Blog Header Banner

Archive for the ‘cloud security’ tag

Choosing the Right Cloud Provider and Datacenter   no comments

Posted at May 30, 2017 @ 11:52am cloud

Choosing the Right Cloud Provider & Datacenter

Once you have decided that utilizing the cloud is the right decision for your business, you will need to find the right provider and datacenter. You are placing all of your important data or even your company’s entire IT infrastructure in the hands of this provider, so you must make sure that you choose the right one.

 

The best way to find the right cloud provider is to begin by talking to some of the provider’s current clients. These are the people who have already made the decision to trust the provider, and they will have the best insight into how the provider works and what it can offer. Try some of these questions to discover more about the service that you are considering:

  • Did you find the on-boarding process relatively easy to accomplish?
  • What is the technical support like when you encounter problems?
  • Have you personally experienced any serious security concerns or incidents?
  • How have your security concerns been handled by the provider?

 

If you are dissatisfied with any of the responses to these questions, you do not have to use that particular provider. Keep looking and asking questions until you find a cloud service that meets your needs and that makes you feel comfortable.

 

Technology is constantly changing and improving, and you need to be able to trust that your datacenter will keep up with the evolution of security needs. For any cloud service, find out whether there are security protocols in place, including:

  • Physical security of the datacenter
  • Environmental controls
  • Back-up measures for power and internet
  • Back-up measures for your data
  • Technical support when you need it

 

Frequent system audits are also necessary in order to ensure that all datacenters meet or exceed industry standards for data security. When you are searching for a cloud provider, ask potential candidates about their compliance to SSAE-16/SOC1. This set of standards measures the amount of control that a datacenter maintains over your sensitive data and financial information. An audit will report any flaws in data flow. You should also inquire about compliance to the Health Insurance Portability and Accountability Act (HIPAA). This regulation ensures the security and privacy of private health information that is stored or hosted in a datacenter.

If your cloud provider’s datacenter is compliant with both of these standards, you can rest assured that your sensitive data will be monitored and its integrity will be maintained.

Choosing to put your business information or IT infrastructure in a cloud provider’s datacenter rather than housing it on-site is an important decision that requires careful vetting of your potential provider. Once you have chosen the right provider, you can trust that their datacenter will keep your company’s important information safe and secure.

 

Share : Facebooktwitterredditlinkedinmail Follow Us : Facebooktwitterlinkedinyoutubeinstagram

Written by David Maurer on May 30th, 2017

Tagged with , , , , ,

Datacenter Security: Keeping your Servers and Data Safe   no comments

Posted at Sep 20, 2016 @ 9:03am New York Datacenter

datacenter-security

The question of where to store data and sensitive information continues to concern many businesses. If you are like most companies, you worry about the security of your data. You may be thinking that you need to keep the data as close to you as possible, storing it at your own on-site datacenters where you can “keep an eye on everything.” How could you possible know what is happening with your data at servers far away from your office space?

 

The fact of the matter is, however, that your data is much more secure at a cloud provider than on your in-house servers. A cloud service is able to offer you many more security features and guarantees for your data than you have in your own space. However, you have to feel comfortable with your cloud provider keeping your data. A quick look at the many benefits of cloud storage may help convince you.

 

The Benefits of Cloud Storage

Choosing to move your information and data to cloud storage is no easy decision. However, the number of benefits that cloud providers offer to you and your business can make this change well worth it. Consider the many benefits, including:

  1. Data security – Possibly the most important aspect of cloud storage, data security is the main priority of cloud services. With some high-profile companies becoming the victims of data breaches in the last couple of years, cloud providers have upped their investments in access control, identity management, intrusion prevention and virus and malware protection. These improvements have resulted in increased security protocols and more protection for communication between users and servers.
  2. DDoS protection – Distributed Denial of Service (DDoS) attacks are designed to overwhelm cloud servers, flooding them with requests until the security breaks down and actual user needs are ignored. Such an attack can derail a business quickly, losing revenue, customer trust and authority. Cloud providers are now providing services that monitor and protect against DDoS attacks.
  3. Regulatory compliance – Cloud providers are required to follow the industry and governmental regulations that oversee their sectors. This includes guarantees and restitutions for your data in the event of a breach.
  4. Reduced in-house data costs – Migrating all of your data to a cloud server will allow you to reduce the size and cost of your on-site location. For example, you will be able to remove servers, lower your software costs and potentially reduce IT staff without compromising the integrity or security of your data. Most cloud storage is paid on an as-needed basis, so you will only pay for the amount of server and infrastructure capacity that your business needs, and you can change that amount at any time.
  5. Constant availability – Cloud providers are exceptionally reliable. The connection is on 99.99 percent of the time, only going down for maintenance, and you will have access to your applications and data at all times and from practically anywhere.
  6. Improved mobility and collaboration – Cloud storage is available to those who need it no matter where they are located. With today’s internet connections via tablets and smartphones, you will be able to access your data and your applications no matter what you are doing. You can also share your information and conduct collaborations via shared storage capabilities offered by cloud providers.

