Last week, several members of the FireHost team made the long, arduous trip from Dallas to Austin for HostingCon 2010. Here’s the insiders perspective on the “who” and “what” from the event this year.

Meeting up with industry friends and partners was certainly the overall highlight of HostingCon 2010. Interfacing with our peers, competitors, and service providers was a great reminder of how many truly awesome people and companies exist in the hosting industry.

For Fun

The Planet‘s booth provided a very entertaining “assemble a Dell server as fast as you can” challenge. The whole spectacle got quite a bit of attention, and our very own Chris Hinkley was the fourth fastest assembler on the final day of the event. (Unfortunately, only 1st-3rd place received a prize, so the accomplishment will only live on in his mind.)

The Trustwave booth’s theme for 2010 was “Knock Out High Prices”. Cool concept, and they actually had a boxing ring setup where attendees could hop in the ring and punch a guy with a “high prices” t-shirt. It drew a lot of attention, but very few people were brave enough to hop in to take a swing. So on the last day, Trustwave brought in some semi-pro wrestlers to help drive the message home.

On a More Serious Note

Security topics dominated many of the sessions and discussions. As well, “the cloud” in general was a hot topic. It seems industry-wide, multiple definitions of “cloud” exist, and compared to last year, even more interpretations have come to light. That’s somewhat counter intuitive since you’d expect a more concise explanation would emerge over time.

Collectively, our team walked away confident that FireHost is leading the secure web hosting pack, and we have a “golden opportunity” to help real businesses solve compliance challenges and achieve a higher level of security in general. We’re excited to be pioneering an affordable, scalable secure hosting solution for companies of all sizes.

All-in-all, HostingCon 2010 was a fantastic event. The relationships, the knowledge, the partnerships, the industry insight, and even the time spent “car pooling” was a valuable opportunity for team building.

See you in San Diego!

The process of determining how to commemorate this grand occasion was… entertaining (at least to us). So for your amusement, here are some of the ideas that didn’t make the cut:

• We could reveal our secret Secure Server sauce.
• We could raffle deprecated hardware for charity.
• We could post pictures from the company picnic.
• We could post pictures from AFTER the company picnic.
• We could give our semi-professional review of Inception.
• We could post high school yearbook pictures of our CEO.
• We could discuss the weather in Texas and Arizona. (It’s hot. End of discussion.)
• We could TP our competition with #NMD toilet paper, and post the photos.

We considered all of these (bad) ideas (and more), but in the end we determined the best use of this space might be creating a concise recap of all the other mediums by which our loyal blog readers can stay updated about FireHost’s initiatives, news, services, strides, and successes in the Secure Web Hosting marketplace.

On the Web

• FireHost Website
• NoMoreDedicated Website
• Revolution Blog by Chris Drake

In the News

• FireHost Newsroom

In Social Media

• Twitter.com/FireHost
• Twitter.com/NoMoreDedicated
• Facebook

For Support

• MyFireHost Customer Portal
• Knowledge Base

We invite you to explore each outlet and hope you can use and appreciate each one for it’s intended purpose. Please feel free to reach out to us via any medium any time the urge strikes.

In a recent interview, founders Jay Osterholt and Jeff Moore talked with WCPO-TV in Cincinnati about My Child’s Locket’s capabilities and the role Secure Web Hosting plays in protecting their clients’ identities.

We’re so proud to be protecting this and other businesses who need shelter from malicious hacker activity. Thanks for the trust.

Security risks increase when your business moves outside of the safety net of your main workplace. Mobile executives carry sensitive data around with them, and often times open it up to vulnerabilities just for the sake of convenience.

It all seems perfectly innocent. Connecting to wireless Internet in your hotel room, or syncing up to free wi-fi in a restaurant just to get a little work done. Convenient? Yes. Necessary? Sometimes. Is working remotely a down trending habit? Absolutely not. And so, we must learn (and educate our workforce) about how to work remotely more safely.

Protecting your mobile workforce is essential to protecting your business. And it can be accomplished (or at least done more successfully) by following a few simple tips to help keep your business safe from hackers, no matter where you go:

Stay Off the Free, Open Wireless

More and more public places are providing free, or shared wireless Internet. These open networks are dangerous. They’re risky for personal communications, but they are absolutely not suitable for conducting business without protection.

When jumping on public shared wireless connections, it’s essential to do so using a secure VPN connection with the latest encryption methods. This will funnel all your online activities (email, surfing, chat, etc) through this secure connection so prying eyes can’t see what you’re doing. Several companies offer this service but we’ve heard good things about Anonymizer.

As an alternative, Verizon, Sprint, AT&T, and others have mobile broadband services available for a reasonable monthly subscription. Spring for the mobile Internet access card. It’s a small expense for what you get in exchange – the ability to conduct business more securely outside the office.

