Atlantic.Net Blog

How to Protect Privacy While Maintaining HIPAA Compliance

There are plenty of checklists and guidebooks out there related to HIPAA compliance. However, it helps to go to the source to see what specific HIPAA controls are necessary to safeguard protected health information. Here are specific details on how to follow the Security Rule, as indicated directly by HHS guidelines:

  • Basic Guidelines
  • Vulnerability Assessments
  • Administrative HIPAA Controls
  • Physical HIPAA Controls
  • Technical HIPAA Controls
  • The Role of Business Associates

Basic Guidelines

The Security Rule states that healthcare organizations must properly protect ePHI using reasonable administrative, technical, and physical HIPAA safeguards.

The following must be achieved:

Read More


How to Reset a Forgotten Windows Host Administrator Password

Verified and Tested 03/31/2015

Introduction

In this how-to we will walk you through Resetting your Forgotten Windows Host Administrator Password. With so many different passwords that we use on a daily basis, email, desktop, servers, etc., we tend to forget some of the important ones that are crucial. People pay lots of money for password recovery. However, we will recover our password with a Windows CD. That’s it!

Prerequisites

– A Windows CD (Windows Vista, Windows 7, Windows 8, Server 2008 R2, Server 2008, Server 2012 or a Server 2012 R2).

Procedure

Boot the server to your Windows CD/ Browse to the Repair section/ open up the command line tool and type the following:

d:
cd windows/system32
ren utilman.exe utilman.exe.old
copy cmd.exe utilman.exe
Reset a Forgotten Windows Host Administrator Password-1

This is the output you will see after running the Commands listed above

Reboot the host and start it up normally. Click the ease of access button, which is located in the bottom left-hand corner. A new command prompt will appear.

Reset a Forgotten Windows Host Administrator Password-2

This is the output that you will see with the ease of access button highlighted

 

At this point, you can reset your current local Administrator account or make a new local administrator user and password.

Reset the Local Administrator Password

Change the local administrator password and activate the account by running the following commands:

net user administrator newpassword
net user administrator /active:yes
Reset a Forgotten Windows Host Administrator Password-3

This is the output that you will see after running the change administrator password and enabling the account

Create a New Local Administrator Account and Password.

To create an additional local administrator account type the following command:

net user administrator newpassword
net user administrator /active:yes
Reset a Forgotten Windows Host Administrator Password-4

This is the output after running the additional user command and adding it to the admin group

You can now login with the account you set up in either method. Once you  login, make sure to revert the Ease of Access menu back to normal by typing the following command:

copy utilman.exe.old utilman.exe
Reset a Forgotten Windows Host Administrator Password-5

This is the output of after completing the changes and reverting the Ease of Access menu back to normal

Congratulations! You have just Reset your Forgotten Windows Host Administrator Password. Thank you for following along in this How-To and feel free to check back with us for any new updates.

Atlantic.Net

Atlantic.net offers managed hosting services which include a layer of business-essential managed services to your hosting packages. Contact us today for more information.



How to Get Started With A FreeBSD Cloud Server

Chelsea Fieler July 14, 2015 by under Cloud Hosting 0 Comments

Introduction

FreeBSD is an operating system available in our Cloud environment.  FreeBSD is an open source operating system originating from a previous generation that was referred to as “BSD Unix” or “Berkeley Unix.”  Although FreeBSD is not part of the Unix family, and as such cannot use the name, it shares many features and qualities with the Unix/Linux operating systems.

More information on the history and recent updates to FreeBSD can be found on the direct website.

What you will need

In order to start setting up your FreeBSD server, all you need to do is create a server in cloud.atlantic.net.  A tutorial on adding a new cloud server can be found here.

System Configuration

The FreeBSD system configuration information is contained all in one file: /etc/rc.conf

You’ll find your network configuration in this file along with enabled daemons/system services.

