WHITE PAPER
Behind the scenes, the https is an indicator that the page is being viewed using a secure connection
to the site owners servers. HTTP Secure (HTTPS) combines the standard HTTP protocol with the
Secure Sockets Layer (SSL) protocol, and its use shows that the sites servers have been authenticated
using an SSL certificate. HTTPS also shows that the data shared between people and the site will be
encrypted during transit, to protect it from being seen or intercepted by eavesdroppers.
The coloring of the first piece of the address bar shows that the sites owner has gone a step further
and offered themselves up for extensive organization vetting and authentication procedures, to
prove the organization behind the site is who they say they are. By doing so, they will have gained an
Extended Validation (EV) SSL certificate that the browser can recognize, leading to the special green
coloring and the display of more information than usual about the sites operator and the CA who
authenticated the site.
The green address bar shows the name of the business verified to use this website address and means that this
web page is secure.
The user can always tell which CA issued a certificate by clicking on the padlock next to the sites URL.
Ensuring dual control for the issuing of all certificates with the vendors name on them
Employing best practices for authenticating domain ownership
Regular independent audits
This architecture provides defense in depth, as an intruder must pass through or compromise 2
separate firewalls to reach the back-end.
Every firewall logs events to disk
Log files are reviewed daily
Log files are retained for future forensic analysis
Firewall logs are regularly reviewed for any unusual events
We actively monitor our systems for any signs of intrusion on a 24x7x365 basis. Every component of
our infrastructure is monitored for security compromises or attempted security compromises. In the
event of a detected compromise, our monitoring system is able to notify the appropriate personnel
for action. Notification is by multiple methods, such as e-mail alert, pager alert, and
console monitoring.
Logs are generated for:
Routers, firewalls and network machines
Database activities and events
Transactions
Operating systems
Access Control Systems
Mail servers
Logs are archived and retained in a secure location for a minimum of 12 months.
We also log the following significant events:
CA key life cycle management events, including:
To ensure constant vigilance of security in the environment we constantly perform assessments. Daily
vulnerability scans and audits are performed to ensure that adequate security measures are in place.
The vulnerability scans are performed by trained individuals who understand the impact as well as
assess the results. These scans are performed both internal and external to the network. Any findings
of sufficient security vulnerability are remediated within 24 hours.
White Hat Reality Check
We also regularly perform penetration tests - a series of exercises performed from outside the system
to determine if there are any exploitable openings or vulnerabilities in the network. In particular, it
uses the known techniques and attacks of hackers to verify that the network is safe from unauthorized
penetration. We employ an independent third party to conduct penetration tests on our network.
The threat landscape is rapidly evolving as CAs come under increasing pressure from external attacks.
Now, more than ever, it is critical to partner with a CA vendor who has network infrastructure security
measures in place to defend itself, and your data from emerging cyber-threats.
More Information
Visit our website
http://www.geotrust.com/ssl
To speak with a Product Specialist in the U.S.
Toll Free +1-866-511-4141 Tel +1-650-426-5010 Fax +1-650-237-8871
To speak with a Product Specialist outside the U.S.
Australia and New Zealand +61 3 9914 5661
Japan - TEL : 03-5114-4776
UK - +44 203 0240907
DE - +44 203 0240907
FR - +44 203 0240907
ES - +44 203 0240907
About GeoTrust
Speed. Reliability. Trust. All of GeoTrusts resources from authentication to customer support are
devoted to making it fast and easy to deploy the best SSL security possible. Thats why GeoTrust is one
of the worlds most trusted providers of SSL security solutions protecting more than a half million
websites for more than 100,000 companies globally. With GeoTrust, maximum SSL security is as easy
as Buy it. Install it. And move on to other tasks.
www.GeoTrust.com
CORPORATE HEADQUARTERS
GeoTrust, Inc.
350 Ellis Street, Bldg. J
Mountain View, CA 94043-2202, USA
Toll Free +1-866-511-4141
Tel +1-650-426-5010
Fax +1-650-237-8871
enterprisesales@geotrust.com
GeoTrust, Inc.
8th Floor Aldwych House
71-91 Aldwych
London, WC2B 4HN, United Kingdom
Tel +44.203.0240907
Fax +44.203.0240958
sales@geotrust.co.uk
GeoTrust, Inc.
134 Moray Street
South Melbourne VIC 3205
Australia
sales@geotrustaustralia.com
2013 GeoTrust, Inc. All rights reserved. GeoTrust, the GeoTrust logo, the GeoTrust design, and other trademarks, service marks, and designs are
registered or unregistered trademarks of GeoTrust, Inc. and its subsidiaries in the United States and in foreign countries. All other trademarks are
the property of their respective owners.
UID: XXX/11/13