KML_FLASHEMBED_PROCESS_SCRIPT_CALLS

Author Archive

 

How To Tighten Up Windows Security

Thursday, October 25th, 2012 by

In the previous Security article from GoGrid, we outlined 5 Steps to enhance your security on Microsoft Windows. This article walks you through some of these steps.

vault

Step 1: Patch your system

The following steps apply to Microsoft Windows 2008 OS and Microsoft applications:

  1. Select the Start button
  2. Type “windows update” in the search area and press the Enter button.
    windows-update
  3. You should see the following screen:
    updates-available
  4. Select the Check for Updates option, which will connect to Microsoft to determine if your system requires security updates.
    check-for-updates
  5. Install security updates by pressing the Install updates button.
    Note: You may need to reboot your system immediately after you’ve applied the security updates.
    install-updates

Step 2: Rename the administrator account

The following steps apply to Microsoft Windows 2008: (more…) «How To Tighten Up Windows Security»

Security Basics: 5 Steps to Tighten Security for Microsoft Windows

Tuesday, October 23rd, 2012 by

Security studies (including GoGrid’s internal research) strongly demonstrate that most systems will be attackedattack-in-5-hours within 5 hours after becoming publicly accessible—in some cases, in less than 2 hours. The sources of the attacks are often unsuspecting users whose systems have been compromised by malware and are in turn being used to attack and infect other systems. The majority of attacks target two common threats:

  1. A combination of commonly used system accounts (e.g., the Administrator account) with weak, dictionary-based passwords
  2. Systems that are missing critical or high-security vulnerabilities

Solution

This document provides GoGrid’s security recommendations for Cloud Servers running Microsoft Windows. Perform these 5 steps in sequential order immediately after provisioning new GoGrid Cloud Servers to maintain the integrity and security of your system.

Note: For a step-by-step how-to with screenshots, please see the companion article, “How To Tighten Up Windows Security.”

lock (more…) «Security Basics: 5 Steps to Tighten Security for Microsoft Windows»

GoGrid Proactively Responds to Xen Vulnerability

Wednesday, June 20th, 2012 by

GoGrid regularly reviews, analyzes, and ranks recently published security vulnerabilities as part of its security program. We typically address security vulnerabilities that pose a risk to GoGrid’s digital ecosystem during our regular patch cycle. However, critical security vulnerabilities require immediate action. Such was the case with last week’s security advisory that impacted software such as Xen, FreeBSD, NetBSD, and some versions of Microsoft Windows. You can find specifics of the security advisory here: http://lists.xen.org/archives/html/xen-announce/2012-06/.

vaultThe vulnerability meant a system admin running a 64-bit paravirtualized (PV) guest (such as Windows 2008 R2 or a Linux 64-bit distribution) on a 64-bit hypervisor could gain kernel-level access by successfully exploiting Intel’s SYSRET design implementation. This vulnerability isn’t unique to Xen or even to virtualized environments. In fact, any guest user—that is, someone with non-administrator privileges—with logical access to a stand-alone server running NetBSD, FreeBSD, Microsoft Windows 7, or Windows 2008 R2 can perform a similar exploit against the OS and gain unauthorized access.

GoGrid’s Security team determined that the vulnerability exposed our customers to an attacker potentially gaining access to their virtualized systems. Even more important, GoGrid’s Security team determined the vulnerability was a prime target for a “zero-day exploit”—one that could occur on the same day the vulnerability becomes generally known.

As a result, we took immediate action: We downloaded and tested the patch, engaged on of our outside security firm partners to gain intelligence on how the Black Hat community perceived the vulnerability, scheduled an emergency patch rollout over the weekend, and deployed the security patch across all impacted systems.

On June 18, 2012, GoGrid Security team confirmed that an exploit had been published and is now circulating on the Internet.

We appreciate your understanding and support in allowing us to continue providing you with a safe, secure, and stable environment.