Posts Tagged ‘Security’

 

Security Basics: 5 Steps to Tighten Security for Microsoft Windows

Tuesday, October 23rd, 2012 by

Security studies (including GoGrid’s internal research) strongly demonstrate that most systems will be attackedattack-in-5-hours within 5 hours after becoming publicly accessible—in some cases, in less than 2 hours. The sources of the attacks are often unsuspecting users whose systems have been compromised by malware and are in turn being used to attack and infect other systems. The majority of attacks target two common threats:

  1. A combination of commonly used system accounts (e.g., the Administrator account) with weak, dictionary-based passwords
  2. Systems that are missing critical or high-security vulnerabilities

Solution

This document provides GoGrid’s security recommendations for Cloud Servers running Microsoft Windows. Perform these 5 steps in sequential order immediately after provisioning new GoGrid Cloud Servers to maintain the integrity and security of your system.

Note: For a step-by-step how-to with screenshots, please see the companion article, “How To Tighten Up Windows Security.”

lock (more…) «Security Basics: 5 Steps to Tighten Security for Microsoft Windows»

InformationWeek’s “IaaS Buyer’s Guide” with some Updated Information from GoGrid

Friday, October 19th, 2012 by

This week, InformationWeek published an extremely handy IaaS Buyer’s Guide designed to help companies navigate the complex airspace of cloud computing, specifically the Infrastructure-as-a-Service marketplace. The Guide covers 9 IaaS providers, including GoGrid, that each submitted responses to a questionnaire about their service offerings. InformationWeek then compiled and categorized those responses in this easy-to-understand Guide. You can find the full Guide (behind a registration wall) here.

InformationWeek-guide-cover

Topics covered in the Guide include:

  • CPU & Memory
  • Storage
  • Operating Systems
  • Database Software Needs
  • Redundancy/Data Center Needs
  • Additional VM Features
  • Cost
  • Security & Compliance
  • Support & SLA
  • Additional Services

A few things have changed since GoGrid was originally interviewed, and we wanted to provide updated information for some of these categories.

CPU & Memory

(more…) «InformationWeek’s “IaaS Buyer’s Guide” with some Updated Information from GoGrid»

How to Install LAMP, Webmin & ConfigServer Security & Firewall on a CentOS 6.0 GoGrid Cloud Server

Thursday, July 19th, 2012 by

Let me preface this post by saying, I am NOT a Linux guru. In fact, I consider myself to be a newbie when it comes to the intricacies of Linux. I probably know enough to be dangerous, at least dangerous to the server. So, I’m writing this post with the following disclaimer: Don’t ask me for any details on the “why” or how to do what I’m outlining below differently. But since I figured that lots of you are like me, I wanted to share.

Since I’m a Linux newbie, you’ll probably understand why I wanted to write this post though. I’m not a command line junkie—GUIs are much more my thing. But when it comes to running a server that is speedy and high performance with low overhead (e.g., doing away with GUIs), you’re probably looking at various Linux distros. What I wanted to do was set up a basic Linux system running a LAMP (Linux, Apache, MySQL, and PHP) stack that also had a web-interface and some added security controls.

The great thing about doing this type of experimentation in the cloud is that I can create essentially a Dev & Test environment where I can spin up a server in minutes, install software, configure it, and test everything out. Then if it doesn’t work the way I want it to, I can tear it down and start again from scratch. The cloud lets you do this quickly, easily, and inexpensively.

In this tutorial, you can basically have the entire configuration up and running in the GoGrid cloud in less than an hour and only spend about $0.25 to test this out (assumes a 2 GB server running for 1 hour at $0.12/GB RAM/hr.)

Here’s what we’re using:

  • CentOS 6.0 (64-bit) – with 2 GB RAM
  • Webmin – web-based interface for sysadmins for UNIX that lets users set up user accounts, Apache, DNS, file sharing, and a whole lot more
  • ConfigServer Firewall & Security (CFS) – a Stateful Packet Inspection (SPI) firewall, login/intrusion detection, and security application for Linux servers

(more…) «How to Install LAMP, Webmin & ConfigServer Security & Firewall on a CentOS 6.0 GoGrid Cloud Server»

GoGrid Proactively Responds to Xen Vulnerability

Wednesday, June 20th, 2012 by

GoGrid regularly reviews, analyzes, and ranks recently published security vulnerabilities as part of its security program. We typically address security vulnerabilities that pose a risk to GoGrid’s digital ecosystem during our regular patch cycle. However, critical security vulnerabilities require immediate action. Such was the case with last week’s security advisory that impacted software such as Xen, FreeBSD, NetBSD, and some versions of Microsoft Windows. You can find specifics of the security advisory here: http://lists.xen.org/archives/html/xen-announce/2012-06/.

vaultThe vulnerability meant a system admin running a 64-bit paravirtualized (PV) guest (such as Windows 2008 R2 or a Linux 64-bit distribution) on a 64-bit hypervisor could gain kernel-level access by successfully exploiting Intel’s SYSRET design implementation. This vulnerability isn’t unique to Xen or even to virtualized environments. In fact, any guest user—that is, someone with non-administrator privileges—with logical access to a stand-alone server running NetBSD, FreeBSD, Microsoft Windows 7, or Windows 2008 R2 can perform a similar exploit against the OS and gain unauthorized access.

GoGrid’s Security team determined that the vulnerability exposed our customers to an attacker potentially gaining access to their virtualized systems. Even more important, GoGrid’s Security team determined the vulnerability was a prime target for a “zero-day exploit”—one that could occur on the same day the vulnerability becomes generally known.

As a result, we took immediate action: We downloaded and tested the patch, engaged on of our outside security firm partners to gain intelligence on how the Black Hat community perceived the vulnerability, scheduled an emergency patch rollout over the weekend, and deployed the security patch across all impacted systems.

On June 18, 2012, GoGrid Security team confirmed that an exploit had been published and is now circulating on the Internet.

We appreciate your understanding and support in allowing us to continue providing you with a safe, secure, and stable environment.

2012 Cloud Computing Predictions from GoGrid Executives, Customers & Partners (Part 2)

Thursday, January 19th, 2012 by

A few days ago, I published some 2012 Cloud Computing predictions from Warren Heffelfinger (CEO – GoGrid), James Urquhart (Cloud Writer for GigaOm & VP of Product Strategies at enStratus) and Larry Warnock (CEO of Gazzang). The beginning of any year is critical to not only reflect back on what transpired, but also to gaze into the future to see what is to come. With Cloud Computing, to quote an over-used phrase, “the sky’s the limit” and while there are some similarity within these and the previous predictions, there are also some distinct opinions as to where we are all headed in the cloud.

2012-cloud-year-pt2

In this article, I have compiled more insightful predictions from another stellar list of cloud experts, namely:

  • John Keagy (Chairman & Founder – GoGrid)
  • Carson Sweet (CEO – CloudPassage)
  • Antonio Piraino (CTO – ScienceLogic)

Below are their predictions so read on to see how they stack up!

John Keagy (Chairman & Founder – GoGrid)

(more…) «2012 Cloud Computing Predictions from GoGrid Executives, Customers & Partners (Part 2)»