Bonus Tip – turn off your wireless connection at all times when not in use so you are 100 percent sure about when you are connected to the Internet. If you’ve previously connected to default network names (like Linksys) then anytime that network name reappears at another location, you will be automatically connected to the network opening you up for risks.

Let Hardware Do the Hard Part

We’re joined at the hip to our laptops, mobile devices, iPads, and other mobile gadgets. These crafty handheld devices help us work more effectively, and their processing capabilities and compatibilities increase every day. There’s no turning back from the convenience they provide, and believe me, we wouldn’t want to because the benefits in most cases far outweigh the risk.

Next time you’re packing for a trip, or just to work remotely for the day, think twice about your hardware requirements.

• Use a “travel only” laptop. A stripped down version of your of your regular workhorse but with limited history and minimal applications installed. Of course, passwords and all the “conveniences” of your regular machine won’t be readily available, but do you really need it all when you’re on the road? For some trips, perhaps, but always weigh the risks against the convenience.
• Use Web access rather than physical software for email when possible. Obviously, this is more convenient if you subscribe to the “travel only” laptop model. Either way, take pause to consider all the confidential information that may be stored on your physical machine’s email software if it fell into the wrong hands.
• Clear browser history every time you close Safari, FireFox, Chrome, etc. If anything, this will make it more difficult for cyber thieves to retrace your steps.
• Don’t store documents, presentations, spreadsheets, PDFs, etc, locally. Always connect to your designated location on an approved network and put your information there. The goal is to make your physical hardware as useless as possible. This way, if your laptop goes missing, none of the important information goes with it.
• Don’t store or “remember” passwords, type them in every time unless you want to give unlimited free passes to cyber criminals.
• Don’t leave home without “lojack-like” software, such as Computrace, that can wipe the contents of your mobile device. This provides an extra layer of protection in case your phone or laptop falls into the wrong hands.
• Anti-virus software can be installed on most laptops. There are several reputable virtual security companies that provide reliable service, but in a pinch you can download a free version that is better than nothing, as they say.

Pull the Fire Alarm

Two-factor authentication (aka 2FA or “the fire alarm”) provides an additional layer of protection and awareness for user systems. It’s incredibly simple, affordable, and effective, so there’s no excuse to not have this service for your users 100 percent of the time, but it can easily be enabled for users on the road.

It works like this: When (stolen or legitimate) credentials are successfully entered into a login prompt, the “fire alarm” software places a phone call to the authorized user to 1) alert the authorized user that a designated system is being accessed and to 2) retrieve a secret pin and complete the authentication. With this service enabled, attempted security breaches can be identified quickly, snuffing our suspicious activity before a full-blown crisis ensues.

Watch Your Back, Jack

Your coffee cup is empty, so you grab your wallet and ask the nice person next to you to “watch” your laptop while you go refuel. For an experienced cyber criminal, it takes just second to grab some data off of your computer, phone, or tablet. And lesser skilled (however not necessarily less malicious) hackers could just grab your goods and run. Thieves are everywhere and they park themselves in places where people work for this very purpose.

The coffee shop isn’t the only crime scene. Airports, car rental shuttle, hotels, and the back seat of your car are equally susceptible to theft. Check your bags at every turn. Make sure you’ve got the correct luggage and account for all your personal and professional belongings. Report any stolen items to the police and your IT staff at once.

Be Responsible. Your Business Depends on It.

Anytime you’re doing business on the road without security in place, you’re open for business, but for the wrong customers. You wouldn’t take your customers’ money and let it hang out of your pockets for anyone to grab would you? By leaving data access points open to hackers, you’re essentially doing just that.

Be conscious of how easy it is for hackers to take your company’s valuable information. Take the time to ensure that your company, and your customers’ data, is always protected and accountable, no matter where you are in the world.

A version of this article appeared in eCommerce Times on June 22, 2010.

Now envision how you would feel if you woke up one morning and your website wasn’t working at all.  It doesn’t load or the homepage has been replaced with an offensive message — or even a warning from Google that this site is no longer secure. That’s right, you’ve been hacked and your website has been kicked off Google.

Think this can’t happen to you? It’s actually not uncommon.  It happens to small businesses every day when their website gets attacked one too many times for Google’s liking. Mberry, a small business based in Tempe, Arizona, is one of those businesses. This innovative company that sells the very cool, very fun “mberry” tablets that make everything you eat taste oh so sweet for 30 minutes.  Mberry had a rather sour experience when their site was banned from Google.

