When there is a demand, there is a vulnerability. Cloud servers are no exception, as due to the mass adoption of cloud servers for data storage and management, it has become paramount for large and small businesses and organizations to be concerned about the data. There is a reason for mass adoption, as cloud servers are cost-effective, reliable, and fast. Still, security risks also exist due to the complexity of storing data digitally.

Why Cloud Security is Important

Over the past few years, many security breaches and data theft of cloud server platforms have occurred. Therefore, cloud security takes center stage when it comes to protecting data. Cloud security is important because it protects data from cyber-attacks. Also, businesses and services can’t afford to go down now and then due to low-security measures, so it is of utmost importance for businesses that their business continues and operates smoothly. Many businesses and services store a large amount of user data in case of data breaches and data theft. Businesses risk losing their reputation among their customers and stakeholders when such an event occurs.

However, many security measures can be taken to ensure the protection and privacy of data. Some key security measures are discussed below.

Physical Security Matters

The physical security of the cloud servers is a primary reason when looking for cloud solutions. The physical infrastructures of cloud servers matter because they have data centers, network devices, and servers.

Data Centers where servers are kept must have physical security measures. For example, access to the control system should be limited to limited persons, CCTV cameras around the premises, and security personnel so that no person can enter unauthorized.

Network Security

For network security, firewalls are a must, as they protect cloud servers from unauthorized access. Firewalls are also able to prevent malware from entering the network. Moreover, Intrusion Detection and Prevention Systems can detect security threats in advance. An IDPS monitors network traffic for signs of suspicious activity and alerts security personnel if any threat is detected. Employing a VPN creates a secure connection between two or more devices over the internet, ensuring that data is transmitted securely and preventing unauthorized access.

Storage Devices Security

As storage devices at data centers are physical components, they require both physical security measures. For that, storage devices should be kept in compartments that are secure enough from unauthorized access and not vulnerable to physical damage. Also, when storage devices expire, there is a need to dispose of them properly, either by destroying them physically or wiping the storage disk with data-erasing software.

Data Encryption

Data encryption as a security measure against data protection is now central to every idea. Whether it’s a messaging app, cloud storage, or online data of users, everyone promises data encryption. The same applies to data servers as well because it converts the plaintext data into a coded form to make it more secure. However, this is different for cloud security as more complex security measures are involved in data encryption.

• Data Encryption at Rest – The process of encrypting data on cloud servers is termed data encryption at rest. Data encryption at rest can’t be accessed because of advanced encryption algorithms like Advanced Encryption Standard (AEA), even if the data is compromised. This type of data encryption is necessary because it protects data in case of physical theft.
• Data Encryption in Transit – When the data is being transmitted between cloud servers and users or just between servers, data encryption in transit encrypts the data. The very word ‘transit’’ indicates the data encryption on data in a transferring mode. Sometimes in a worst-case scenario, when the data is being transferred, it is prone to be intercepted; it cannot be read or modified. Secure Socket Layer (SSL) and Transport Layer Security (TLS) are standard encryption protocols for data encryption in transit.

Identity and Access Management

Identity and Access Management is about managing user identities and controlling access to cloud resources. As identity is one of the key components of strong security, especially when taken in terms of cloud security. For that, different security layers are enacted to protect the data. User authorization is one aspect where access to cloud resources is given to the role within the company. User authorization is assigned through Access Control Lists (ACLs) or Role-Based Access Control (RBAC).

User Authentication is another security measure, and it is performed through passwords and biometric authentication. Multiple Factor Authentication is a two-layered security process. It always relies on the second security layer to verify the credentials, and it is useful, especially when the first layer is compromised. Two-layer security ensures the protection of data even when the first layer is compromised.

Data Backup and Recovery

An infinite amount of data is being transferred and stored on the cloud servers. Most of the data contains sensitive information that requires backup, so if the primary source of data is lost, it can be recovered through backup. The same is the case for cloud security. Data backup can be ensured by scheduling regular backups and checking on the updates and integrity of the data.

A disaster recovery plan should be in place in case of a potential data breach or malware attack. A disaster recovery plan outlines the restoration strategy and the time it takes to recover the data. Data recovery testing is all about testing the data recovery plan. Regular testing helps in identifying issues with backup systems.

