Archive for the ‘Dedicated Server Security’ Category

Newer Entries »

Microsoft Issues Windows Server Security Alert

Tuesday, April 22nd, 2008

Microsoft is investigating new public reports of a vulnerability which could allow elevation of privilege from authenticated user to LocalSystem, affecting Windows XP Professional Service Pack 2 and all supported versions and editions of Windows Server 2003, Windows Vista, and Windows Server 2008.

Customers who allow user-provided code to run in an authenticated context, such as within Internet Information Services (IIS) and SQL Server, should review this advisory. Hosting providers may be at increased risk from this elevation of privilege vulnerability.

Currently, Microsoft is not aware of any attacks attempting to exploit the potential vulnerability. Upon completion of this investigation, Microsoft will take the appropriate action to protect our customers, which may include providing a solution through a service pack, our monthly security update release process, or an out-of-cycle security update, depending on customer needs.

Click here to learn how to bulletproof your discount dedicated server. Our Basic Firewall service places you behind a fault tolerant pair of Cisco PIX 515 with 64MB of memory running Cisco Secure Software. Each server protected by the shared firewall will be in a shared VLAN with the other servers being protected. Click here to learn more.

Posted in Dedicated Server Security | No Comments »

A Strategic Discussion on Hacking

Sunday, February 17th, 2008

There’s an interesting discussion on hacking going on over at LinuxForums. A poster from Fullerton, California who uses Suse Linux says he’s been the target of hackers hired by a world wide multi-million dollar company after a Wikipedia slip exposed his IP address, among other things. He wants to know, in short, if his system has been hacked. The conclusion of the story is, he probably wasn’t. But it’s an interesting security issue that we’ve all got to be careful of.

ServerPronto’s Managed Firewall service eliminates the need to run to open source chat boards wondering if you’ve been hacked or if your hard disk is just corrupted. ServerPronto’s Basic Firewall service places you behind a fault tolerant pair of Cisco PIX 515 with 64MB of memory running Cisco Secure Software. Each server protected by the shared firewall will be in a shared VLAN with the other servers being protected.

So the world’s most affordable dedicated server is also security-minded. Click here to learn more about the myriad of options you get when you order your dedicated server from ServerPronto.

Posted in Dedicated Server Best Practices, Dedicated Server Security | No Comments »

Microsoft To Ship Windows Server 2008 In February

Saturday, January 19th, 2008

Windows Server 2008 will release to manufacturing in February after all, InformationWeek reports. Until now, the company has been cagey about the new operating system’s release date, only saying that it would release sometime in the first quarter of 2008.

The release, the magazine reports, will come in February, on or before the February 27th launch event Microsoft is hosting in Los Angeles to celebrate the nearly concurrent releases of Visual Studio 2008, which came out in November, Windows Server 2008, and SQL Server 2008, which is on track to be released in the second quarter of this year. Microsoft has begun using the tagline “heroes happen here” for the launch.

Are you planning to jump on the Windows Server 2008 bandwagon? Or are you satisfied with the current version.

Click here to compare Windows Server Products with other discount dedicated server software packages from ServerPronto.

Posted in Dedicated Server Security, Getting Started with Dedicated Servers | No Comments »

How Does Ubuntu Security Stack Up Against Windows Vista and Mac OSX Leopard?

Tuesday, October 30th, 2007

Even as the software security debate rages on, there are new iterations of operating systems that promise hardened security. The Apple camp tends to brag about the low instances of worms and bugs while the Linux camp promises it is the most secure solution. Microsoft takes exception to both camps and offers Vista as proof, with Windows Server 2008 soon to follow.
For all the industry analyst opinions and even market studies sponsored by the companies themselves, the question of security still depends on a myriad of factors. I wouldn’t go quite so far as to say security is in the eye of the beholder, but some security is certainly in the hands of the user.

In other words, human error makes room for plenty of malicious attacker havoc against a system. You can have the hardest security in the world, but if the user leaves the door open it doesn’t do you much good.

With all that said, I recently came across this blog post from the Virtual Hosting Blog that was interesting. It compares Ubuntu against Vista and Mac OSX and give good old fashioned grade school measures.

The conclusion: “When compared with giants OSX and Windows, Ubuntu is still a relatively unpopular OS, but it stands up to the competition well. Self-installation is regarded as one of the perks among Ubuntu techies, and the available technical support is easy to find and understand.”