Mberry’s saga started about a year ago when their site was hacked – not once, not twice, but three times in two months. They rely on their site as a main portal for their revenues.  Having their site down multiple times going through the process of getting it cleaned up and back online was costly, annoying and damaging to their brand. But it wasn’t until they got the boot from big daddy Google, that things really got much worse.

“For a startup like ours, getting hacked and then kicked off of Google almost put us out of business,” said Charles Lee, founder and CEO of mberry. “The time and effort we had to spend working through the process to get back in Google’s good graces was arduous. Not to mention, we lost thousands of dollars by being offline for so long. There is no telling how much we lost in terms of brand reputation and vendor relationships. Small businesses simply cannot afford to get hacked.”

Can this happen to any website?  Yes. But here’s the reassuring news — everything you need to help protect your online business from hackers is in your power.

Google to the rescue

When you’re the entrepreneur living through this nightmare, Google definitely seems like the bad guy. Google does do a good job of upholding their responsibility to keep your website and it’s visitors safe. After all, you, your development team, and your hosting provider are responsible for protecting your website, not Google.

Google can be your friend in this situation. Their Webmaster Tools provide some useful services and articles aimed at helping prevent a problem with hackers from ever getting as far as it did with mberry. Google provides a quick checklist on their website that spells out the high-priority (and completely achievable) protective measures in a simple way. For example,

• Scrutinize third-party content plug-ins and use them only when required. Go with well-respected providers.
• Use Google site search to see which of your website pages Google has indexed. Type “site:__<yourwebsiteaddress.com>__” into the Google search bar, and if unfamiliar content shows up, you have problems.
• Sign up for a Google Webmaster account and get access to:
  • Notifications about potential vulnerabilities
  • Notifications about new software versions
  • Notifications when signs of suspect, hacker content like spammy links or comment spam infiltrate your code
  • Google also recommends you rely on your hosting company for support and advice. Ahem.

The White Knight – website hosting

A capable, security focused hosting provider can be a big part of prevention and identification when problems arise. Here are some of Google’s quick checklist recommendations that should be addressed by your hosting provider.

• Lock down your server’s configuration settings for directory permissions, server side includes, authentication, and encryption
• Stay up to date with the latest software patches for all the operating system and applications on your web server.
• Monitor logs and store them per a conservative retention schedule
• Regularly check and monitor your website with anti-virus and vulnerability scanning
• Use secure protocols for data transfer (SSH and SFTP only) and a high level of encryption when data is at rest

Don’t overlook importance of extra security measures like redundant firewall protection and web application firewalls. These protective layers could have kept Mberry from the one-two punch they got from hackers.

Since Mberry put the right protective measures in place, they have not been hacked once. Their customers’ data is totally safe, and life is once again sweet on Google.

When feasible, outsourcing the storage and handling of credit cards to a trusted, capable, and PCI compliant payment processing provider is the most secure and most budget-friendly course of action. Even when you outsource payment processing (the riskiest piece of running an E-commerce business), you still must ensure your hosting environment can deliver speed and scalability that meets user expectation and includes security measures that protect your shoppers from a damaging hacker encounter.

Here are the tools and services that you should be looking for:

Web Hosting Security Basics – the minimum requirements you need to transact business securely online

Redundant firewall protection — Firewalls help stop cyber attacks before they can penetrate the network perimeter. Having firewalls tuned and working in tandem helps ensure protection for your E-commerce environment.

Web application protection – In addition to traditional firewalls, you’ll need a Web application firewall (we call them WAFs). This technology helps protect E-commerce organizations from application-level attacks like SQL injections and Cross Site Scripting (XSS) attacks. Application-level attacks is where the hacker is attacking the website itself; your contact forms, login boxes, etc. Traditional firewalls are helpless to these kinds of attacks and WAFs are required.

DoS/DDoS mitigation — (Distributed) Denial of Service attacks hit your Web site with a flood of robot-directed, fake visitors that consume all available resources, lockup your server, and take your Web site offline. DoS/DDoS mitigation devices help ward off such events by providing a barrier between your server and the IP flood.

SSL VPN (Secure Sockets Layer virtual private network) – It’s a mouthful, but it’s important to take note. SSL VPNs create a secure connection for remote users that will be administering the Web applications and hosting environment.

Vulnerability Monitoring – Vulnerability monitoring services scan your Web application code around the clock looking for unexpected changes and malicious code that matches known “diseases” in the threat database. When a potential problem is uncovered, you’ll be notified so you can resolve the problem.

Antivirus protection – Antivirus software works much the same way as vulnerability monitoring, however the target for AV scans is different. Rather than reviewing Web application code, Antivirus software reviews files and services stored on the physical server.

Two factor authentication – 2FA requires website administrators to go thru two layers of security before obtaining access to the hosting environment. Two factor authentication helps prevent the most common cause of data theft – password leaks. Two factor is unique because it challenges you with something you know and something you have.