Conclusion

The use of cloud servers has provided numerous benefits but has also increased the risk of cyber-attacks and data theft. As a result, organizations must prioritize security measures to protect their data and reputation. Network security, such as firewalls and intrusion detection, storage device security, data encryption, identity and access management, and data backup and recovery, are all important security methods that firms can implement to protect their data. Businesses can work easily and confidently with these security measures in place, knowing that their data is safe from any security risks.

TurnKey Cloud Servers

Backed with bulletproof reliability, our Cloud Servers offer the perfect balance of value, performance, and ease-of-use. All packages include 100% network uptime, 24/7 support, and a 30-day money-back guarantee! TurnKey Internet offers a full suite of managed hosting services such as server back-ups, hands-on system administration, intrusion detection protection, and advanced firewall protection services. For more information, or to speak to one of our Cloud Hosting experts, visit www.turnkeyinternet.net today!

Follow Us :
Share :

The question of where to store data and sensitive information continues to concern many businesses. If you are like most companies, you worry about the security of your data. You may be thinking that you need to keep the data as close to you as possible, storing it at your own on-site data centers where you can “keep an eye on everything.” How could you possible know what is happening with your data at servers far away from your office space?

The fact of the matter is, however, that your data is much more secure at a Data Center & Cloud provider than on your in-house servers. A cloud provider is able to offer you many more security features and guarantees for your data than you have in your own space. However, you have to feel comfortable with your cloud provider keeping your data. A quick look at the many benefits of cloud storage may help convince you.

The Benefits of Moving to the Cloud

Choosing to move your information and data to the cloud is no easy decision. However, the number of benefits that data center and cloud providers offer to you and your business can make this change well worth it. Consider the many benefits, including:

1. Data security – Possibly the most important aspect of cloud storage, data security is the main priority of cloud providers. With some high-profile companies becoming the victims of data breaches in the last couple of years, cloud providers have upped their investments in access control, identity management, intrusion prevention and virus and malware protection. These improvements have resulted in increased security protocols and more protection for communication between users and servers.
2. DDoS protection – Distributed Denial of Service (DDoS) attacks are designed to overwhelm cloud servers, flooding them with requests until the security breaks down and actual user needs are ignored. Such an attack can derail a business quickly, losing revenue, customer trust and authority. Cloud providers are now providing services that monitor and protect against DDoS attacks.
3. Regulatory compliance – Cloud providers are required to follow the industry and governmental regulations that oversee their sectors. This includes guarantees and restitutions for your data in the event of a breach.
4. Reduced in-house data costs – Migrating all of your data to a cloud server will allow you to reduce the size and cost of your on-site location. For example, you will be able to remove servers, lower your software costs and potentially reduce IT staff without compromising the integrity or security of your data. Most cloud storage is paid on an as-needed basis, so you will only pay for the amount of server and infrastructure capacity that your business needs, and you can change that amount at any time.
5. Constant availability – Cloud providers are exceptionally reliable. The connection is on 99.99 percent of the time, only going down for maintenance, and you will have access to your applications and data at all times and from practically anywhere.
6. Improved mobility and collaboration – Cloud storage is available to those who need it no matter where they are located. With today’s internet connections via tablets and smartphones, you will be able to access your data and your applications no matter what you are doing. You can also share your information and conduct collaborations via shared storage capabilities offered by cloud providers.

Choosing the Right Data Center & Cloud Provider

Once you have decided that storing your information on the cloud is the right decision for your business, you will need to find the right provider. You are placing all of your important data in the hands of this provider, so you must make sure that you choose the right one.

The best way to find the right cloud provider is to begin by talking to some of the provider’s current clients. These are the people who have already made the decision to trust the provider, and they will have the best insight into how the provider works and what it can offer. Try some of these questions to discover more about the service that you are considering:

• Did you find the on-boarding process relatively easy to accomplish?
• Did the service provide education and training about the new technology for your staff?
• What is the technical support like when you encounter problems with the service?
• Have you personally experienced any serious security concerns or incidents?
• How have your security concerns been handled by the provider?

If you are dissatisfied with any of the responses to these questions, you do not have to use that particular provider. Keep looking and asking questions until you find a cloud service that meets your needs and that makes you feel comfortable.

Your Security and Peace of Mind

Technology is constantly changing and improving, and you need to be able to trust that your data center provider will keep up with the evolution of security needs. For any cloud service, find out whether there are security protocols in place, including:

• Physical security of the data center
• Environmental controls
• Back-up measures for power and internet
• Back-up measures for your data
• Technical support when you need it

Frequent system audits are also necessary in order to ensure that all servers meet or exceed industry standards for data security.