 

Choosing the Right Cloud Provider

Once you have decided that storing your information on the cloud is the right decision for your business, you will need to find the right provider. You are placing all of your important data in the hands of this provider, so you must make sure that you choose the right one.

 

The best way to find the right cloud provider is to begin by talking to some of the provider’s current clients. These are the people who have already made the decision to trust the provider, and they will have the best insight into how the provider works and what it can offer. Try some of these questions to discover more about the service that you are considering:

  • Did you find the onboarding process relatively easy to accomplish?
  • Did the service provide education and training about the new technology for your staff?
  • What is the technical support like when you encounter problems with the service?
  • Have you personally experienced any serious security concerns or incidents?
  • How have your security concerns been handled by the provider?

 

If you are dissatisfied with any of the responses to these questions, you do not have to use that particular provider. Keep looking and asking questions until you find a cloud service that meets your needs and that makes you feel comfortable.

 

Your Security and Peace of Mind

Technology is constantly changing and improving, and you need to be able to trust that your datacenter will keep up with the evolution of security needs. For any cloud service, find out whether there are security protocols in place, including:

  • Physical security of the datacenter
  • Environmental controls
  • Back-up measures for power and internet
  • Back-up measures for your data
  • Technical support when you need it

 

Frequent system audits are also necessary in order to ensure that all servers meet or exceed industry standards for data security.

When you are searching for a cloud provider, ask potential candidates about their compliance to SSAE 16/SOC1. This set of standards measures the amount of control that a service organization maintains over your sensitive data and financial information. An audit will report any flaws in data flow.

You should also inquire about compliance to the Health Insurance Portability and Accountability Act (HIPAA). This regulation ensures the security and privacy of private health information that is stored on cloud services. A HIPAA audit will demonstrate holes in the security of such specific and sensitive data.

If your cloud provider choice is compliant with both of these standards, you can rest assured that your sensitive data will be monitored and its integrity will be maintained at your datacenter.

 

Choosing to put your business information in a cloud service rather than housing it on-site is an important decision that requires careful vetting of your potential provider. Once you have chosen a service, you can trust that your datacenter will keep your important information safe and secure.

TurnKey Internet owns and operates its own private datacenter located in New York’s Tech Valley region. Our SSAE-16 Certified datacenter was a former U.S. Government building that was purchased by TurnKey in 2010. It is made to U.S. Federal Government standards, with 1-foot thick concrete along the perimeter, plus additional re-inforced walls and security enhancements. We have installed advanced security systems, and infrared based surveillance monitoring cameras. Employees all undergo background screening, and clients are not permitted within the facility except with photo ID and escorted by trained security personnel at all times. Owning our datacenter, we have been able to design, build and maintain every aspect of its construction to provide an ideal hosted server environment. This allows us to provide our clients fast, secure and reliable performance at all times.

Share : Facebooktwitterredditlinkedinmail Follow Us : Facebooktwitterlinkedinyoutubeinstagram

Written by David Maurer on September 20th, 2016

Tagged with , , ,

It’s 2016 – Is Your Office Server or Web Site Being Held Hostage?   no comments

Posted at May 5, 2016 @ 6:07am cloud security

ransomwareThe latest wave of computer security news may sound like the headline of a new Bruce Willis movie – but Ransomware is now part of the daily conversation between not only security experts, but unfortunately by office managers and PC users across the globe having to deal with the ramifications.

This year malware infections, more specifically ransomware, have seen an exponential growth. They are also becoming more sophisticated, using newer methods that are not only harder to detect, but also require less user interaction.

Security researchers report attackers are not only upgrading their malware to make it more unbreakable, they are also using unique methods of distribution. In some cases, these methods require no user interaction at all.

In the past, most ransomware infections occurred via phishing attacks, which required a user to click on a malicious website or email link. But these newer attacks are less dependent on user interaction and more dependent on unpatched vulnerabilities or poor security practices.

