Arthur

What does Extended Validation SSL Certificate mean?

EV SSL is a popular type of SSL Certificate. Extended Validation SSL Certificate provides trust and security to the website. Let’s explain a little bit more about it.

What is an SSL Certificate?

Secure Sockets Layer, or SSL for short, is a standard used for encrypting data exchanged between users’ devices and websites. Additionally, it verifies identity for users to feel more secured. As a result, SSL is a useful security layer mainly for websites that ask for sensitive data from their users. Therefore, it is essential to transfer data without any risk of manipulation or interception.

SSL operates through two separate keys, a public key and a private one. Both of them are necessary to encode and decode the data that is flowing between two systems.

When a user reaches a website with an SSL certificate, there is a transfer of public keys to encrypt the communication between them successfully. Once the server gets a message, it decrypts it with its private key. The answer it returns to the user is also encrypted with the private key. Next, a mirrored process is required on the side of the user.

Typical usage of the SSL certificates is for websites, email, remote login, and so on.

EV SSL Certificate explained.

Extended Validation SSL Certificate or shortly EV SSL provides a really robust encryption level. Additionally, great security and the organization’s reliability authentication. However, to receive such a certificate, a globally standardized identity verification process is required. Besides, the owner has to determine exclusive rights to manage a domain, prove its legal, operational and physical presence, and show the entity has authorized the issuance of the certificate.

Typically, companies looking for this certificate are working with many constant transactions. Therefore, they demand to fully guarantee security for their users and protection for every payment or data transfer. Such companies are banks, financial institutions, big e-commerce enterprises, global brands, government, tech firms, etc.

Other types of SSL certificates

Domain Validation (DV SSL) is more simple to get, and it is also cost-effective. With it, you receive a basic level of encryption and security. The Certificate Authority (CA), for example, is going to verify through email the accuracy of the owner of the registered domain name. The CA will check if the email you gave matches the one recorded for the particular domain in the WHOIS record. Then you as a domain owner are going to receive a message, and in case your reply is appropriately taken, the DV SSL certificate is issued fast. Finally, you are going to receive it included in a file, and you are able to attach it to your website, and you are ready.

Domain Validation SSL certificate is for websites that are not handling sensitive data of their users, for example, portfolios or blogs.

Organization Validation (OV SSL) is more pricey rather than a DV SSL certificate. Also, the process to receive one is more time-consuming because it’s more exhaustive. On the other hand, OV SSL gives a better encryption level, and it securely verifies a company’s integrity and legitimacy. The CA is going to check the company’s information, such as name, telephone number, domain ownership, and physical address, and determine if there is fake data. In case the CA defines the company as genuine, the OV SSL certificate is going to be issued in a couple of days.

It will simply present the company’s name, city, state, and country where it functions. Typically, larger corporations or also government agencies apply this type of certificate.

A Multi-domain SSL certificate is a helpful method to receive encryption and security for the main domain name and various subject alternative names (SAN) by a single certificate. Security could even be an Extended Validation SSL Certificate for every domain you add. It saves time and money, and you can add or exclude the SAN you want. Companies with a presence in many locations, international enterprises that own various top-level domain names (TLDs) usually benefit from it.

DNSSEC – Definition

DNSSEC explained.

The Domain Name System Security Extensions, or for short DNSSEC, is an excellent method to improve the security of your domains. It is a superior DNS trait. When you start applying it to each DNS record is going to be attached a digital signature (DS) record. That provides a guarantee that the domain name source is authentic.

The main reason for its creation is to keep the users on the Internet safe and protected from any forged DNS data. For example, the address could be misleading or malicious and lead users to an unwanted website rather than the original one they requested.

When you start using DNSSEC, the DNS lookups are going to prove that the source of the website’s DNS is valid with digital signatures. Therefore, some types of attacks could be successfully stopped through its help. That is possible because the browsers will not open the site if the digital signature does not match.

How does it work?

DNSSEC is fixing the safety problems that concern DNS, which needs a cover of security on top. 

The answer is the authentication method that applies digital signatures with public-key cryptography – DNSSEC. With its help, the owner of a DNS service is able to cryptographically sign the DNS data for their domain name. It is essential to know that we are not speaking about the DNS queries themselves. 

To achieve that, every DNS zone requires a combination of a public and a private key. 

The domain owner uses the private key to sign the information in the zone. 

The public key is visible publicly, and it is placed in the zone.

