Author: admin

Google Chrome to Mark All HTTP Sites as ‘Not Secure’ from July 2018

Google Chrome Will Mark HTTP Sites ‘Not Secure’ from July 2018 with the Release of Chrome 68

New Highlights:

  • Google Chrome will start labelling all Non HTTP sites as “Not Secure”
  • The change will come with the Chrome 68 release in July 2018
  • Google’s Lighthouse tool, an open source app, helps developers run audits on web pages

For the past several years, Google strongly advising webmasters (sites) to adopting HTTPS encryption. Google said that within the last year, they helped users understand that HTTP sites are not secure by gradually marking a larger subset of HTTP pages as “not secure”.

As a part of this plan Google first rolled out with Chrome 58 when Google marked all HTTP pages as “Not Secure” if the web pages having password or payment credit card fields and the second stage with Chrome 62 version when Google marked all HTTP website pages opened in a private browsing windows as “Not Secure” and beginning in July 2018 with Chrome 68 release will mark all HTTP sites as “not secure” is the final stage.

 

 

In a recent announcement, Google has confirmed that when users visit every HTTP websites on Chrome they will be flagged as “Not Secure” from July 2018 with the release of Chrome 68.

 

In Chrome 68, the omnibox will display “Not secure” for all HTTP pages.

 

Developers have clearly heard the call, according to Google, the results of the efforts have been:

  • Over 68% of Chrome traffic on both Android and Windows is now protected
  • Over 78% of Chrome traffic on both Chrome OS and Mac is now protected
  • 81 of the top 100 sites on the web use HTTPS by default

So it’s clear that HTTPS is the wave of the future when it comes to internet security.

Google Lighthouse Tool

Google itself has a Lighthouse tool is an open-source, automated tool for improving the quality of web pages. Google encourage websites to use HTTPS with its automated Lighthouse developer tool and other set-up guides to transition over.

Take a Strategic Decision to Buying a Right SSL Certificate

Focus on choosing the right SSL Certificate for your business need. Before buying an SSL Certificate, you need to understand specific requirements to secure websites such as to protect Single Domain, Multiple Sub-Domains or Different websites. Move your website from HTTP to HTTPS with an SSL Certificate today!
If you want to know more how to protect your website and safeguard customer’s data? Please complete the form below to get more assistance from an Acmetek trusted security specialist advisor today!

How to Secure Cyber Attacks in India

India has fallen victim to a shakeup cyber-attacks in last four years.

How to secure cyber attacts in India

According to the Indian Computer Emergency Response Team (CERT-In), 27,482 cases of cybercrime were reported from January 2017 to June 2017. These include phishing, scanning or probing, site intrusions, defacements, virus or malicious code, ransomware and denial-of-service attacks.

As per the information reported to and tracked by Indian Computer Emergency Response Team (CERT-In), the number of cybersecurity incidents reported were:

  • 2014: 44,679
  • 2015: 49,455
  • 2016: 50,362
  • 2017 (till June): 27,482

Acmetek helps our customers in understanding the cyber threats and providing best security solutions at affordable prices. We provide security solutions that will keep your business safe from the threat of cyber-attacks, vulnerabilities, malware attacks and more. Request a Call-back for more assistance from an Acmetek Trusted Advisor today!

Over the years technology has been growing fast as well as cyber-attacks are also increasing faster. Due to increasing cyber threats to businesses, impacting the companies to start identifying the importance of implementing cybersecurity requirements and awareness training programs to their employees to protect and secure their intellectual property. Cyber experts said to create secure infrastructure in your organization to prevent cyber threats to your organization and safeguard your customer’s data.

How to Secure Infrastructure in Your Organization?

Securing digital transformation is a big challenge for your business. The different process of business and various technological landscape makes it more critical to protect their most important valuable assets: data, intellectual property and organization brand image. Securing your business environment is the beginning step foundation for your successful digital transformation.

Acmetek provides a comprehensive, defense-in-depth strategy for information security can help protect sensitive data, reduce risk, and ultimately safeguard your company’s reputation. Here are our “7 Layers of Security Solutions” will build a more secure infrastructure and ensuring its longstanding success in protecting your company sensitive information and secure your customers from cyber threats.

Here are the solutions you need to secure your business, like never before….

Acmetek products are master in every aspect of the security environment.

SSL
CERTIFICATES

Protect Data with Encryption.

DIGITAL SIGNING
CERTIFICATES

Securing Electronic Documents.

