Archive for the ‘Security’ Category
by FireHost Evangelist on August 2nd, 2010
Earlier this year, we introduced the Secure Server – a virtualized and secure, private hosting environment for companies and individuals who have the need to mitigate high traffic, high confidentiality, high availability, and compliance online.
Right away, many business owners, designers/developers, and IT professionals “got it” and signed up on the spot. We enjoy providing exemplary protection for our early adopters, but we won’t rest until the entire web hosting community understands that security, scalability, and affordability is for everyone, not just a select few.
Overall, the mission has been well received. As any “pioneer” would expect however, Secure Servers have been met with mixed reviews, particularly from die-hard dedicated hosting proponents.
In an effort admonish any remaining doubt from those who still have reservations about this new way, we created NoMoreDedicated.com. From here, you can:
- Watch real stories from real people told in their own words and decide if dedicated hosting is the best solution.
- Take our short, informative test to determine if dedicated hosting is right for your hosting needs.
Once you see the facts, we’re confident you’ll want to give Secure Servers a try, so we make it easy to do so.
- Secure Servers can be provisioning within 24 hours of validating your order, and
- There is no lengthy hosting contract to which you must subscribe.
If you still have reservations, that’s fine. We respect your opinion and any doubts you may have about adopting a new way to protect your business. Even if you’re not ready to join the movement full stop like @The_Fenix_X, we request that you follow the movement that’s putting an end to overpriced, insecure, and inflexible dedicated hosting. Big change is on the horizon.
Follow: @NoMoreDedicated HashTag: #NMD
Tags: #NMD, Dedicated Hosting Alternative, FireHost, NoMoreDedicated, secure servers, Virtualized Servers, VMWare
Posted in: Security, Technology, Web Hosting | No Comments »
by FireHost Evangelist on June 29th, 2010
Blippy, Facebook, and Lifelock, oh my! Each of these companies have come under scrutiny lately for mishandling, misusing, divulging, or otherwise playing a smoke and mirrors game with confidential information. This vignette is dedicated to conveying a different perspective on each situation, one that will hopefully convince you:
- that security controls will only be as tight as consumers demand, and
- that things can be different (better) with your help.
We just want to get this “disclaimer” out of the way, here and now in the first paragraph before you have a chance to form an opinion about our suggestions. We’re not condoning the actions or otherwise diminishing the liability of these companies (or any company for that matter) who has caused consumers or businesses time, harm, and any other loss because of a breach and subsequent leak of personally identifiable information (PII). The spirit of this article is to create awareness of the risks and to help everyone reading (consumers and business owners) understand that taking steps toward prevention is a collaborative effort in which consumers and companies alike must embark to see results. And so with that…
Blippy’s Security Blip
Synopsis: Credit card numbers for a limited number of beta users leaked into Google search results.
Blippy’s responsibility: Breaking this down to the most simple terms, Blippy’s dev team should have secluded all test data into a non-production environment. Furthermore, per PCI guidelines for SDLC dictate that all sample data must be purged from all accounts prior to launching the production environment. If you’ve visited the Blippy website or signed up for an account however, you’ll notice that there is no mention of PCI compliance or a PCI compliance badge… anywhere.
That’s because (arguably) Blippy isn’t governed by the payment card industry data security standard since they don’t directly collect or store credit card data. When the data leaked, all fingers pointed at Blippy (and rightfully so, I mean anyone who can read saw the cc numbers available in the statements associated with each user’s account.) The bigger problem however seems to be the fact that the issuing bank or credit card company allowed full, unencrypted, unmasked credit card numbers to be printed and/or stored on public statements.
Personal responsibility: Consider this. Participants in a clinical drug trial assume a large amount of risk by ingesting the pharmaceuticals under investigation. Wouldn’t a similar principle of risk apply when technology users participate in a beta, alpha, or electronic test of any kind?