Congratulations to Ubuntu! Click here to learn more about ServerPronto’s Ubuntu Dedicated Servers.


Posted in Dedicated Server Security | No Comments »

Does Your SuSE Linux Have Bugs?

Friday, September 28th, 2007

No software is bullet proof. Hackers, especially those motivated by money, can often find a way in the back door if they try hard enough.

This week, security researchers discovered a vulnerability in various SuSE products. That vulnerability could be exploited by attackers to execute arbitrary code. The issue is caused by an error in Openoffice.org. Make sure you’re patched! Click here to find out more about this bug and the fix.

ServerPronto offers SuSE Linux Dedicated Servers with managed firewalls to help you shut the door on attackers until a fix is released. Click here to learn more about SuSE Dedicated Servers. There are several options to choose from.

Posted in Dedicated Server Best Practices, Dedicated Server Security | No Comments »

Will Red Hat Interoperate with Microsoft?

Friday, July 6th, 2007

Red Hat has made it clear: it won’t enter into a deal with Microsoft like the one Novell struck with the Redmond software giant. But Red Hat does want to interoperate with its rival. What’s a leading Linux distributor to do? Have its cake and eat it too? Refuse the patent covenant and forge an alliance anyway?

Not if Microsoft has anything to say about it.

Microsoft says it’s no game unless Red Hat agrees to mutual patent indemnification. Microsoft says you can’t separate interoperability from patent issues. Microsoft says what’s good for Novell, Linspire and Xandros is good for Red Hat.

Red Hat begs to differ.

Click here to read about ServerPronto’s Linux-based dedicated servers.

And so the discussion is at an impasse once again. Most industry analysts agree, though, that if Microsoft hopes to serve its customers through interoperability, then patent indemnification shouldn’t be the main issue. Openness should be, they say.

What say you?

Posted in Dedicated Server Security | No Comments »

Ubuntu Chief Calls for Linux Patch and Bug Collaboration

Monday, June 18th, 2007

Mark Shuttleworth, the founder and CEO of Ubuntu, thinks the open source community needs a federated, decentralized system for tracking patches and bugs. In other words, he wants the open source world to collaborate on Linux security, among other, issues.

In fact, that was one of Shuttleworth’s key messages when he offered the keynote address at the Linux Foundation Collaboration Summit last week.

“It’s not about Red Hat versus Microsoft or open source fans versus the evil empire, any more than the Cold War was about the U.S. versus the Soviet Union. The conflict is really about ideas,” Shuttleworth told listeners, noting that the “enemy” — proprietary software vendors — has more financial resources than the open source community.

“To glue our pipeline together, we need tools,” he argued. “Collaboration is an easy term to say, but it’s hard to do. We often don’t know who to talk to upstream, so the question is, How can we make collaboration better?”

Click here to learn more about ServerPronto’s Ubuntu dedicated servers.

Shuttleworth may have been singing to the choir. The Linux Foundation provides neutral collaboration forums so companies and individuals can work together to solve the challenges facing the Linux platform. Linux Foundation members, developers, independent software vendors, government organizations and end users are invited to collaborate and speak out on collaborative issues, challenges and solutions.

Still, if that choir was humming security collaboration tunes in unison, the Ubuntu chief probably would have spent his precious keynote address words on another pressing topic facing the Linux community.

There’s an old debate about which camp responds more quickly to security vulnerabilities: the open source or closed source community. It’s been said that the open source community can move more quickly to address bugs than software giants with many moving corporate parts. It seems Ubuntu’s chief wants to make sure the perception of rapid bug response stay in favor of open source.

What do you think about Shuttleworth’s perspectives?

Posted in Dedicated Server Security | No Comments »

Microsoft’s Patch Tuesday Highlights Online Risks

Wednesday, June 13th, 2007

Microsoft issued six sets of updates to patch 15 bugs in June’s Patch Tuesday release. The fixes address 12 critical bugs, six of them in Windows software and six in Internet Explorer.Although the IE bugs are the focus of most security analysis this week, flaws in Windows Vista have become a topic of discussion as well.

Two patches plug holes in Microsoft’s newest operating system. One critical patch affects Windows Mail in Vista and Windows Vista x64 edition, while a second Vista bug is rated “moderate.”
Click here to read about ServerPronto’s benefits. Customers can choose managed firewalls in a customized dedicated server set up.