ENDPOINT
SECURITY

Intelligent Security Against The Next Generation of Threats.

MULTIFACTOR
AUTHENTICATION OR 2 FA

Enterprise-grade Authentication Made Easy for Everyone.

DISTRIBUTED DENIAL OF SERVICE – DDoS

Protect Your Organization Against any DDoS Threats.

WEB APPLICATION FIREWALL
– WAF

Protect Application Layer Attacks.

MALWARE
REMOVAL

Cloud-Based, Comprehensive Website Security Solutions.

Ways to Secure Your Data from Cyber-Attacks

Acmetek is an authorized partner of the world’s leading Certificate Authorities (CAs) like DigiCert, Symantec, GeoTrust, Thawte and RapidSSL. We provide end to end security solutions at competitive market pricing. Acmetek is a comprehensive suite of security solutions provider in India and across the globe.

To know more information, schedule a meeting with an Acmetek Trusted Advisor today to learn about under threats of cyber-attacks, and how to prevent cyber-attacks by focusing on specific areas of security requirements.

SSL Installation Instructions (All Systems)

After your certificate has been issued like the majority of server systems you will install your SSL certificate on the same server where your Certificate Signing Request (CSR) was created. This is because your private key will always be left on the server system where the CSR was originally created. It will be either in the application or left somewhere on a directory and path you choose when you generated the CSR. Your SSL certificate will not work without this private key file.

If you do not see your server listed perform a search, or you may have to contact your server vender or hosting provider for best practices on how to install a SSL certificate on your system.

Check your SSL installation with the Symantec Certificate Checker 

Instructions for server vendors:


A:
Apache (OpenSSL/Nginx, ModSSL)

Apple Mac OS x 10.6
Apple Mac OS x 10.11

Aruba ClearPass


B:
Barracuda SSL VPN


C:
Citrix Netscaler

Cisco ASA 5510
Cisco Wireless LAN Controller

cPanel


F:
F5 BIG IP
F5 FirePass

FortiGate


I:
IBM AS/400 iSeries
IBM WebSphere


J:
Juniper

JBoss http

JBoss Tomcat using x509 
JBoss Tomcat pkcs7


K:
Kemp 6.x


M:
Microsoft Azure

Microsoft Active Directory LDAP

Microsoft Exchange 2010
Microsoft Exchange 2013

Microsoft Forefront

Microsoft Sever 2008 – IIS 7 & 7.5
Microsoft Server 2012 – IIS 8 & 8.5

Microsoft Lync

Microsoft Office 365

Microsoft Sharepoint 2010
Microsoft Sharepoint 2013


O:
Oracle Wallet Manager


P:
Plesk 11.x
Plesk 12


S:
SonicWall

SAP Web Application Server

SRT Titain FTP


T:
Tomcat pkcs7 
Tomcat x509


W:
Web Host Manager (WHM)


Z:
Zimbra


About SSLSupportDesk:

SSLSupportDesk is part of Acmetek who is a trusted advisor of security solutions and services. They provide comprehensive security solutions that include Encryption & Authentication (SSL), Endpoint Protection, Multi-factor Authentication, PKI/Digital Signing Certificates, DDOS, WAF and Malware Removal. If you are looking for security look no further. Acmetek has it all covered!

Contact an SSL Specialist to get a consultation on the Website Security Solutions that can fit your needs.

Become a Partner and create additional revenue stream while the heavy lifting for you.

CSR Generation Instructions (All Systems)


About SSLSupportDesk:

SSLSupportDesk is part of Acmetek who is a trusted advisor of security solutions and services. They provide comprehensive security solutions that include Encryption & Authentication (SSL), Endpoint Protection, Multi-factor Authentication, PKI/Digital Signing Certificates, DDOS, WAF and Malware Removal. If you are looking for security look no further. Acmetek has it all covered!

Contact an SSL Specialist to get a consultation on the Website Security Solutions that can fit your needs.

Become a Partner and create additional revenue stream while the heavy lifting for you.

Troubleshooting: SSL with Qualys SSL Labs – SSL Checker

There are many SSL checkers out there which are used to check the validity and installation of a websites SSL Certificate. Majority of these checkers may vary on the information that they display or may have limitations, as they only perform their function as programmed. Aside from using an SSL Checker tool there is always the manual way of using your browser to check proper installations.

