On this page you will find a growing range of
white papers produced or sponsored by VeriSign.
Please feel free to download these as often as you wish.
New white papers are added on a regular basis.
VeriSign® Intelligent Infrastructure for Security
In the 21st century, online activity has increased exponentially, as organizations have
grown increasingly reliant on the Internet for collaboration and commerce, and as
people all over the world are accessing online services using a growing number of
devices including PDAs and cell phones. However, this increased usage has been
accompanied by a significant growth in the scope and complexity of network threats.
To remain protected against these emerging, multifaceted threats, organizations cannot
solely rely on individual point solutions, as ensuring their intercompatibility can be both
costly and inefficient. In addition, organizations need extensive visibility into emerging
threats, in order to prioritize remediation efforts, and they need to be able to use a wide
variety of security credentials, such as tokens, smartcards, and certificates. This paper
discusses the importance of leveraging intelligent infrastructure to provide security
services that offer vigilant intelligence monitoring, robust threat prioritization, seamless
interoperability, and the ability to immediately respond to crises 24/7.
We are living in an era defined by unprecedented access to information. People all
over the world are accessing the Internet and corporate intranets via multiple desktop
PCs, laptops, handheld computers, and cell phones. Organizations are exchanging
critical information via increasingly sophisticated collaborative systems, and consumers
are demanding immediate access to richer and richer content, including applications,
games, music, videos, and images.
To serve this growing demand, enterprises, operators, publishing companies, and other
organizations are relying on intelligent infrastructure services such as cross-platform
mobile-content delivery platforms, multiple-credential authentication solutions, and realtime
publishing tools, to mitigate the complexities of delivering digital services while
garnering the greatest possible returns. Intelligent infrastructure services can enable
important transactions, establish connections, protect data, and safely distribute critical
information across myriad protocols and devices. In large part, the world’s most critical
digital interactions rely on intelligent infrastructure services provided by VeriSign.
VeriSign operates intelligent infrastructure services that enable and protect billions of
interactions every day across the world’s voice and data networks. With a strong heritage
in operating Internet infrastructure, providing industry-proven security services, and
delivering a full spectrum of communications solutions, VeriSign operates intelligent
infrastructure services that can provide the necessary interoperability, scalability, and
security to meet today’s unprecedented demand for information. In addition, VeriSign
services are delivered by specialized teams of experts. VeriSign intelligent infrastructure
services are supported by the following core components:
Global Registries
Extensive, Reliable Networks
Continuously Operated Data Centers
In this paper, we provide an overview of our intelligent infrastructure capabilities,
describing how these components operate in tandem to support individual VeriSign
intelligent infrastructure services. Because VeriSign is a rapidly growing company
that is continuously expanding its services and infrastructure, what follows is not
a comprehensive list; for the latest information, please visit www.verisign.com or
consult a VeriSign representative directly.
In addition, VeriSign is continuously developing its services to enable new forms
of digital transactions and address a rapidly changing technological landscape.
We invite the reader to imagine new ways in which the components of our intelligent
infrastructure can be integrated, and new uses for our intelligent infrastructure services.
VeriSign® Identity Protection
Fraud Detection Service
Identity theft and fraud are growing problems for Internet businesses, affecting the cost
of doing business, heightening consumer concern, and inviting government regulation.
In a 2003 survey, the Federal Trade Commission (FTC) estimated that identity theft
and account fraud cost businesses an average of $10,200 per incident.
In 2005, the
FTC found that 55% of all fraud originated from web sites or email. A recent survey
of US households by Forrester Research showed that 36% of consumers have scaled
back their purchase of goods and services online because of security concerns.
Government regulations, such as the recent FFIEC guidance on Authentication in an
Internet Banking Environment, which is aimed at US financial services ompanies, have
put even more urgency around evaluating and adopting stronger authentication.
The best way to prevent identity theft and fraud is through a layered approach. A critical
layer in this type of approach includes fraud detection – risk-based authentication.
The Life of a Threat - Video on Cyberthreat Management
Watch the Life of a Threat Video and learn how VeriSign® Managed Security Services (MSS) brings together the people, processes, technology, and intelligence to:
Proactively manage risk
Monitor compliance
Identify and mitigate security threats - in real time
By identifying and understanding security threats, VeriSign MSS is uniquely qualified to help you protect your business.
Optimizing Enterprise Information
Security Compliance
Businesses are required to perform a number of annual audits and assessments, a number
that is increasing at a dramatic rate. The information security requirements of these
multiple audits are increasing as well, both in number and complexity. Such pressures
incur costs as well, in terms of investments in the necessary technology, processes, and
resources needed to comply with and support multiple audits. VeriSign®Global Security
Consulting helps companies streamline their compliance and auditing efforts by reducing
duplication of effort across multiple audits and by ensuring that companies properly
prepare and organize documentation for quick and efficient compliance auditing. The
consulting team leverages industry-leading experience and expertise and acts as a trusted
advisor to build programs and processes specifically geared toward facilitating compliance
with regulatory and partner requirements and to provide objective advice on security
processes and technology. Using VeriSign Global Security Consulting services to optimize
information security compliance and auditing, clients can minimize risk, focus on core
business goals, and confidently pursue new business opportunities.
In today's businesses, electronic communication is a central
part of the everyday flow of information, and privacy is a
top priority. Whether your company conducts sales over
the Internet or hosts a company-specific network, you want
to know that your communications are safe from
unauthorised interference.
For information exchange between servers and client
browsers and server-to-server, load balancing devices and
SSL accelerators, SSL Certificates from VeriSign, Inc. have
become recognised as the bottom line in security. Working
with the Secure Sockets Layer (SSL) protocol for
encryption, SSL Certificates protect businesses against site
spoofing, data corruption and repudiation of agreements.
