Broadvox

Resources

Security Featured Article

February 26, 2009

VeriSign Issues "Ten Commandments" for Avoiding MITM Attacks

VeriSign, in the interest of the entire global network community, reportedly has issued “Ten Commandments” for avoiding the kind of Man-In-The-Middle attacks that have been exposed by Black Hat.

Slightly modified, with literary license, the “commandments” are:

Thou shalt observe a “green glow” in the address bar
Thou must use only the most recent Web Browsers
Thou shalt use dual factor verification
Thou shalt not explore unknown emails
Thou shalt benefit from EV SSL
Thou shalt only login during an SSL session
Thou shalt scrutinize and filter everything at the server first
Thou shalt not send links in emails to anyone
Thou shalt evangelize all the above commandments
Thou shalt face a different type of hell if any of the above are not followed

Rogue elements using MITM techniques unobtrusively, and without permission, listen in to digital conversations, impersonate known and trusted IDs, lure unsuspecting people to fraudulent Web sites, and rely on mistaken and misplaced trust to persuade all critical information from you such as bank account and driving license details, credit card and social security numbers, and ATM and telephone pin codes. It’s a con job and entire accounts have been cleaned out.

The most recent MITM cunningly replaces favourite bookmarked website icons with ones that seem like genuine secure icons. It cannot, however, replicate legal HyperText Transfer Protocol over a Secure socket layer signatures and prominent green glows similar to the one pictured here:

Secure Web browsers include IE7, FireFox 3 and Opera 9.5. Dual factor verification refers to allowing additional clarifications from secure sites. Once Extended Validation SSL Certificates are issued addresses accessed turn green informing a user that security is guaranteed. Login during an SSL session refers to only web pages that have been activated by a user and not the ones that pop up or just appear on the screen. What also helps is to frequently shut down the Web browser, delete all data stored such as usernames, passwords and cookies, and then login again when required.

“Security threats come in many forms and staying a step ahead requires education on the end-user side and a comprehensive, layered security approach from Web sites to help ensure that users have a secure experience,” said Tim Callan, vice president of product marketing for VeriSign (News - Alert).

Don’t forget to check out TMCnet’s White Paper Library, which provides a selection of in-depth information on relevant topics affecting the IP Communications industry. The library offers white papers, case studies and other documents which are free to registered users.

Vivek Naik is a contributing editor for TMCnet. To read more of Vivek's articles, please visit his columnist page.

Edited by Michael Dinan

+ Return to SIP Trunking Home

Comments powered by Disqus

+ View All

Videos

^NEW

Top 10 Benets of the Broadvox VAR Partner Program:

Competitive Compensation With residuals of up to 25%, Partners have the ability to transform customer contracts with limited nancial potential into ongoing service contracts, turning existing customers into new prot centers ...

UC as a Service
Practicing Safe SIP
SIP Trunk Network
SIP Trunk UC Summit

Resources

Presenting the New Ingate/Intertex Website: Internet+ is an extended Internet access allowing high quality SIP (Session Initiation Protocol) based real-time person-to-person communication, everywhere and for any application. It applies to both fixed and mobile networks ...

+ Visit Now

What's New?

Blogs

eBOOKS

WHITEPAPERS

Webinars

Podcasts

CASE STUDIES

DATASHEETS