KML_FLASHEMBED_PROCESS_SCRIPT_CALLS

Posts Tagged ‘firewall’

 

How To Enable & Manage the New, Free GoGrid Firewall Service

Wednesday, May 1st, 2013 by

Security and infrastructure don’t always go hand in hand. In fact, many non-adopters of cloud computing have cited the lack of good security as one of the primary reasons they are not wholeheartedly embracing the cloud and all its glory. In some ways, these naysayers are correct: You shouldn’t deploy a cloud or frankly any type of infrastructure without some type of security, whether it’s software-based controls or a hardware device. At GoGrid, it is this desire to overcome security concerns that compelled us to release our free (that’s right FREE) Firewall Service.

When we developed our Firewall Service, we wanted to do more than simply offer a set of blocking rules or a hardware device. We wanted our solution to be centrally managed, easy to use and configure, fully featured, integrated across all our data centers, reliable, programmatically controlled, highly available, flexible, elastic, self-healing…whew! And did I mention, free? As we did for our new Dynamic Load Balancers, we embraced the concepts of software-defined networking (SDN) when architecting our Firewall Service.

Our research showed that for small environments, software-based firewalls (like IPtables or a Windows Firewall) worked just fine, provided the infrastructure didn’t need to scale. Similarly, hardware-based firewalls were great for enterprise-grade installations (but remember, if you get one hardware device, you typically need another one ready as a failover). We wanted to do it better. You can read more about the theory behind our cloud Firewall Service in this article.

As with my previous How To articles, there are 3 easy steps in the Firewall Service setup:

1. Create a Security Group
2. Define
a Policy
3. Add
a Connection

GoGrid’s Firewall Service is distributed and global. That means that once it’s configured, it automatically synchronizes across all our data centers. If you have multiple web servers in multiple GoGrid data centers, you simply define the Security Groups and Policies, connect the servers, and you’re done. Any future policy changes are automatically synchronized to the connected servers. Simple, right? Let’s see how to set up the Firewall Service. (more…) «How To Enable & Manage the New, Free GoGrid Firewall Service»

Is Your High-Tech Company Ready For An SDN-Enabled Cloud?

Thursday, April 18th, 2013 by

When it comes to technology, there are many companies on the “bleeding edge” these days. Sometimes these companies achieve greatness by being visionary, producing products or services that others haven’t thought of, or investing heavily in R&D. But they all have one thing in common: They use the latest high-tech, innovative solutions to power their journeys.

image

When it comes to the underlying infrastructure powering a technology-oriented company, “cutting edge” means success. Sites and services need to perform, be reliable, be resilient, and have the flexibility to expand and contract based on the ebb and flow of day-to-day business. For me, that means cloud infrastructure is the best solution for companies looking to stay ahead of the curve.

Over the past few months, GoGrid has released a variety of services and features designed to give companies a leg up on the competition. It’s all centered on providing cloud infrastructure that’s flexible, yet forward-thinking. It’s much more than simply needing faster and bigger clouds—it’s about architecting our cloud solutions to provide customers with a highly available and distributed set of infrastructure components. And it’s architected according to software-defined networking (SDN) concepts.

SDN architecture isn’t focused on internetworked commodity hardware or new ways to provide networking services. It’s designed to distribute a variety of formerly hardware-based solutions across nodes, data centers, and clouds. When you think about “old school” infrastructure architecture, you probably think of physical devices. And if you think about one device, you really need to think about two, for redundancy and backup. If your hardware load balancer or firewall fails, you have to be sure you have a warm or hot standby available to immediately take its place. That requires time and money. And if you want to be cutting edge, you don’t want to be spending your precious time and money planning for the inevitable. You want to be innovating and iterating.

That’s where SDN is truly powerful and why many of the leading technology companies are adopting solutions that use it. With SDN, you can build in fault tolerance and redundancy. Take our recently released Dynamic Load Balancers as an example. Instead of relying on a single hardware device for routing traffic between available servers, our Dynamic Load Balancers are distributed and highly available across our Public Cloud. If one of the Dynamic Load Balancers fails, another instance, complete with configurations, is spawned immediately elsewhere thanks to our self-healing design. And these load-balancing services can be controlled programmatically via our API.

