Archive for the ‘Data Security’ Category

Why Hackers Might Already Be Inside Your Network

Wednesday, October 15th, 2014

Cyber Security at the Ministry of Defence MOD 45153615Anybody working in the front lines of cyber security knows that a company that has anything worth stealing has either been hacked already or already infiltrated by APT (advanced persistent threat) groups. The recent incidents with Target and Home Depot breaches only brought it to the attention of mainstream media but the problem has been a long time brewing. The defenders – rather the people on the side of security – are simply doing a poor job. Why are hackers seemingly winning the long term war? Here are a few of the most pervasive problems:

There’s No Fear of Punishment

Very few hackers that get caught actually get convicted. It’s not just a matter of legislation, it’s also because many cyber crimes happen across country boundaries, and the different jurisdictions mean that the laws sometimes don’t match up, making it hard for the authorities to persecute individuals even if a mountain of solid evidence has already been collected.

Fortunately, steps are being taken by various jurisdictions in order to cooperate on the pursuit of cyber criminals, ensuring that nobody will get away because of geographical boundaries. It may take some time, but hopefully the future is a place where people won’t be too focused on the biggest and boldest financially-motivated hackers at the cost of letting the lone teenager hacker with an equally dangerous agenda scoot by.

All Web Hosting plans of Prestige Technologies provides redundant security measures. Click here and check out the different plans.

Poor Communication

It’s not really a case of the stereotype that IT people are poor at communication – as that ship has already sailed. People in the IT industry these days are not that different from people from other professions who have interpersonal communication as one of their skillsets. However, the problem is that most of the time, communication between the IT security department and the executives (i.e. the people with the authority to make the necessary sweeping changes needed for increased security) are poor if non-existent.

Most of the time, the IT department is siloed off from the higher ups and must coordinate with a middlemanager. Sometimes important security issues take too long to reach the people that need to know about them, and there are the more dangerous cases where the higher ups want nothing to do with IT and just delegate responsibility to a middle manager.

CEOs and CIOs That Simply Don’t Care

It can be somewhat rarer these days as many companies are tech oriented and thus require tech-oriented execs as well, but there are still CEOs and CIOs who fail to take security threats as seriously as they should. It has to do with that mindset that IT security is the sole responsibility of the IT department (disregarding the fact that the IT department usually requires authorization and input from the higher ups). Hopefully, the Target breach, which lead to $1 billion in losses and the firing of both the CEO and CIO, will make executives in various industries stand up and finally take notice.

Companies That Are Doing Security Right

Monday, October 13th, 2014

With the Heartbleed bug, the banking malware fiasco, and even the recent news that 5 million Gmail accounts were compromised via the universal login feature, it would seem like Computer Security in general is in a bad place. To someone looking from the outside, there are way too many possible vulnerabilities coupled with the fact that hackers these days are even more financially motivated.

Cyber Security at MoD MOD 45156131

The truth is that security is still where it needs to be. Attacks and exploits get more sophisticated but the good guys still manage to get on top of things. Unfortunately, sometimes it does seem like the guys on our side are just playing catch up. However, there are a few companies who seem to know what they are doing and manage to stay one step ahead of everyone in terms of security, by doing a couple of simple things on their end:

No Permanent Members in Admin Groups

Administrator access is technically the keys to the kingdom. When hackers gain access to a member of the admin group, they no longer need to worry about any other security in the network. They can even set their own policies or do anything to disrupt (but they won’t, the real dangerous intruders want their deeds to go unnoticed so that they can stay inside for a long time.)

Most companies address this by taking really good care of the administrator accounts in their groups. They make sure that only the people who really know what it means to have elevated privileges. However, really smart companies do one thing further and apply delegation, where individual sets of elevated permissions are given to smaller groups of objects. Or they do a variation where they use a password vaulting software in order to ensure that super admin credentials are checked out on the fly. The main purpose is to further minimize the attack surface area by turning it into a moving target.

All Web Hosting plans of Prestige Technologies provides redundant security measures. Click here and check out the different plans.