For example to configure a network device named vtnet0 with an IP of 1.2.3.4/24 with a router of 1.2.3.1, a hostname of “test” and have sshd enabled, one would add the following to /etc/rc.conf:

ifconfig_vtnet0="inet 1.2.3.4 netmask 255.255.255.0"
defaultrouter="1.2.3.1"
hostname="test"
sshd_enable="YES"

For more information on how to configure FreeBSD and further options that can go in this file, view the FreeBSD Handbook.

Package Management

The default package manager on FreeBSD 10.0+ is ‘pkg’.

In order to use this on a newly provisioned system, one should first run ‘pkg update’

Some basic commands:

Ensure the package list is up-to-date:

pkg update

Determine if updates are available for already installed packages:

pkg upgrade

Install package(s):

pkg install <package name>

Search for package(s):

pkg search <package name>

Example: To install vim lite, sudo and tmux:

pkg update
pkg install vim-lite sudo tmux

See these links for more info:

http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/pkgng-intro.html

https://wiki.freebsd.org/pkgng

Private Network Setup

To configure a private network between two or more of your FreeBSD Cloud Servers, you’ll need to configure the second network interface on your device using the private network range provided in the Cloud Control Panel. You will also need to configure static routes between the images so that they can communicate properly. This will all be done in ‘/etc/rc.conf’.

For example, to use the subnet 10.9.243.0/24, with one image having the IP 10.9.243.1 and the other having 10.9.243.2, you would configure the following within the /etc/rc.conf file in each Cloud Server respectively:

1st Cloud Server:
ifconfig_vtnet1="inet 10.9.243.1 netmask 255.255.255.0"
static_routes="net1"
route_net1="-net 10.9.243.0/24 10.9.243.1"
2nd Cloud Server:
ifconfig_vtnet1="inet 10.9.243.2 netmask 255.255.255.0"
static_routes="net1"
route_net1="-net 10.9.243.0/24 10.9.243.2"

After the /etc/rc.conf changes, you must restart the network and routing services to bring up the private network:

service netif restart
service routing restart

Partitions/Filesystems

There are 3 partitions within your FreeBSD Cloud Servers:
/dev/da0p1 – 64KB boot partition, is not mounted during OS operation and is only used to contain FreebBSD boot code
/dev/da0p2 – 32MB Ext2 partition for Atlantic.Net use in configuring and interacting with your Cloud Server.  Empty and not mounted during normal OS operation

/dev/da0p3 – (size variable) UFS partition, mounted as /


How to Install Hiawatha Web Server On CentOS 7

Brendan Bonner July 14, 2015 by under Cloud Hosting 0 Comments
Verified and Tested 07/3/15

Introduction

This tutorial will show you how to install Hiawatha Web Server on CentOS 7. Hiawatha is a web server built with the focus on security. It has built-in rules that can prevent cross-site scripting and forgery, SQL injections, and resource expenditure. Although its focus is on security, it also excels in performance due to its lightweight design.

Prerequisites

A server with CentOS 7 installed.  If you do not have a server, Atlantic.Net offers reliable SSD Cloud Hosting that can be launched in under 30 seconds.

Installing Hiawatha on CentOS 7

Before we install Hiawatha, we need to make sure that our firewall is in order.

First, we need to update our firewall to allow HTTP and HTTPS traffic.

Check to see if your firewall is running by running

sudo systemctl status firewalld

If the firewall is not running, run the following command:

sudo systemctl start firewalld

If you want the firewall to start when CentOS 7 boots up, run the following command:

sudo systemctl enable firewalld

To allow HTTP and HTTPS, run the following commands:

sudo firewall-cmd --permanent --add-service=http
sudo firewall-cmd --permanent --add-service=https

You need to run the following command so that the rules above take effect.

sudo firewall-cmd --reload

Now that we have taken care of the firewall, we can install Hiawatha. In this how-to we are going to use the repo provided by Anku. Download the RPM with the following command:

sudo wget http://anku.ecualinux.com/7/x86_64/anku-release-8-1.noarch.rpm

Note: In some instances, you may not have wget installed, install it with the following command:

sudo yum install wget

Now that the RPM has been downloaded we can install it with the following command:

sudo rpm -ivh anku-release-8-1.noarch.rpm

Install Hiawatha with the following command:

sudo yum install hiawatha

Run the following command to start Hiawatha:

sudo service hiawatha start

We can now verify Hiawatha is working by opening your browser and entering the URL http://your-server-address. You should get an “Installation successful” page similar to the image below.

