Have you ever been working on an important document for hours on end, and when you are close to completion, lose everything because you forgot to save it periodically, or worse, the computer you were using crashed? This scenario has happened to all of us at one point or another. The same scenario can be scaled up to servers and entire businesses. It is a fact of our industry that a catastrophic failure of a component, security update, or other possible issue could arise, taking down the system(s) you depend upon. Many start-ups and small to medium sized businesses underestimate the value of being prepared for disaster by having backups, load balancing, or redundancy within their sites and systems. Some feel that this scenario could not happen to them, or that the costs involved in being prepared outweigh the risk.
There are some simple precautions as a responsible business or technical person you can do to help prevent or mitigate the severity of such scenarios, such as building a Disaster Recovery Strategy. Your particular strategy may vary from others, but the overall preparedness for building a DR plan is usually the same. For the purposes of this article, we will focus on a single server plan, but this can be easily scaled up to multi-server configurations and complex designs:
Software Have you identified all software your business requires to function should a failure occur? What software is installed on your machine? Do you have copies of this software to reinstall, along with any license keys if it was not supplied by your provider?
Open Files and Databases Are you running any databases, or have applications that keep open files on the system that are needed in the event of failure? Are you dumping the database(s) into an importable format and backing it up regularly?
User Data Are you making copies of the data uploaded by your users or developers? Do you have backups of your website content? What about the user accounts and passwords used by your users?
Security Updates Is your system up to date with the latest security updates for your Operating System? Is your OS outdated and has no updates available? More system failures occur from hacker intrusion versus hardware failure.
Back-ups
Do you subscribe to or use a back-up service? Even if you are, are you prepared for the length of time involved on bringing your system back online after failure?
Redundancy Your system is only as strong as its weakest component. RAID, while it is good for protecting data in the event of a drive failure does not protect you against hackers or accidental file deletion. Even if you have a completely redundant load balanced cluster, you could be susceptible to hacker intrusion and loss of data should you not keep up to date on security updates.
Firewall Do you use a firewall on your system? If so, what ports are open to the outside world? Are the services on those ports kept up to date? Do you analyze the log files for those services and look for attempts at break-ins? Firewalls are good for protecting systems against hackers, but the firewall is only part of your security. Remember that the services you allow people to connect to could be vulnerable to break in, and therefore should be watched closely.
This article is not meant to scare you, but is intended for you to understand that there are several risks to businesses that can and should be prepared for. The better you are prepared and understand the risks on the Internet, the more profitable and successful you will be with your business.
If you are concerned about your ability to recover from a disaster, please feel free to contact your sales person and discuss how they can help you with your system. Or, if you have questions about your existing systems or protection against disaster, please contact our technical support personnel, and they will be happy to assist you.
At its most basic, a firewall is a hardware and/or software device that resides on a network. Its function is to block certain types of unwanted traffic, while allowing legitimate traffic to pass through to a server or group of servers. A firewall by itself is not an all-in-one solution to Internet security problems. However it is a necessary foundation from which to build a secure solution.
Just as Internet use by businesses has escalated sharply in recent years, so too has the occurrence of network security breaches. Today’s organizations understand the importance of securing external communications to prevent network attacks and ensure privacy. Nowadays it is not a matter of asking why a firewall is needed, but how best to implement, manage and support one.
Why use a Firewall? Imagine for a moment that you are the owner of a new store in town. You’ve invested a small fortune in equipment, furnishings, supplies, etc. You’ve set up shop and it’s time to go home for the evening and you mistakenly leave the front door unlocked on the way out. The next day you come in and find the place vandalized, items stolen and the equipment has been tampered with.
This scenario plays itself out more often than you would think. However, instead of a store it’s an online business. Instead of equipment and supplies it’s account information and company documents. And instead of an unlocked door, it’s an unsecured server. However the end result is the same – you become the victim of a crime.
A firewall can help secure your server against unauthorized access by ‘locking’ it down.
How a Firewall Protects A firewall acts as a secure barrier between your server and the Internet. It monitors all traffic to and from your server, and decides whether or not this is normal activity or a malicious attempt to access your server: It will then filter the traffic accordingly.
