Are you ready for the new SSL landscape

25
Are you ready for the new SSL landscape? Paul van Brouwershaven Technology Solutions Director

TAGS:

Transcript of Are you ready for the new SSL landscape

Page 1: Are you ready for the new SSL landscape

Are you ready for the

new SSL landscape? Paul van Brouwershaven

Technology Solutions Director

Page 2: Are you ready for the new SSL landscape

About me Paul van Brouwershaven

Technology Solutions Director

Page 3: Are you ready for the new SSL landscape

What we provide

User, Machine &

Device

Authentication

Transport Layer

Security (TLS)

Code

Signing Secure

Email

Document

Signing

Identity and

Access

Management

Page 4: Are you ready for the new SSL landscape

Please open your browser!

• Let us know what you think!

• Scan the QR code and click to answer

globalsign.com/whd-vote/

http://globalsign.com/whd-vote/
http://globalsign.com/whd-vote/
http://globalsign.com/whd-vote/
http://globalsign.com/whd-vote/
http://globalsign.com/whd-vote/
http://globalsign.com/whd-vote/
Page 5: Are you ready for the new SSL landscape

It’s about you and

your customer!

Page 6: Are you ready for the new SSL landscape

SSL is dead

And has been for a long time

actually!

Page 7: Are you ready for the new SSL landscape

TLS & Hosting

Page 8: Are you ready for the new SSL landscape

GlobalSign and the Hosting industry

API

OneClickSSL

CloudSSL

SNI /

CloudSSL

Page 9: Are you ready for the new SSL landscape

Security is more than just TLS

• Phishing

• Spam

• Malware

• SQL Injections

• Cross Site Scripting (XSS)

• Authentication & Authorization

• Information leakage

• Storage

• ……

Page 10: Are you ready for the new SSL landscape

What priority level is TLS in your

security plan?

Page 11: Are you ready for the new SSL landscape

TLS and Identity

Assurance

Page 12: Are you ready for the new SSL landscape

Identity Assurance

Domain Validation Certificate

Extended Validation Certificate

• Shows who is behind the padlock

• Enhances trust and improves conversions

Page 13: Are you ready for the new SSL landscape

What prevents you from providing

certificates with identity

assurance?

Page 14: Are you ready for the new SSL landscape

Best practice

implementation

Page 15: Are you ready for the new SSL landscape

ALPN Session

identifiers

Best practices

Legacy

support

Compliance

Cipher

suites

OCSP

stapling

Forward

secrecy

ECC

SNI

Configuration

management

Server &

software

maintenance

HSTS

Legal

restrictions

Key

size

CT

Page 16: Are you ready for the new SSL landscape

Do you see the complexity of best

practices as an obstacle to

deploying TLS?

Page 17: Are you ready for the new SSL landscape

How often do you review your

TLS configurations?

Page 18: Are you ready for the new SSL landscape

Would you switch to a more

efficient ‘protocol’ even if it cost

you a percentage of visitors?

Page 19: Are you ready for the new SSL landscape

TLS by default

Page 20: Are you ready for the new SSL landscape

IoT growing requirements

Source: ariasystems.com

Page 21: Are you ready for the new SSL landscape

HTTP connections indicated as insecure

Source: httpvshttps.com

Page 22: Are you ready for the new SSL landscape

HTTP/2, SPDY Improves performance

Source: httpvshttps.com

Page 23: Are you ready for the new SSL landscape

Would you like to provide TLS by

default?

Page 24: Are you ready for the new SSL landscape

Questions?

Paul van Brouwershaven

[email protected]

Page 25: Are you ready for the new SSL landscape

Thank you!

Paul van Brouwershaven

[email protected]


Enable SSL Encryption - datapipebomb.comdatapipebomb.com/docs/DPB-Enable-Encryption-001.pdf · Enable SSL Encryption PIPEBOMB SSL ENCRYPTION This device offers strong SSL encryption

Enable SSL Encryption - datapipebomb.comdatapipebomb.com/docs/DPB-Enable-Encryption-001.pdf · Enable SSL Encryption PIPEBOMB SSL ENCRYPTION This device offers strong SSL encryption

SSL basics and SSL packet analysis using wireshark

SSL basics and SSL packet analysis using wireshark

SSL Manager is an online tool that helps you set up SSL ... · SSL Manager is an online tool that helps you set up SSL security for your you require SSL Security. The SSL Manager

SSL Manager is an online tool that helps you set up SSL ... · SSL Manager is an online tool that helps you set up SSL security for your you require SSL Security. The SSL Manager

SSL Spoofing - OWASP Foundation · Man-In-The-Middle attack on SSL Duane Peifer. Summary How SSL works Common SSL misconceptions SSL Spoofing Using sslstrip Preventing SSL Spoofing

SSL Spoofing - OWASP Foundation · Man-In-The-Middle attack on SSL Duane Peifer. Summary How SSL works Common SSL misconceptions SSL Spoofing Using sslstrip Preventing SSL Spoofing

