OpenSSL Security Bug

Posted at April 8, 2014 at 7:20 pm by admin

OpenSSL exploit and vulnerability has recently been discovered.  It is highly recommended that servers running the vulnerable version of OpenSSL (1.0.1 and 1.0.2beta) are upgraded immediately.


https://www.openssl.org/news/secadv_20140407.txt

OpenSSL Security Advisory [07 Apr 2014]
========================================
TLS heartbeat read overrun (CVE-2014-0160)
==========================================
A missing bounds check in the handling of the TLS heartbeat extension can be
used to reveal up to 64k of memory to a connected client or server.
Only 1.0.1 and 1.0.2-beta releases of OpenSSL are affected including
1.0.1f and 1.0.2-beta1.
Thanks for Neel Mehta of Google Security for discovering this bug and to
Adam Langley <agl@chromium.org> and Bodo Moeller <bmoeller@acm.org> for
preparing the fix.
Affected users should upgrade to OpenSSL 1.0.1g. Users unable to immediately
upgrade can alternatively recompile OpenSSL with -DOPENSSL_NO_HEARTBEATS.
1.0.2 will be fixed in 1.0.2-beta2.

Introduction to SSL / Secure Certificate

Posted at March 19, 2014 at 9:22 pm by admin

lock greenIntroduction to SSL / Secure Certificate

SSL stands for Secure Sockets Layer, and is a set of cryptographic protocols commonly used for  encrypting the data being sent between a server and a user visiting a website.  While most websites don’t require this advanced security, it is essential for others.  The following introduction to SLL and Secure Certificates will help determine whether or not you require this type of security, and show how you can obtain it.

What is Required

In order to use SSL, you will need to acquire a SSL Certificate (AKA a Secure Certificate) and have it installed on your server.  If you are an Interserver client, our technical staff can help with this installation.  In addition, you’ll need a dedicated IP address.  Finally, visitors to your website will need to use a modern web browser that supports SSL.  Virtually all browsers today do support it, including Google Chrome, Firefox, Safari and Internet Explorer.

What is it Used For?

This technology is most often used for websites that want the ability to accept credit card payments directly on the website.  All credit card companies require any site directly accepting these payments to have this type of advanced security *Note that you can have third party processors like PayPal on your site without the use of SSL.  SSL is also a requirement for a website to become PCI compliant, which is important for some specific types of companies.

The other reason some website owners want to use SSL is because they have confidential information stored on their website, which should only be accessed by authorized users.  The SSL can help protect usernames and passwords from being compromised, so the data on the website is much safer.

Types of Security Certificates

When looking into adding SSL to your website, you’ll have several different options to choose from.  Each type of security certificate is designed for different types of businesses.  If you need assistance choosing the right certificate for you, don’t hesitate to reach out to our technical support team.  The following are the different options to consider:

  • Shared Certificates – These certificates are not registered to a single domain or company name, and are shared between many sites, typically based on the hosting company.  The advantage is that you don’t have to pay to get the certificate yourself, as you’re just part of a group that is sharing it.  The disadvantage is these certificates often trigger browser security pages, and you normally can’t access the SSL technology from your main domain name.  This is a good option if you want the added security just for yourself, but not the general public users of your page.
  • Domain Validated Certificate – This type of certificate is registered to your specific domain name.  This is commonly used for accepting credit card payments and validating usernames and passwords.  This provides excellent security for any individual website.
  • Company Validated Certificate – This option is similar to the domain validated certificate, except it is tied to the company rather than just the domain.  This can provide some added benefits, but does require additional documentation concerning the company applying for the certificate.
  • Extended Validation Certificates – These certificates actually provide added checks and validations to combat fraud.  This higher level of security is required for certain businesses that have financial transactions or host highly sensitive data.
  • Wildcard Certificates – This option provides the security certificate for a main domain name, plus all subdomains that have the same second level domain name.  If, for example, you run a lot of ‘how to’ sites with domains such as, ‘auto.howto.com’ ‘home.howto.com’ and so on, this would be the best option if you need SSL.

Getting a Security Certificate

If you decide that your site or company requires a security certificate, the first thing you’ll want to do is reach out to our support team and open a ticket.  Explain that you would like to get a security certificate installed on your server.  Our technical support team will work with you to ensure your hosting package meets all the requirements, and if it doesn’t, we’ll help you get everything setup the way it needs to be.  In many cases, our technical teams can also help you through the process of obtaining a security certificate as well.

Keep in mind; this is an advanced security technology that is not required for most general websites.  If you’re not sure whether or not you need one, don’t hesitate to ask.  We can discuss your specific situation and help you make the right decision about SSL.

 

 

Cloud Computing: Predictions for 2014

Posted at February 11, 2014 at 8:21 pm by admin

Future of cloud computingIn the previous year, the cloud industry hit a major milestone. As clearly indicated by the substantial surge in users and slew of cloud service providers and vendors now available, cloud computing went from being a buzzword to a highly feasible infrastructure widely implemented by large enterprises and small business alike. 2013 also revealed how susceptible cloud users are in terms of security. This year, the cloud industry is definitely going to aim to change that.

What will 2014 hold for the cloud computing? Here are a few predictions:

Greater Emphasis on Data Privacy

The famous NSA scandal in the U.S. coupled with new data-privacy regulations in the EU has turned data protection into a hot button issue. Reportedly, there are countless companies out there that have amplified their drives into new cloud-based services in the wake of the data security scandal. While some see it as a reason to be infuriated, others see it as an opportunity.

