HIPAA Disaster Recovery

The Importance of Disaster Recovery In the Midst of a Natural Disaster

Kent Roberts January 15, 2019 by under HIPAA Disaster Recovery 0 Comments

You may see natural disasters on TV or read about them but not completely understand the vulnerability associated with this issue. Actually, the risk is almost throughout the industry.

More than half of organizations (58%) are not ready for a major loss of data. Actually, the extent to which firms are unprepared is very worrisome: 60% will go bankrupt within 6 months, according to data from Washington, DC-based research firm Clutch. Also according to the statistics compiled by Clutch, cloud backup is on the rise, with:

  • 84% of the organizations that have already adopted cloud backup having implemented both on-premises and cloud backups;
  • 68% of cloud backup business customers testing their backups at least once per month; and
  • 78% of small businesses planning to use cloud-hosted backup by 2020.

To set aside the specific technology of cloud backup, the need for disaster recovery is clear from the data on the business impact of large data losses. Since it is possible to have a disaster completely take you by surprise, and to in turn lose thousands or millions operationally and economically, it is a basic business need to have a disaster recovery plan implemented.

Read More



RTO vs RPO

All businesses should have a business continuity plan (BCP), especially companies that rely on IT infrastructure to support or operate their business model. A business continuity plan is a predefined business process created to document and demonstrate the planning undertaken to prevent a disaster scenario occurring.  The BCP also documents and demonstrates the process of how a business will recover from a declared disaster scenario. The disaster could be caused by any number of scenarios; typical causes may be user error, hardware failure or a natural disaster.

Read More


What Is a DDoS Attack?

Matthew Watts September 23, 2015 by under HIPAA Disaster Recovery 0 Comments
Target Audience

This article is aimed at non-expert computer users (without a background in network or systems administration).

Introduction

DDoS stands for “Distributed Denial of Service” and, naturally enough, is a type of Denial of Service (DoS) attack. The basic aim of a DoS attack is to render a cloud server, PC or network resource inaccessible or unusable–denying service to anyone trying to access it. It is a malicious attack designed to cause maximum inconvenience.
.

Are DDoS Attacks a New Thing?

No, DDoS attacks are not a new phenomenon, but they have been making the headlines more in recent years as their scope has increased in size and as they have included higher profile targets. One recent example is the attack on the Playstation Network and Xbox Live. A hacking group known as ‘Lizard Squad’ used a DDoS attack to shut down the online gaming services on Christmas Day 2014, upsetting many gamers and causing financial and reputation damage to Microsoft and Sony.
.

How Do DDoS Attacks Work?

In a Denial of Service attack, the attacker uses a computer to send an overwhelming amount of data to a target. This target receives so much traffic that it slows down and cannot respond to legitimate traffic, or, in the case of a Permanent Denial of Service (PDoS) attack, its hardware is damaged beyond repair. In this simple style of DoS attack, one computer directly targets another. It is a fairly simple attack to execute and requires minimal computer skills–an attacker can simply acquire and run a piece of software to conduct a DoS.

The ‘distributed’ in DDoS refers to the multiple computers used in this type of attack. The attacker either launches a synchronized attack with collaborators or, more commonly, uses a botnet to execute a DDoS. A botnet (a shortened form of “robot network”) is a network of computers infected with malware that allows the attacker to remotely control them without the owner’s knowledge. Using a botnet, an attacker dramatically increases the effect of their attack.

Another method attackers use to increase the effect of a DDoS is the “amplification attack”. Rather than directly bombarding a target with data, an attacker sends requests for data to multiple servers. The attacker spoofs the source IP address of each request so that it looks as though it comes from the target of the attack instead of from the attacker. As a result, all of the responses go to the IP address of the victim, flooding them with traffic. It’s essentially like signing your friend up to a load of unwanted junk newsletters.

Attackers have found various ways to create these amplification attacks. The IP address spoofing is possible, in part, because they use the UDP protocol-–a protocol that doesn’t validate source IP addresses or connections. The amplification comes into play in the way attackers have found ways to cause the responding servers to return certain responses that are significantly larger than the requests. For example, DNS (Domain Name Service) servers can deliver a response 50-150 times larger than the response. Similarly, Character Generation Protocol (CharGEN) supported by various servers will respond to a character generation request with a response that is 200-1000 times larger. Similarly, the Network Time Protocol (NTP) used to sync clocks across machines, can return a response that can be up to 556.9 times larger than the request.
.

Why Do People Use DDoS Attacks?

