01 May

How to Avoid Disaster Recovery

Avoid Server Disasters

While every business regardless of its size or its reliance on IT infrastructure should have a plan in place for disaster recovery, it is even more important to avoid or mitigate the damage from a business disaster in the first place. Business disasters can range from a data center fire to extreme natural disasters, such as a hurricane. Your IT infrastructure should be organized in a way that minimizes its overall exposure to business disasters and mitigates as much of their potential damage as possible if they do happen.

Here are the top 5 methods for protecting your company from needing to enact its disaster recovery plan in the first place.

Enterprise Hosting

Enterprise hosting is an increasingly common service that allows companies to outsource the hardware, maintenance and management of their software and applications. Many companies choose to use enterprise hosting services because it allows them to rely heavily on IT infrastructure to support their business without needing to develop their own expensive and complex in-house IT department. Enterprise hosting also allows a company to focus its IT efforts on product development and customer experience, while leaving the more mundane details of IT maintenance to a trusted and reliable third party with the resources and specialization to maintain the company’s software and applications for a much lower cost.

Using an enterprise hosting service also means that a large proportion of a company’s essential applications and software are hosted and maintained in a location that is not only separate from the company’s offices, but also designed to withstand accidents and disasters. Data centers are the most reliable locations for any form of IT infrastructure, which makes them the ideal place to safely run your company’s software and applications from.

The Latest Hardware and Technology

Using the latest hardware and technology for your IT infrastructure means that you have the most reliable support for your company’s network and software. Aging and outdated hardware and technology will be more prone to failure in the event of a disaster, which means that your company will be more exposed to data loss, network downtime and other similar IT infrastructure failures.

Identifying, acquiring and maintaining the latest hardware and technology for your IT infrastructure can be a very expensive challenge for all but the largest corporations. Most companies operate on dated, and even second-hand, hardware and technology, which leaves them extremely vulnerable to severe negative outcomes during disasters. By outsourcing as much of your IT infrastructure as possible, you not only ensure that most of your IT infrastructure is running on the latest hardware and technology at a professional data center, but it also provides you with the time and money to ensure that your essential on-site IT infrastructure is also able to use the latest technology and hardware.

Solid Network

A solid network ensures that your company’s IT infrastructure will continue to function effectively in the case of a disaster, allowing you to avoid any unnecessary and expensive restructuring, replacement and data restoration. Your company’s IT network is what allows all the different pieces of technology to communicate with one another and act as a secure medium for the operation of your applications and your company’s ability to communicate internally and externally. Weak networks are extremely vulnerable in the case of a disaster, which means that even otherwise intact IT infrastructure will be rendered useless as no individual nodes in your network can communicate with each other.

24/7 Service Monitoring (PRTG)

PRTG is a network monitoring software that provides unparalleled 24/7 protection for your network. PRTG is able to monitor the overall performance of your network and identify any potential problem areas long before they become an issue or cause any damage to your IT infrastructure. As advanced PRTG service monitoring may be, it does require professional oversight to understand the feedback and successfully apply remedies to your network. Professional data centers rely on PRTG to monitor all the company networks that they oversee, which means that outsourcing your IT infrastructure automatically ensures that you have 24/7 monitoring of your network by the most skilled professionals in the industry.

Data Center Certifications and Compliance

It is an unfortunate fact that not all data centers are created equally. Moreover, it is practically impossible for company owners or directors to be able to identify a good data center from a poor one based on sight and intuition alone. This is why the data center industry and regulatory bodies have developed strict requirements for certification and compliance standards, so that the end consumer can be assured that they are receiving a high quality service when they use an industry-certified data center.

Be sure that the data center that you use to outsource your IT infrastructure has all the latest certification from relevant industry bodies, which will ensure that your IT infrastructure has the greatest possible protection from business disaster. Data centers are designed specifically to protect the hosted IT infrastructure from damage and loss in the case of disasters and emergencies, and the certification ensures that you are receiving the highest possible level of protection for your IT infrastructure.

SoftsysHosting Offers All These Services and More

While it is impossible to keep your IT infrastructure completely safe from business disaster, you can ensure that it is as protected as possible by outsourcing most of it to a professional certified data center. Not only will your IT infrastructure have the best possible protection from business disaster, but you will also end up saving money, receiving higher quality IT services and allowing your in-house IT department to focus their efforts on product improvement and customer satisfaction, which is what ultimately drives sales and profit.