A firewall can be used to lock down ports that have no need to be externally accessible. For example, if a well known service operates on port 1234, and a malicious user decides to scan your IP addresses for that service, a firewall can make that port unresponsive to the scan making it seem as if the service was not running on the server at all.
Access Control Lists (ACLs) are used on the firewall to permit or deny access to resources based on source and destination information.
Advanced firewalls use stateful packet inspection to keep track of the state of packets going through it over a period of time. With SPI the firewall is able to distinguish which packets are legitimate for the type of connection it is using. Packets that match a known connection state will be allowed, while others will be rejected. Using stateful packet inspection, a firewall can stop port scans, spoofing and synflood attacks as well as other types of malicious activity.
VPN (Virtual Private Network)
A VPN is a private network configured within a public networking infrastructure (e.g. the Internet). This will allow you to access a remote server as if it were on your own network. Secure VPN solutions such as the ones offered by Engine Networks provide an added layer of security by encrypting the communications within a VPN Tunnel. Both client-to-site and site-to-site VPN methods are supported by Engine Networks.
Software vs. Hardware Firewalls Hardware firewalls (such as the Juniper or Cisco firewalls) provide a strong degree of protection from most forms of attack coming from the outside to the internal network. Hardware firewalls can protect computers on a local area network and they can be implemented without much configuration difficulty. Hardware firewalls contain their own OS, and operate independently of the server/servers they were designed to protect. Traffic coming into the server is processed by the firewall before it ever reaches the target server.
Hardware-based
OS dedicated to firewall functionality – Single function appliance
Traffic is processed at the firewall appliance
Administered by Engine Networks
Software firewalls such as Windows Firewall or IPTables on Linux-based operating systems are installed on individual computers and they need sufficient configuration to be effective. Software firewalls reside on the systems they were designed to protect. As a result it is also shares the same system resources as well. Traffic is processed when it gets to the server. Should a server with a firewall become compromised, it would not be too difficult to have the firewall disabled.
Software-based
OS resources are shared by the app and firewall
Traffic is processed at the server where the firewall is installed
Not administered by Engine Networks
The Engine NEtworks Difference Security is a difficult job that involves constant care. Computer systems or other networked devices are vulnerable by virtue of their ability to connect and communicate with other systems. A firewall reduces some of the risk by reducing the number of devices that can communicate with a protected host.
Installing a firewall device is only part of the job. After installation, rulesets must be defined and adjusted for new applications, emergency steps must be taken when new compromising techniques are made known, hardware must be maintained and replaced. The skills required are significant.
A firewall is only as good as its rulesets and the administrators who implement and maintain them. In the wrong hands a firewall could be rendered useless. Good technical staff has the knowledge and experience to ensure that the firewall is configured according to your custom needs. The right support team will work together with you to set up a custom rule set to allow you to do your business safely and securely.
As a result of software-upgrades in our European backbone infrastructure,
services at the according locations could be temporarely unavailable. The
upgrades will start on the 30.11.2009 at 00:01 and willbe completed at 06:00.
This maintenance concerns all Colocation, IP-transit, VMware Cloud Hosting,
Dedicated Hosting, MPLS, SDH links and VLAN-customers at the specific
locations.
Below you can find a detailed timetable for the outages at the specific
locations:
00:01 – 00:30 GV1: Equinix, Geneva Confederation Center
00:30 – 01:00 ZH1: ICT Center ZH, Zürich Josefstrasse
01:00 – 01:30 MI1: Interoute, Caldera
03:00 – 06:00 Tests / Delays
All times are CET time zone.
Of course we’ll try to keep the outages as short as possible.
Should we encounter any problems during the maintenance, we will
postpone the remaining upgrades to a later date, which of course will be
announced before. Please be also aware, that the timetable may vary a
bit in case of unpredictable delays.