Note: If you do not know your IP address, run the following command:

sudo ip addr show eth0
An example of using the ip addr command and getting the IP 192.168.100.10

An example of using the ip addr command and getting the IP 192.168.100.10

In our example, we would put http://192.168.100.10 into our browser’s address bar.

 

An example of the Hiawatha installation web page

An example of the Hiawatha installation web page

Using the default settings, you can put your web content in the following directory:

/var/www/hiawatha

For any configuration changes that you may want to make, you can go to the following directory:

/etc/hiawatha

Congratulations on installing Hiawatha webserver on a CentOS server. Thank you for following along in this How-To, and check back with us for any new updates.


How to: Domain Name Server (DNS) Amplification Attack

Atlantic.Net NOC July 14, 2015 by under Cloud Hosting 0 Comments

Introduction

A Domain Name Server (DNS) Amplification attack is a popular form of Distributed Denial of Service (DDoS), in which attackers use publicly accessible open DNS servers to flood a target system with DNS response traffic. The primary technique consists of an attacker sending a DNS name lookup request to an open DNS server with the source address spoofed to be the target’s address.

ref: https://www.us-cert.gov/ncas/alerts/TA13-088A

 

Disabling Recursion on Authoritative Name Servers

Many of the DNS servers currently deployed on the Internet are exclusively intended to provide name resolution for a single domain. In these systems, DNS resolution for private client systems may be provided by a separate server and the authoritative server acts only as a DNS source of zone information to external clients. These systems do not need to support recursive resolution of other domains on behalf of a client, and should be configured with recursion disabled.

Bind9

Add the following to the global options:

options {
 allow-query-cache { none; };
 recursion no;
 };

Microsoft DNS Server

In the Microsoft DNS console tool:

  1. Right-click the DNS server and click Properties.
  2. Click the Advanced tab.
  3. In Server options, select the “Disable recursion” check box, and then click OK.

Limiting Recursion to Authorized Clients

For DNS servers that are deployed within an organization or Internet Service Provider, the resolver should be configured to perform recursive queries on behalf of authorized clients only. These requests typically should only come from clients within the organization’s network address range. We highly recommend that all server administrators restrict recursion to only clients on the organization’s network.

BIND9

In the global options, include the following:

acl corpnets { 192.168.1.0/24; 192.168.2.0/24; };
options {
allow-query { any; };
allow-recursion { corpnets; };
};

Microsoft DNS Server

It is not currently possible to restrict recursive DNS requests to a particular client address range in Microsoft DNS Server. To approximate the functionality of the BIND access control lists in Microsoft’s DNS Server, a different caching-only name server should be set up internally to provide recursive resolution. A firewall rule should be created to block incoming access to the caching-only server from outside the organization’s network. The authoritative name server functionality would then need to be hosted on a separate server, but configured to disable recursion as previously described.

Response Rate Limiting (RRL)

There is currently an experimental feature available as a set of patches for BIND9 that allows an administrator to limit the maximum number of responses per second being sent to one client from the name server. This functionality is intended to be used on authoritative domain name servers only as it will affect performance on recursive resolvers. To provide the most effective protection, we recommend that authoritative and recursive name servers run on different systems, with RRL implemented on the authoritative server and access control lists implemented on the recursive server. This will reduce the effectiveness of DNS amplification attacks by reducing the amount of traffic coming from any single authoritative server while not affecting the performance of the internal recursive resolvers.