SoftsysHosting provides all of the above services and more for the most competitive prices in the industry, which makes them our top recommendation for protecting your company from business disasters and the need to enact your disaster recovery plan in the first place. There are many certified data centers and service providers, but SoftsysHosting stands above the rest for the quality of the services that they provide and the low price that they charge for these services.

28 Mar

Web Hosting Security For VPS & Dedicated Servers

Most customers opting for a new server or running existing servers are ignorant of securing their servers so as to avoid attackers from:

1) Hacking the servers.
2) Using email servers for spamming.
3) Stealing their important and confidential data.
4) And much more.

We are seeing increasing number of incidents whereby hackers install ransomware on servers and demand hundreds or thousands of dollars to provide owners with the decrypting key. This is threatening for just about any business. Let us review a few security measures that can be enforced to keep your VPS or dedicated servers secure:

Server Security

Install Latest OS & Software Updates / Patches Regularly

Many vulnerabilities stem from within the server – either through software installed on the server, operating system or outdated CMS that you are using. Hence, it is extremely important that you keep your operating system updated at all times with latest patches. Also, software installed on the VPS or dedicated server must be updated to latest versions so that it addresses all vulnerabilities. If software is not receiving regular security updates, your business server might be vulnerable and hence it’d be required to look out for similar software from competitor. There are numerous instances whereby customer websites are built on popular CMS like WordPress, Joomla, vBulletin, Umbraco, etc. but after initial setup, they are never updated. This is disastrous as can lead to severe issues for your business websites. All popular CMS receive constant updates and they must be applied on regular basis. The same applies to plugins and theme that you use in your CMS as well.

Install a Firewall with Intrusion Prevention System

Firewall With IPS & IDS

 

Having a firewall sitting in front of your servers will ensure that all traffic passes through the firewall: this ensures that you have finer control over the traffic that should be filtered before it enters your servers. You can only allow traffic on required ports to your dedicated server or VPS and block everything else in your firewall. Furthermore, it is important to have Intrusion Detection & Intrusion Prevention system in firewall which works on commercial rulesets (constantly updated to fight against latest vulnerabilities) – IDS analyses the traffic pattern, matches against the rulesets and allows / blocks the traffic by creating appropriate firewall rules on the go. A robust firewall system provides complete web hosting security from DDoS attacks along with known & emerging exploits / vulnerabilities. You can find more details about Softsys Hosting Network Security Tools in our related section.

Install Anti-Virus and Anti-Malware Scanner

To avoid your hosting system from getting infected, it is necessary that you have a commercial level anti-malware and anti-virus engine installed in your server which will provide real-time protection from viruses / malware entering your server. In addition, you should also setup a “Full System Scan” by these engines at once every week so as to ensure that your system is completely secure and safe. You should also look out for engines that provide protection from ransomware as well. We have customers using MalwareBytes successfully with complete protection around-the-clock and our technical support staff is well versed to configure it appropriately for our customers.

DDoS Protection

DDoS Protected Hosting

 

DDoS attacks are quite frequent and cause your services to become inaccessible by saturating the network with massive amount of traffic from hundreds or thousands of IP addresses. If your website / service is inaccessible, it will directly affect your business and hence it is necessary to have DDoS web hosting protection enabled at network level. DDoS mitigation engine is self learning which studies the traffic pattern and detects all malicious traffic so that it can be dropped before it enters your server or data center. Hence, you are completely certain that the traffic entering your server or data center is completely clean and filtered by DDoS scrubbing systems in place. You can find more details about Softsys DDoS protection system in our related section.

Regular Security Audit

Securing your server initially on setup is a must for any VPS or dedicated hosting unit – however, it is equally important that there is regular security audit of servers so as to ensure that they remain safe and secure. Hence, you should always have expert hands which will secure your operating system, secure your email servers to ensure that it is not setup to allow anonymous email sending (protection from spammers), standard and critical services are setup on non-default ports, firewall is at optimal setup, etc. An efficient managed server service provider should be able to help you with these features. You can view the details of Softsys Hosting managed server plans with advanced web hosting security in our related section.

21 Mar

Why DDoS Protection for Servers Is So Important?

Why DDoS Protection for Servers Is So Important?

DDoS Protected Hosting

DDoS (Distributed Denial of Service) is an increasingly common attack which is initiated by having huge number of servers/computers requesting for the same resource. Considering that you may have a 1Gbps uplink from your hosting provider (which is fairly common these days) – if someone, with intention to DDoS your servers, will use 4Gbps, 10Gbps, or an overwhelming amount of traffic to keep your connection fully saturated, all legitimate traffic cannot fit through the connection and thus your online service will eventually become offline for anyone (and so will be your business!).