If you would like to learn how to check using a browser SSLSupportDesk features such an article Troubleshooting: Checking SSL installation with a browser.

Some SSL Checkers are extremely advanced and will not only check the validity of a SSL certificate, but can also point out flaws in a server’s configuration or software. 

Qualys SSL Labs has an SSL Server Test (SSL Checker) tool that is well executed and implemented.

Please follow these steps to test your installation:

  1. Access the Qualys SSL Labs Server Test checker, click here
  2. Enter the URL/Domain name of the server that you wish to check & click Submit


Troubleshooting Unresolved https address:

SSL checkers will only work if your website is publicly accessible from outside your network. More than likely if your website is internal you will not get any results.

Example: We used a domain name that does not exist in the outside work and get this result.

Qualys Checker


How to read Qualys SSL Server Test Checker:

Using sslsupportdesk.com which is accessible to the open internet lets see how Qualys SSL Server Test Checker works.

With a successful installation we should see the following quality of the server system:

Qualys Checker

Summary:

  1. Overall Rating: Based on the quality of the server system running the Domain Name submitted. Factors that attribute to this Overall Rating are from combining the categories of Certificate, Protocol Support, Key Exchange, Cipher Strength.
  2. Certificate: Factors to this Quality are…
    1. Domain name mismatch.
    2. Certificate not yet valid.
    3. Certificate expired.
    4. Use of a self-signed certificate.
    5. Use of a certificate that is not trusted.
    6. Use of a revoked certificate.
  3. Protocol Support: The encryption protocols that are available to clients visiting this web server.
  4. Key Exchange: The distribution of the public and private keys and their strength when setting up encryption between client and server.
  5. Cipher Strength: Ciphers perform the actual encryption/decryption of the key pair running on the server system. Some can be considered weak, others strong.

Troubleshooting:

If there are any warnings or concerns the Qualys SSL Server Test Checker finds will be denoted below the Summary.

Qualys Checker

Screenshot_4

Red = Very bad
Yellow = Advisories or Industry changes that may turn into red over time.

More information regarding the checkers findings can usually be found by clicking MORE INFO.

Note:  You may need to contact your server hosting provider or server vendor in order to perform updates, how to turn off certain protocols, or set the proper configurations needed for a good rating.


Authentication:

Server Key and Certificate # 1: States the information pertaining to the SSL certificate running on the Server System in Https:
Additional Certificates (If Supplied): Lists any additional Certificates that are also radiating off the server system. Usually these are Intermediate CA certificates.
Certification Paths: Shows the entire Chain Of Trust. Usually SSL Certificate > Intermediate >  Root.

Note: The last certificate in this chain will be the root certificate. At times a yellow “Sent by Server” may appear on the Root. This only means that when a SSL connection is being made to the server that the server is presenting and forcing a root certificate to the client. Usually the Root certificate should only rest in the client’s browser Trust Store. Don’t be alarmed as some servers have to present this due to their programming. Although proper practice dictates that they shouldn’t.

Qualys Checker 


Configuration:

Protocols: The encryption protocols that are available to clients visiting this web server.
Cipher Suites: The child protocols the perform the actual encryption session.
Handshake Simulation: Mimics the different browsers used to connect to the server.
Off Note: Most modern browser systems will automatically choose the best most secure connection the browser is capable of regardless of how the server is configured.
Protocol Details: More information regarding how the server system is handling protocols.
Miscellaneous: Server type running Domain Name, Timestamp check occurred, etc.


Qualys SSL Labs Server Test Checker tool is operated and managed by Qualys. This SSL Checker is one of many publicly available on the internet that can help you diagnose problems with your SSL certificate installation, or other errors that are associated with your server system.

Note:  You may need to contact your server hosting provider or server vendor in order to perform updates, how to turn off certain protocols, or set the proper configurations needed for a good rating.


About SSLSupportDesk:

SSLSupportDesk is part of Acmetek who is a trusted advisor of security solutions and services. They provide comprehensive security solutions that include Encryption & Authentication (SSL), Endpoint Protection, Multi-factor Authentication, PKI/Digital Signing Certificates, DDOS, WAF and Malware Removal. If you are looking for security look no further. Acmetek has it all covered!

Contact an SSL Specialist to get a consultation on the Website Security Solutions that can fit your needs.

Become a Partner and create additional revenue stream while the heavy lifting for you.

Acmetek Joins Inc. 5000 Fastest-Growing Private Companies In America!

