Archive for the ‘security’ Category

How secure is your data in the cloud?
POSTED ON August 19th, 2011 by Aidan | No Comments » | Posted in cloud, cloud computing, cloud datacentre, dediserve, infrastructure, security |
Cloud computing is fraught with security risks, according to analyst firm Gartner, but what does the cloud really mean for the security of your applications and data?

 

Here at dediserve we fundamentally believe in transparency and openness. Most clouds won’t tell you exactly where your data is stored (sometimes not even which country!) or the specification or architecture of their platforms. That in itself presents a risk to the end user!

 

 

There are some key areas you need to be aware of to ensure you can rest easy about the security of your data on the cloud:
- Location and jurisdiction of your data and servers
- Isolation of data and networking from other cloud machines
- Firewalling and security of your machines and data
- Backup and Disaster Recovery plans

 

Let me deal with each in turn from a dediserve point of view:

 

- Location and jurisdiction of your data and servers

 

At dediserve, we let you choose the specific cloud platform you wish to deploy on, right down to the datacentre and city / country. Right now, you can choose Dublin, Ireland; London, UK and Dallas, TX, USA. We commit that your data will never leave these locations without you expressly requiring or wishing it. This allows customers in Ireland to remain compliant with Data protection legislation, or customers in the US to avail of European privacy legislation by locating their data in the EU. You can see our current and growing list of locations after this link: http://dediserve.com/why-cloudlocations.html

 

- Isolation of data and networking from other cloud machines

 

Ensuring that no other customer can ‘swipe’ your IP address (spoofing) or sniff your traffic to see what you are up to are critical requirements for the security of your data in the cloud. At dediserve, since day 1, we have implemented extensive security measures, including platform firewalls that prevent sniffing and spoofing and isolate every single cloud machine on it’s own, isolated, secure private LAN. It’s impossible to detect the traffic of another cloud machine, even if it’s running on the same physical hardware.

 

- Firewalling and security of your machines and data

 

In addition to the default platform firewalling and security, which isolates all machines, we provide user platform firewalls, available via our GUI, API and apps, which allow you to specify detailed, persistent firewall ALLOW/DENY rules on a per ethernet interface basis, per server. Rules can be configured by service, port, port range and from source and destination IPs and subnets with full flexibility. This allows you to lock your machines and data down entirely, even to the point of actually running a server ‘offline’ with access only over VPN or our permanent KVM access.

 

 

- Backup and Disaster Recovery plans

 

Here at dediserve, we provide you with the ability to take a snapshot image of your server at any time. These snapshots can be used to roll back your server, clone it, or replicate it at any time. You can also activate the ‘auto’ snapshot option, which will take a periodic snapshot of your server for your backup. This protects against something nasty happening the server, and we tend to recommend customers take snapshots before performing major changes, software or OS upgrades, etc.

 

In addition to the platform backup options, we are open about using only NetApp Clusters for our SAN. With fully redundant SAN pairs handling all disk storage, we can tolerate drive failures, disk tray failures and SAN failures without customer impact (we would need to lose two full SANs before customers would lose access to them). Additionally, the NetApp devices include excellent snapshot capabilities of their own, allowing us to maintain replicated snapshots across our local SAN infrastructure for disasters. Customers can also elect to deploy additional offsite backup solutions, typically based on R1soft, which will replicate your data to another cloud on a near continuous frequency – for the ultimate DR abilities!

 

We take security and protection and integrity of your data very seriously, which is why we invest heavily on the best in class networking, Servers and SAN and people, to ensure dediserve is the cloud you can trust.
Securing Your Windows Cloud Server
POSTED ON April 11th, 2011 by Aidan | No Comments » | Posted in cloud, cloud computing, security, tutorials |

As revolutionary and Cost effective as Cloud Hosting now is, the fundamentals of server management remain very much the same, meaning security is still a hugely important part of managing your server.

In this post we can going to look at some simple security steps that we recommend to all customers who deploy windows machines on our cloud platforms.

1) Install a good Antivirus, e.g. ESET NOD32, AVG, Kaspersky, AVAST.

2) Configure your firewall to only what you need, e.g. Disable all un-needed Incoming Rules

3) Lock down certain Services to YOUR IP. Within your advanced firewall settings, doubleclick your inbound rule for RDP (port 3389), click scope and add your IP address into the “Remote IP Address” section.

4) Turn off Auto-Update. Update manually regularly, and be sure that hotfixes/security patches will work with the software you are running

5) Take regular backups before running the lastest update, so you can easily roll back if it breaks something..

Feel free to add your own suggestions in the comments below and i will add to the list.

Improving FTP Protection With Clam AV
POSTED ON May 5th, 2010 by Aidan | 1 Comment » | Tags: , , , , , ,
Posted in fedora, security |

Over the last couple of months we have covered alot of security Issues with regards how to best secure and manage your VPS.