You will be surprised to know that many intrusions were prevented by this because the hackers were frustrated or simply gave up, knowing that there are easier, more vulnerable targets out there.

Get Rid of Java or Keep It Patched Regularly

It may sound mean but it’s the truth. Java is a security risk and the fact that it has a spotty patching record further makes it not worth the benefit it brings, unless you can be 100% sure that you’re patching it regularly. Many companies keep Java installed because they want to ensure application compatibility. However, companies that are doing security right prioritize security over application compatibility. Once you find a workaround for API incompatibility, it’s pretty much smooth sailing from there on, but leaving a hole in your security is an ongoing risk to your company, your employees, and your customer.

Keeping Passwords Unique Across The Network

The aforementioned Gmail leak somewhat shines a spotlight on this: where the only people who were at risk are people who used the same password for different services. When it comes to company security, the same reliance on easy to memorize passwords can be their undoing. Each password should be unique (and never the default,) so that one being compromised doesn’t necessarily put the rest at risk (or that employees who shouldn’t have access to other people’s accounts wouldn’t be able to guess their way around.)

One of the reasons why non-unique passwords are prevalent is because it makes it easier for the users, but a company should never compromise security for the sake of making things a little bit more convenient for its employees. It is after all, those employees who will suffer is the company is taken down by malicious hackers.

One way companies manage unique passwords is by using an automated password generator or management tool (although it is better for your IT to just code a random string generator instead of using third party software. You never know if one of those has malware built in.)

Outstanding Monitoring

It’s common knowledge that no security measure will ever be 100% foolproof. So a company that values its security will accept that and never let themselves be caught offguard. A robust network and its safeguards will prevent attacks from succeeding, but in the very rare cases that one succeeds, a network that is constantly monitored by an alert security team will be able to address the situation before the hacker manages to do significant damage.

Unsecured Security

Friday, September 5th, 2014

A few decades ago, IT security wasn’t much of an issue. Sure, there are hackers and malicious code, but most of them were created out of mischief and at worst could only render a computer inoperable. The really dangerous hackers at that time had no real reason to go after the common user. However, these days cyber crime is financially motivated, with syndicates employing hackers and programmers in order to amass millions of dollars through various methods, including phishing, ransomware distribution, or even by hacking rival institutions or companies for a fee.

All Web Hosting plans of Prestige Technologies provides redundant security measures. Click here and check out the different plans.

What makes this problem even more serious is that there are a number of techniques, practices, and information relating to security that doesn’t really work as intended. They are simply outmoded, compromised, or not true in the first place. They are the IT security equivalent of old wives’ tales. Here are some that you might want to purge from your repertoire:

An Antivirus/Anti-Malware Suite Will Keep You 100% Safe

You can’t blame security software companies for claiming that their products will keep you safe from all attacks, simply because being upfront and stating that they’ll only protect you from most attacks isn’t likely to inspire buyer confidence and leaves them open to competitors willing to promise the moon and the stars. Additionally, it’s not like they aren’t trying – if it were up to security software companies, they’d create an antimalware that completely protects customers, because that means they’d rake in the profits from selling the best product in the market. Unfortunately, the reality of the situation is that no software suite could ever hope to protect a user 100%. Even the best set of anti malware and anti-virus suites is just half of the equation, the other half is the user being smart and educated about IT security, because he or she is the one aspect of security that no software can account for. (more…)

10 Crazy IT Security Tricks That PT Recommends

Wednesday, September 3rd, 2014

Computer SecurityNetwork security isn’t exactly the ideal place for experimentation, as it relies on tried-and-tested systems and methodologies in order to provide solid security. However, IT security threats these days evolve on a rapid pace and new ones are being discovered or created all the time, so there are times when a little bit of creativity provides new solutions that greatly enhance security without risking any vulnerabilities. Here are ten great examples of crazy IT security tricks that Prestige recommends:

1. Rename Administrator Accounts

Sometimes simple things that help a great deal get overlooked by virtue of their simplicity. This case, it’s something as simple as just changing the usernames of the administrator account. People already know that they should immediately change the password of the administrator account, but the username is usually kept as is for some reason (maybe it’s laziness, or maybe they treat it as a badge of pride.)