From internal technical standpoint, DDoS may also involve abusing the underlying communication protocol (TCP SYN_ACK/UDP broadcast/etc.) which would not require lot of traffic, but the idea is similar – to saturate your system / router / bandwidth pipe, so that you cannot keep up with the increasing amount of  requests, and ultimately no one else will be able to connect.

DDoS attacks are becoming more common these days than they were ever before. They are not just limited to known websites, but even for start-ups that are apparently targeted by their competitors (bitter truth!). Hence, in today’s age, it is extremely important to have appropriate DDoS protection enabled for your servers to ensure that you tackle the bad guys by scrubbing them off!

There is no specific limit of DDoS protection that will help you tackle the bad guys. You can take a look at how Sony was taken down by Anonymous, or simultaneously someone took down MasterCard, Visa, and PayPal at the same time. If these big corporations (with apparently endless supply of cash) can’t keep their services up against DDoS, there is literally nothing that we can do to keep our services up & running.


How Does DDoS Protection Work?

DDoS protection involves deploying very sophisticated systems in place which can learn by itself to identify the difference between bad or malicious traffic vs. good or legitimate traffic. With this knowledge, it will be scrubbing off (or discarding) bad traffic packets and only allowing good traffic packets to reach your server. Hence, before a packet reaches your server, it is analyzed by DDoS protection systems and allowed to pass through only if it passes all tests of not being a bad packet.

DDoS protection systems also help to keep away bots or small automated DDoS attacks by enforcing blocks or banks on servers or IP’s involved in such attacks. Hence, with DDoS protection in place, you are sure that you will be seeing only legitimate traffic on your server and hence your websites will continue to operate even during an on-going DDoS attack.


DDoS Protected Hosting

When choosing your hosting provider, it is necessary to know and understand if it can provide the protection for your business immediately or in case of emergency whenever you require. This way, you can start with a standard setup and have your provider to enable DDoS protection for your server whenever you are under attack. Alternatively, most businesses are now having their business websites protected from such DDoS attacks on 24/7 basis by having protection permanently enabled. While opting for a DDoS protected hosting service, it is important to understand the protection level that you choose as it varies from the size of attack that is handled along with maximum amount of packets that can be handled. In case any of these limits are reached (a DDoS attack is larger than the limits), you will again see your services going offline. Typically, you can start with some limited protection level and upgrade when you see increase in the size of attacks. This ensures that you are not overpaying.

Apart from saving your services from attacks, it also helps to keep your e-commerce or business website safe and protected from hackers who tend to use brute force attacks, sql injection attacks, etc. to hack into your application or website. Hence, in today’s age, it has become inevitable for every business with online presence to have such protection enabled and ensure business continuity along with keeping clients’ data safe and secure from hackers.

26 Sep

Security Advisory – Critical Bash Shell Vulnerability – Fix Available

A vulnerability has recently been disclosed in Bash (the GNU Bourne Again shell) which affects all systems running Linux. This vulnerability allows programs that allow users to provide values for variables to execute arbitrary commands with the privileges of the service. This issue does not permit direct privilege escalation. It has been assigned the ID CVE-2014-6271 [1] in the Common Vunerabilities and Exposures database. It has been given the nickname “Shellshock.”

CentOS and Debian patched this vulnerability partially on September 24, 2014 and issued further fixes on September 25, 2014 under new ID
CVE-2014-7169 [2]. To apply the fixes, you need only update the version of your installed Bash program. If you have created any services that run entirely as a Bash shell script, you should restart those services after updating. Bash-based services are not common.

Windows and FreeBSD servers do not use Bash by default and are not generally affected. If you have installed Bash on your server manually, you should make sure it is up to date using the process by which you originally installed it.

Please review the sections below to determine how to update Bash on your server.

CENTOS

To check which version of Bash is installed, run the following
command:

rpm -q bash

The version number should be greater than or equal than one of the
following:

* CentOS 5: bash-3.2-33.el5_10.4
* CentOS 6: bash-4.1.2-15.el6_5.2
* CentOS 7: bash-4.2.45-5.el7_0.4

The important portion of the version number is the part beginning with “.elX_” where X is 5, 6, or 7. If you read the part after the “_” as a decimal number, it must be greater than or equal than the version listed. For example, for “.el6_” the number should be “5.2” or any higher number.