Another security update that fixes two vulnerabilities in Microsoft Office ranks as “important.” However, experts agree that bulletins MS07-031 and MS07-035 are the most critical of the batch, and should be applied first.

MS07-031 deals with a vulnerability in the Windows Secure Channel module and MS07-035 resolves a vulnerability in the Win32 API. Both issues addressed by these patches involve remote code execution and translate to potential exploits when users simply visit a malicious Web site.

Click here to read the rest of this story on CIO Today.

Posted in Dedicated Server Best Practices, Dedicated Server Security | No Comments »

Novell Taking Risks in Microsoft Pact

Thursday, May 31st, 2007

Details of the Microsoft-Novell Linux deal inked last November became public this week as the Linux vendor filed its annual report and SEC 10K documents. The filings offer access to the agreement Novell signed with Microsoft to distribute SuSE Linux without any risk of Microsoft patent claims.

Click here to read compare ServerPronto’s Microsoft options with our SuSE Linux options.

The regulatory filings also suggest that changes to the General Public License (GPL) could put the kibosh on the distribution deal between the two technology titans. Specifically, Novell’s filing said that proposed revisions to version 3 of the GPL could force it to modify its relationship with Microsoft or “explore alternatives” to the deal.

Here’s the rub: The current draft version of the GPL’s third version clearly states that Linux distributors cannot “convey a covered work if [they] are a party to an arrangement with a third party that is in the business of distributing software” if the arrangement offers patent protection in exchange for cash. That caveat seems to describe the Novell-Microsoft deal perfectly.

Click here to read the rest of this story on CIOToday and weigh in on how you think version 3 of the GPL will impact your operations.

Posted in Dedicated Server Basics, Dedicated Server Best Practices, Dedicated Server Security | No Comments »

Best Practices for Dedicated Servers: Securing Your Server

Monday, December 4th, 2006

Freedom, by definition, demands responsibility.

In dedicated server land, you enjoy abundant freedom. You’re free to run the OS and software that best meets your needs (as long as that software doesn’t violate your provider’s acceptable use policies). You’re free to have as many IP addresses and domains as you’d like. And you’re free to choose the bandwidth allotment that your traffic demands.
 

Of course, along with that flexibility and power comes the duty to protect your turf. Here are a few best practices that will help your server remain free – and safe:
 

  1. Patch, Patch, Patch
    Why leave the door wide open for a hacker? Keep an eye out for patches for all your software and apply them regularly and diligently. Apache web server patches are announced at http://httpd.apache.org/security_report.html, and you can find patches and more for Microsoft’s IIS at http://www.microsoft.com/WindowsServer2003/iis/default.mspx.
    If you’re using Windows, visit http://update.microsoft.com often to check for both critical and optional OS and software patches. Or, better yet, turn on automatic updates. Many Linux distributions also feature an automatic update feature. But, if the one you’re using does not, check the distro’s website. The same goes for all your applications, particularly your software firewall.
  2. Work Within a Secure Shell
    Whenever you update and maintain your website, be sure to do so using SSH/SCP so that your login information is encrypted. Encryption is a simple, yet powerful, best practice that will could eliminate a myriad of problems.
  3. Practice Good Password Hygiene
    Cheekymonkey is not a good password! Hackers love passwords that contain dictionary words. Make their lives a lot harder by choosing passwords that are at least six characters long, use a mixture of upper and lowercase letters, and include numbers and other allowable characters.
  4. Close Your Ports
    You’ll need port 80 for HTTP access and port 22 to use SSH/SCP, and, if your site provides secure transactions for e-commerce and the like, you’ll also need to open port 443. Beyond these essential gateways, however, examine your needs very carefully and close down any ports you won’t need.
  5. Inoculate Your Server Against Viruses
    In today’s security climate, it should go without saying, yet security researchers continue to report amazement into how often this safe computing practice is ignored. Be sure to use an antivirus program that provides frequent definition updates.
  6. Don’t Forget Physical Security
    With all the cyber-threats that loom, it’s easy to forget that one of the easiest ways to compromise a server is to have physical access to it. While most data centers are reasonably secure, it pays to see if your provider’s facilities are housed in reinforced structures with adequate security.

Discussions of server security can – and do – fill entire books, but these tips provide a good start and will help you provide your users a safe and secure Web environment.

Š

Posted in Dedicated Server Best Practices, Dedicated Server Security | 4 Comments »

Newer Entries »