Prestige Technologies has proven to be one of the most secure web hosting companies as proven by our high customer retention. Click here and avail of our free 6 months hosting. (more…)

How a DNS Can Help Your Business Grow (Part 2 of 2)

Wednesday, August 27th, 2014

In the previous post, we’ve outlined a way on how DNS can aid in your business’ growth, with the chief method being efficient management of your traffic via weighted load balancing and automated failover, both of which ensure that visitors of your company website will never experience slow loading or dropped requests. This is very useful in helping your business grow because it prevents loss of sales due to an inaccessible website (which could be a point of sale or a marketing channel.)

For this post, we’re going to outline several more ways a DNS can help your business grow:

Localize DNS Responses via Origin-Dependent Routing

Origin-Dependent Routing is essentially another means of managing traffic, but this time it is based on the geographic origin of the request. But instead of assigning a weight to each stream or monitoring failure points, an origin-dependent routing system just monitors the geographic location of the request based on the DNS and sends it to a resource that is based within the same region or the nearest one. For example, if a user from Sweden tries to access your website, the network routes said traffic to a server based in Sweden or somewhere near, instead of letting it go through a server from China or Thailand.

Click here and sign up for Prestige Technologies’ 6 months free plan. You will get all the benefits of a paid plan for FREE. NO credit card required. (more…)

How a DNS Can Help Your Business Grow (Part 1 of 2)

Monday, August 25th, 2014

Back in the early 80s, the Internet was a newly emerging technology with kinks that need to be ironed out. One of these kinks is the fact that the Internet needed a system that will allow users to navigate the world wide web in a natural manner instead of relying on IP addresses, which would have made even the simplest browsing session too complicated for the average user.

Enter: The Domain Name Server. It’s not an overly complicated solution, but the DNS practically solved the problem instantly. Instead on relying on a series of numbers to access a web page, users can just input Domain Names, which then route traffic to the actual servers hosting the files being accessed. Without DNS, everybody would still be inputting or some other IP address on their browser’s URL field instead of an easier to remember address like, say,

Over time, the Internet has found its way into common and business use, and has developed various accoutrements to help encourage activities on both ends. The DNS is still largely unchanged, but businesses have discovered a few uses that will help them accelerate their growth. Here are a few of them: (more…)

NEWS: Google Engineer Releases Hacking Tool

Thursday, August 21st, 2014

If you have the Flash plugin on your PC and you visit any website that uses the API, you might want to check if you’ve updated it lately, as Google security engineer Michele Spagnuolo has recently discovered a vulnerability in the API, and has released an exploit tool called the Rosetta Flash, which is designed to take advantage of said exploit by creating malicious shockwave files (*.swf files), which can allow the author to gain access to authentication cookies stored in an individual’s PC.

Logo Google 2013 Official

The issue is labeled with the Common Vulnerabilities and Exposures Identifier of CVE-2014-4671, and is described as a cross-site request forgery (CSRF) bug. What this means is that the SWF can be embedded on any random website, and any visitor with an out of date Flash plugin will be vulnerable to getting their login information for various sites pilfered. Flash is very common on the web, and there’s very little chance that you haven’t browsed any site that uses it in the last 24 hours. EBay, Instagram, Tumblr, even Facebook and Youtube all use some form of Flash in one way or another.

Click here and try Prestige Technologies’ 6 months free hosting. No Credit Card required. (more…)

In prestige, Backups and Recovery are Part of Security

Tuesday, August 19th, 2014

Backups and recovery best practices are normal parts of a healthy web hosting experience, but what most users don’t realize is that both are big parts of security, in the sense that not having good backups and recovery contingencies will be a huge gaping hole in your website, VPS, or server’s security, the absence of which renders all other security contingencies less effective.

Click here and try Prestige Technologies’ 6 months free hosting. No Credit Card required.

