12 Advantages of Outsource Hosting vs. In House Hosting

May 16th, 2012 by Rich G. | View Comments

Tags: , , , , , , , ,

Often in the world of SaaS, servers and cloud, the big question a company may ask themselves is this: Do I outsource my hosting or build it myself in house?

Often times on the surface the idea of building, buying your own gear, and running it on your own may appear to be the more cost effective option. However, if you consider the big picture including the emergence of the managed cloud then outsourcing is not only more cost effective, it makes the most sense. Consider these factors when comparing outsourcing vs. building it yourself.

1. Capital Depreciation

Outsourcing is considered an OPEX. There is no hardware to have depreciated over time. When hosting internally you have expensive equipment to purchase as a CAPEX plus maintenance agreements, collocation or utility costs, and other “surprise” investments. Outsourcing presents a predictable monthly recurring expense.

2. Employee Turnover

Employee turnover can happen at any time for many reasons. If key people running your internal environment leave the company, you could be left trying to pick up and maintain critical pieces. Outsourcing removes this risk as you’re under contract with a business that provides and guarantees these services with complete documentation and continuity.

Read the full post »

What’s This Multi-Factor Authentication About….

May 9th, 2012 by Jason B. | View Comments

Tags: , ,

For many companies looking for PCI compliance, or even just to improve their security footprint as a whole, multi-factor authentication has often become that unattainable unicorn. Security professionals alike have a challenge when it comes to meeting this requirement. Things like, what exactly is it, and what options are out there to fulfill that security requirement are questions that are often asked. In this article, I will go into what the security authentication factors are, and some basic example to help you understand the requirement. Hopefully it will better help in not only understanding what multifactor is, but also why it’s required.

The principle around Multifactor authentication is that you are authentication yourself to some system via different factors. The factors available are as follows:

  • Something you know
  • Something you are
  • Something you have

Most people are aware of the “Something you know”. This is typically something that the true user would know. Like a user and password to their account. Seems secure, and would only be known by the “true” user, right? Well, not exactly. How many people out there have given their password to someone else for some sort of use, or for that matter, have it saved somewhere for future reference? You may have a password stored somewhere on your computer, which would seem secure. But, if that gets compromised, then that “true” identity is no longer guaranteed to be you. I bet most people have, and that is what compliance certifications like PCI and such are looking to correct. By incorporating an additional security authentication factor, they can better guarantee you are who you say you are. Of course, it gets very hard to guarantee 100%, but as you add factors, it gets pretty darn close.

Read the full post »

Managing ePHI on the Internet

April 11th, 2012 by INetU | View Comments

Tags: , , , ,

About Information Security and Managing your ePHI

The internet continues to play a key role in simplifying business practices in all industries. The  health care industry is no exception. Many health care organizations are finding it necessary to place Protected Heath Information (PHI) or electronic Protected Heath Information (ePHI) online.  One extremely important factor that health care organizations need to consider is that PHI is covered under the HIPAA and HITECH acts which need to be handled very carefully.

What is HIPAA?

The Health Insurance Portability and Accountability Act (HIPAA) was enacted in 1996 to provide privacy standards for the protection of patients’ medical records and other health information supplied to health plans, doctors, hospitals and other healthcare entities.

What is HITECH?

The Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009 extends HIPAA coverage by addressing third-party access to protected health information (PHI), increasing compliance obligations and strengthening enforcement penalties.

Why is it Important to Comply with HIPAA and HITECH?

HIPAA and HITECH compliance is imperative to preserve your ongoing business operations.  Failure to successfully meet the standards may result in not only regulatory actions, such as fines, but also loss of business, damage to reputation and loss of public trust.

How to Protect Your PHI?

Organizations looking to transmit or store PHI on the Internet should take a multi-layered approach to their data protection. Here are some areas to address:

  • Servers – PHI should be hosted on dedicated servers with hardened operating systems
  • Security patches need to be kept up to date. Hard passwords should be used for all login
  • Firewalls – A Dedicated Firewall is required
  • Intrusion Detection Software should be run to log traffic to and from the servers
  • VPN is necessary in most cases, as it helps encrypt data transferred between two locations
  • Software - Software should be installed on the server to track changes to files and logwho made a change to and/or viewed PHI, from where and at what time
  • Storage – Since PHI and records of access to PHI need to be stored for a minimum of 6years; a backup retention strategy should be put in place that meets that requirement.Typically this will involve off-site archiving of backups. Encryption should be used on PHI and related data stored on portable media

If you need help with HIPAA and HITECH compliance make sure to find a trusted web host who has the right knowledge, experience, and security tools to continuously safeguard your PHI.

