Analytics
1/6/2014
09:18 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

NexQloud To Bolster Cloud Privacy and DDoS Protection With Perfect Forward Secrecy And SSL Modes

NexQloud offers three SSL modes for advanced security protection and performance acceleration

CAMPBELL, Calif., Jan. 6, 2014 /PRNewswire/ -- NexQloud

(http://www.nexqloud.com) announced today upcoming features for its DDoS Mitigation and Uptime Management platform, designed to increase cloud data privacy. Powered by the industry's first Human ID engine, NexQloud simplifies SSL and grants perfect forward secrecy to its users.

SSL is the de-facto solution for encrypting traffic that contains confidential information. However, the implementation of this solution often exhausts at least tenfold the processing power required by normal server requests. As a result, DDoS attacks against SSL traffic are extremely effective due to the asymmetric resource consumption on servers. NexQloud resolves this vulnerability by integrating its Human ID engine to effectively mitigate DDoS attacks and bolster cloud privacy.

NexQloud's Human Identification engine transforms SSL Renegotiation protection, dramatically simplifying the complex setup. SSL handshake requests are identified by the Human ID engine, which allows only human requests to process.

Humans flooding the system with SSL handshake requests within a short time frame are flagged as troublemakers, and automatically ejected from the system.

Security is a top priority in an ever-increasingly scrutinized world. NexQloud stores encryption keys at a secured server, detached from the mainframe. All data is protected by NexQloud's advanced infrastructure. Advanced technologies such as Perfect Forward Secrecy and multiple SSL modes grant users flexibility in addressing their concern for data privacy.

Perfect Forward Secrecy Implementation

Amidst NSA and data privacy controversies, NexQloud ensures data remains safe from prying eyes with its Perfect Forward Secrecy (PFS) feature. During each SSL session, a new ephemeral key will be generated, so even under worst-case scenarios, a compromised key will not break the confidentiality of SSL traffic.

This advanced encryption ensures data going through NexQloud is protected and encrypted, even if traffic data and the private key has been collected by an adversary. With Perfect Forward Secrecy, NexQloud users will experience unparalleled security for their data privacy needs.

Multiple HTTPS/SSL Modes

NexQloud offers three SSL modes for advanced security protection and performance acceleration.

1. SSL Offloading

SSL traffic will be decrypted at the NexQloud-end, and traffic returned to web servers will be sent in clear-text format. SSL offloading relieves web servers of the processing burden of encrypting and/or decrypting traffic sent via SSL, improving server performance dramatically.

2. SSL Bridging

SSL traffic will be decrypted at the NexQloud-end and is re-encrypted when sent back to web servers. If there are security concerns about unencrypted traffic traversing the Internet, SSL Bridging will be the top choice for advanced protection.

3. SSL Forwarding

SSL traffic will be forwarded to web servers directly. Provision of an SSL key is not necessary and no traffic will be decrypted. Some advanced features will not be available.

NexQloud's revolutionary service is completely free of charge for the duration of the Prerelease Program. The service will be available to the general public in early 2014, offering both subscription and token-based pricing models. Sign up now and be amongst the first to experience the future of uptime management!

About NexQloud

NexQloud is the world's newest and most innovative DDoS mitigation and uptime management platform. Powered by the world's first Human Identification engine, NexQloud offers fully automated protection with no software or hardware changes required. In addition to comprehensive volumetric DDoS mitigation, NexQloud champions the "Identifying the Human" approach, effectively addressing critical flaws in traditional mitigation systems. Botnets requests are automatically denied, ensuring only humans through. Human users with malicious intent are automatically rejected upon detection, while other users are queued before a flash crowd forms and slows down the website.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Threat Intel Today
Threat Intel Today
The 397 respondents to our new survey buy into using intel to stay ahead of attackers: 85% say threat intelligence plays some role in their IT security strategies, and many of them subscribe to two or more third-party feeds; 10% leverage five or more.
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2011-4403
Published: 2015-04-24
Multiple cross-site request forgery (CSRF) vulnerabilities in Zen Cart 1.3.9h allow remote attackers to hijack the authentication of administrators for requests that (1) delete a product via a delete_product_confirm action to product.php or (2) disable a product via a setflag action to categories.ph...

CVE-2012-2930
Published: 2015-04-24
Multiple cross-site request forgery (CSRF) vulnerabilities in TinyWebGallery (TWG) before 1.8.8 allow remote attackers to hijack the authentication of administrators for requests that (1) add a user via an adduser action to admin/index.php or (2) conduct static PHP code injection attacks in .htusers...

CVE-2012-2932
Published: 2015-04-24
Multiple cross-site scripting (XSS) vulnerabilities in TinyWebGallery (TWG) before 1.8.8 allow remote attackers to inject arbitrary web script or HTML via the (1) selitems[] parameter in a copy, (2) chmod, or (3) arch action to admin/index.php or (4) searchitem parameter in a search action to admin/...

CVE-2012-5451
Published: 2015-04-24
Multiple stack-based buffer overflows in HttpUtils.dll in TVMOBiLi before 2.1.0.3974 allow remote attackers to cause a denial of service (tvMobiliService service crash) via a long string in a (1) GET or (2) HEAD request to TCP port 30888.

CVE-2015-0297
Published: 2015-04-24
Red Hat JBoss Operations Network 3.3.1 does not properly restrict access to certain APIs, which allows remote attackers to execute arbitrary Java methos via the (1) ServerInvokerServlet or (2) SchedulerService or (3) cause a denial of service (disk consumption) via the ContentManager.

Dark Reading Radio
Archived Dark Reading Radio
Join security and risk expert John Pironti and Dark Reading Editor-in-Chief Tim Wilson for a live online discussion of the sea-changing shift in security strategy and the many ways it is affecting IT and business.