removes trade restrictions on the web. Used previously only for education and research, NSFNET also becomes accessible for for-profit organizations.

The WWW and the Electronic Commerce Revolution

This decision coincides with the emergence of the World Wide Web (WWW) founded by Tim Berners-Lee and his colleagues at CERN. Only a few years later, in 1995, NDFNET is decommissioned because WWW becomes the default method for accessing the Internet. This period is known as the e-commerce revolution. Once companies realized the potential of communication across the web, the need for web hosting offer has increased sharply. In 1995 there are 16 million internet users, which represents 0.4% of the world’s population. This January the agency We are social has published its annual report according to which Internet users in 2017 are 3.77 billion people, or 50% of the population. Today the digital presence has become indispensable for almost everyone: every company, non-profit organization or even freelancer has its own website. The first time web hosting became popular was the launch of GeoCities in 1994. It was a platform that allowed users to upload content pages to digital cities.

Shared hosting

At the time to host its own site, we had to own a server. Since the servers were expensive and very busy, shared hosting appeared. According to a research done by Pingdom, the average storage space that was offered to host a website in 1998 was 153 MB and this for $ 16.28 per month. A big change has been made over the years: now the price-quality ratio of accommodation services has improved considerably.

The Cloud

Since 2007 another way of web hosting has appeared: the Cloud.

According to the National Institute of Standards and Technology (NIST) definition, cloud computing is the access via a telecommunications network, on demand and self-service, to configurable shared computing resources. It is therefore a relocation of the IT infrastructure. Very popular among small businesses for its low prices and for its flexibility, the cloud attracts more and more users today.

Source : Gozil

Partager
07 Mar 2019

How is SSL doing to protect communications?

How can I be sure that SSL protects me?

First, SSL uses an encryption system:

  • Asymmetric (like RSA or Diffie-Hellman). It is used to generate the master key that will generate session keys.
  • Symmetric (DES, 3DES, IDEA, RC4 …) using session keys to encrypt the data.

And a system of:

  • Cryptographic signature of messages (HMAC, using MD5, SHA …) to ensure messages are not corrupted.

It is during SSL negotiation that the client and the server choose common systems (asymmetric, symmetric encryption, signature and key length). In your browser, you can see the list of used systems by placing your cursor on the small padlock when you are in an HTTPS page.

What are the certificates for?

During an SSL negotiation, it is necessary to make sure of the identity of the person with whom one communicates. How can I be sure that the server you are talking to is the one he claims to be?

This is where the certificates come in. When you log on to a secure web server, it will send you a certificate containing the company name, address, and so on. It’s a kind of ID.

How to check the authenticity of this ID?

These are the PKI (Public Key Infrastructure), external companies (which you implicitly trust), who will verify the authenticity of the certificate. (The list of these PKIs is included in your browser, usually VeriSign, Thawte, etc.) These PKIs cryptographically sign the business certificates (and they get paid for that).

The use of SSL: HTTPS, SSH, FTPS, POPS …

  • HTTPS: it’s HTTP + SSL. This protocol is included in almost all browsers, and allows you (for example) to consult your bank accounts via the web in a secure way.
  • FTPS is an extension of File Transfer Protocol (FTP) using SSL.
  • SSH (Secure Shell): it’s a sort of secure telnet (or rlogin). This makes it possible to connect to a remote computer in a secure way and to have a command line. SSH has extensions to secure other protocols (FTP, POP3 or even X Windows).

It is also possible to secure protocols by creating SSL tunnels. Once the tunnel is created, you can pass any protocol in (SMTP, POP3, HTTP, NNTP …). All data exchanged are automatically encrypted. We can do this with tools like STunnel (http://www.stunnel.org) or SSH.

In fact, with the POP3 protocol that you usually use to read your mail, passwords and messages are transmitted in plain text over the Internet. On the other hand it is possible to steal your passwords and messages.

With the SSL tunnel, and without changing the client and server software, you can secure the recovery of your email: no one can steal your passwords or emails since everything that passes through the SSL tunnel is encrypted. But this requires installing STunnel on the client and on the server. Some service providers offer this service, but it is too rare. Ask your service provider if he has this kind of service in place. STunnel thus makes it possible to secure the majority of protocols based on TCP / IP without modifying the software. It is very easy to install.

 

So when I see the padlock, it’s secure?

It must be recognized that the padlock tells you that communications between your browser and the website are safe: no one can spy on them, and no one can tamper with communications. But it does not guarantee anything else!