When you are searching for a cloud provider, ask potential candidates about their compliance to SSAE 18/SOC. This set of standards measures the amount of control that a service organization maintains over your sensitive data and financial information. An audit will report any flaws in data flow.

You should also inquire about compliance to the Health Insurance Portability and Accountability Act (HIPAA). This regulation ensures the security and privacy of private health information that is stored on cloud services. A HIPAA audit will demonstrate holes in the security of such specific and sensitive data.

If your cloud provider choice is compliant with both of these standards, you can rest assured that your sensitive data will be monitored and its integrity will be maintained at your data center.

TurnKey Internet’s Data Center

TurnKey Internet owns and operates its own private data center located in New York’s Tech Valley region. Our SSAE-18 SOC certified, HIPAA compliant data center was a former U.S. Government building that was purchased by TurnKey in 2010. It is made to U.S. Federal Government standards, with 1-foot thick concrete along the perimeter, plus additional reinforced walls and security enhancements. We have installed advanced security systems, and infrared based surveillance monitoring cameras. Employees all undergo background screening, and clients are not permitted within the facility except with photo ID and escorted by trained security personnel at all times.

Owning our data center, we have been able to design, build and maintain every aspect of its construction to provide an ideal hosted server environment. This allows us to provide our clients fast, secure and reliable performance at all times.

Choosing to put your business information in a cloud service rather than housing it on-site is an important decision that requires careful vetting of your potential provider. Once you have chosen a service, you can trust that your data center will keep your important information safe and secure. Follow Us :
Share :

The question of where to store data and sensitive information continues to concern many businesses. If you are like most companies, you worry about the security of your data. You may be thinking that you need to keep the data as close to you as possible, storing it at your own on-site server room where you can “keep an eye on everything.” How could you possible know what is happening with your data at a data center far away from your office space?

The fact of the matter is, however, that your data is much more secure at a data center, than on your in-house servers. A data center is able to offer you many more security features and guarantees for your data than you have in your own space. However, you have to feel comfortable with your data center keeping your data. A quick look at the many benefits of cloud storage may help convince you.

 

Benefits of The Cloud

Choosing to migrate your data and IT infrastructure into a data center or cloud provider is no easy decision. However, the number of benefits that data centers offer to you and your business can make this change well worth it. Consider the many benefits, including:

1. Data security – Possibly the most important aspect of cloud storage, data security is the main priority of data centers. With some high-profile companies becoming the victims of data breaches in the last couple of years, data centers and cloud providers have upped their investments in access control, identity management, intrusion prevention and virus and malware protection. These improvements have resulted in increased security protocols and more protection for communication between users and servers.
2. DDoS protection – Distributed Denial of Service (DDoS) attacks are designed to overwhelm servers, flooding them with requests until the security breaks down and actual user needs are ignored. Such an attack can derail a business quickly, losing revenue, customer trust and authority. Data centers are now providing services that monitor and protect against DDoS attacks.
3. Regulatory compliance – Data centers are required to follow the industry and governmental regulations that oversee their sectors. This includes guarantees and restitutions for your data in the event of a breach.
4. Reduced in-house data costs – Migrating all of your data and infrastructure into a data center will allow you to reduce the size and cost of your on-site location. For example, you will be able to remove servers, lower your software costs and potentially reduce IT staff without compromising the integrity or security of your data. Most cloud storage is paid on an as-needed basis, so you will only pay for the amount of server and infrastructure capacity that your business needs, and you can change that amount at any time.
5. Constant availability – Data centers are exceptionally reliable. The connection is on 99.99 percent of the time, only going down for maintenance, and you will have access to your applications and data at all times and from practically anywhere.
6. Improved mobility and collaboration – The Cloud is available to those who need it no matter where they are located. With today’s internet connections via tablets and smartphones, you will be able to access your data and your applications no matter what you are doing. You can also share your information and conduct collaborations via shared storage capabilities offered by cloud providers.

 

Choosing the Right Data Center

Once you have decided that storing your information in the cloud is the right decision for your business, you will need to find the right data center provider. You are placing all of your important data in the hands of this provider, so you must make sure that you choose the right one.