Landscape Pages Print Ready

Landscape Pages Print Ready

Mid Devon Landscape character assessment 20102011 ready for … · 2015-05-21 · 27 4. Landscape Character Types Classifi cation A map of the Landscape Character Types (LCTs) was

Mid Devon Landscape character assessment 20102011 ready for … · 2015-05-21 · 27 4. Landscape Character Types Classifi cation A map of the Landscape Character Types (LCTs) was

Self-Signed SSL Versus Trusted CA Signed SSL Certificate

Self-Signed SSL Versus Trusted CA Signed SSL Certificate

USERMANUAL SSL Final01062012 - onlinetrading.shcilservices.comonlinetrading.shcilservices.com/Account/PDF/STSB User Manual.pdf · SSL Online Trading_ SSL ONLINE TRADING MANUAL -FOR

USERMANUAL SSL Final01062012 - onlinetrading.shcilservices.comonlinetrading.shcilservices.com/Account/PDF/STSB User Manual.pdf · SSL Online Trading_ SSL ONLINE TRADING MANUAL -FOR

SSL VPN - cisco.com · SSL VPN TheSSLVPNfeatureorWebVPNprovidessupportintheCiscoIOSsoftwareforremoteuseraccessto enterprisenetworksfromanywhereontheInternet.RemoteaccessisprovidedthroughaSecureSocket

SSL VPN - cisco.com · SSL VPN TheSSLVPNfeatureorWebVPNprovidessupportintheCiscoIOSsoftwareforremoteuseraccessto enterprisenetworksfromanywhereontheInternet.RemoteaccessisprovidedthroughaSecureSocket

SSL Spoofing - IEEE Entity Web Hosting · § SSL Spoofing § Using sslstrip § Preventing SSL Spoofing § Examples of stripped sites. How SSL works Web Server Client PC Client hello

SSL Spoofing - IEEE Entity Web Hosting · § SSL Spoofing § Using sslstrip § Preventing SSL Spoofing § Examples of stripped sites. How SSL works Web Server Client PC Client hello

CERTISIGN SSL EV CERTIFICATION AUTHORITY CERTIFICATION ...ctn.certisign.com.br/ssl-ev/dpc/dpc-certisign-ssl-ev-certification... · certisign ssl ev certification authority certification

CERTISIGN SSL EV CERTIFICATION AUTHORITY CERTIFICATION ...ctn.certisign.com.br/ssl-ev/dpc/dpc-certisign-ssl-ev-certification... · certisign ssl ev certification authority certification

The Challenging Landscape of Critical Information Infrastructure: Are We Ready?

The Challenging Landscape of Critical Information Infrastructure: Are We Ready?

The global landscape of SSL door Prof. Guoqi (Kouchi) Zhang & Dr. Henk van Zeijl van de TU Delft

The global landscape of SSL door Prof. Guoqi (Kouchi) Zhang & Dr. Henk van Zeijl van de TU Delft

Mission https:// - My SSL Online · SSL Capabilities: Symantec offers a variety of SSL products that support various authentication mechanisms for different needs. From SSL certificates

Mission https:// - My SSL Online · SSL Capabilities: Symantec offers a variety of SSL products that support various authentication mechanisms for different needs. From SSL certificates

Shifting landscape — Are you ready?

Shifting landscape — Are you ready?

Are Your Appliance Security Solutions Ready For 2048-bit SSL Certificates ?

Are Your Appliance Security Solutions Ready For 2048-bit SSL Certificates ?

VII. Corente Services SSL Client - docs.oracle.com€¦ · SSL Certificate.....44 SSL Certificate ..... 45 Obtaining an SSL Certificate Signed by a CA..... 46 Install an SSL Certificate

VII. Corente Services SSL Client - docs.oracle.com€¦ · SSL Certificate.....44 SSL Certificate ..... 45 Obtaining an SSL Certificate Signed by a CA..... 46 Install an SSL Certificate

Customizing Clientless SSL VPN - Cisco · Customizing Clientless SSL VPN September 13, 2013 Customizing the Clientless SSL VPN User Experience You can customize the Clientless SSL

Customizing Clientless SSL VPN - Cisco · Customizing Clientless SSL VPN September 13, 2013 Customizing the Clientless SSL VPN User Experience You can customize the Clientless SSL

Is the Security Industry Ready for SSL Decryption? the Security Industry Ready for SSL Decryption? TECH-R01 . John W. Pirc . Chief Technology Officer . NSS Labs Inc. ... NGFW / SSL

Is the Security Industry Ready for SSL Decryption? the Security Industry Ready for SSL Decryption? TECH-R01 . John W. Pirc . Chief Technology Officer . NSS Labs Inc. ... NGFW / SSL

AN3967 Application note - STMicroelectronics · Note: The “SSL/TLS” protocols is referred to as “SSL” throughout this document. 3.3 SSL / TLS sub-protocols The SSL protocol

AN3967 Application note - STMicroelectronics · Note: The “SSL/TLS” protocols is referred to as “SSL” throughout this document. 3.3 SSL / TLS sub-protocols The SSL protocol