If your version does not match, please run the following command and ensure an update to the bash package is included:

yum -y update bash

If no update is available, please try the following commands, then repeat the command above:

yum clean metadata

Red Hat published the following advisories regarding this
vulnerability:

* https://access.redhat.com/security/cve/CVE-2014-6271
* https://access.redhat.com/security/cve/CVE-2014-7169
* https://rhn.redhat.com/errata/RHSA-2014-1293.html
* https://rhn.redhat.com/errata/RHSA-2014-1306.html
* https://access.redhat.com/articles/1200223
https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/

DEBIAN 7

To check which version of Bash is installed, run the following
command:

dpkg -s bash | grep Version

The version number should be greater than or equal to 4.2+dfsg-0.1+deb7u3.

The notable part to look for is the “+deb7u3” at the end. If the last number is not 3 or higher, or the part after “+” is missing, you will need to upgrade. If your version does not match, please run the following command and ensure an update to the bash package is
included:

apt-get update
apt-get install -y bash

Debian published the following advisory regarding this vulnerability:

* https://www.debian.org/security/2014/dsa-3032
* https://www.debian.org/security/2014/dsa-3035

14 Sep

HTTPS / SSL Encryption – Do it for web security or Google Ranking Boost?

Google is working to make the internet safe and to take an initiative, they have adopted HTTPS encryption for their own main domain and sub-domains. It means, a secured connection is setup every time when accessing Google Search, Gmail and Google drive sub-domains.

After months of experiment in Search Ranking algorithms for the inclusion of https links, Google decided to consider https, a very lightweight signal for the minor ranking boost. Also Google mentioned that element would only have impact on “fewer than 1% of global search queries”. Although this signal is not given much weight compared to High Quality Content but as per the following phrase, they may give importance in future.

But over time, we may decide to strengthen it, because we’d like to encourage all website owners to switch from HTTP to HTTPS to keep everyone safe on the web.

On March 2014 in SMX West event, Matt Cutts, Google’s head of search spam, once expressed to include HTTPS as one of the ranking factor in Google’s algorithm. And Google had made it reality in less than five months of announcement.

HTTPS/SSL?

Full form for HTTPS is Hyper Text Transfer Protocol Secure and SSL Stands for Secure Sockets Locket. HTTPs is the secure version of the http, while SSL is the protocol to provide secure connection between user and website. HTTPS is mostly used on E-commerce websites to make all safe transactions for online banking sites or checkout areas and also with registrations pages to secure the data.

When a visitor access HTTPS website, it undergoes encryption session with a Digital SSL Certificate, which helps stoppage of anyone other to interfere or access the data transfer. Well known browsers shows padlock icon and https:// in the address bar to show the visitors that website is secured by HTTPs.  There will be additional green address bar highlighting for the website owners with extended validation SSL certificates.

Benefits of https

  • Stoppage of man-in-the-middle attacks,
  • HTTPS could give ranking boost in search results
  • Total Privacy of User data like browsing history and credit card numbers.

Drawback

  • Page Load speed: There will be increase in page load time by adopting secured encryption for your site, as HTTPS requires one more communication between servers.
  • Redirection: Make sure to do proper http to https redirection and other canonicalization issues to avoid any keyword penalty.

Just a Tip:

1)      Google has incorporated the addition of HTTPs sites and reporting on them.

2)      There is no influence on rankings, depending on the type of certificate you use. For now. (Extended Validation, Organisation Validation or Domain Validation)

3)      You will notice the increase in “Direct Traffic” if your website is in “http” version. This is due to the traffic passes from a HTTPS site to a HTTP site, there is no idea from where it is coming from.

To get started with HTTPs, here are some of the basic tips as included in their blog:

  • Decide the kind of certificate you need:
    • Single (www.website.com)
    • Multi-domain (www.website.com, www.subdomain.website.com, www.website.net)
    • Wildcard (www.website.com, www.subdomain1.website.com, www.subdomain2.website.com, etc.)
  • Use 2048-bit key certificates
  • Use relative URLs for resources that reside on the same secure domain
  • Use protocol relative URLs for all other domains
  • Check out our Site move article for more guidelines on how to change your website’s address
  • Don’t block your HTTPS site from crawling using robots.txt
  • Allow indexing of your pages by search engines where possible. Avoid the noindex robots meta tag

Conclusion:

Going for HTTPS depends on the business, whether it is just informational or E-commerce. There has been increase in number of attacks from various malwares, Internet Fraud and session hijacking. This leads putting your business and reputation at risk. Nowadays, after suffering from various cybercrime, peoples are getting aware and doing online activities at secured and trusted websites.

At this point of time, instead of looking at the small weightage of ranking boost, website owners should be more careful to the security and trust. No Miracle going to happen for keyword ranking by https and Google is pushing for safety and more improved online security.