Authenticating websites

Content

• The Ovum view
• In a nutshell
• Recommendations for enterprise users
• Deploy tools that incorporate automatic blocking
• Defence in depth is still good practice
• Do not rely on user discipline
• Recommendations for website owners
• Websites need to do more to protect themselves from hacking
• Deploy products that provide assurance to users
• Recommendations for vendors
• The rise of ???blended attacks'
• Malicious websites are big business
• Blended attacks use several lines of attack
• Web defence
• Basic strategies
• Defence in depth
• Limitations with website authentication
• Limitations with checking the content of page
• Limitations with attack disruption
• Do you know where you are on the Web?
• The need for site authentication
• The Harvard/Berkeley research project
• The industry's response on website authentication
• Website certificates
• Extended validation certificates
• First Cyber Security
• Green Armor: pictorial identity cues
• Protection in the browser, ISP, or at the corporate gateway
• Content filtering
• Browser protection
• IE8 enhancements
• Disrupting attacks
• Part of the network-level protection
• A weakness in Microsoft's approach
• Websites must do more to protect themselves from corruption