In conclusion, To take an image:

HTTPS (the padlock) is a bit like an shielded van: It ensures the safety of transport. But really only transportation. The shieldedvan will not guarantee that the bank uses good safes and closes them well. The shielded van also does not guarantee that the bank does not do wrongdoing. The shielded van really only guarantees the transport. It’s the same thing for HTTPS (the little padlock of the browser). In the same way that mobsters can rent the services of an shielded van, pirates and mobsters can very well create a secure site (with the small padlock). Be vigilant, and do not confide any information on any website, padlock or not.

 

Source : sebsauvage

Partager
07 Mar 2019

From HTTP to HTTPS, why?

Why switch to HTTPS?

Although this procedure is relatively simple, it does require some clarification and precautions.

SSL & HTTPS definitions

First of all, let’s start with a few definitions and reminders:

SSL: Secure Sockets Layer is a secure Internet exchange protocol, originally developed by Netscape. This is the security technology standard for establishing an encrypted link between a web server and a browser. It ensures the privacy of data exchanged between the web server and browsers.

HTTPS: HyperText Transfer Protocol Secure, literally “secure hypertext transfer protocol”. Https is the combination of HTTP with SSL or TLS encryption layer. Also, The HTTPS allows the visitor to verify the identity of the website he accesses and guarantees the confidentiality and integrity of the data and validates the visitor’s identity if he is also using a client authentication certificate.

The difference between HTTP and HTTPS:

There are many criteria that differentiate HTTP from HTTPS, here are the 3 main ones:

  1. The URL scheme:
    • HTTPS URLs start with “https: //” and use the default port 443.
    • The HTTP URLs start with “http: //” and use port 80.
  2. Security: HTTP is not secure and is subject to many attacks, which can let attackers gain access to sensitive information, while an HTTPS-only website is designed to resist and protect against such attacks.
  3. Network Layers: HTTP operates on the highest layer of the TCP / IP model that is the application layer. The secure SSL protocol works as a lower sublayer of the same TCP / IP model, but it encrypts the HTTP message before it is transmitted and decrypts it on arrival. It can thus be said that HTTPS is not a separate protocol, but refers to the use of ordinary HTTP over an encrypted SSL connection.

Why use HTTPS?

As a preamble, the HTTPS is especially useful on unencrypted networks (such as Wi-Fi), or anyone on the same local network can “sniff” via packet sniff data and access sensitive information.

When you serve content from your website via HTTPS, you are assured that no one will change the way information is received by users. If you are doing business online, you will need SSL. This is the best way to protect your users’ data and defend against identity theft.

When you serve content from your website via HTTPS, you are assured that no one will change the way information is received by users. If you are doing business online, you will need SSL. This is the best way to protect your users’ data and defend against identity theft.

For a better SEO? Secured sites via SSL also benefit from an advantage for their referencing in the search results pages. This is what Google has announced that today includes the encryption of sites to its list of positioning criteria. I remain strongly mixed on the premium SEO / HTPPS

Partager
06 Mar 2019

What to start with? Which SSL certificate to choose?

Which SSL certificate to choose?

First, there are different types of SSL certificates:

  1. Validation Domain is the typical certificate and usually the cheapest. These certificates allow basic encryption, are issued very quickly and require a simple verification for domain ownership.
  2. Coporate Validation: These certificates include the authentication of the company and / or organization owning the domain.
  3. Extended Validation: With this type of validation, the CA performs an in-depth review of your business before issuing the certificate. This SSL certificate offers the highest degree of security.

Enable SSL certificate

There are as many possibilities as hosting and the procedure is different depending on your provider (dedicated, VPS, Shared, …)

For shared hosting, ask your hosts, some offer SSL certificates in their offers.

Attention to the fault SSL3 POODLE

A Google team recently highlighted a security flaw in the SSL protocol used to encrypt data exchanges between a browser and a website. Implementation, it allows a hacker to impersonate his victim and access private data on a service such as a webmail or the server of a bank.

This SSL vulnerability has been dubbed “POODLE” for Padding Oracle On Downgraded Legacy Encryption. It uses an old version 3 of the SSL protocol, released 15 years ago, which provides the encryption of a transaction. Another more robust and widespread method exists nevertheless: TLS 1.0. However websites still use SSLv3 to ensure compatibility with Internet Explorer 6 in Windows XP. Especially the technique can simulate a connection problem and force a browser to switch from TLS to SSLv3. More information on this SSLv3 Poodle vulnerability.

In conclusion, to guard against it, you will have to disable the SSL v3 on your server.

Finally to check the quality of your SSL certificate, simply test your domain on https://www.ssllabs.com.

Source : wpformation

Partager

© 2023 Gozil. Tous les droits réservés