Perhaps language in the warnings about unregulated pharmaceuticals is more ominous (or the risks more personal) prompting consumers take caution. Should commercial business ventures be more blatant about their warranties and have stronger indemnification policies so early adopters will think twice before signing on?
Consumers must realize that they are “swimming at their own risk” when participating in pre-releases of new, untested technologies. Blippy adopters who confidently linked bank accounts, retail payment card accounts, and credit card accounts to the service can’t be completely shocked when something goes awry with the system. Can they?
Bottom line: It is every business’ responsibility to take all measures possible to prevent problems like this from arising. It’s the consumer’s responsibility to perform due diligence and maintain our confidential information in higher regard and think twice before divulging information that could cause them harm.
(more…)
Tags: Blippy Security Breach, Facebook Privacy Concerns, Lifelock Compromised, Protect Personally Identifiable Information
Posted in: Security | No Comments »
by FireHost Evangelist on June 22nd, 2010
If I wanted to hack your eCommerce business, I’d have your help. It’s a fact that no one runs a business from one location (or one computer) anymore. In today’s world work gets done everywhere – in offices, at home, in a hotel, at the airport, while sipping mocha and siphoning Internet connectivity from a coffee shop.
Security risks increase when your business moves outside of the safety net of your main workplace. Mobile executives carry sensitive data around with them, and often times open it up to vulnerabilities just for the sake of convenience.
It all seems perfectly innocent. Connecting to wireless Internet in your hotel room, or syncing up to free wi-fi in a restaurant just to get a little work done. Convenient? Yes. Necessary? Sometimes. Is working remotely a down trending habit? Absolutely not. And so, we must learn (and educate our workforce) about how to work remotely more safely.
Protecting your mobile workforce is essential to protecting your business. And it can be accomplished (or at least done more successfully) by following a few simple tips to help keep your business safe from hackers, no matter where you go:
Stay Off the Free, Open Wireless
More and more public places are providing free, or shared wireless Internet. These open networks are dangerous. They’re risky for personal communications, but they are absolutely not suitable for conducting business without protection.
When jumping on public shared wireless connections, it’s essential to do so using a secure VPN connection with the latest encryption methods. This will funnel all your online activities (email, surfing, chat, etc) through this secure connection so prying eyes can’t see what you’re doing. Several companies offer this service but we’ve heard good things about Anonymizer.
As an alternative, Verizon, Sprint, AT&T, and others have mobile broadband services available for a reasonable monthly subscription. Spring for the mobile Internet access card. It’s a small expense for what you get in exchange – the ability to conduct business more securely outside the office.
Bonus Tip – turn off your wireless connection at all times when not in use so you are 100 percent sure about when you are connected to the Internet. If you’ve previously connected to default network names (like Linksys) then anytime that network name reappears at another location, you will be automatically connected to the network opening you up for risks.
(more…)
Tags: Hacker Prevention, Mobile Security, Prevent Hackers, Secure Web Hosting, Virtual Security
Posted in: Security | 1 Comment »
by FireHost Evangelist on May 25th, 2010
True story – visiting a client one time, our CEO Chris Drake came across a sales guy who had his computer access credentials taped to the palm rest of his laptop. It turns out the company’s entire customer information database was synced to the sales person’s laptop. If he lost it (or if it was stolen) you can only imagine the consequences.
This vision has haunted us ever since. The responsibility of keeping your company’s data safe is one that’s shared by the whole team, and should make them feel empowered. Hacker prevention for companies that store data and/or transact business online isn’t as simple as hiring a secure web host, it’s a 24/7 job that requires good physical and virtual housekeeping from everyone. Luckily, it’s not as tedious, time consuming, or boring as cleaning your actual home, and it doesn’t require you to pat down your employees each time they walk out the door.
Here are five best practices that every one on your team should put into action to keep the company safe from cyber criminals.