BIND9

There are currently patches available for 9.8.latest and 9.9.latest to support RRL on UNIX systems. Red Hat has made updated packages available for Red Hat Enterprise Linux 6 to provide the necessary changes in advisory RHSA-2013:0550-1. On BIND9 implementation running the RRL patches, include the following lines to the options block of the authoritative views:

rate-limit {
 responses-per-second 5;
 window 5;
 };

Microsoft DNS Server

This option is currently not available for Microsoft DNS Server.


Atlantic.Net Cloud – Do You Offer Data Backup For My Cloud Server

Ariel Beltre July 14, 2015 by under Cloud Hosting 0 Comments
Verified and Tested 04/20/2015

Introduction

Daily server backups are available and can be enabled via the Atlantic.net cloud control panel during the initial provisioning of a cloud server. The cost for this service is an additional 20% of the server’s hourly price. Go server backups are $1 per month. Snapshot backups of the server will be taken on a daily basis, and retained in our systems for 30 days. Backup restores can be initiated from within the cloud control panel.  In this brief article we will explain how to enable backups for your cloud server.

Enabling Backups

You can enable backups during the initial provisioning of a server. To do so, first log in to your account via cloud.atlantic.net. Once done, on the upper left corner click on “Add Server”. This will take you to the “Add a Server” window. Here you can edit the server name, choose the location, select your operating system, choose a plan, and lastly enable backups. After you have finished editing these fields click on the box next to “Enable Backups”, and then click on the “Create Server” button, as shown below.

Does Atlantic.net Offer Data Backup for my cloud server-1

Example of the “Enable Backups” option via the cloud control panel

You can also enable backups after you’ve created a server, if you forgot to or decided to add this feature after the fact.  Select “Servers” from the left, select your server, and click on either the “Backups” button (Server Backups) or the hyperlink that says “Disabled” under backups.

Does-Atlantic.net-offer-data-backups-for-my-server-2

Example of the “Enable Backups” option via the cloud control panel

It will bring up this message, regardless of which option you choose.  Select “Enable Backups” and your server will be backed up within the next 24 hours, and will continue to back up each day.

Does-Atlantic.net-offer-data-backups-for-my-server-3

Example of the “Server Backups” window via the cloud control panel

Please note that if you decide you no longer want the backup feature enabled, you can disable it and it will stop adding the extra 20% to your monthly bill.

Atlantic.Net has a industry leading selection of hosting options, one-click applications, and managed cloud hosting choices for your consideration.


HIPAA Compliant Encryption Software, Antivirus, Network Segregation and More

Rather than just listing HIPAA-compliant software, this report gives advice on all the fundamentals, along with a few misconceptions about the kind of robust security environment that is necessary to maintain HIPAA compliant hosting.

  • Proper Network Segregation
  • Tackling Encryption
  • But That’s Not All…

HIPAA Compliant Antivirus & Proper Network Segregation

Security via obfuscation is not a legitimate way for a healthcare company to do business. This tactic is primarily used by small practices that have historically been using their own servers.

Read More


How to: Disabling TCP Offloading in Windows Server 2012

Jose Velazquez July 12, 2015 by under Cloud Hosting 0 Comments

Introduction

In this how-to we will walk you through Disabling TCP Offloading in Windows Server 2012. TCP Offload Engine (also known as TOE) is a type of mechanic used by network interface cards (NICs) to relieve the TCP/IP processing of the whole network controller. It is commonly used in network interfaces with high speeds that above the level processing is required.

Prerequisites

– A Windows Server 2012. If you do not have a server already, you can spin up a new windows server in under 30 seconds.

Disabling TCP Offloading

In the Windows server, open the Control Panel and select Network and Internet > Network and Sharing Center>Change Adapter Settings.