ACMETEK GLOBAL SOLUTIONS, has made the Inc. 5000 magazine list of the fastest-growing private companies in America. Acmetek achieved a three-year growth of 182% and continues to expand its security solutions to its clients across the world.

Inc. 5000 Inc. magazine, founded in 1979 and based in New York City, is an American

monthly publication focused on growing companies.
For 35 years, Inc. has welcomed the fastest-growing private companies in America into a very exclusive club. The magazine publishes annual lists of the fastest-growing publicly held and private small companies in the U.S. The Inc. 5000 is ranked according to percentage revenue growth over a three-year period. To qualify, companies must have been founded and generating revenue by the first week of the starting calendar year, and therefore able to show three full calendar years of sales. Additionally, they have to be U.S.-based, privately held, and independent—not subsidiaries or divisions of other companies.

As an Inc. 5000 honoree, Acmetek Global Solutions shares a pedigree with Intuit, Zappos, Under Armour, Microsoft, Jamba Juice, Timberland, Clif Bar, Pandora, Patagonia, Oracle, and other notable

alumni. The 2016 list added such powerhouses as Dollar Shave Club, Bai Drinks, Orange Theory Fitness, ipsy, Square, Yeti Coolers, and Ruby Receptionists.

Acmetek started its journey into Website Security Solutions mainly focusing on SSL

in 2010 as a result of a simple observation: SSL has evolved over the years, but Technology Distributors and Businesses have not adapted. This mismatch led the founders of Acmetek to create the vision for the SSL experience and to develop the Channel Enablement Model to support it. With integrated set of tools and savvy enablement support, partners can now offer SSL/TLS and implement Security Solutions their clients across the globe.

Acmetek’s sole mission is to make the world more secure with our growing fleet of Website Security Solutions. Our passion in security is seen by our clients and they know full heartily that they are in good hands. Acmetek’s success is testimony to our team’s creativity, resilience, and tenacity.

“We are deeply honored to be in such great company as all those recognized by Inc. magazine,” stated Ramesh Nuti, CEO of Acmetek. “I am very proud of the entire Acmetek team and we are excited to be recognized by such an illustrious publication. This is a true testament to our commitment to quality and 100% client satisfaction.”


Media Contact: Meenu Kuar, PR Manager,
mkaur@acmetek.com

Acmetek Partners with Norton Shopping Guarantee!

Acmetek Partners with Norton Shopping Guarantee To Bring Online Merchants Trust & Security.Norton Shopping

Acmetek is proud to announce that it has partnered with Norton Shopping Guarantee able to give Acmetek online commerce clients the perfect tool to help sale. The Norton Shopping Guarantee (NSG) is a revolutionary solution designed to increase conversion, average order value, repeat buyers and customer satisfaction. This magnificent product will help reduce shoppers’ concerns about information security, product authenticity, timely delivery, and getting a good price.

Features and Benefits for Merchants:

At a glance how NSG can benefits merchants:

  • Free & Easy Installation.
  • Norton Shopping Guarantee can be installed on any website in less than 1 hour.
  • 100% Risk Free Trial.
    • The purpose of the free trial is to run an A/B split test so that you can quantify the impact before making a
      buying decision.
    • 20x ROI Guarantee NSG.
    • NO financial commitment needed to run a test of Norton Shopping Guarantee.
  • For every dollar invested NSG guarantees a minimum of return $20.00 in gross sales.
  • No long-term contracts
    • Norton Shopping Guarantee commitments are all month-to-month and you are free to retest or stop using our service at any time.

Norton Shopping Guarantee Benefits for Buyers:

Norton Shopping Guarantee merchants provide their buyers with a 30 day guarantee that includes:

  • ID Theft Protection up to $10,000.
    • Comprehensive identity theft coverage to safeguard your personal information
  • Full 3rd party guarantee of your purchase terms of sale of up to $1,000 is provided
  • Lowest Price Guarantee up to $100.
    • If the same store’s published price drops within 30 days of a purchase, NSG pays the difference

Visit www.TheShoppingGuarantee.com to see and learn more about the NSG product


Lead Tech Engineer: Dominic Rafael
dsrafael@acmetek.com

Troubleshooting: SSL with Qualys SSL Labs – SSL Checker

There are many SSL checkers out there which are used to check the validity and installation of a websites SSL Certificate. Majority of these checkers may vary on the information that they display or may have limitations, as they only perform their function as programmed. Aside from using an SSL Checker tool there is always the manual way of using your browser to check proper installations.

