Analytics
1/6/2014
09:18 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

NexQloud To Bolster Cloud Privacy and DDoS Protection With Perfect Forward Secrecy And SSL Modes

NexQloud offers three SSL modes for advanced security protection and performance acceleration

CAMPBELL, Calif., Jan. 6, 2014 /PRNewswire/ -- NexQloud

(http://www.nexqloud.com) announced today upcoming features for its DDoS Mitigation and Uptime Management platform, designed to increase cloud data privacy. Powered by the industry's first Human ID engine, NexQloud simplifies SSL and grants perfect forward secrecy to its users.

SSL is the de-facto solution for encrypting traffic that contains confidential information. However, the implementation of this solution often exhausts at least tenfold the processing power required by normal server requests. As a result, DDoS attacks against SSL traffic are extremely effective due to the asymmetric resource consumption on servers. NexQloud resolves this vulnerability by integrating its Human ID engine to effectively mitigate DDoS attacks and bolster cloud privacy.

NexQloud's Human Identification engine transforms SSL Renegotiation protection, dramatically simplifying the complex setup. SSL handshake requests are identified by the Human ID engine, which allows only human requests to process.

Humans flooding the system with SSL handshake requests within a short time frame are flagged as troublemakers, and automatically ejected from the system.

Security is a top priority in an ever-increasingly scrutinized world. NexQloud stores encryption keys at a secured server, detached from the mainframe. All data is protected by NexQloud's advanced infrastructure. Advanced technologies such as Perfect Forward Secrecy and multiple SSL modes grant users flexibility in addressing their concern for data privacy.

Perfect Forward Secrecy Implementation

Amidst NSA and data privacy controversies, NexQloud ensures data remains safe from prying eyes with its Perfect Forward Secrecy (PFS) feature. During each SSL session, a new ephemeral key will be generated, so even under worst-case scenarios, a compromised key will not break the confidentiality of SSL traffic.

This advanced encryption ensures data going through NexQloud is protected and encrypted, even if traffic data and the private key has been collected by an adversary. With Perfect Forward Secrecy, NexQloud users will experience unparalleled security for their data privacy needs.

Multiple HTTPS/SSL Modes

NexQloud offers three SSL modes for advanced security protection and performance acceleration.

1. SSL Offloading

SSL traffic will be decrypted at the NexQloud-end, and traffic returned to web servers will be sent in clear-text format. SSL offloading relieves web servers of the processing burden of encrypting and/or decrypting traffic sent via SSL, improving server performance dramatically.

2. SSL Bridging

SSL traffic will be decrypted at the NexQloud-end and is re-encrypted when sent back to web servers. If there are security concerns about unencrypted traffic traversing the Internet, SSL Bridging will be the top choice for advanced protection.

3. SSL Forwarding

SSL traffic will be forwarded to web servers directly. Provision of an SSL key is not necessary and no traffic will be decrypted. Some advanced features will not be available.

NexQloud's revolutionary service is completely free of charge for the duration of the Prerelease Program. The service will be available to the general public in early 2014, offering both subscription and token-based pricing models. Sign up now and be amongst the first to experience the future of uptime management!

About NexQloud

NexQloud is the world's newest and most innovative DDoS mitigation and uptime management platform. Powered by the world's first Human Identification engine, NexQloud offers fully automated protection with no software or hardware changes required. In addition to comprehensive volumetric DDoS mitigation, NexQloud champions the "Identifying the Human" approach, effectively addressing critical flaws in traditional mitigation systems. Botnets requests are automatically denied, ensuring only humans through. Human users with malicious intent are automatically rejected upon detection, while other users are queued before a flash crowd forms and slows down the website.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Tech Digest, Dec. 19, 2014
Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul your security strategy.
Flash Poll
Threat Intel Today
Threat Intel Today
The 397 respondents to our new survey buy into using intel to stay ahead of attackers: 85% say threat intelligence plays some role in their IT security strategies, and many of them subscribe to two or more third-party feeds; 10% leverage five or more.
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-9676
Published: 2015-02-27
The seg_write_packet function in libavformat/segment.c in ffmpeg 2.1.4 and earlier does not free the correct memory location, which allows remote attackers to cause a denial of service ("invalid memory handler") and possibly execute arbitrary code via a crafted video that triggers a use after free.

CVE-2014-9682
Published: 2015-02-27
The dns-sync module before 0.1.1 for node.js allows context-dependent attackers to execute arbitrary commands via shell metacharacters in the first argument to the resolve API function.

CVE-2015-0655
Published: 2015-02-27
Cross-site scripting (XSS) vulnerability in Unified Web Interaction Manager in Cisco Unified Web and E-Mail Interaction Manager allows remote attackers to inject arbitrary web script or HTML via vectors related to a POST request, aka Bug ID CSCus74184.

CVE-2015-0884
Published: 2015-02-27
Unquoted Windows search path vulnerability in Toshiba Bluetooth Stack for Windows before 9.10.32(T) and Service Station before 2.2.14 allows local users to gain privileges via a Trojan horse application with a name composed of an initial substring of a path that contains a space character.

CVE-2015-0885
Published: 2015-02-27
checkpw 1.02 and earlier allows remote attackers to cause a denial of service (infinite loop) via a -- (dash dash) in a username.

Dark Reading Radio
Archived Dark Reading Radio
How can security professionals better engage with their peers, both in person and online? In this Dark Reading Radio show, we will talk to leaders at some of the security industry’s professional organizations about how security pros can get more involved – with their colleagues in the same industry, with their peers in other industries, and with the IT security community as a whole.