Managed Hosting
Managed Hosting is a form of web hosting where a client chooses to lease an entire server housed in an off-site data center that is dedicated to their uses only, and not sharing it with anyone else as in a shared hosting environment. Managed Hosting gives the client complete control over the server and provides them with maximum usage of the hardware, processor speed and bandwidth capacity. Choices range from a basic server to a high performance, premium server depending on the client’s online needs. A client can also choose their preferred operating system, Windows or Linux, as well as optional managed services like security patches, upgrades, backups, and firewalls. Basic system administration is included with Managed Hosting. For more information, click here.
Dedicated Hosting
Dedicated Hosting is a form of web hosting where a client chooses to lease an entire server housed in an off-site data center that is dedicated to their uses only, and not sharing it with anyone else as in a shared hosting environment. In contrast to Managed Hosting, the client must have technical know-how, and perform all system administration and management activities on the server from their remote desktop. This lets the client choose a server with more powerful hardware for much less cost. As with Managed Hosting, the client has complete control over the server and can choose their preferred operating system, Windows or Linux. For more information, click here.
Co-location
Co-location is a form of web hosting where a client leases a cabinet in an off-site, highly secured data center to house their own server hardware. The shared data center infrastructure, along with its redundant power, large bandwidth capacity, and direct connection to the Internet allows the client to get cost-savings on greater safety, scalability, business continuity, and minimal network latency. In Co-location, the server hardware is entirely owned and operated by the client and does not receive any system administration from the provider. For more information, click here.
Charles Babcock recently wrote an article entitled, “Hybrid Clouds Floating to Enterprise Forefront” which ran in InformationWeek. He attended the Cloud Computing Conference & Expo, where speakers raised the prospect of private clouds working with public clouds, creating hybrid clouds.
The hybrid cloud is not a term we’ve never seen or heard before. However, it seems in his article that there aren’t many providers out there actually doing the hybrid cloud approach with their clients. But Engine Networks is. For over two years Engine Networks has offered a private cloud solution in conjunction with our public cloud hosting solution. Our clients’ ability to have their own internal cloud which has the capability to spill over and utilize our public cloud when necessary has proved itself very valuable. So yes, Mr. Babcock and the Expo speakers, the hybrid cloud computing approach is going to continue to gain traction.
For those companies who are fearful of “losing control” in the cloud, the private cloud approach is extremely beneficial because those companies are able to gain access to the benefits of cloud computing while still controlling their own infrastructure in house. So not only is the private cloud a good starting point, but with the right cloud technology (like Engine Networks’s), it doesn’t have to be the end of their cloud strategy.
New to the idea of Software as a Service SaaS Virtualization? This video from Salesfor will help bring you up to speed:
This short video clip, produced by Salesforce.com, effectively points out that managed cloud hosting is a superior way to run your business. It’s clear that multitenancy is simply a more efficient way to approach IT infrastructure.
For those of you who are new to cloud, some of the major benefits of cloud computing are that your data is:
secure
backed up in another location (redundant)
not limited in storage or resources
To help you better understand Infrastructure as a Service (Iaas), Common Craft recently put out a cool little video that is put together like School House Rock for the 21st century.
I always keep an eye open for better ways to explain the benefits of virtualization and cloud computing to not-so-technically-inclined friends as well as potential clients. I found these quick videos to be expremely helpful in succinctly illustrating cloud computing hosting.
Matt Cutts, a software engineer and an eloquent corporate spokesman for Google, spoke at PubCon earlier this month and later gave a video interview to Web Pro News, in which he said that the speed at which web pages are available might become a factor in SEO moving into 2010. He said that because many within Google consider fastness to be vital to the web, the company is considering making web site speed a factor in calculating page rankings. Those comments have confused and scared many folks as to how speed might impact their businesses.
With Engine Networks you don’t have to worry about that, becouse our backbone is peering dirctly with Google backbone improving connectivity and gaining speed and reactiveness.
So your provider calls and tells you “You’re receiving a 10 Gbps DDoS attack, we’re going to have to null route your IP until it passes.” Really?! Maybe they told you that you could upgrade to a protection plan to stop this attack. It might cost you €20.00, €1000.00, or maybe even €20,000.