These new breeds of ransomware are utilizing more advanced methods to attack computers and encrypt their files, before you even realize what’s happened. You are then forced to either pay the ransom or hope you have a backup recent enough to prevent any lost data.

To protect yourself you need to follow best practices, such as

  1. backup your servers and PC’s
  2. backup your servers and PC’s
  3. see item (1) and (2) above (seriously!)
  4. keep your software and systems patched and up-to-date
  5. Have a corporate gateway firewall with advanced threat protection
  6. Have / Install / Update local AntiVirus and Malware Software protection
  7. Always avoid opening un-expected emails or attachments
  8. Avoid clicking to web sites you don’t recognize (especially if sent in email)
  9. if you aren’t backing up your servers and PC’s already – stop reading and visit https://turnkeyvault.com/

It’s pretty simple – the same things that protect your office data and servers from most threats apply here, but the damage of ransomware encrypting and disabling all your corporate data within seconds or minutes is real and has lead to some high profile cases including hospitals being locked out of all their data due to ransomware!  Don’t let your business fall victim to the bad-named villain of a Bruce Willis movie – ransomware is among the most costly cyber threats actively attacking businesses right this very second.

Make no mistake – backing up your data is a must have in any security policy, and utilizing a secure remote cloud based backup solution such as  TurnKey Vault is ideal.  Make sure whatever backup solution you deploy offers data encryption, supports both desktop PC’s and Macs, as well as Linux and Windows based servers.  A backup solution like TurnKey Vault offers live cloud replication which will get you back on your feet in minutes in case of a true disaster by creating a live cloud-based copy of any PC workstation or Server accessible from anywhere over the Internet to get you access to your data and applications quickly.  If ransomware takes over your office network you can spin up a backup live copy of your servers and PC’s with TurnKey Vault from a time before the ransomware took over your office – and will have you saying “Yippee Ki-Yay” just like Bruce Willis as the ransomeware data hostage takers wont ever see a dime, and you will have all your data safe and secure.

 

Share : Facebooktwitterredditlinkedinmail Follow Us : Facebooktwitterlinkedinyoutubeinstagram

DROWN Attacks – Web Encryption No Longer Safe – Is My Web Site at Risk?   no comments

Posted at Apr 28, 2016 @ 9:07am Web hosting

drown-attackEncryption fills the headlines with stories of APPLE and decoding iPhones – but with all the security challenges and cyber threats today – its getting hard pressed to have a web site, computer, or mobile device and not realize your data is as private as you once thought.  Encryption is what protects (hides) the details of what we do online certain web sites – keeping your private banking or purchasing data (or online traffic hidden) from prying eyes.  But last month a new threat called DROWN was publicized that essentially made it so many web sites you shop, visit or utilize that you thought were secure and private via their https SSL encrypted access turned out to not be so private.

DROWN, standing for Decrypting RSA with Obsolete and Weakened eNcryption, is an xample of a cross-protocol attack that exploits weaknesses in the widely used online encryption protocol, SSLv2.  Using weaknesses in the SSLv2 implementations against TLS (transport layer security) hackers can “decrypt passively collected TLS sessions from up to date clients.” Or in simpler terms, hackers and anyone can see what you are doing, your personal details, and more when you thought you may of been protected by that SSL ‘lock’ protected symbol next to the web site you were shopping or visiting.

TLS is probably the most important security protocol on the internet.  Almost every action you take on the internet relies on the use of a TLS version.  Not just you accessing a web site, but a lot of the back behind the scenes things like email transmission, to database connections, to sending files between servers for backups.

Fortunately, the latest versions of OpenSSL do not utilize SSLv2 connections by default.  However, if your certificate or key is being used in another location on a server that supports SSLv2, you could be at risk.  For example, the mail service (POP, IMAP, SMTP connections).

A DRWON attack would be able to decrypt HTTPS connections, sending specifically designed packets to another server.  If the certificate is on more than one server, it is possible a MitM (man in the middle) attack can be successful.

Isn’t SSLv2 depreciated?  Why is this still a threat?  In the early 2000’s SSLv2 was still supported by browsers, to be used as a fallback protocol.  An attacker could easily trick the browser into using an older protocol.  Thankfully, this is no longer an issue if you are using a recent version of your web browser.

While browsers are no longer supporting SSLv2, most servers still do.  Most servers are configured to use both TLS and SSLv2.  This means both protocols would use the same RSA private key.  Therefore, any bugs in the SSLv2 protocol that use the private key, potentially could affect the security of TLS.