Each DNS recursive server that wants to review data in the zone will receive this public key and confirm the authenticity of the DNS records. This occurs if it successfully authenticates the information. If not, the DNS recursive server is going to give an error message to the user. 

The information in the authoritative name server additionally requires to verify its authenticity. Its public key is confirmed, not by its own private key, but from the authority on top. The root zone does not have someone on top to sing its key.

What does it protect against?

The foremost aim of DNSSEC is to provide restrictions to third parties to attempt to falsify any DNS records. Limiting the following situations from happening, it is capable of protecting the integrity of the domain name.

DNS Cache Poisoning

It is considered a sort of man-in-the-middle attack. The attackers’ goal is to flood a DNS resolver with bogus DNS information. There are cases in which the attacks can progress a lot and establish a fake end result in the cache memory of the resolver. For that reason, the DNS resolver supplies a malicious and fraudulent address to all users that ask for that particular website. Unfortunately, it lasts till the TTL (Time-to-Live) expires.

Fabricated zones

DNSSEC can protect against DNS attacks that unfairly use the DNS system and supply simulation results for zones. They may not exist, really, and criminals profit from holes among zones. So DNSSEC produces mechanisms for these holes to not being used and secure the complete zone. 

Advantages of using Managed DNS

If you own or administrate an online business, you know how vital DNS is for existing on the Internet. Of course, you can build your own DNS server, but having a Managed DNS brings really good advantages that you should consider.

What does Managed DNS mean?

Shortly, Managed DNS means the service offered for clients to use the DNS servers of a provider. Once you pick such a provider, its DNS servers (its infrastructure) will be available for you to manage all your DNS data (records) of your domain and make the domain available online. 

Providers supply their clients with a friendly control panel to manage their DNS. From there, you can create, add, modify, or clear DNS records, DNS zones, PoPs, etc.

Advantages of using Managed DNS.

Cost. 

Quality DNS providers own robust networks. Getting their service, you can access their whole infrastructure. So even an expensive plan for sure will be cheaper than creating your own DNS from zero.

Ease of use. 

To administrate DNS is not an easy task. But it can get more or less complex. Managed DNS gets in charge of routine tasks for you so you can focus on the essential ones. From the beginning, not being the one setting up all your DNS servers is a relief.

Easy scalability, up and down.

You look for constant growth, more traffic every day. But are you ready to handle this? With a Managed DNS service, you can expand or reduce your resources (speed, security, POPs, etc.) without badly compromising your budget. There are different plans to satisfy different websites’ needs and sizes. And you can add or cancel features based on your performance and real growth. 

Add as many PoPs as you need.

Having different points of presence (PoPs) is absolutely convenient, especially for international websites. Managed DNS providers offer you many servers around the world for saving your website’s DNS records and choosing those that are closer to your market. 

Whenever you require a PoP, you can easily add it.

Gain redundancy.

Redundancy is the way for websites to be constantly available. If your DNS records are saved only in a Primary Authoritative server, and it fails or suffers an attack, your site won’t be available. Managed DNS is the easiest way to add servers wherever you need them. While adding PoPs, automatically, you gain redundancy for your business. 

Get higher uptime.

Downtime means the time your website is not accessible for clients. And that generates angry clients and losses for your pocket. Again, saving your site’s DNS records in a single Primary Authoritative server is possible but risky. If it goes down, there’s no alternative for the site to be accessed by clients. If you have copies of your DNS records in more than one DNS server, you increase your business’s uptime. One or even several servers on a network could be shut down due to a violent cyber attack, but not all of them.

Extra security.

Threats on the Internet are many. Therefore there’s no single measure to be 100% safe, but a combination of them. Managed DNS supplies you servers enough to balance your traffic load, DNS-protected servers with the technology for analyzing and filtering suspicious traffic, and more. Such resources can be considered in your strategy to strengthen your defenses.

Conclusion.

To use a quality Managed DNS service is a good investment. Analyze the needs of your website, costs, and give it a try!

Understanding DNS cache.

Since its creation, due to its utility and efficacy, the Domain Name System (DNS) became very demanded. No network can fully function without it. And considering the number of networks that currently exist, be sure that the DNS it’s permanently busy!

Considering all the important processes that rely on this system, different mechanisms have been created to reduce its stress by helping it with the execution of some tasks. Here comes the DNS cache that makes DNS work better and faster!

What is the DNS cache?