If you would like to learn how to check using a browser SSLSupportDesk features such an article Troubleshooting: Checking SSL installation with a browser.

Some SSL Checkers are extremely advanced and will not only check the validity of a SSL certificate, but can also point out flaws in a server’s configuration or software.

Qualys SSL Labs has an SSL Server Test (SSL Checker) tool that is well executed and implemented.

Please follow these steps to test your installation:

  1. Access the Qualys SSL Labs Server Test checker, click here
  2. Enter the URL/Domain name of the server that you wish to check & click Submit


Troubleshooting Unresolved https address:

SSL checkers will only work if your website is publicly accessible from outside your network. More than likely if your website is internal you will not get any results.

Example: We used a domain name that does not exist in the outside work and get this result.

Qualys Checker


How to read Qualys SSL Server Test Checker:

Using sslsupportdesk.com which is accessible to the open internet lets see how Qualys SSL Server Test Checker works.

With a successful installation we should see the following quality of the server system:

Qualys Checker

Summary:

  1. Overall Rating: Based on the quality of the server system running the Domain Name submitted. Factors that attribute to this Overall Rating are from combining the categories of Certificate, Protocol Support, Key Exchange, Cipher Strength.
  2. Certificate: Factors to this Quality are…
    1. Domain name mismatch.
    2. Certificate not yet valid.
    3. Certificate expired.
    4. Use of a self-signed certificate.
    5. Use of a certificate that is not trusted.
    6. Use of a revoked certificate.
  3. Protocol Support: The encryption protocols that are available to clients visiting this web server.
  4. Key Exchange: The distribution of the public and private keys and their strength when setting up encryption between client and server.
  5. Cipher Strength: Ciphers perform the actual encryption/decryption of the key pair running on the server system. Some can be considered weak, others strong.

Troubleshooting:

If there are any warnings or concerns the Qualys SSL Server Test Checker finds will be denoted below the Summary.

Qualys Checker

Screenshot_4

Red = Very bad
Yellow = Advisories or Industry changes that may turn into red over time.

More information regarding the checkers findings can usually be found by clicking MORE INFO.

Note: You may need to contact your server hosting provider or server vendor in order to perform updates, how to turn off certain protocols, or set the proper configurations needed for a good rating.


Authentication:

Server Key and Certificate # 1: States the information pertaining to the SSL certificate running on the Server System in Https:
Additional Certificates (If Supplied): Lists any additional Certificates that are also radiating off the server system. Usually these are Intermediate CA certificates.
Certification Paths: Shows the entire Chain Of Trust. Usually SSL Certificate > Intermediate > Root.

Note: The last certificate in this chain will be the root certificate. At times a yellow “Sent by Server” may appear on the Root. This only means that when a SSL connection is being made to the server that the server is presenting and forcing a root certificate to the client. Usually the Root certificate should only rest in the client’s browser Trust Store. Don’t be alarmed as some servers have to present this due to their programming. Although proper practice dictates that they shouldn’t.

Qualys Checker


Configuration:

Protocols: The encryption protocols that are available to clients visiting this web server.
Cipher Suites: The child protocols the perform the actual encryption session.
Handshake Simulation: Mimics the different browsers used to connect to the server.
Off Note: Most modern browser systems will automatically choose the best most secure connection the browser is capable of regardless of how the server is configured.
Protocol Details: More information regarding how the server system is handling protocols.
Miscellaneous: Server type running Domain Name, Timestamp check occurred, etc.


Qualys SSL Labs Server Test Checker tool is operated and managed by Qualys. This SSL Checker is one of many publicly available on the internet that can help you diagnose problems with your SSL certificate installation, or other errors that are associated with your server system.

Note: You may need to contact your server hosting provider or server vendor in order to perform updates, how to turn off certain protocols, or set the proper configurations needed for a good rating.


About SSLSupportDesk:

SSLSupportDesk is part of Acmetek who is a trusted advisor of security solutions and services. They provide comprehensive security solutions that include Encryption & Authentication (SSL), Endpoint Protection, Multi-factor Authentication, PKI/Digital Signing Certificates, DDOS, WAF and Malware Removal. If you are looking for security look no further. Acmetek has it all covered!

Contact an SSL Specialist to get a consultation on the Website Security Solutions that can fit your needs.

Become a Partner and create additional revenue stream while the heavy lifting for you.

