Analytics
1/6/2014
09:18 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

NexQloud To Bolster Cloud Privacy and DDoS Protection With Perfect Forward Secrecy And SSL Modes

NexQloud offers three SSL modes for advanced security protection and performance acceleration

CAMPBELL, Calif., Jan. 6, 2014 /PRNewswire/ -- NexQloud

(http://www.nexqloud.com) announced today upcoming features for its DDoS Mitigation and Uptime Management platform, designed to increase cloud data privacy. Powered by the industry's first Human ID engine, NexQloud simplifies SSL and grants perfect forward secrecy to its users.

SSL is the de-facto solution for encrypting traffic that contains confidential information. However, the implementation of this solution often exhausts at least tenfold the processing power required by normal server requests. As a result, DDoS attacks against SSL traffic are extremely effective due to the asymmetric resource consumption on servers. NexQloud resolves this vulnerability by integrating its Human ID engine to effectively mitigate DDoS attacks and bolster cloud privacy.

NexQloud's Human Identification engine transforms SSL Renegotiation protection, dramatically simplifying the complex setup. SSL handshake requests are identified by the Human ID engine, which allows only human requests to process.

Humans flooding the system with SSL handshake requests within a short time frame are flagged as troublemakers, and automatically ejected from the system.

Security is a top priority in an ever-increasingly scrutinized world. NexQloud stores encryption keys at a secured server, detached from the mainframe. All data is protected by NexQloud's advanced infrastructure. Advanced technologies such as Perfect Forward Secrecy and multiple SSL modes grant users flexibility in addressing their concern for data privacy.

Perfect Forward Secrecy Implementation

Amidst NSA and data privacy controversies, NexQloud ensures data remains safe from prying eyes with its Perfect Forward Secrecy (PFS) feature. During each SSL session, a new ephemeral key will be generated, so even under worst-case scenarios, a compromised key will not break the confidentiality of SSL traffic.

This advanced encryption ensures data going through NexQloud is protected and encrypted, even if traffic data and the private key has been collected by an adversary. With Perfect Forward Secrecy, NexQloud users will experience unparalleled security for their data privacy needs.

Multiple HTTPS/SSL Modes

NexQloud offers three SSL modes for advanced security protection and performance acceleration.

1. SSL Offloading

SSL traffic will be decrypted at the NexQloud-end, and traffic returned to web servers will be sent in clear-text format. SSL offloading relieves web servers of the processing burden of encrypting and/or decrypting traffic sent via SSL, improving server performance dramatically.

2. SSL Bridging

SSL traffic will be decrypted at the NexQloud-end and is re-encrypted when sent back to web servers. If there are security concerns about unencrypted traffic traversing the Internet, SSL Bridging will be the top choice for advanced protection.

3. SSL Forwarding

SSL traffic will be forwarded to web servers directly. Provision of an SSL key is not necessary and no traffic will be decrypted. Some advanced features will not be available.

NexQloud's revolutionary service is completely free of charge for the duration of the Prerelease Program. The service will be available to the general public in early 2014, offering both subscription and token-based pricing models. Sign up now and be amongst the first to experience the future of uptime management!

About NexQloud

NexQloud is the world's newest and most innovative DDoS mitigation and uptime management platform. Powered by the world's first Human Identification engine, NexQloud offers fully automated protection with no software or hardware changes required. In addition to comprehensive volumetric DDoS mitigation, NexQloud champions the "Identifying the Human" approach, effectively addressing critical flaws in traditional mitigation systems. Botnets requests are automatically denied, ensuring only humans through. Human users with malicious intent are automatically rejected upon detection, while other users are queued before a flash crowd forms and slows down the website.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Threat Intel Today
Threat Intel Today
The 397 respondents to our new survey buy into using intel to stay ahead of attackers: 85% say threat intelligence plays some role in their IT security strategies, and many of them subscribe to two or more third-party feeds; 10% leverage five or more.
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-6501
Published: 2015-03-30
The default soap.wsdl_cache_dir setting in (1) php.ini-production and (2) php.ini-development in PHP through 5.6.7 specifies the /tmp directory, which makes it easier for local users to conduct WSDL injection attacks by creating a file under /tmp with a predictable filename that is used by the get_s...

CVE-2014-9209
Published: 2015-03-30
Untrusted search path vulnerability in the Clean Utility application in Rockwell Automation FactoryTalk Services Platform before 2.71.00 and FactoryTalk View Studio 8.00.00 and earlier allows local users to gain privileges via a Trojan horse DLL in an unspecified directory.

CVE-2014-9652
Published: 2015-03-30
The mconvert function in softmagic.c in file before 5.21, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not properly handle a certain string-length field during a copy of a truncated version of a Pascal string, which might allow remote atta...

CVE-2014-9653
Published: 2015-03-30
readelf.c in file before 5.22, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not consider that pread calls sometimes read only a subset of the available data, which allows remote attackers to cause a denial of service (uninitialized memory ...

CVE-2014-9705
Published: 2015-03-30
Heap-based buffer overflow in the enchant_broker_request_dict function in ext/enchant/enchant.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 allows remote attackers to execute arbitrary code via vectors that trigger creation of multiple dictionaries.

Dark Reading Radio
Archived Dark Reading Radio
Good hackers--aka security researchers--are worried about the possible legal and professional ramifications of President Obama's new proposed crackdown on cyber criminals.