The motivations behind DDoS attacks vary. In the case of Lizard Squad , it appeared to be a publicity stunt to promote their freelance hacking services. Sometimes attackers target websites with a demonstration and send their owners extortion letters demanding payment to prevent future attacks. One of the Internet’s more renowned and iconic hacking groups, Anonymous, has used these sorts of attacks as a tool for activism. In their ongoing fight against organizations such as Scientology and the Westboro Baptist Church, people acting under the Anonymous banner have used DDoS attacks to take down their respective websites.
.

What Defenses Are There?

DDoS attacks are difficult to fight, and mitigation is often the best a target can hope for. A big part of dealing with DDoS attacks is simply being prepared. Here are some techniques that can be used to mitigate the effects of a DDoS attack:

Some organizations invest in more bandwidth for their servers. The more bandwidth the target has, the harder it is to DDoS. In principle, it’s the same idea as adding more lanes to a road–the wider the road, the more cars are needed to cause a traffic jam.

ISPs (Internet Service Providers) may also offer services to help mitigate the effects of DDoS attacks. Since they generally have access to more powerful networking resources, ISPs may have DDoS mitigation plans in place that can help keep your servers safe.

There are now many companies who provide help to those who might be targetted by DDoS attacks. During an attack, the target’s traffic is redirected to the mitigation company’s network, where they then “scrub” the data, identifying malicious traffic to drop and allowing through legitimate traffic which is then rerouted back to the target. Companies such as CloudFlare, Black Lotus, F5, Prolexic, and Incapsula offer such services in this growing sector.
.

Part of the Problem?

Most of us will likely not be the target of a DDoS. So even if you might feel too small a target, your home computer, your multimedia server, your little home router, the cloud hosting server that hosts your website may, however, be a part of a vast botnet being used to DDoS, without your even realizing.

For home systems, keeping up with security patches and changing default device passwords to something much more secure can help protect you exploitation.

For web-facing servers (such as web servers or DNS name servers), you can take a little time to close security vulnerabilities, such as those that can be exploited in amplification attacks. You can also monitor network traffic for any unusual traffic patterns with something like Zabbix or with a more elaborate Intrusion Detection System (IDS) like Suricata or Security Onion.

More from Atlantic.Net

Learn more about Atlantic.Net’s hosting solutions, including HIPAA compliant disaster recovery services.


How to Install OpenVAS Vulnerability Scanner on CentOS 7

Introduction

This how-to will guide you on installing OpenVAS (Open Vulnerability Assessment System) on CentOS 7. The OpenVAS application is free and open source vulnerability scanner and vulnerability management solution. With the significant Vulnerabilities that have come out recently it is a good idea to have a scanner that can detect vulnerabilities on the systems that you manage.

Prerequisites

A server with CentOS 7 installed.  If you do not have a server, why not fire up an extremely fast SSD cloud server from Atlantic.Net

Install OpenVAS Vulnerability Scanner on CentOS 7

We first need to install the Atomic repo with the following command:

wget -q -O - http://www.atomicorp.com/installers/atomic | sh

NOTE: If wget is not installed, install it with the following command:

yum install wget

Read More


Atlantic.Net Cloud – Do You Offer Data Backup For My Cloud Server

Verified and Tested 04/20/2015

Introduction

Daily server backups are available and can be enabled via the Atlantic.net cloud control panel during the initial provisioning of a cloud server. The cost for this service is an additional 20% of the server’s hourly price. Go server backups are $1 per month. Snapshot backups of the server will be taken on a daily basis, and retained in our systems for 30 days. Backup restores can be initiated from within the cloud control panel.  In this brief article we will explain how to enable backups for your cloud server.

Enabling Backups

You can enable backups during the initial provisioning of a server. To do so, first log in to your account via cloud.atlantic.net. Once done, on the upper left corner click on “Add Server”. This will take you to the “Add a Server” window. Here you can edit the server name, choose the location, select your operating system, choose a plan, and lastly enable backups. After you have finished editing these fields click on the box next to “Enable Backups”, and then click on the “Create Server” button, as shown below.

Does Atlantic.net Offer Data Backup for my cloud server-1

Example of the “Enable Backups” option via the cloud control panel

You can also enable backups after you’ve created a server, if you forgot to or decided to add this feature after the fact.  Select “Servers” from the left, select your server, and click on either the “Backups” button (Server Backups) or the hyperlink that says “Disabled” under backups.

Does-Atlantic.net-offer-data-backups-for-my-server-2

Example of the “Enable Backups” option via the cloud control panel

It will bring up this message, regardless of which option you choose.  Select “Enable Backups” and your server will be backed up within the next 24 hours, and will continue to back up each day.

