Qualys SSL Labs

There is little doubt that SSL1 is the technology that protects the Internet. By transforming insecure communication channels into opaque data streams, SSL allows sensitive data to reach its destination uncompromised.

SSL Labs is a collection of documents, tools and thoughts related to SSL. It’s an attempt to better understand how SSL is deployed, and an attempt to make it better. I hope that, in time, SSL Labs will grow into a forum where SSL will be discussed and improved.

SSL Labs is a non-commercial research effort, and we welcome participation from any individual and organization interested in SSL.

Qualys Labs main website: Qualys Labs

We all know the moments when new systems are put into use, and all the blood sweat and tears that has gone into it is soon forgotten. Finally the system is running and we can make use of it and it will simplify our work.

But there comes a day when the system is outdated and new ones are about to be taken into use. Then what happens to the old systems?

Depending on the function, you even have to do with legislation that demands that you keep the systems running because data on it, should be kept for more than 5 years du to for example tax legislation. There are usually quite valid reasons for these system to keep them up and running.

But don’t forget these old systems let them participate in the patch and security policies because they are often forgotten and then they are an easy target to gain access and can be a jump server into the rest of your IT systems.

Some advice:

• On a regular bases PEN (Penatration testing – for example with Qualys) test your systems
• Isolate these systems so they can still be used but only when necessary
• Check regularly if these systems are being used
• Take decommissioning seriously

And perhaps unnecessarily, but we should also apply these advices to test, research and acceptance systems. These are also quite often overlooked when it comes to potential security risks.