6 Steps to Take After Your Server Has Been Compromised

April 4th, 2012 by INetU | View Comments

Tags: , , ,

When maintaining a secure server, make sure to take the following precautions: Keep your software up to date, use strong passwords, follow the principal of least privilege and employ defense in depth.

Sometimes the precautions don’t always work. No one ever wants their server to be hacked or compromised, but unfortunately it can and does happen. With a little preparation, you can quickly respond to a hacked server so you can smoothly recover your server – ultimately limiting the amount of data exposed or lost and minimizing your downtime. Below are 6 steps that you should immediately do after your server has been breached; they don’t have to be completed in order but will definitely help in mitigating future risk.

Step 1: Know Who is Involved – Of everyone responding to the security threat, make sure everyone knows what their own role is and what the roles of others are. Understanding how to communicate amongst each other will help all of the subsequent steps.

Step 2: Assess the Scope – Understand what has already been observed, what has already been done and what is currently happening. This quick assessment will help determine which steps should be performed next and in what priority to prevent future network security issues.

Step 3: Contain the security breach – These immediate steps will help prevent further damage or information loss. If the attacker is actively on your system, you may need to kill their processes immediately to limit further damage. This may involve blocking the network to a specific block of IP addresses, especially if data is actively being streamed off of the server to the attacker’s machine.

Step 4: Maintain State – Your classification and impact analysis of the compromised system will help determine if the security breach should be contained or the state maintained first. For further forensic work, it is best to leave the system unaltered (or as unaltered as possible). You can copy log files or take an image of the disk for further analysis. This also prevents the attacker for altering the logs.

Here is a simple example of how to clone a block device or partition: On the secure system, run nc -l -p 9999 | dd of=/dev/incident-xyz.dd. Then on the compromised system, run dd if=/dev/sda | nc <ip of secure system> 9999. You can also use dcfldd, which provides hashing on-the-fly among other useful features. To limit the amount of empty space being transferred, you can also use gzip between dd and netcat on both servers.

Step 5: Notifications – Follow the appropriate process for notifying the impacted, may include PCI or HIPAA regulations or federal and state laws depending upon the nature of the data exposed (or potentially exposed).

Step 6: Remediate – Putting the same vulnerable hacked server back online will likely only lead to another incident, so any workarounds or patches should be applied before bringing services back online. This may include data integrity checking or a complete system re-install.

Throughout this process, make sure you communicate with the rest of the team, keep a cool head, make sure you document what you are observing, and what actions are being taken with your network security issue. If you believe your server has been compromised and still don’t know what to do let us know, we can help.

Exploit Found, Patch Now – MS12-020

March 21st, 2012 by Patrick M. | View Comments

Tags: , ,

Last week (Tuesday, March 13, 2012), Microsoft released a security bulletin detailing a fairly severe vulnerability in their Remote Desktop Protocol which is present in all versions of it from Windows XP to Windows Server 2008 R2.  At the time there was no functional exploit code in the wild, but the potential risk surrounding this vulnerability was marked as “Critical.”  The following is a snippet from their own write-up of the security vulnerability:

“This security update resolves two privately reported vulnerabilities in the Remote Desktop Protocol. The more severe of these vulnerabilities could allow remote code execution if an attacker sends a sequence of specially crafted RDP packets to an affected system. By default, the Remote Desktop Protocol (RDP) is not enabled on any Windows operating system. Systems that do not have RDP enabled are not at risk.”

The bolded text was added by us.  Security vulnerabilities with the potential to allow remote code execution are some of the most severe around.  This means that given the appropriate sequence of packets, an attacker could do anything from creating their own users to simply shutting the server down, without providing as much as a password. Due to these threats, secure data is a must!

Microsoft released a patch for this vulnerability the same day as the security bulletin, and if your servers are currently configured to perform automatic updates, you are likely in the clear for this particularly nasty hole.  However, if you are managing your patches yourself and haven’t gotten around to addressing this one, it would be in your best interest to do so as soon as possible.

At the time the patch was released, no functional exploit code was available.   Since then, however, several IT security professionals have been working to develop a proof-of-concept exploit to take advantage of unpatched systems.  The demand for this exploit even grew so great that a $1,500 bounty had been offered to the first person or team to provide a functional Metasploit security plugin.  Simply the amount of buzz around this vulnerability should be enough motivation to apply the patches as soon as possible.

A security vulnerability with such potential for damage doesn’t come out very often, but when it does, it’s a pretty big deal.  For those of you hosting with INetU, contact support to find out if your server has been patched yet, and if it has not, we can schedule a time to do so immediately.  For those of you hosting elsewhere, you too should make an effort to see that your Windows servers are safe from this vulnerability and other security issues.

« Older Entries
©1996-2011 INetU Inc, All Rights Reserved.