Does-Atlantic.net-offer-data-backups-for-my-server-3

Example of the “Server Backups” window via the cloud control panel

Please note that if you decide you no longer want the backup feature enabled, you can disable it and it will stop adding the extra 20% to your monthly bill.

Atlantic.Net has a industry leading selection of hosting options, one-click applications, and managed cloud hosting choices for your consideration. Learn more about Atlantic.Net’s hosting solutions, including HIPAA compliant disaster recovery services.


How to Protect Your Server From the Shellshock Bash Bug

Verified and Tested 02/17/2015

Introduction

This guide will cover how to check and fix your server if you are vulnerable to the Shellshock Bash bug.
The Shellshock Bash bug effects ‘nix based operating systems, which allows attackers to remotely run commands on the server gaining unauthorized access to the server and further exploiting the server.
This guide will show you how to test, and fix your server if it is vulnerable.

Is My System Vulnerable?

Run the following command:

env 'VAR=() { :;}; echo Bash is vulnerable!' 'FUNCTION()=() { :;}; echo Bash is vulnerable!' bash -c "echo Bash Test"

If you see the following in the output, your system is vulnerable to the Bash bug and it needs to be updated:

Bash is vulnerable!

Move to “System’s Vulnerable? No Worries.”

If you, instead, receive the following output:

Bash Test

This means, your system is secure and no further work is required.

System’s Vulnerable? No Worries.

The fix is simple, run the following command:

In CentOS/Fedora

yum update bash

In Debian/Ubuntu

sudo apt-get update && sudo apt-get install –only-upgrade bash

In FreeBSD

pkg upgrade bash

More from Atlantic.Net

Learn more about Atlantic.Net’s hosting solutions, including HIPAA compliant disaster recovery services.


How To Protect your Server Against the POODLE SSLv3 Vulnerability

Ariel Beltre February 5, 2015 by under HIPAA Disaster Recovery 0 Comments
Verified and Tested 02/05/2015

Introduction

On October 14th, 2014, a vulnerability was established in version 3 of the SSL encryption protocol. This vulnerability, known as POODLE (Padding Oracle On Downgraded Legacy Encryption), allows an attacker to read otherwise encrypted information with this version of the protocol in plain text using a man-in-the-middle attack.

Although SSLv3 is an older version of the protocol, many pieces of software will still revert to SSLv3 if better encryption options are not available at the time. Also, It is important to keep in mind that an attacker can force SSLv3 connections if it is an available alternative for both participants attempting to connect.

The POODLE vulnerability affects any services or clients that make it possible to communicate using SSLv3. As this is a flaw with the protocol design, every piece of software that utilizes SSLv3 is vulnerable.

The POODLE vulnerability exists because the SSLv3 protocol does not properly check the padding bytes that are sent along with encrypted messages. An attacker can replace these and pass them on to the intended destination. When done, the modified payload will potentially be accepted by the recipient without complaint.

Protecting Yourself from the POODLE SSLv3 Vulnerability

There are actions that can be taken in order to ensure protection from this type of vulnerability. Since encryption is negotiated between clients and servers, this is an issue that effects both parties. Clients should take steps to disable SSLv3 support completely. Many of the applications today use better encryption by default, but even these applications use SSLv3 as a fallback option if none are available. This should be disabled, as an attacker can force SSLv3 communication if both parties allow it as an acceptable method of encryption.

Apache Web Server

To disable SSLv3 on the Apache Web server you will have to adjust the SSLProtocol directive provided by the mod_ssl module.

This can be set either at the server level or in a virtual host configuration. Depending on your distributions Apache configuration, the SSL configuration maybe located in a separate file that is sourced.

In Ubuntu, the server-wide specification for servers can be adjusted by editing the /etc/apache2/mods-available/ssl.conf file. If mod_ssl is enabled, a symbolic link will connect this file to the mods-enabled subdirectory:

sudo nano /etc/apache2/mods-available/ssl.confIn

CentOs, you can adjust this in the SSL configuration file located here (If SSL is enabled):

sudo nano /etc/httpd/conf.d/ssl.conf

Inside you can find the SSLProtocol directive. If it is not available, create it. Modify this to remove support for SSLv3:

SSLProtocol all -SSLv3 -SSLv2

Save and close the file. Restart to enable the changes.

On Ubuntu, you can type:

sudo service apache2 restart

On CentOS, this would be:

sudo service httpd restart

Nginx Web Server

To disable SSLv3 on a Nginx web server, you can use the ssl_protocols directive. This will be located in the server or http blocks in your configuration.