Stop and ask your self: “Is this legitimate?” Every day Engine Networks receives e-mails from customers stating that they’re under a 10 Gbps or 20 Gbps DDoS attack. Once we even had someone swear they had 50 – 100 Gbps attacks. Where are our customers getting this information? If we were gambling men (and women) I would say they’re either making it up or someone else put it into their heads. Perhaps a competitor told them this to beat the heat of having to explain that they’re not a protected provider or that the protection they offer is inadequate.
So what is the true size of a DDoS attack and the cost of protecting against it? Here at Engine Networks only a few hundred euros will be enough to stop a 1 Gbps or 500,000 packet per second attack (compare to €1500 to €11,000 elsewhere). This is where a typical sales conversation may spin into, “Only 1 Gbps? I need more, my provider says i’m receiving 10 Gbps.” In the real world attacks of this size cost five to six figures to mitigate and generally cause severe disruptions across the internet that would have the global network engineering communities up in arms and at the ready. People on NANOG would be talking about it.
“Respectfully sir, I don’t believe you are,” we may reply. Why? It has been our experience in the past six years of focusing on DDoS protection that relatively few attacks burst past 1 Gbps. A typical attack against 99% of web sites might top out at 200 – 300 Mbps. Once in a blue moon a customer will make enemies with some seriously dangerous persons resulting in a 1 – 3 Gbps attack. We even had a potential customer just the other day claim one of our competitors was stopping these phantom 10 – 20 Gbps attacks on a routine basis at €250.00 per month. I wish they were, I really do that way I could just buy service from them and resell it instead of investing thousands into our own infrastructure and human capital.
At the end of the day if a provider tries to tell you that you need more than a couple Gbps of protection or that they’re going to sell you 10 – 20 Gbps of protection at something less than four to six figures then we will leave you with this: You’re probably the victim of a scam.
Our peering policy is open. That means that we would like to peer with everyone who wants to peer with us. There are only a few basics (see “Peering Requirements”) we assume you can agree into.
We do not ask for a written peering contract but if you require we will sign a contract if we agree with the content.
If you would like to have a peering with us, please contact us via peering@enginenetworks.net and provide us the required informations (see below).
Any Peer must agree into the following conditions:
- Peer must operate a Network Operations Centre (NOC) which can be contacted 24×7x365 by eMail or phone if necessary.
- Peer must cooperate in case of network abuse. On occurrence of Denial of Service attacks Peer shall implement filters on request.
- Routes should be aggregated as much as possible. We will not accept any announcement smaller than /24.
- Routes must be registered at RIPE using a route object.
- Peers should enforce routing integrity by means of filters to their customers.
- Peering-Point(s) (if not clear).
- Your IP-Address (required)
- Your AS (required)
- Your AS-Set (please tell us if you haven’t one)
- Your recommended prefix limit we should use (if missing we will choose it)
- If you would like to use an MD5 password, please choose a password or ask us to choose it. (if missing, no password will be configured)
We are currently present at the following Public Peering Points:
- SWISS-IX (Switzerland, Zürich)
We are currently working to be present at the following Public Peering Points:
- MIX (Italy, Milan)
- DE-CIX (Germany, Frankfurt/Main)
- TIX (Switzerland, Zürich)
- CIXP (Switzerland, Geneva)
If you are present at two or more peering points, we would like to peer at multiple IXP’s for increased resiliency.
Except where otherwise specified, the contents of this site are copyright (c) 2005-2012 Engine Technology S.r.l. All rights reserved. ENGINE Networks and ENGINE Networks Logo are registered trademarks or trademarks (the "Marks") of Engine Technology S.r.l. You are not permitted to use the Marks without the prior written consent of Engine Technology S.r.l. VAT IT09227370013.
Customers Log-In
Matt Cutts, a software engineer and an eloquent corporate spokesman for Google, spoke at PubCon earlier this month and later gave a video interview to Web Pro News, in which he said that the speed at which web pages are available might become a factor in SEO moving into 2010. He said that because many within Google consider fastness to be vital to the web, the company is considering making web site speed a factor in calculating page rankings. Those comments have confused and scared many folks as to how speed might impact their businesses.