The best way to find the right data center is to begin by talking to some of the provider’s current clients. These are the people who have already made the decision to trust the provider, and they will have the best insight into how the provider works and what it can offer. Try some of these questions to discover more about the service that you are considering:

• Did you find the on-boarding process relatively easy to accomplish?
• Did the service provide education and training about the new technology for your staff?
• What is the technical support like when you encounter problems with the service?
• Have you personally experienced any serious security concerns or incidents?
• How have your security concerns been handled by the provider?

If you are dissatisfied with any of the responses to these questions, you do not have to use that particular provider. Keep looking and asking questions until you find a data center that meets your needs and that makes you feel comfortable.

 

Your Security and Peace of Mind

Technology is constantly changing and improving, and you need to be able to trust that your data center will keep up with the evolution of security needs. For any cloud service, find out whether there are security protocols in place, including:

• Physical security of the data center
• Environmental controls
• Back-up measures for power and internet
• Back-up measures for your data
• Technical support when you need it

Frequent system audits are also necessary in order to ensure that all servers meet or exceed industry standards for data security.

When you are searching for a data center, ask potential candidates about their compliance to SSAE 16/SOC1. This set of standards measures the amount of control that a service organization maintains over your sensitive data and financial information. An audit will report any flaws in data flow. You should also inquire about compliance to the Health Insurance Portability and Accountability Act (HIPAA). This regulation ensures the security and privacy of private health information that is stored on cloud services. A HIPAA audit will demonstrate holes in the security of such specific and sensitive data. If your data center choice is compliant with both of these standards, you can rest assured that your sensitive data will be monitored and its integrity will be maintained.

Choosing to put your business information in a data center rather than housing it on-site is an important decision that requires careful vetting of your potential provider. Once you have chosen a service, you can trust that a data center will keep your important information safe and secure.

TurnKey Internet owns and operates its own private data center located in New York’s Tech Valley region. Our SSAE-16 Certified data center was a former U.S. Government building that was purchased by TurnKey in 2010. It is made to U.S. Federal Government standards, with 1-foot thick concrete along the perimeter, plus additional reinforced walls and security enhancements. We have installed advanced security systems, and infrared based surveillance monitoring cameras. Employees all undergo background screening, and clients are not permitted within the facility except with photo ID and escorted by trained security personnel at all times. Owning our data center, we have been able to design, build and maintain every aspect of its construction to provide an ideal hosted server environment. This allows us to provide our clients fast, secure and reliable performance at all times. For more information, visit www.TurnKeyInternet.net

  Follow Us :
Share :

Once you have decided that utilizing the cloud is the right decision for your business, you will need to find the right provider and datacenter. You are placing all of your important data or even your company’s entire IT infrastructure in the hands of this provider, so you must make sure that you choose the right one.

 

The best way to find the right cloud provider is to begin by talking to some of the provider’s current clients. These are the people who have already made the decision to trust the provider, and they will have the best insight into how the provider works and what it can offer. Try some of these questions to discover more about the service that you are considering:

• Did you find the on-boarding process relatively easy to accomplish?
• What is the technical support like when you encounter problems?
• Have you personally experienced any serious security concerns or incidents?
• How have your security concerns been handled by the provider?

 

If you are dissatisfied with any of the responses to these questions, you do not have to use that particular provider. Keep looking and asking questions until you find a cloud service that meets your needs and that makes you feel comfortable.

 

Technology is constantly changing and improving, and you need to be able to trust that your datacenter will keep up with the evolution of security needs. For any cloud service, find out whether there are security protocols in place, including:

• Physical security of the datacenter
• Environmental controls
• Back-up measures for power and internet
• Back-up measures for your data
• Technical support when you need it

 

Frequent system audits are also necessary in order to ensure that all datacenters meet or exceed industry standards for data security. When you are searching for a cloud provider, ask potential candidates about their compliance to SSAE-16/SOC1. This set of standards measures the amount of control that a datacenter maintains over your sensitive data and financial information. An audit will report any flaws in data flow. You should also inquire about compliance to the Health Insurance Portability and Accountability Act (HIPAA). This regulation ensures the security and privacy of private health information that is stored or hosted in a datacenter.

If your cloud provider’s datacenter is compliant with both of these standards, you can rest assured that your sensitive data will be monitored and its integrity will be maintained.