CEOCFO Magazine Interview with Acmetek Global Solutions Inc

Q&A with Ramesh Nuti, CEO of Acmetek Global Solutions Inc. providing Consulting and Security Solutions that include Encryption & Authentication (SSL), Endpoint Protection, Multi-factor Authentication, PKI/Digital Signing Certificates, DDOS, WAF and Malware Removal.

Ramesh Nuti
Chief Executive Officer.

Acmetek Global Solutions Inc.
www.acmetek.com

Contact:
Ramesh Nuti
732-213-9514
Ramesh_Nuti@Acmetek.com

Interview conducted by:
Lynn Fosse, Senior Editor
CEOCFO Magazine

CEOCFO:Mr. Nuti, what is the focus at Acmetek Global Solutions?
Mr. Nuti: Acmetek is a trusted advisor of security solutions and services. We provide comprehensive security solutions that include Encryption & Authentication (SSL), Endpoint Protection, Multi-factor Authentication, PKI/Digital Signing Certificates, DDOS, WAF and Malware Removal. We call it a seven-layer security model. If you are looking for security look no further. We have covered it well.

 
CEOCFO: What do you understand at Acmetek about security that perhaps less knowledgeable companies do not recognize?
Mr. Nuti: Acmetek started its journey into Website Security Solutions mainly focusing on SSL in 2010 as a result of a simple observation: SSL has evolved over the years, but Technology Distributors and Businesses have not adapted. This mismatch led the founders of Acmetek to create the vision for the SSL experience and to develop Channel Enablement Model to support it. With our powerful enablement model, businesses can implement security solutions with ease. With our integrated set of tools and enablement support, partners can now offer SSL and implement for their clients across the globe. Acmetek business model enables channels like CDW, Dell, and likes, with website security solutions. We basically come in and give a solution to their end clients and enable these channels.
 
CEOCFO: Who is turning to you for services?
Mr. Nuti: We work with channels predominately, such as CDW, Dell, and likes. These channels are huge. They serve over half a million clients. These channels are now empowered to sell SSL, which they couldn’t do before because they didn’t have the support structure. We come in and do all the presales, order management and then the post sales for their clients. We also have a direct segment. We serve from small medium businesses to the large enterprise that includes different sectors and verticals like healthcare, finance, education, governments etc.
 
CEOCFO: What has changed in your approach over time?
Mr. Nuti: Hyper Text Transfer Protocol Secure (HTTPS) was really not the main focus back in 2010 for many businesses. It was there, but clients were never giving it their first priority because perception was HTTPS was only needed if you accept credit card details online. That really has changed over the last 6 years with stringent policies enforced from browsers like Google and others. Every business now needs to be on a secure connection to protect their customers trust and counter cybercrime. It is just that there is so much phishing and cybercrime going on in the world. I would say in 2010, we used to knock on doors of our clients and explain they need security and why it is extremely important for them to protect not only themselves but their customers. Now in 2017, it has turned around, now our clients are knocking on our doors to learn about security solutions. That gives you the perspective that businesses are now more aware of security in general.
 
CEOCFO: Would you tell us how you help in the customer service and support side?
Mr. Nuti: We strive to be a customer centric company and there are no two ways about it. This is where our enablement model comes into play. For example, one of the key channels like CDW approaches us for an SSL solution for thier customer, our security experts take it over from them and do the entire need analysis for the customer to find out exactly what they need and put a solution quickly. This eliminates large channels like CDW extensive staff training on products and can focus on their core business. Once we give the solution to the client, it does not stop there, we support the entire lifecycle of the product itself at no extra cost. End customers get a link to an Acmetek-hosted SSL portal with the channel partner’s branding, and the portal makes it easy for the customer to manage the lifecycle of their SSL certificates and more.
 

“Acmetek is a trusted advisor of security solutions and services. Our SSL enablement model is a blue print for channels across the globe.”- Ramesh Nuti

 
CEOCFO: Acmetek was recognized on the Inc 5000 list this year. Would you tell us about the recognition
Mr. Nuti: We are deeply honored to be in such great company as all those recognized by Inc. Acmetek is doing something really unique in the security industry protecting people’s lives. This recognition really helps us in a spreading the awareness of cyber security in general. I am very proud of the entire Acmetek team and we are excited to be recognized by such an illustrious publication. This is a true testament to our commitment to quality and 100% client satisfaction.
 