#1 Mobile Security
Whether you’re a swanky, MacBook Pro toting executive or a lowly intern who has company email syncing to your phone, you’re responsible for data security when working remotely. Password protecting your mobile devices, and your software, is a ridiculously easy and yet commonly overlooked step that can prevent a world of loss. Password protect everything that your employees work on and access remotely. And we mean everything – mobile phones and laptops, email accounts, VPN connections, and SaaS programs used for business. In addition, don’t store or “remember” passwords for critical services. Require that every employee manually type his or her credentials every time. It’s really not as daunting as it sounds. It takes just a moment to enter a password.
(more…)
Tags: Empower Employees, Physical Security, Protect Personally Identifiable Information, Virtual Security
Posted in: Compliance, Security | No Comments »
by FireHost Evangelist on May 12th, 2010
You may recall, back in March we were nominated as one of the Best Security Solutions for 2010 by the Software and Information Industry Association (SIIA). The news came down today at a special CODiE Awards luncheon in San Francisco that we won – FireHost is officially THE Best Security Solution for 2010!
The entire FireHost team is excited and honored by this recognition. We want to thank the other finalists for providing stiff competition, and we want to appreciate the CODiE Judges for picking us out of the crowd.
We will wear our CODiE badge proudly as we uphold our mission of making a secure web hosting environment available to companies of all sizes.
A list of all 34 CODiE Award Winners from various categories is now listed on the SIIA website.
Tags: 2010 CODiE Finalist, Best Security Solution, CODiE Awards, secure managed hosting, SIIA, Software and Information Industry Association
Posted in: FireHost News, Security | No Comments »
by FireHost Evangelist on April 6th, 2010
Imagine waking up tomorrow and having your water cut off. It would be annoying to deal with, but not devastating. Life goes on. But what if you didn’t have electricity? Definitely inconvenient. You can’t turn on a lamp or watch TV, but at least your iPhone works. You could still access the information superhighway, so all is well.
Now envision how you would feel if you woke up one morning and your website wasn’t working at all. It doesn’t load or the homepage has been replaced with an offensive message — or even a warning from Google that this site is no longer secure. That’s right, you’ve been hacked and your website has been kicked off Google.
Think this can’t happen to you? It’s actually not uncommon. It happens to small businesses every day when their website gets attacked one too many times for Google’s liking. Mberry, a small business based in Tempe, Arizona, is one of those businesses. This innovative company that sells the very cool, very fun “mberry” tablets that make everything you eat taste oh so sweet for 30 minutes. Mberry had a rather sour experience when their site was banned from Google.
Mberry’s saga started about a year ago when their site was hacked – not once, not twice, but three times in two months. They rely on their site as a main portal for their revenues. Having their site down multiple times going through the process of getting it cleaned up and back online was costly, annoying and damaging to their brand. But it wasn’t until they got the boot from big daddy Google, that things really got much worse.
(more…)
Tags: Kicked Off Google, mBerry, Secure Web Hosting, Website Hacking, Website Protection
Posted in: Security, Web Hosting | No Comments »
by FireHost Evangelist on March 19th, 2010
All new E-commerce businesses should address one vital question first and foremost: Will you collect and store payment card information on your Web site or offload credit card processing to a PCI Compliant merchant like Paypal? The answer to this question is paramount and should be well thought out when you are planning and developing your E-commerce Web application.
When feasible, outsourcing the storage and handling of credit cards to a trusted, capable, and PCI compliant payment processing provider is the most secure and most budget-friendly course of action. Even when you outsource payment processing (the riskiest piece of running an E-commerce business), you still must ensure your hosting environment can deliver speed and scalability that meets user expectation and includes security measures that protect your shoppers from a damaging hacker encounter.
Here are the tools and services that you should be looking for:
Web Hosting Security Basics – the minimum requirements you need to transact business securely online
Redundant firewall protection — Firewalls help stop cyber attacks before they can penetrate the network perimeter. Having firewalls tuned and working in tandem helps ensure protection for your E-commerce environment.