While this all may sound a little scary, as most security vulnerabilities are.  TurnKey Internet takes all security avenues very seriously.  Our web hosting servers and software are always kept up to date.  If your account is on any of our shared hosting packages, you have nothing to worry about.  Just in case, you want to test your sites security against DROWN or the server your account is hosted on.  Please feel free to do so here – https://drownattack.com/#check  You will need to use the IP address your site is living on and not your domain name – which you can easily find by using a DNS lookup service such as http://www.getip.com/.

If you need assistance finding your web sites IP, or reviewing your security  please send us a support ticket (helpdesk@turnkeyinternet.net) and we would be happy to tell you.

 

 

 

 

Share : Facebooktwitterredditlinkedinmail Follow Us : Facebooktwitterlinkedinyoutubeinstagram

How to Setup a Firewall on your Cloud Server – CSF / CPanel, and more!   no comments

Posted at Feb 21, 2015 @ 12:02pm cloud security

firewallI have a question for you. Does your server have a firewall running on your server? For those who do know what a firewall is, let’s go to our good friend Wikipedia:

‘In computing, a firewall is a network security system that controls the
incoming and outgoing network traffic based on applied rule set. A firewall establishes a barrier between a trusted, secure internal network and another network (e.g., the Internet) that is assumed not to be secure and trusted.’

As avid readers of the blog know, I like to ground these ideas with every day analogies. You can think of a firewall like a door to your home. When the door is opened, people can walk directly into your house. Should you want to keep people out, you close and lock the door. This is the way a firewall works on a server. You place the firewall onto your server to keep intruders from the internet from accessing your data.

Firewalls can be either hardware or software based. If you go with a hardware based firewall, the firewall is connected to your switch that allows for traffic to be filtered upon a rule set you determine. You would use a hardware based firewall if you had a dedicated server. A software based firewall is installed within your server. It still blocks traffic based off rule sets you create, but it just does it from within the server and not out in front like a hardware based firewall.

For the rest of this article, I will provide you the steps to install CSF, which is short for ConfigServer Security and Firewall. This firewall is supported across many different Operating Sytems, RedHat Enterprise, Centos, CloudLinx, Fedore, Virtuozzo, VMWare, to name a few. You can read more about the supporeted systems here: http://configserver.com/cp/csf.html

This firewall can be installed with the following steps on your Linux based server:

mkdir /usr/local/src <– Creates the directory to install CSF

cd /usr/local/src <– Changes your location on the server to the newly created directory

wget http://www.configserver.com/free/csf.tgz <– downloads the CSF software to your server

tar xfz csf.tgz <– Extracts the software
cd csf <– Changes your location on the server to the CSF directory

./install.sh <– Installs the CSF firewall

CSF, when installed, and configured properly, places a preset list of rules onto your server. These rules can be configured directly within the csf.conf file or the csf configuration file. If you have a cPanel based server,  you want to ensure that you have the following ports opened for inbound and outbound:

# Allow incoming TCP ports
TCP_IN = “20,21,22,25,53,80,143,443,465,587,993,995,2078,2082,2083,2086,2087,2095,2096”

# Allow outgoing TCP ports
TCP_OUT =”20,21,22,25,37,43,53,80,110,113,443,465,587,873,995,1167,2086,2087,2089 ”

Those ports cover most of the ports you will need for your cPanel or non-cPanel server to function. You can read more about ports and their functions here: http://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers

Once you do that, you may want to limit the amount of connections each user can make to your server. This can be set by changing CT_Limit in your csf.conf to the number of connections you want each user to be able to make. For example, CT_Limit = “150” will only allow each user to make 150 connections to your server.

You may also want to remove port 22 from TCP_IN along with setting your SSHD_config file to do only public_key authentication. Why would you do this? This will lock down your server from the outside and only allow people who have SSH keys installed into your server to gain access using SSH.