This month we announced another service that operates in the same distributed manner, our Firewall Service. Although many companies choose to use Cisco ASAs as a security front end for their cloud and physical infrastructure environments (an offering we also provide), these are physical devices that require management. However, our SDN architecture lets us provide more resilient and creative solutions. Like our Dynamic Load Balancers, our Firewall Service is built around SDN concepts and distributed across nodes and our data centers. When you create a security group (that has policies assigned to it), it’s automatically replicated across all our data centers within seconds. If you have distributed infrastructure, you can simply assign a security group to any similarly configured Cloud Server, regardless of that server’s location. If you subsequently change a policy, it’s automatically synchronized to all servers across all data centers that are part of that security group. In other words, you configure once, assign the security group to the server(s), and then watch the SDN magic happen.

(more…) «Is Your High-Tech Company Ready For An SDN-Enabled Cloud?»

Software Defined Networking on the Edge

Thursday, March 14th, 2013 by

One of the recent trends in technology is the movement toward software-defined networks (SDN). With SDN, networking is no longer tied to a specific proprietary device but rather integrated via software. GoGrid has adopted this software defined networking architecture for its new product offerings starting with Dynamic Load Balancers and now with our new Firewall Service.

SDN typically means that the control plane is separated from the forwarding plane and is centralized. This setup is easier to manage and enables a more distributed system. In addition, management of the network is typically programmatic with SDN. In GoGrid’s architecture, for example, management is centralized while the activities are distributed. This design allows for greater resiliency and self-healing capabilities, meaning there’s always a way to return a failed distributed node to its previously stable state. We also enable access to these services via our management console and a public RESTful API.

Although most people think of SDN as it applies to the core (switches and routers), GoGrid’s strategy has been to start at the edge and then work toward the core. Dynamic Load Balancers and the Firewall Service are considered to be on the network edge. However, other services closer to the core, such as Private Network Automation (PNA), have adopted this architecture as well. Details about the Dynamic Load Balancer are explained in this previous blog post.

Firewall Service

GoGrid is introducing a new Firewall Service designed to be self-healing and available to all customers in all our data centers. Customers can deploy this service through the management console or API. Having a Firewall Service available to all our customers is an important step in further securing infrastructure in the cloud. Although GoGrid has secured its data centers and has built-in security measures to protect our customers’ infrastructure, our customers want greater granular control of port access for their individual servers. Our new Firewall Service is designed to meet and exceed those needs by making it easy to set up security wherever Cloud Servers are located.

This service comes with several key features: (more…) «Software Defined Networking on the Edge»

How to Recover from a Linux Security Breach – Recovery & Hardening (Part 2)

Tuesday, January 29th, 2013 by

This is Part 2 of a GoGrid security blog series on identifying and recovering from a Linux security breach. Part 1 provided general guidelines for conducting a security analysis on a compromised Linux server and forming strategic teams to address and resolve the breach.

In this article, we’ll review some recommended steps for recovering from a breach.

Recovering from the Breach

Lock the doors

Now that you’ve confirmed that there are no intruders logged in and you’ve identified the established connections, it’s time to “lock the doors.” Locking the doors largely depends on who is managing your firewall. Contact GoGrid in the event that we’re managing your firewall or perform the following actions if you manage your firewall:

  • Modify your system’s iptables configuration to restrict all remote console connections such as SSH to your office network
  • Modify your system’s iptables configuration to block all previously identified suspicious connections from and to your system.
  • Modify your system’s iptables to block all other services from the public Internet to your server. Doing so will effectively bring down your website or services, but you want to avoid compromising your customers or web site visitors.

Install and run a rootkit analyzer

(more…) «How to Recover from a Linux Security Breach – Recovery & Hardening (Part 2)»

How to Recover from a Linux Security Breach – Forensics, Analysis, & Building Teams (Part 1)

Monday, January 28th, 2013 by

This 2-part GoGrid security blog series provides general guidelines for conducting a security analysis on a compromised Linux server and for recovering from a breach. Before you begin the security analysis, you need to consider two important factors:

1. The type of data your compromised server is storing or transmitting,
2. How important the server’s function is to your business

The data type—Personally Identifiable Information (PII) or Protected Health Information (PHI), for example—is important because your organization could be legally required to notify external parties and local or federal government agencies in the event of a breach. The compromised server’s function is important because its criticality may drive the recovery timeline.

You also may want to consider engaging a third-party that specializes in security forensics.

This series will cover 3 important items:

1) Understanding & assessing the breach
2) Setting up forensics & recovery teams
3) Recovering from the breach

Although this series won’t replace what a competent security firm can accomplish, it does provide an overview of some core processes, procedures, and activities you can do to potentially recover from a breach. And because each incident varies based on your computer system, be sure to conduct additional analysis and consult with experts to double-check your breach identification and resolution plan. (more…) «How to Recover from a Linux Security Breach – Forensics, Analysis, & Building Teams (Part 1)»