We have covered such topics as:

This Blog post is going to offer an additional layer of security for customers using the Fedora 12 Operating system on thier Virtual server.By using the popular opensource Clam AV software with some modifications , we are going to have it scan all files FTP’d to our fedora 12 server and delete any files that look like malware.

Clam AntiVirus is an open source (GPL) anti-virus toolkit for UNIX, designed especially for e-mail scanning on mail gateways. It comes pre-installed in virtualmin with that template and can be activated within your virtualmin control panel.

(more…)

VPS Security Made Easy
POSTED ON February 11th, 2010 by Aidan | No Comments » | Tags: , , ,
Posted in Back-Ups, dediserve, Linux, security, tutorials |

Here at dediserve, we understand the massive importance security plays in the day to day management of the data on your server, in a recent blog post we went through a short tutorial on setting up IPTables on your Virtual Server.

As a follow up to that blog post we will now look at an additional peice of opensource software that will enhance the use of IPtables whilst reducing the amount of work needed in terms of administration on your server.

This is done by installing and setting up the opensource Fail2ban software on your linux virtual machine – Fail2ban scans log files like /var/log/pwdfail or /var/log/apache/error_log and bans IP that makes too many password failures. It updates firewall rules dynamically to reject the IP address.

For this installation i will be using Ubuntu 8.04:

(more…)

OpenSource Back-Up Tools
POSTED ON November 19th, 2009 by Aidan | No Comments » | Tags: , , , ,
Posted in Back-Ups, dediserve, infrastructure, Linux, security, virtualisation |
Backup and Restore Center

We here at dediserve have stressed before the vital importance that back-ups play with your data, at dediserve we provide you with the ability to switch on automatic daily/weekly and monthly back-ups as well as two manual back-ups. Or you can simply take up to five manual back-ups as well.However not everyone is lucky enough to have their back-ups looked after by dediserve :) .

So i have put together a list of free opensource back-ups tool which can be easily installed and set-up on any linux based server.

CloneZilla

Clonezilla, based on DRBL, Partition Image, ntfsclone, partclone, and udpcast, allows you to do bare metal backup and recovery. Two types of Clonezilla are available, Clonezilla live and Clonezilla SE (server edition). Clonezilla live is suitable for single machine backup and restore. While Clonezilla SE is for massive deployment, it can clone many (40 plus!) computers simultaneously. Clonezilla saves and restores only used blocks in the harddisk. This increases the clone efficiency. At the NCHC’s Classroom C, Clonezilla SE was used to clone 41 computers simultaneously. It took only about 10 minutes to clone a 5.6 GBytes system image to all 41 computers via multicasting!

(more…)

Assasinate That Spam
POSTED ON October 22nd, 2009 by Aidan | No Comments » | Tags: , , ,
Posted in DNS, infrastructure, security, virtual servers |
Apache SpamAssassin logo

One of the constant daily/hourly battles faced by all providers and server administrators managing mail servers is spam – the bane of many sys-admins lives. And With Spam now accounting for 80 – 85% of all email traffic, it can be a time consuming job ensuring only proper mail actually gets delivered.

Thankfully Justin Mason and the apache project provide a super free tool to easily deal with this issue and it’s called spam assassin. To very easily configure spam assassin within your virtualmin control panel , simply click on the server you want to configure then  Services > SpamAssassin

Virtualmin provides an excellent very easy to use web based interface, which allows you to easily manage the white/black lists, as well as stop specific emails based on their headers.

(more…)

Configuring iptables on your VPS
POSTED ON September 23rd, 2009 by Aidan | 1 Comment » | Tags: , , ,
Posted in iptables, Linux, security, virtual servers |

iptables-network-security

After just installing iptables, it will have no rules on the INPUT, OUTPUT or FORWARD chains:

# iptables -L

Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

And the default policy on each chain is “ACCEPT”, which means there are no restrictions: any incoming and any outgoing packets are allowed.

(more…)

Installing Iptables on your VPS machine
POSTED ON September 22nd, 2009 by Aidan | No Comments » | Tags: , ,
Posted in iptables, Linux, security |

One of most useful things with regards running xen on your VPS server  , apart from the guaranteed RAM, and the ability to hard reboot your machine is also the ability to configure IPtables on your Machine.

Some of the main features functions available with Iptables is the following:

•    Build internet firewalls based on stateless and stateful packet filtering
•    Use NAT and masquerading for sharing internet access if you don’t have enough public IP addresses
•    Use NAT to implement transparent proxies
•    Aid the tc and iproute2 systems used to build sophisticated QoS and policy routers
•    Do further packet manipulation (mangling) like altering the TOS/DSCP/ECN bits of the IP header

In most Linux installs iptables has become a standard option, especially centos. There is a very good chance that iptables is already installed on your machine. Check by:

1.    Opening a terminal window (making sure to be logged in as root).
2.    Typing: # iptables
4.    If iptables is installed, you should get the following message: iptables v1.2.8: no command specified Try ‘iptables -h’ or             ‘iptables –help’ for more information
5.    If this message does not appear, then follow the directions below to install iptables.

(more…)