The DNS cache is the temporary cache memory for saving DNS records of already queried domain names. This memory mechanism is available in different machines, DNS recursive servers, computers, mobiles, tablets…

The mechanism’s purpose is clear, not to repeat a DNS lookup every time that a specific domain name is requested. Think about that news site you request every morning. When you requested it for the first time, a DNS lookup took place to search for its corresponding IP address. Once a DNS recursive server got its IP address, it was possible to load the domain for you, and the DNS record (IP address) was saved in the DNS cache. The following day, you typed the news domain name for revisiting it, and loading it for you was easier and faster since its IP address was available in the DNS cache. A new DNS lookup was not needed this time.

These and all the DNS records related to the different domain names will only be available on the DNS cache temporarily, not permanently. If you wonder how long? The exact time is the one that you or your administrator establish in their TTL (time-to-live). 

It allows to respond to DNS users’ queries faster and to optimize the resources efficiently. DNS recursive only do the really necessary lookups. 

How does the DNS cache work?

Whenever a user requests a domain name, a DNS lookup will be triggered. As a first step, the user’s device will search in the DNS cache included in its operating system (OS). It’s a database where different DNS records get saved and their corresponding TTL values. As mentioned before, that TTL is set by the DNS administrator of the domain. If the TTL hasn’t expired, the requested DNS records can be found directly there. The request will be responded to, and the domain loaded really fast. But if the TTL already expired, a new lookup will be needed, and this means extra time for the complete process to occur again.

This means a DNS recursive server will take the user’s request and ask other servers for the necessary DNS records. It will ask the root server, this will point to the exact TLD server that should be queried, and this last will send the recursive to the authoritative name server that can finally provide the DNS data (records).

The data will be sent to the user’s browser for loading the domain. And on the way, those data will be stored on the DNS cache of the recursive server, and the user’s device (computer, tablet, or mobile) to be available for a while, the time that their TTLs allow.

Conclusion.

The DNS cache is an efficient mechanism for making quicker and more efficient the DNS resolution process. It saves time, effort, and resources for the network (its different servers involved) and the user’s device.

Its utility is very appreciated by everybody, including the dark side of the web. DNS cache can be used for criminal purposes, so don’t forget to protect its security!

What does IPAM mean?

Our current world depends a lot on IP addresses. Without them, networks can’t communicate, people’s devices can’t access networks, the Internet of Things can’t connect, cloud computing can’t work properly, etc. So the dependency of IP addresses is clear, isn’t it? 

IP addresses are demanded for many different purposes, daily and in massive amounts. As a result, their management has become an annoying headache for administrators in charge of the task. Just this can get you hours busy since we talk about hundreds or thousands of IP addresses if the network is extensive.

In this context, IPAM is hope, a great solution you should know because IPAM means IP address management! 

What else does IPAM mean?

Internet Protocol Address Management (IPAM) means software for planning, administrating, and monitoring the information related to the IP address space on networks. This software is an efficient tool, with a practical interface, for automating the IP addresses tasks that must be executed on a daily basis. It considerably reduces the chances of human errors while manually registering information on the typical spreadsheets.

For instance:

  • Administration of DHCP and DNS. The first provides and the second resolves IP addresses to hosts in TCP/IP type of networks.
  • Search of available IP addresses.
  • Supply IP address for devices to get connected to the network.
  • Finding and reclaiming abandoned IP addresses on a network.
  • Monitoring IP addresses’ status to register their details.
  • Reservation of unique IP addresses.
  • Providing the hostnames associated with IP addresses. 
  • Real-time visualization of subnets and devices using them.
  • Automatic updates of IP addresses.
  • Showing the routers used by each device connected to the network.
  • Automatic creation and clearing of DNS A records and PTR on virtual machines. 
  • IP management for virtual environments.
  • Reporting mismatched DNS entries, IP addresses issues, available capacity of subnets, etc.
  • Changing subnets and websites from IPv4 to IPv6. 
  • And much more!

How does IPAM work?

IPAM software is a service supplied by different vendors on the market. You can find paid but also free choices.

IPAM needs information from important components of every network to operate: the Dynamic Host Configuration Protocol (DHCP), the Domain Name System (DNS), and IP addresses.

Besides, IPAM uses the Internet Control Message Protocol (ICMP) input to obtain details from all machines on the network. The simple network management protocol (SNMP) to get and order data related to IP network devices.

Additionally, IPAM has efficient tools for monitoring. Through this combo, the software can manage the IP address space of a network. IPAM creates a very well-organized and accessible database with all the information and statistics it collects and produces.