Click on the Change adapter settings in Windows Server 2012

Click on the Change adapter settings in Windows Server 2012

Right-click on each of the adapters (private and public) > Properties > select Configure from the Networking menu, and then click the Advanced tab.

Click the Advanced tab in the Adapter settings in Windows Server 2012

Click the Advanced tab in the Adapter settings in Windows Server 2012

The TCP offload settings are listed for the Red Hat VirtIO adapter. Disable the below offload settings, and then click OK:

– IPv4 Checksum Offload

– Large Receive Offload

– Large Send Offload

– TCP Checksum Offload

Disabled Ethernet Adapter settings in Windows Server 2012

Disabled Ethernet Adapter settings in Windows Server 2012

That’s it! You have just disabled TCP Offloading in Windows Server 2012. Thank you for following along in this How-To, check back with us for any new updates and to learn more about our industry-leading cloud hosting solutions.


How to: Custom RDP Port in Windows 2012

Jose Velazquez July 10, 2015 by under Cloud Hosting 0 Comments
Verified and Tested 03/19/2015

Introduction

In this How-To, we will walk you through changing the RDP Port in Windows Server 2012.

Remote Desktop Protocol (RDP) is a protocol that allows you to connect and control another computer via an existing network making it a remote connection.  By default, Windows has assigned port 3389 as the default port to connect. To enable RDP on your Windows Server 2012, you can click here for more information.

Prerequisites

– A Server with Windows Server 2012.  If you do not have a server already, why not consider a Windows Cloud Hosting from Atlantic.Net and be up in 30 seconds or less.

Change The RDP Port in Windows 2012

Connect to your server via Remote Desktop

On your keyboard hold down the Windows logo + R  buttons which opens the “Run” dialog and execute the “cmd” command and click OK

This is the Run command window in Windows Server 2012

This is the Run command window in Windows Server 2012

Type “regedit” and click enter

This is the regedit command in Windows Server 2012

This is the regedit command in Windows Server 2012

Navigate to the following Registry key

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\TerminalServer\WinStations\RDP-Tcp\PortNumber

This is the registry path to change the RDP Port in Windows 2012

This is the registry path to change the RDP Port in Windows 2012

 

Find the “PortNumber” registry subkey and either right-click or double-click it. A box should pop that says “edit DWORD.” Find the value data (it should say 3389 for standard installations) and change it to the port that you would like. In this example, we chose port 1050.

 

This is the Port value field in the Windows Server 2012 Registry

This is the Port value field in the Windows Server 2012 Registry

Exit the registry editor

IMPORTANT: Before restarting your server, be sure that you have enabled your new RDP port on your Windows firewall. Take a look at our guide if you do not know how to add a custom firewall port “Adding a custom firewall rule.”

Restart your server

To access your server over the new port simply type in your IP  followed by :PORT (YOUR.IP.ADD.RESS:PORT / 192.168.10.25:1050)

Congratulations! You have just changed RDP port in Windows Server 2012. Thank you for following along in this How-To, check back with us for any new updates and to learn more about our reliable cloud hosting services.


New York, NY

100 Delawanna Ave, Suite 1

Clifton, NJ 07014

United States

San Francisco, CA

2820 Northwestern Pkwy,

Santa Clara, CA 95051

United States

Dallas, TX

2323 Bryan Street,

Dallas, Texas 75201

United States

Ashburn, VA

1807 Michael Faraday Ct,

Reston, VA 20190

United States

Orlando, FL

440 W Kennedy Blvd, Suite 3

Orlando, FL 32810

United States

Toronto, Canada

20 Pullman Ct, Scarborough,

Ontario M1X 1E4

Canada

London, UK

14 Liverpool Road, Slough,

Berkshire SL1 4QZ

United Kingdom

Resources

We use cookies for advertising, social media and analytics purposes. Read about how we use cookies in our updated Privacy Policy. If you continue to use this site, you consent to our use of cookies and our Privacy Policy.