Choosing to put your business information or IT infrastructure in a cloud provider’s datacenter rather than housing it on-site is an important decision that requires careful vetting of your potential provider. Once you have chosen the right provider, you can trust that their datacenter will keep your company’s important information safe and secure.

  Follow Us :
Share :

The latest wave of computer security news may sound like the headline of a new Bruce Willis movie – but Ransomware is now part of the daily conversation between not only security experts, but unfortunately by office managers and PC users across the globe having to deal with the ramifications.

This year malware infections, more specifically ransomware, have seen an exponential growth. They are also becoming more sophisticated, using newer methods that are not only harder to detect, but also require less user interaction.

Security researchers report attackers are not only upgrading their malware to make it more unbreakable, they are also using unique methods of distribution. In some cases, these methods require no user interaction at all.

In the past, most ransomware infections occurred via phishing attacks, which required a user to click on a malicious website or email link. But these newer attacks are less dependent on user interaction and more dependent on unpatched vulnerabilities or poor security practices.

These new breeds of ransomware are utilizing more advanced methods to attack computers and encrypt their files, before you even realize what’s happened. You are then forced to either pay the ransom or hope you have a backup recent enough to prevent any lost data.

To protect yourself you need to follow best practices, such as

1. backup your servers and PC’s
2. backup your servers and PC’s
3. see item (1) and (2) above (seriously!)
4. keep your software and systems patched and up-to-date
5. Have a corporate gateway firewall with advanced threat protection
6. Have / Install / Update local AntiVirus and Malware Software protection
7. Always avoid opening un-expected emails or attachments
8. Avoid clicking to web sites you don’t recognize (especially if sent in email)
9. if you aren’t backing up your servers and PC’s already – stop reading and visit https://turnkeyvault.com/

It’s pretty simple – the same things that protect your office data and servers from most threats apply here, but the damage of ransomware encrypting and disabling all your corporate data within seconds or minutes is real and has lead to some high profile cases including hospitals being locked out of all their data due to ransomware!  Don’t let your business fall victim to the bad-named villain of a Bruce Willis movie – ransomware is among the most costly cyber threats actively attacking businesses right this very second.

Make no mistake – backing up your data is a must have in any security policy, and utilizing a secure remote cloud based backup solution such as  TurnKey Vault is ideal.  Make sure whatever backup solution you deploy offers data encryption, supports both desktop PC’s and Macs, as well as Linux and Windows based servers.  A backup solution like TurnKey Vault offers live cloud replication which will get you back on your feet in minutes in case of a true disaster by creating a live cloud-based copy of any PC workstation or Server accessible from anywhere over the Internet to get you access to your data and applications quickly.  If ransomware takes over your office network you can spin up a backup live copy of your servers and PC’s with TurnKey Vault from a time before the ransomware took over your office – and will have you saying “Yippee Ki-Yay” just like Bruce Willis as the ransomeware data hostage takers wont ever see a dime, and you will have all your data safe and secure.

  Follow Us :
Share :

Encryption fills the headlines with stories of APPLE and decoding iPhones – but with all the security challenges and cyber threats today – its getting hard pressed to have a web site, computer, or mobile device and not realize your data is as private as you once thought.  Encryption is what protects (hides) the details of what we do online certain web sites – keeping your private banking or purchasing data (or online traffic hidden) from prying eyes.  But last month a new threat called DROWN was publicized that essentially made it so many web sites you shop, visit or utilize that you thought were secure and private via their https SSL encrypted access turned out to not be so private.

DROWN, standing for Decrypting RSA with Obsolete and Weakened eNcryption, is an xample of a cross-protocol attack that exploits weaknesses in the widely used online encryption protocol, SSLv2.  Using weaknesses in the SSLv2 implementations against TLS (transport layer security) hackers can “decrypt passively collected TLS sessions from up to date clients.” Or in simpler terms, hackers and anyone can see what you are doing, your personal details, and more when you thought you may of been protected by that SSL ‘lock’ protected symbol next to the web site you were shopping or visiting.

TLS is probably the most important security protocol on the internet.  Almost every action you take on the internet relies on the use of a TLS version.  Not just you accessing a web site, but a lot of the back behind the scenes things like email transmission, to database connections, to sending files between servers for backups.

Fortunately, the latest versions of OpenSSL do not utilize SSLv2 connections by default.  However, if your certificate or key is being used in another location on a server that supports SSLv2, you could be at risk.  For example, the mail service (POP, IMAP, SMTP connections).