For example, in Ubuntu, you can either add this globally to /etc/nginx/nginx.conf inside of the http block, or to each server block in the /etc/nginx/sites-enabled directory.

sudo nano /etc/nginx/nginx.conf

To disable SSLv3, your ssl_protocols directive should be set like this:

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

You should restart the server after the above modification has been made:

sudo service nginx restart

HAProxy Load Balancer

To disable SSLv3 in an HAProxy load balancer, you will need to open the haproxy.cfg file.This is located at /etc/haproxy/haproxy.cfg:

sudo nano /etc/haproxy/haproxy.cfg

In your front end configuration, if you have SSL enabled, your bind directive will specify the public IP address and port. If you are using SSL, you will want to add no-sslv3 to the end of this line:

frontend name
bind public_ip:443 ssl crt /path/to/certs no-sslv3

Save and close the file. Restart to implement the changes:

sudo service haproxy restart

OpenVPN VPN Server

Recent versions of OpenVPN don’t allow SSLv3. The service is not vulnerable to this specific problem, so you will need to adjust your configuration.

Postfix SMTP Server

If your Postfix configuration is set up to require encryption, it will use a directive calledsmtpd_tls_mandatory_protocols. You can find this in the main Postfix configuration file:

sudo nano /etc/postfix/main.cf

For a Postfix server set up to use encryption at all times, you can ensure that SSLv3 and SSLv2 are not accepted by setting this parameter. If you do not force encryption, you do not have to do anything:

smtpd_tls_mandatory_protocols=!SSLv2, !SSLv3

Save your configuration. Restart to implement changes:

sudo service postfix restart

Dovecot IMAP and POP3 Server

In order to disable SSLv3 on a Dovecot server, you will need to adjust a directive called ssl_protocols. Depending on your distributions packaging methods, SSL configurations may be kept in an alternate configuration file.

For most Distros, you can adjust this directive by opening this file:

sudo nano /etc/dovecot/conf.d/10-ssl.conf

If you are using Dovecot 2.1 or higher, set the ssl_protocols directive to disable SSLv2 and SSLv3:

ssl_protocols = !SSLv3 !SSLv2

If you are using a version of Dovecot lower than 2.1, you can set the ssl_cipher_list to disallow SSLv3 like this:

ssl_cipher_list = ALL:!LOW:!SSLv2:!EXP:!aNULL:!SSLv3

Save and close the file. Restart in order to save changes:

sudo service dovecot restart

Additional Steps You Can Take

You should always update any client applications. Most importantly, web browsers may be vulnerable to this issue because of their step down protocol negotiation. Ensure that your browsers do not allow SSLv3 as an acceptable encryption method. This may be adjustable in the settings or in the installation of an additional plugin.

Learn more about Atlantic.Net’s hosting solutions, including HIPAA compliant disaster recovery services.


A Broad View of Redundancy

Eddie July 26, 2013 by under HIPAA Disaster Recovery 0 Comments

 

No one wants to be redundant in conversation, but everyone wants a redundant network. Redundancy allows your system to keep operating smoothly even if something goes wrong. By creating additional instances – through active-active or active-passive networking mechanisms – you can make your network more solid and less prone to being knocked offline due to failure. Redundancy of HLR, case: two HLRs, both are active, every HLR uses half capacity for own data and a half for backup of data of second HLR.

Read More


What exactly does uptime mean in the cloud hosting industry?

Eddie December 14, 2012 by under HIPAA Disaster Recovery 0 Comments

What is uptime?

The dictionary definition of uptime constitutes the time during which a piece of equipment, such as a computer, is functioning or able to function.  In terms of cloud hosting, uptime is defined as the percentage of time that your server or website is active and able to function during the course of a year.  For example, if a Cloud Server has an uptime average of 99.5%, this means that for all but 1.83 days per year, you can expect that your website/server will remain active.

Read More


New York, NY

100 Delawanna Ave, Suite 1

Clifton, NJ 07014

United States

San Francisco, CA

2820 Northwestern Pkwy,

Santa Clara, CA 95051

United States

Dallas, TX

2323 Bryan Street,

Dallas, Texas 75201

United States

Ashburn, VA

1807 Michael Faraday Ct,

Reston, VA 20190

United States

Orlando, FL

440 W Kennedy Blvd, Suite 3

Orlando, FL 32810

United States

Toronto, Canada

20 Pullman Ct, Scarborough,

Ontario M1X 1E4

Canada

London, UK

14 Liverpool Road, Slough,

Berkshire SL1 4QZ

United Kingdom

Resources

We use cookies for advertising, social media and analytics purposes. Read about how we use cookies in our updated Privacy Policy. If you continue to use this site, you consent to our use of cookies and our Privacy Policy.