CSF can be configured in a multitude of ways to add another layer of security to your server. I highly recommend going to http://configserver.com/cp/csf.html and using the forums to learn more about the many features of CSF and how tweaking the settings can help ensure you’re providing a stable, safe and secure server environment

Share : Facebooktwitterredditlinkedinmail Follow Us : Facebooktwitterlinkedinyoutubeinstagram

Written by Jeremy on February 21st, 2015

Tagged with , , , , , ,

Network Security – Does It Matter If I’m In The Cloud?   no comments

Posted at Oct 7, 2014 @ 9:09am internet security,turnkey cloud

network-security-in-the-cloudJeremy here again with another post for you this week. Today, we will be covering security. Namely, network security. Now, if I ask you, what exactly is network security, what would your answer be? If you’ve been in the hosting industry or Information Technology field for extended period time, you have no issue answering that question. However, for most readers, they may not be 100% certain on what exactly a network is and how it affects your hosting. For this article, lets first start with what exactly a network is in terms of your website and then we will get into securing that network so without further ado…

 

What is a network?

 

If you’re reading this article, more than likely, you’re on a computer connected to the internet. The computer that you’re reading this article on is more than likely in a local network. Before we get too carried away, lets define what a local network is. Directly from our friends over at Wikipedia:

 

http://en.wikipedia.org/wiki/Local_area_network

 

A local area network is a computer network that connects computers within a limited range such as homes, schools, libraries or office building. To ground the idea further in your mind, lets say that you have purchased a desktop PC, a laptop and have a cellphone from your local electronics store. You also purchased a router as well. Your router is a piece of networking technology that creates a local area network for your home and then allows you to connect to the internet. When your devices connect to the router, it places them into a local area network. This allows the devices to communicate with one another. It also allows them to communicate with the rest of the world via the internet.

 

You have different types of networks such as a WAN or Wide Area Network. This network is a much larger type and usually covers broad areas such as a college campus or metropolitan area. Now you may be asking, what does this have to do with my website? Well, glad you asked. You see, when you purchase hosting from Turnkey Internet, you’re paying to host your site on our network. This is what people generally mean when they purchase hosting. They are paying a provider to be included in their network and give their website a home.

 

As you have already gathered, if something was to go wrong with the network, your site may go off-line. This leads us to our next topic

 

Why do I need to secure my network?

 

If you are hosting in the cloud – you still connect over your network.  While cloud hosting from Turnkey Internet lets your be assured that your site is on a network that has multiple layers of network security, however, this article isn’t about securing our network at Turnkey Internet, but how you can take some preventative steps to secure your own network. Maybe you have a dedicated server and you’re managing the server yourself. Knowing how to secure the network your server is located on goes a LONG way to ensure you’re providing your customers with a top notch website.

 

You may thinking, well what do I need to protect my network from? Many network security threats spread over the internet with most common including:

 

  • Viruses, worms and Trojan horses
  • Spyware and Adware
  • Zero-day attacks
  • Hacker attacks
  • Denial of service attacks
  • Data interception and theft
  • Identity theft

 

While this is no way an all inclusive list, those items listed above are the most common type of network threats you will find on the internet. Now some of those attacks have to be mitigated at network level such as Denial of Service attacks. You can read about denial of service attacks below:

 

http://en.wikipedia.org/wiki/Denial-of-service_attack

 

Some of the other network attacks you can help mitigate at a server level which you can read about below

 

How do I secure my network?

 

In order to truly secure your network, you must understand that there is no one single solution that will protect you from every threat listed above. In fact, a highly secure network has multiple layers of security. If one layer fails, another layer just takes its place. Network security is best accomplished through hardware and software.  The software should be updated in regular intervals to ensure that you’re running the most up to date version. Ideally, a network security system will contain many parts with all parts working together.  This helps to ensure maximum security and minimize maintenance and improve security.

 

Your most common type of network components are listed below:

 

  • Anti-virus software
  • Malware detection
  • Firewall that blocks unauthorized access
  • Intrusion prevention systems that will identify fast spreading threats such as a zero day attack
  • Virtual private networks(VPN) setup to provide secure remote access

 

If you have a few or all of those components working together, you will help ensure your network remains stable. Effective network security targets a variety of threats and stops them from entering or spreading through your network. This will protect the usability, reliability, integrity and safety of your network and data.

 

Here at Turnkey Internet, we have multiple layers of network security. From our DDOS protection system which monitors our entire network and instantly notifies us of a DDOS attack. We also install and configure firewalls on all of our shared servers. We run daily malware detection scans as well as constantly update software to ensure we’re protected from the latest threats. Doing these things helps us to provide a secure and reliable network for all our customers. It may be time you invested in your own network security.

 

Until next time…

Share : Facebooktwitterredditlinkedinmail Follow Us : Facebooktwitterlinkedinyoutubeinstagram

Written by Jeremy on October 7th, 2014

Tagged with , , ,