A DRWON attack would be able to decrypt HTTPS connections, sending specifically designed packets to another server.  If the certificate is on more than one server, it is possible a MitM (man in the middle) attack can be successful.

Isn’t SSLv2 depreciated?  Why is this still a threat?  In the early 2000’s SSLv2 was still supported by browsers, to be used as a fallback protocol.  An attacker could easily trick the browser into using an older protocol.  Thankfully, this is no longer an issue if you are using a recent version of your web browser.

While browsers are no longer supporting SSLv2, most servers still do.  Most servers are configured to use both TLS and SSLv2.  This means both protocols would use the same RSA private key.  Therefore, any bugs in the SSLv2 protocol that use the private key, potentially could affect the security of TLS.

While this all may sound a little scary, as most security vulnerabilities are.  TurnKey Internet takes all security avenues very seriously.  Our web hosting servers and software are always kept up to date.  If your account is on any of our shared hosting packages, you have nothing to worry about.  Just in case, you want to test your sites security against DROWN or the server your account is hosted on.  Please feel free to do so here – https://drownattack.com/#check  You will need to use the IP address your site is living on and not your domain name – which you can easily find by using a DNS lookup service such as http://www.getip.com/.

If you need assistance finding your web sites IP, or reviewing your security  please send us a support ticket (helpdesk@turnkeyinternet.net) and we would be happy to tell you.

 

 

 

  Follow Us :
Share :

I have a question for you. Does your server have a firewall running on your server? For those who do know what a firewall is, let’s go to our good friend Wikipedia:

‘In computing, a firewall is a network security system that controls the
incoming and outgoing network traffic based on applied rule set. A firewall establishes a barrier between a trusted, secure internal network and another network (e.g., the Internet) that is assumed not to be secure and trusted.’

As avid readers of the blog know, I like to ground these ideas with every day analogies. You can think of a firewall like a door to your home. When the door is opened, people can walk directly into your house. Should you want to keep people out, you close and lock the door. This is the way a firewall works on a server. You place the firewall onto your server to keep intruders from the internet from accessing your data.

Firewalls can be either hardware or software based. If you go with a hardware based firewall, the firewall is connected to your switch that allows for traffic to be filtered upon a rule set you determine. You would use a hardware based firewall if you had a dedicated server. A software based firewall is installed within your server. It still blocks traffic based off rule sets you create, but it just does it from within the server and not out in front like a hardware based firewall.

For the rest of this article, I will provide you the steps to install CSF, which is short for ConfigServer Security and Firewall. This firewall is supported across many different Operating Sytems, RedHat Enterprise, Centos, CloudLinx, Fedore, Virtuozzo, VMWare, to name a few. You can read more about the supporeted systems here: http://configserver.com/cp/csf.html

This firewall can be installed with the following steps on your Linux based server:

mkdir /usr/local/src <– Creates the directory to install CSF

cd /usr/local/src <– Changes your location on the server to the newly created directory

wget http://www.configserver.com/free/csf.tgz <– downloads the CSF software to your server

tar xfz csf.tgz <– Extracts the software
cd csf <– Changes your location on the server to the CSF directory

./install.sh <– Installs the CSF firewall

CSF, when installed, and configured properly, places a preset list of rules onto your server. These rules can be configured directly within the csf.conf file or the csf configuration file. If you have a cPanel based server,  you want to ensure that you have the following ports opened for inbound and outbound:

# Allow incoming TCP ports
TCP_IN = “20,21,22,25,53,80,143,443,465,587,993,995,2078,2082,2083,2086,2087,2095,2096”

# Allow outgoing TCP ports
TCP_OUT =”20,21,22,25,37,43,53,80,110,113,443,465,587,873,995,1167,2086,2087,2089 ”

Those ports cover most of the ports you will need for your cPanel or non-cPanel server to function. You can read more about ports and their functions here: http://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers

Once you do that, you may want to limit the amount of connections each user can make to your server. This can be set by changing CT_Limit in your csf.conf to the number of connections you want each user to be able to make. For example, CT_Limit = “150” will only allow each user to make 150 connections to your server.

You may also want to remove port 22 from TCP_IN along with setting your SSHD_config file to do only public_key authentication. Why would you do this? This will lock down your server from the outside and only allow people who have SSH keys installed into your server to gain access using SSH.