Web application protection – In addition to traditional firewalls, you’ll need a Web application firewall (we call them WAFs). This technology helps protect E-commerce organizations from application-level attacks like SQL injections and Cross Site Scripting (XSS) attacks. Application-level attacks is where the hacker is attacking the website itself; your contact forms, login boxes, etc. Traditional firewalls are helpless to these kinds of attacks and WAFs are required.
(more…)
Tags: eCommerce, PCI Compliant Hosting, Secure eCommerce Development, Secure Web Hosting
Posted in: Security | No Comments »
by FireHost Evangelist on March 16th, 2010
FireHost believes every business is entitled to protection from malicious hacker schemes. This mantra resonates in every decision we make and drives the daily activities for each and every agent of our organization.
We constantly strive to make enterprise-grade hosting features available for companies of all sizes, and VMWare’s vShield™ capabilities (introduced last summer) have helped fulfill our mission. vShield™ marks a significant advance in virtualization technology by providing a “shared [multi-tenant] computing resource pool, while still maintaining trust and network segmentation of users and sensitive data.”
We quickly realized adding vShield™ to our secure hosting infrastructure would make it possible to package the power and privacy of dedicated servers with cloud-like scalability, and our technology staff has worked tirelessly since the announcement to devise the right solution.
The result of their hard work is an affordable, compliance-ready Secure Server with all the tools necessary to protect your customers’ personally identifiable information (PII) and payment card information from hackers without hiring your own internal IT security staff.
Our new offering combines the best features of Dedicated and Cloud hosting into one, affordable Secure Server. This service is new to the hosting marketplace and unique to FireHost, so we’ve made it easy to compare how our Secure Servers stack up against popular options. “When security and affordability are key factors in your consideration set, we make it an easy decision,” said Chris Drake, CEO and founder.
(more…)
Tags: cloud hosting comparison, compare dedicated hosting, compliance ready hosting, secure servers, vmware vshield
Posted in: FireHost News, Security | No Comments »
by FireHost Evangelist on February 25th, 2010
My Child’s Locket’s number one goal is to make children’s important, personal information readily available to parents in the event of an emergency.
The wheels of the business plan were put in motion when Jay Osterholt witnessed his sister and nephew in crisis while on vacation. Away from home, Mr. Osterholt’s sister was ill prepared to answer all the Doctor’s questions accurately and thoroughly. Convinced there was a better way to handle these situations, Mr. Osterholt wanted to help ensure this didn’t have to happen again to his family or others.
Less than two years later, the web-based service is live and empowering parents to access and share critical information about their little ones 24/7/365. My Child’s Locket can accommodate multi-child households and has the capacity to store numerous, important details about each individual.
As a web based service, My Child’s Locket is susceptible to bad things like identity theft schemes, SQL injections, XSS (cross site scripting) and DDoS attacks, and more. Aware of the risks, Mr. Osterholt made finding the right secure, hosting partner a big priority. After a thorough search, he chose us.
Click Here to read MyChild’s Locket’s press release about launching their service on FireHost secure servers.
Tags: Identity Protection, My Child's Locket, Secure Web Hosting, Secure Websites
Posted in: Security | No Comments »
by FireHost Evangelist on January 4th, 2010
As our recent articles about web application risks indicate, more than frenzied last minute shoppers come out to “celebrate” the holidays, and here’s proof that the threat’s are real.
DotBridge, an eCommerce SaaS provider fell prey to a DDoS onslaught. Someone wanted to attack one of their customers web-based business and take it offline, and without a secure hosting company at his back, they may have succeeded.
DotBridge subscribes to our secure, virtualized server service protected by 1) monitoring and response, 2) DoS/DDoS mitigation devices, and 3) a team of knowledgeable and reactive support engineers.
This combination of protection and response is standard for every client that subscribes to our service, and DotBridge is just one real-life example of how we work every day fighting on behalf of our valued customers.
Click Here to read DotBridge’s blogpost on the FireHost experience.
Tags: DDoS Attacks, Dot Bridge, Secure Web Hosting
Posted in: Security | No Comments »