Here at Prestige, we value security and we go beyond merely protecting the servers from intrusion. We go the extra mile and include backup and recovery as part of our services, ensuring that customers are not only protected from head-on attacks, but are also able to recover with minimal downtime if there is server outage due to acts of god, or an attack that managed to succeed due to certain extenuating circumstances outside of our control, like as attacks based on zero day vulnerabilities, which is a vulnerability or an exploit in code unknown to the vendor (one great example of this is the Heartbleed Bug.)

Prestige takes a lot of steps to ensure that there is available backup of the servers and that the backups themselves are secure. These include:

1. Having off-site backups – with off-site backups, even if the servers are compromised, we will have a way of restoring the servers from a “clean” source, and that the files can be restored even if the servers were lost to physical accidents. (more…)

Use Rank Ranger Risk Index to Alert you to Major SERP Changes

Tuesday, June 10th, 2014

Search engine optimizationThe recent Google Panda refresh not only brings the infamous algorithm to 4.0, it also heralds a new direction in which updates to the algorithm will happen on a regular and unannounced basis. This means your SERPs could change any time without any warning, so it has become important to stay on top and get alerted to major SERP changes. Thankfully, Rank Ranger’s Risk Index can do the job for you.

How it Works

The Rank Ranger Risk Index is able to measure fluctuations in the SERPs for more than 10 thousand domains and keywords, which are monitored daily. The rankings can be brought up on any particular date, with higher risk indexes showing more movements in the SERPs. If you see any alarming fluctuations, then you can go ahead and check your rankings just to see if any specific action is required on your end.

Rank Ranger monitors sites that are more likely to be using SEO strategies that run the gamut, from white hat to black hat and everything in between. This makes it more likely to catch major algorithm changes from Google, particularly ones that hit one camp over the other.

Another use to Rank Ranger is it lets you spot trends in SEO, if there’s a new strategy that’s been showing a good increase in webmasters’ traffic. From there, you can decide whether it’s something that you should adopt or something that’s going to be on Google’s chopping blocks soon (and should therefore be avoided.)

Prestige Technologies goes beyond web hosting. We provide you tools and assistance to help you boost your business via your website. Click here and sign up for our free 6 months hosting. No credit card required. (more…)

Keep Your Website Safe from Heartbleed Virus

Wednesday, May 7th, 2014

NO HEARTBLEED 02The Heartbleed Bug is quite possibly the biggest security threat that the Internet has ever seen due to the fact that anyone who has logged on to any of the affected sites within the last two years is at risk, and could have had any of their private information – from passwords to credit card information – compromised by cybercriminals.o

Click here and find out why Prestige Technologies is preferred by many websites that require sophisticated levels of security.

The scary part about the Heartbleed Bug is that it was completely out of the user’s hands; it didn’t matter if the user kept all of his software patched, used a strong antivirus suite, regularly changed passwords, and avoided shady websites – he or she may still be affected because the problem is in the open source set of libraries for encrypting online services, OpenSSL, which is used by many secure websites (ones that use “https” in the URL.) Big name sites like Google, Facebook, Yahoo, Pinterest, Instagram, OKCupid and many more were affected by this bug so chances are if you’ve been actively using the Internet for the past couple of years, your private information was left vulnerable by the bug.

How Do I Keep My Website Safe from Heartbleed?

Since the Heartbleed Bug is not really a virus, there’s nothing you can do from an end user standpoint to keep your website safe. It’s the responsibility of companies and services that were affected by the bug to deal with Heartbleed, and reports point to the fact that they have already patched things on their end.

The good news is that cybercriminals probably failed to discover the heartbleed bug before it was discovered by Google’s security team and the software firm named Codenomicon, so if your accounts have not been hacked yet, chances are it’s safe for now. The bad news is the fact that the bug allowed attackers to infiltrate servers and copy private information without leaving any trace, so there is no way to know if your account was already compromised and the hackers are just biding their time before they use it.

The best course of action? Now that services have already patched things, it is time to change your passwords. It may be a lot of hard work but you need to be thorough. The fact that services these days are interconnected means that you can’t leave one password unchanged – email accounts for instance can be used to gain access to other online accounts, as password resets usually send the new passwords to the email used for registration.

Besides, it’s good practice to regularly change your passwords so you’ll only be doing what you should already be doing religiously in the first place.