CSF can be configured in a multitude of ways to add another layer of security to your server. I highly recommend going to http://configserver.com/cp/csf.html and using the forums to learn more about the many features of CSF and how tweaking the settings can help ensure you’re providing a stable, safe and secure server environment Follow Us :
Share :

Jeremy here again with another post for you this week. Today, we will be covering security. Namely, network security. Now, if I ask you, what exactly is network security, what would your answer be? If you’ve been in the hosting industry or Information Technology field for extended period time, you have no issue answering that question. However, for most readers, they may not be 100% certain on what exactly a network is and how it affects your hosting. For this article, lets first start with what exactly a network is in terms of your website and then we will get into securing that network so without further ado…

 

What is a network?

 

If you’re reading this article, more than likely, you’re on a computer connected to the internet. The computer that you’re reading this article on is more than likely in a local network. Before we get too carried away, lets define what a local network is. Directly from our friends over at Wikipedia:

 

http://en.wikipedia.org/wiki/Local_area_network

 

A local area network is a computer network that connects computers within a limited range such as homes, schools, libraries or office building. To ground the idea further in your mind, lets say that you have purchased a desktop PC, a laptop and have a cellphone from your local electronics store. You also purchased a router as well. Your router is a piece of networking technology that creates a local area network for your home and then allows you to connect to the internet. When your devices connect to the router, it places them into a local area network. This allows the devices to communicate with one another. It also allows them to communicate with the rest of the world via the internet.

 

You have different types of networks such as a WAN or Wide Area Network. This network is a much larger type and usually covers broad areas such as a college campus or metropolitan area. Now you may be asking, what does this have to do with my website? Well, glad you asked. You see, when you purchase hosting from Turnkey Internet, you’re paying to host your site on our network. This is what people generally mean when they purchase hosting. They are paying a provider to be included in their network and give their website a home.

 

As you have already gathered, if something was to go wrong with the network, your site may go off-line. This leads us to our next topic

 

Why do I need to secure my network?

 

If you are hosting in the cloud – you still connect over your network.  While cloud hosting from Turnkey Internet lets your be assured that your site is on a network that has multiple layers of network security, however, this article isn’t about securing our network at Turnkey Internet, but how you can take some preventative steps to secure your own network. Maybe you have a dedicated server and you’re managing the server yourself. Knowing how to secure the network your server is located on goes a LONG way to ensure you’re providing your customers with a top notch website.

 

You may thinking, well what do I need to protect my network from? Many network security threats spread over the internet with most common including:

 

• Viruses, worms and Trojan horses
• Spyware and Adware
• Zero-day attacks
• Hacker attacks
• Denial of service attacks
• Data interception and theft
• Identity theft

 

While this is no way an all inclusive list, those items listed above are the most common type of network threats you will find on the internet. Now some of those attacks have to be mitigated at network level such as Denial of Service attacks. You can read about denial of service attacks below:

 

http://en.wikipedia.org/wiki/Denial-of-service_attack

 

Some of the other network attacks you can help mitigate at a server level which you can read about below

 

How do I secure my network?

 

In order to truly secure your network, you must understand that there is no one single solution that will protect you from every threat listed above. In fact, a highly secure network has multiple layers of security. If one layer fails, another layer just takes its place. Network security is best accomplished through hardware and software.  The software should be updated in regular intervals to ensure that you’re running the most up to date version. Ideally, a network security system will contain many parts with all parts working together.  This helps to ensure maximum security and minimize maintenance and improve security.

 

Your most common type of network components are listed below:

 

• Anti-virus software
• Malware detection
• Firewall that blocks unauthorized access
• Intrusion prevention systems that will identify fast spreading threats such as a zero day attack
• Virtual private networks(VPN) setup to provide secure remote access

 

If you have a few or all of those components working together, you will help ensure your network remains stable. Effective network security targets a variety of threats and stops them from entering or spreading through your network. This will protect the usability, reliability, integrity and safety of your network and data.

 

Here at Turnkey Internet, we have multiple layers of network security. From our DDOS protection system which monitors our entire network and instantly notifies us of a DDOS attack. We also install and configure firewalls on all of our shared servers. We run daily malware detection scans as well as constantly update software to ensure we’re protected from the latest threats. Doing these things helps us to provide a secure and reliable network for all our customers. It may be time you invested in your own network security.

 

Until next time… Follow Us :
Share :