Pros of IPAM.

  • Ease of use. You can control the software and all its settings from a friendly interface.
  • Automated and more efficient administration of the address space.
  • Clear visibility of all IP resources.
  • Automation of DNS-DHCP configurations, real-time updates of hosts connecting and disconnecting from a TCP/IP network. Detailed reports.
  • Higher reliability while reducing the chances of misconfigurations, overlapped subnets, IP addresses conflicts.
  • DNS/DHCP/RIR integration to IPAM allows it to update A DNS records and lease information efficiently.
  • Prevention of security breaches. Permanent monitoring and visibility IPAM provides of all network resources help protect from malicious activity.
  • Detecting issues and fixing them is easier and faster since it doesn’t have to be done manually. 

Conclusion.

IPAM means higher productivity for your network. Put it in charge of the routine tasks to focus on the biggest challenges of your business. Do you need more reasons to give IPAM a try? 

​What is Cloud Hosting?

If you are searching for the right place to host your site, you have probably seen many types of hosting services. Which is right for you? And what do they even mean? This time we would demystify the Cloud Hosting and see what exactly makes it a cloud service and how.

​What is a cloud service?

A cloud service is an on-demand service that clients can get over the internet, usually on a monthly subscription. It could be software (S-a-a-S), a whole platform for developing (P-a-a-S), or the infrastructure that you might need like bare-bone servers (I-a-a-S). Examples of cloud services are Skype, DropBox, renting a fully-functioning Linux or Windows server, or getting a bare-bone server without any software installed.

The cloud service could be offered from a single instance (one server inside one data center) or multiple connected instances in a network (multiple servers inside multiple data centers).

There are more ?-a-a-S types, but these 3 are essential, and the rest are very relatable to them.   

​What is Cloud Hosting?

A Cloud Hosting is a cloud service for web hosting that offers an on-demand hosting solution. What distinguishes it from shared hosting or dedicated server hosting is that Cloud Hosting uses a network of interconnected servers thanks to a virtualization process. As a result, the clients get the benefit of scalability and better uptime thanks to the fact that their website will be hosted on multiple servers at the same time.

​Benefits of Cloud Hosting

​Scalability

When you are thinking about a whole network of servers, you have a lot higher limit than a single server inside a data center. Usually, the Cloud Hosting providers offer many plans with different parameters, and you can even negotiate a custom plan that will best suit your need in many cases. In addition, you can downgrade or upgrade to get less or more resources.

​No maintenance

You won’t be thinking about each of the components of the servers like CPUs, RAM, Storage, and more. The provider will keep all the equipment in check and provide a smooth service to its clients. No electricity bills, no internet, or no air conditioning will occupy the minds of the clients.

​Redundancy

As we mention, in Cloud Hosting, it is common that you will have your website on multiple servers. Therefore, if one goes down, there is a good chance your site will still keep running from another, and you won’t experience downtime.

​How does Cloud Hosting compete with shared web hosting?

The main advantage of it is in its infrastructure. While both can contain multiple websites, the Cloud Hosting has them on multiple servers, while the shared hosting does not distribute one. In the case of the typical shared hosting, if the server is down, it means downtime for all of the hosted sites. Also, penalties related to the server’s IP address of the shared service will affect all of the sites on it. The only advantage of the shared one compared to the Cloud Hosting is that it is usually cheaper. 

​Conclusion

So, now you know. Choosing a cloud service means that you are getting a virtual piece of a network of computers. It will be deployed fast, scalable, and you won’t be bothered with hardware maintenance. Cloud Hosting is a fast way to get your site or application online fast!

​Basic DNS terms and definitions

No time to waste! Let’s see the basic DNS terms and DNS definitions that you must know to manage your domain well.

​What is DNS?

DNS stands for Domain Name System. It is a global system that is decentralized and has a multi-level hierarchical structure that serves to connect domains to IP addresses. Thanks to it, people don’t need to remember IP addresses and can directly use domain names to connect to services.

​What is a domain name?

A domain name is an identifier, a unique text string, for naming devices or services like Wikipedia.org. People can use it and remember it a lot easier than its IP address.

​What is a DNS zone?

The DNS zones are the administrative partitions that the DNS namespace use. A particular DNS administrator administrates each one, and this makes the whole system decentralized. DNS zone and a domain are seen as the same thing in many cases, but it is not exactly the case. One domain can have just a single DNS zone, and then there is no real difference. But it also can have more DNS zones, and then they will be different.

