Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »

Website - Getting Started

Overview

Website security is gaining significantly more attention as Google and other browsers have begun forcing SSL adoption.  This guide covers the basics of SSL and the impact SSL Certificates (or lack thereof) have on the Member/Visitor experience on your Club’s Website.

SSL stands for Secure Socket Layer, which is the defacto method used to encrypt sensitive data such as usernames, passwords, and other private information that is passed back and forth over the Internet between your website, visitors’ browser(s), and your club’s website server.  An SSL Certificate provides visible assurance to visitors of the site, that the site is legitimate, and that data encryption is taking place to ensure their sensitive data is protected.  Once the site has SSL, an “s” is placed after the http:// of the website’s address - i.e. https://www.anyclub.com.


Use Case(s)

    • Club Web address is http://www.yourclub.com (missing the “s” after the http)

    • Club Members are calling the Club indicating they are receiving a “Connection is Not Secure” message when visiting the Club’s Website.

    • When entering sensitive data into your Website, Club Members are receiving messages such as “This connection is not secure.  Logins entered here could be compromised.”


Video

This video contains highlights from a training Webinar given on Articles.

Note: Sections of the video have been referenced below with corresponding times in the video for ease of access

Total Video (Length)4:30   
Accessing Articles0:50 Article Settings2:07
Article Interface Overview1:14 Adding Content2:47
Adding Articles1:55   

 

 

Content

 



 

SSL Protection Options

Clubessential offers Basic and Advanced SSL Protection Options. 


Basic

 

Basic Protection has the padlock instead of the full green bar. Additionally, Basic covers just Domain Validation (DV), meaning just the domain ownership is checked prior to issuing the certificate.

 




 

FAQs

Q: Can’t we just purchase our own SSL Certificate?
A: We handle it for you. There’s no need for you to purchase your own SSL Certificate. Even if you did purchase your own certificate, there’s still back and forth work needed between your club and Clubessential to set up and maintain the SSL.

 

 

Q: I’ve seen some free SSL Certificates. Why would I pay Clubessential for SSL?
A: Most of the free SSL Certificates are actually free trials which are only valid for a short period of time. Also, many web hosts that offer “free” SSL are actually bundling it with their other products and services, which you’ll still have to pay for.

 

Q: Why wasn’t SSL included with our website to begin with?
A: It has not always been absolutely necessary to get SSL. Your website is already secure as is. Google's Chrome browser is now forcing SSL adoption. Google announced that beginning in October 2017, anyone using Google Chrome version 62 to view a website that's not protected by SSL, will also begin seeing "Not Secure" warning messages when entering sensitive information into online fields like password or credit card fields, or email fields on forms.

Imagine if your members enter their passwords on the login screen of your website and receive the following message, “This site is NOT SECURE.” They're going to be concerned, and they're going to call you to see if the website is secure.

Furthermore, let’s say a potential member fills out a membership interest form on your public website… she’ll likely get the not secure warning too. That will lower your conversions and scare off some potential members.

 
 

Q: Have you ever been hacked? 
A: No hacker has ever gained access to the Clubessential servers.


Q: What do you do if you suspect you are being hacked? What is your Incident Response Policy?
A: Clubessential's first response to a major attack would be to work with its security partners to immediately block the attack. Clubessential would block the intruder at the firewall if that can be done via IP address or type of protocol being used. Depending on the type of attack Clubessential might also pursue immediate legal action. Clubessential is constantly being scanned, crawled and attacked. Our email servers are attacked on a daily basis via spam. Dictionary attacks are common and we have been through several DDoS attacks. Our firewall is strictly controlled to open only needed ports and both our firewall and Barracuda server utilize intelligent algorithms to detect and block attacks. Clubessential has also installed enough web servers to handle load spikes in the event we are attacked or have usage spikes. In the event of an attack Clubessential would immediately notify any affected clients.


Q: How often do you monitor for network intruders?
A: Clubessential's production network is constantly being monitored by Level3 and Zyedge. The internal office network is constantly being monitored by Zyedge (a company that specializes in network security and support). Clubessential also utilizes advanced security technology from Cisco, including Intrusion Detection.

Downloadable Guide

Articles

 

 

  • No labels