Encrypted backup, service monitoring and response – While these protective measures are available from most Web hosting companies, they’re not ALWAYS included. Make sure you know what you’re getting.

Performance wish list – Cadillac hosting solutions that provide speed and scalability for for SMBs on a Camry budget:

High Availability – The Web is the front door for your E-commerce site. When your Web site is offline, it is like bolting the door shut and surrounding your office building with caution tape. Really, it’s that serious.  This is very discouraging to online shoppers. High availability hosting helps ensure your Web site is NEVER offline, even for necessities like patching, hardware upgrades, and other required maintenance.

CDN (Content Delivery Network) – CDN performs several important functions for online retailers. First, content delivery networks make Web site content available to users around the world. The service also helps ensure multi-media components (product photos, videos, demonstrations) load quickly for every user, regardless of where he/she is located. Finally, CDN provides additional throughput when your Web site receives an unexpected spike in traffic. Oprah, bring it on!

Virtualization – Virtualized servers are quickly scalable, but you need to make sure they are secure. Deploying upgrades, installing patches, and migrating hardware can happen in minutes if not seconds of scheduled downtime rather than the lengthy outages synonymous with traditional dedicated hosting of the past.

Successful E-commerce companies will require all of these performance features at some point. Migrating your Web application is always a risky and time-consuming proposition. While you’re small and agile you should align with vendors that can:

1) Provide security and protection for E-commerce retailers on a budget

2) Provide content acceleration for E-commerce startups with rich multi-media components and/or global distribution, and

3) Provide scalable server resources on demand with built-in business continuity planning

For E-commerce startups, developing a reliable Web application and backing it with a hosting environment to ensure maximum uptime, infinite scalability, and protection from hackers can feel the like the most daunting task. Considering your long-term needs from the start can save you a world of pain, time, and money later when everything comes together, and your online business soars.

A version of this article appeared in eCommerce Times on March 19, 2010.

The wheels of the business plan were put in motion when Jay Osterholt witnessed his sister and nephew in crisis while on vacation. Away from home, Mr. Osterholt’s sister was ill prepared to answer all the Doctor’s questions accurately and thoroughly. Convinced there was a better way to handle these situations, Mr. Osterholt wanted to help ensure this didn’t have to happen again to his family or others.

Less than two years later, the web-based service is live and empowering parents to access and share critical information about their little ones 24/7/365. My Child’s Locket can accommodate multi-child households and has the capacity to store numerous, important details about each individual.

As a web based service, My Child’s Locket is susceptible to bad things like identity theft schemes, SQL injections, XSS (cross site scripting) and DDoS attacks, and more. Aware of the risks, Mr. Osterholt made finding the right secure, hosting partner a big priority. After a thorough search, he chose us.

Click Here to read MyChild’s Locket’s press release about launching their service on FireHost secure servers.

Our virtualized servers provide secure, scalable hosting solutions to small and medium sized businesses around the globe. Thru the use of new, green hosting technologies, we’re helping reduce e-waste: energy consumption, CO2 emissions, hardware waste, and more.

Click Here to learn more about how FireHost leverages virtualization to save a few IT dollars while helping save the planet.

Each of Demo’s events in the US and China foster productive, face to face interaction between investors, innovators, entrepreneurs, and influencers in the technology industry. Visionaries and veterans from seven technology sectors will be demonstrating and pitching their business ideas next month:

• Social Media
• Health and Life Science
• Clean and Sustaining
• Cloud Computing
• Enterprise Technologies
• Mobile Applications
• Consumer

FireHost provides enterprise-grade website (and web application) protection at prices tailored for to start-ups and SMBs, so we’d enjoy meeting each and every participant to discuss concerns or challenges you may be facing with an upcoming product/service launch. Members of our team will gladly help point your domain in the right direction, so make sure to seek us out at the event.

Spring Demo will take place March 21-23, 2010 in Palm Desert, CA. Thru March 7th, you can register to attend Demo Spring 2010 at a discounted rate. We’ll see you there.

DotBridge, an eCommerce SaaS provider fell prey to a DDoS onslaught. Someone wanted to attack one of their customers web-based business and take it offline, and without a secure hosting company at his back, they may have succeeded.

DotBridge subscribes to our secure, virtualized server service protected by 1) monitoring and response, 2) DoS/DDoS mitigation devices, and 3) a team of knowledgeable and reactive support engineers.

This combination of protection and response is standard for every client that subscribes to our service, and DotBridge is just one real-life example of how we work every day fighting on behalf of our valued customers.

Click Here to read DotBridge’s blogpost on the FireHost experience.