​What is an IP address?

The IP address is the identifier that the Internet Protocol (IP) uses to name hosts on the Internet. It looks like a string of numbers and letters that are separated by dots. Based on this IP address, devices can connect to each other and send information. There are two types of IP addresses currently in use which are IPv4 addresses like 91.198.174.192 and IPv6 addresses like 2620:0:862:ed1a::1.

​What is a DNS query?

The process of searching the IP address (an A record or an AAAA record)or another DNS record of a domain is called a DNS query. A DNS client asks for the information it needs, its query gets taken by a DNS recursive server, and the client receives the corresponding answer or an error message in a case of failure.

​What is a DNS record?

 DNS records are text files that contain information regarding DNS. One domain can have multiple DNS records that indicate different entities and settings of a domain. One could show the IP address. Another can show a particular service like the email server and more.

The DNS records are stored inside a zone file that each DNS zone has.

​What types of DNS records exist?

  • A record – a domain to an IPv4.
  • AAAA record – a domain to an IPv6.
  • CAA record– shows a list of allowed Certification Authorities for the domain.
  • CNAME record – Links one name to another.
  • MX record – shows the email server for receiving emails for the domain.
  • NS record – shows the authoritative name server for the domain.
  • PTR record – IPv4 or IPv6 to a domain.
  • SOA record – indicates essential information about the zone. 
  • SRV record – used to show service.
  • TXT record – various use, including domain authentication.

Those are the most popular types, and there are more.

​What types of DNS servers exist?

You can separate two basic types of DNS servers – authoritative name servers and recursive name servers.

The authoritative name servers hold the zone file of a particular zone and can answer queries for it. In this category, you have the authoritative name servers of each particular domain like Wikipedia.org, TLD servers (like .org, .com, etc.), and Root server (the highest hierarchy level).

Recursive name servers serve to get the DNS query from a DNS client and search for its answer by checking different servers until they receive an answer. They are the middle-man between the DNS client and the authoritative name servers.

IPv4 address: Structure and examples

IP address explained

Each component that is included in a network needs an IP address as an identifier. To connect to the Internet, you receive from your Internet service provider (ISP) a public IP address. To operate successfully, servers have a public IP address too. In other cases, computers, devices, smartphones require a private IP address to connect to a private network.

IP addresses help with identifying devices connected in any kind of communication. Furthermore, they give information about the location of the devices in the network, making them capable of exchanging data and communicating.

What is IPv4 address?

Can you imagine IPv4 has been around since the early 80s? It is the 4th version of Internet Protocol which was launched in 1981. Its purpose is to set the rules for communication, such as how the data packets should be sent or how they should have to be received. 

IPv4 has one key characteristic, which is to apply the best-effort delivery model. It is not required to set prior adjustments between the two endpoints for the connection to operate successfully. Instead, it is possible to try to send a message and not wait to notice if it was sent successfully or not. That is the reason why it is excellent for the Internet.

IPv4 addresses are short and actually easy to use. They serve as an ID card of any connected host.

Structure of IPv4 address 

Every IPv4 address has a structure, which looks like that: x.x.x.x. The x represents an octet and is a decimal value from 0 to 255. Periods separate the different octets. Thus, each IPv4 address includes four octets and three periods. The IPv4 address is a 32-bit number and uniquely recognizes a network interface on a machine. The digits are formatted as four 8-bit fields divided by periods. Thus, every 8-bit range describes a byte of the IPv4 address. This way of interpreting the bytes of an IPv4 address is commonly introduced as the dotted-decimal format.

These are simple examples of valid IPv4 addresses:

  • 1.2.3.4
  • 31.142.173.104

The bytes regarding the IPv4 address can be divided even further into two parts. The first one is the network part, and the second one is the host part. 

Let’s take, for example, the IP address 1.2.3.4 

The first component characteristic of a typical IPv4 address, the network part, is represented with the first two octets and first two periods –  1.2.3.4 

The other component, the host part, is expressed with the third and fourth octets and the third period – 1.2.3.4

Network Part

The network part defines the specific number, which is delegated to a particular network. Furthermore, it also can identify the class selected for the network.

Host Part

The host part of the IPv4 address is the one is selected for every host 

With it is possible to identify a specific individual device on a particular network. It is important to know that for every host on your network, the network part of the IPv4 address will be identical, and the host part is going to be different.