They assure customers that it is safe to submit personal
information and provide colleagues with the trust they
need to share sensitive business information.
Open Authentication:
A Vision for Strongly Authenticating All Users, All Devices, and All Applications
Across All Networks
Although strong identity credentials are crucial to the continued growth and vitality of online business, the expense and complexity of strong authentication solutions frequently impede their adoption. To address this issue, a new vision for strong authentication has emerged. Based on the open authentication roadmap espoused by the Open Authentication (OATH) industry partnership, this vision calls for the creation of a common, open- standards-based authentication platform, where enterprises can authenticate all users, all devices and all networks, all the time. VeriSign has embraced this vision to help enterprises more freely cultivate new business opportunities, embrace advanced technologies, and move strategic processes online. Leveraging the dynamic strength of its infrastructure, technology, data and intelligence resources, VeriSign's coming generation of strong authentication services moves authentication to a “network services” architecture that promotes ubiquitous adoption of strong authentication by reducing complexity and lowering total cost of ownership.
How to Set Up a Secure eCommerce Site the Right Way
E-commerce has become an increasingly important and effective means to sell products
and services. While there are many resources available that discuss the customer facing
aspects of e-commerce (e.g.,Web site design, use of graphics, page layout, product
presentation, promotion, etc.), this paper focuses on the back-end, behind the scenes,
technology infrastructure-related requirements, necessary for online merchants to:
allow customers to safely and securely place orders online
ensure that merchants reliably process orders and receive payment
communicate to customers that the entire process is safe and secure
In addition, this paper will describe the services that VeriSign offers to satisfy these
requirements:
VeriSign® SSL Certificates
VeriSign® Payment Service
VeriSign® Commerce Site Services
VeriSign Secured™ Seal
To maintain topical continuity, the paper is organized to discuss a specific requirement, followed
directly by a description of VeriSign’s products and services that address that requirement.
As electronic commerce, online business-to-business operations and global
connectivity have become vital components of a successful business strategy,
enterprises have adopted security processes and practices to protect information
assets. Most companies work diligently to maintain an efficient, effective security
policy, implementing the latest products and services to prevent fraud, vandalism,
sabotage and denial-of-service (DoS) attacks. However, many enterprises overlook a
key ingredient of a successful security policy: they do not test the network and
security systems to ensure that they are working as expected.
Network-penetration testing - using tools and processes to scan the network
environment for vulnerabilities - helps refine an enterprise’s security policy, identify
vulnerabilities and ensure that the security implementation actually provides the
protection that the enterprise requires and expects. Regularly performing penetration
tests helps enterprises uncover network-security weaknesses that can lead to data or
equipment being compromised or destroyed by exploits, Trojan horses, DoS attacks
and other intrusions. (Definitions for many industry-related terms are provided in
the glossary that follows.) Testing also exposes vulnerabilities that may be introduced
by patches and updates or by misconfigurations on servers, routers and firewalls.
Businesses that can manage and process e-commerce
transactions can gain a competitive edge by reaching a
worldwide audience at very low cost. But the Web poses a
unique set of trust issues, which businesses must address at
the outset to minimise risk. Customers submit information
and purchase goods or services via the Web only when they
are confident that their personal information, such as credit
card numbers and financial data, is secure.
The solution for businesses that are serious about ecommerce
is to implement a complete e-commerce trust
infrastructure. PKI cryptography and digital signature
technology, applied via Secure Sockets Layer (SSL) digital
certificates, provide the authentication, data integrity and
privacy necessary for e-commerce. Internet payment gateway
systems provide online merchants with the ability to
efficiently and securely accept and process a variety of
online payments from customers.
Most Web and network security professionals are aware of Secured Sockets Layer (SSL)
Certificates and the critical part they play in comprehensive Web security platform. Yet, many
of these same professionals have little or incorrect understanding of an extremely important
protocol within SSL, one with the potential to radically alter the level of protection offered to
any given Web site’s visitors. That protocol is Server Gated Cryptography, or SGC. Using an
SGC-enabled SSL Certificate increases the encryption level available to many site visitors and
in fact ensures that Web site visitors will connect at 128-bit encryption, the strongest SSL
encryption you can buy.
This technical paper details the effect that SGC has on the encryption levels your site can
offer to visitors. You will learn which client systems connect at which encryption levels and
how you can offer the strongest available encryption to all the site visitors. Also, you will
learn where to obtain SGC-enabled SSL Certificates for your Web site.
Did you know that 83% of online shoppers are familiar with the VeriSign Secured™ Seal. And, among these shoppers more than 4 out of 5 says it's their preferred seal. Read what consumers have to say about the VeriSign Secured™ Seal.
" What Every E-Business Should Know about SSL Security and Consumer Trust"
VeriSign SSL Certificates protect e-commerce and other private information with 128-bit encryption, the strongest SSL protection available anywhere. Obtain your FREE guide, "What Every E-Business Should Know about SSL Security and Consumer Trust.
This comprehensive white paper provides readers with information to help guide them through the due-diligence process of evaluating in-house versus outsourcing options and how to choose the right MSSP partner.
The paper is sponsored by VeriSign and written by Michael Suby of Stratecast Partners (a division of Frost & Sullivan.)
The rise of the Internet has brought with it both
unprecedented promise and unprecedented peril. Despite substantial
investment in security products, loss from security threats and
vulnerabilities continues to climb. To fully benefit from the
promise of the Internet and other technology advancements, Enterprises
are facing a strategic dilemma in a business environment that
requires being both more open and more secure, while dealing with
increasing cost, compliance, and complexity issues. This
White Paper, from VeriSign, explains these complex issues and
what they mean for your organisation.