CEOCFO: What is the competitive landscape?
Mr. Nuti: like I mentioned earlier, we are a trusted advisor of security services and solutions. In this channel landscape, there are only few select players out there. We laid the blueprint for the channels. We also have many case studies written on our business model. The competitive landscape is going to be someone who is already selling the security solutions but most likely they are retail focused. We are channel focused and we give comprehensive SSL solutions to clients, i can’t think of anyone out there who does what we do.
 
CEOCFO: Why choose Acmetek Global Solutions? Mr. Nuti: For the difference that Acmetek is making, the company won a Symantec Trust Services Collaborative Partner of the Year Award in 2013 and has been Strategic Platinum Partner 5 years and recognized by Inc 5000 2 years in a row. The Acmetek business model is a blue print for channels. For clients, it’s very confusing out there when choosing the right security solution especially with many different security products to deal with, if they make a wrong choice, it is going to be extremely difficult to correct it and there will be huge compliance issues in the future. Acmetek really understands the entire nine yards of security here and we make sure our clients get the right solutions and the peace of mind so they can focus on their business. Lastly, we are located both in North Americas and APAC regions serving clients across the globe.

What is Certificate Transparency?

Google’s Certificate Transparency is an open source project that aims to strengthen the SSL/TLS certificate system, which is the main cryptographic security system that underlies all HTTPS secure connections. It is a extra tier of certificate security that forms a Security Triad to ensure that clients navigating the internet are safe and secure in regards to web security.

What Is Certificate Transparency (CT)?

As the name implies, CT allows people on the internet to look at all certificates that have been issued by a Certificate Authority (CA). This is achieved using centralized logging to a collection of servers. These log servers talk to one another, to ensure consistency and reveal any unusual activity. Anyone can query the log servers to find out details on certificates that have been issued to anyone, by anyone. For example, a company could check to see what certificates have been created using its domains and details.

In a nutshell, Certificate Transparency is a 3rd party auditing log required by Google/Chrome to display certificate ownership information.  The information is publicly audible.  Once the CT logging is enabled, that information will be public and can not be deleted from the log.  The following information appears in the CT log:

  • Common Name
  • Subject alternative names
  • Organization name
  • CA (issuer) name
  • Serial number
  • Validity period
  • Extensions
  • Certificate chain

*Note: that much of this information is already publicly available for external sites.

The Security Triad:

Certificate Security Triad If you haven’t noticed over the years all client web browsers have been implementing various security notifications regarding the safety of websites. Browser have become an Auditor of website security  and show notifications to clients when web-surfing.

These notifications will typically show green bars or  padlocks if everything is secure and safe.  Yellow exclamation marks to make client awareness that the website is not as secure as it can be. Lastly red strikes if the browser deems something that is considered unsafe for users. The notifications will vary from browser to browser, but in the end these are all just disclaimers to inform web visitors on the safety of the website. Anything can contribute to these browser notifications including outdated server software configurations, Mixed or Insecure Content, or the certificate running on the website.

Now with Certificate Transparency there is a Web Security Triad. Security is not just limited to the Certificate Authority (Monitor) and Client browser (Auditor) like it used to be. Here’s what’s going on now.

  • CT is a middle logging system that holds a time-stamp of logs of the certificates that have been issued by the various CA’s.
  • The CA informs the Log Server of all certificates that get issued.
  • The CA Monitor and Browser Auditor work in conjunction with the CT Log Server to Monitor, and Audit logs for suspicious certs, and verify that all the certs issued are visible for the public community.
  • The Client browser Auditor verifies that the logs are behaving properly and informs  clients of anything suspicious that has happened in regards to certificate security.

CT is something that happens behind the scenes and is pretty much unnoticeable to browser clients navigating the web, but with its implementation there is a faster response and a extra tier to client safety with navigating the web.

For more information on Certificate Transparency feel free to visit Https://www.certificate-transparency.org



About SSLSupportDesk:

SSLSupportDesk is part of Acmetek who is a trusted advisor of security solutions and services. They provide comprehensive security solutions that include Encryption & Authentication (SSL), Endpoint Protection, Multi-factor Authentication, PKI/Digital Signing Certificates, DDOS, WAF and Malware Removal. If you are looking for security look no further. Acmetek has it all covered!

Contact an SSL Specialist to get a consultation on the Website Security Solutions that can fit your needs.

Become a Partner and create additional revenue stream while the heavy lifting for you.