Service Providers Finally Seem to Wake Up to the Huge Demand for Cloud

It has been revealed by a survey carried by IBA that the strategic importance of cloud computing to decision makers, like CMOs, CEOs, HR, procurement and Finance executives, is poised to increase from 34% to 72% – leaping over their IT competitors at 58%. Since the public cloud spending is expected to augment over time, more service providers are going to understand the need to enter the market quickly.  Demand for cloud computing is likely to accelerate this year since enterprises and other small businesses have started to move production workload to the cloud. Therefore, cloud-service-providers have to create offerings that distinguish against Google and AWS to become attractive to the customers.

More Mobile Usage

The mobile era seems to have arrived, and the cloud is most definitely playing a very significant role in its progression. It does not end with tablets and smartphones. Cloud computing is going to extend to wearable technology and serve as an important platform that aids social and mobile interactions.

More Emphasis on Customer Retention

Since cloud computing has started to become more widely adopted with new, innovative solutions offered by a huge number of companies, cloud computing providers will face stiffer competition in 2014. Therefore, a greater emphasis on the retention of end customers will be required.

More Collaboration

Online collaboration is very closely related to mobile cloud computing. Workers, in the recent times, are geographically diverse. Thus, collaborative cloud computing is expected to become increasingly embedded in different business processes.

Cloud computing will continue to grow, prompting countless opportunities for businesses. Who will lead the way? Well, we can’t predict that! Only time will tell.

Interserver Ranks on Entrepreneur.com’s Top 100 .Net Sites

Posted at February 10, 2014 at 8:25 pm by admin

nettop1 nettop2Entrepreneur.com, the website of the very popular Entrepreneur Magazine, has recently teamed up with .net (powered by Verisign) to create a list of the top 100 domains with the .net extension.  We are proud to announce that Interserver.net was ranked #76 out of the millions of .net sites.  The list was made up of all different categories of .net domains including huge gaming sites like battle.net, government run sites like korea.net and many others.

The Methodology

The rankings for this prestigious list were determined by a custom formula created by Entrepreneur.com, which factored in things like total traffic, social influence and community voting.  They began by getting a list of the top-ranked sites from Alexa.com, which ranks virtually all the websites on the Internet based on traffic and other factors.  They then allowed visitors to Entrepreneur.com to nominate their favorite .net sites for consideration.

Once this data was compiled, they factored in the social influence of each site using the Klout.com score.  Finally, they allowed their visitors to rank their favorite 10 sites, and factored that into the total ranking.   Each of the top 100 was given a cumulative score based on all of these factors.  This is one of the most in depth rankings of .net sites ever.

How we Ranked

Interserver took 76th place in this list, which is something we are very proud of.  At the time of the rankings we had 3900 Facebook Likes, a Klout Score of 26 and an Alexa Rank of 20105.  While these are excellent numbers for any web hosting company, they alone could not have competed with some of the more widely visited sites on the Internet.  This means that we must have scored very well with the votes of visitors to the Entrepreneur.com site, which is the most important factor from our point of view.

We work hard to provide exceptional web hosting services to all of our customers, many of whom are entrepreneurs.  Making it on this list is an important recognition of the fact that we provide Entrepreneurs with industry leading services.  We’d like to thank Entrepreneur.com, .net (powered by Verisign) and most of all, all of the people who nominated or voted for Interserver.net for this exciting recognition.

Free Advanced DNS Service from InterServer

Posted at December 27, 2013 at 6:51 pm by admin

InterServer offers an advanced DNS Management System, free of charge, to both customers and non-customers alike.  Anyone who is looking to have their DNS managed in a much more powerful and flexible way than most other services allow will want to consider moving to this great InterServer option. InterServer has been offering state of the art services since 1999, and is one of the fastest growing web hosting companies today.

Why Use InterServer DNS Management

Most people make the mistake of leaving their DNS management with the same place where they registered their domain.  While this might not seem like a big deal, it can actually limit the site in a variety of important ways.  Moving DNS management to InterServer will provide the following important benefits:

  • Redundancy – InterServer’s DNS management systems are fully redundant in each of our datacenters.  We currently have two facilities in Secaucus, NJ and one in Los Angeles, CA, allowing for uninterrupted service.  We are also looking at opening future datacenter locations in Houston, London, Paris and Hong Kong, which will provide even further DNS management redundancy.
  • DNS Record Redirects – In the event of a server failure or technical problem in one location, your website can be redirected to another page almost instantly.  This helps avoid or minimize any customer impact.
  • Efficiency Improvements – Our DNS management systems will help reduce the system resources used on your VPS or dedicated web hosting servers.
  • Unlimited – We offer unlimited zones, MX Records, C Names and SPFs.  You can also add, remove or edit these items any time you want, and as often as you want, from the convenient control panel.
  • 100% Free – This service is 100% free to use for everyone!  If you are already an InterServer customer, these options are already in your Control Panel.  If you’re not a customer, just create a free account and get access to this powerful service in just minutes.

 Customer Service & Support

Perhaps more important than any of the other benefits listed above, everyone who uses the powerful InterServer DNS management system will have access to our team of dedicated customer service professionals.  We can answer questions about the service, and provide support to ensure your DNS is set up, and functioning properly.  Our technical team is staffed 24/7/365 so if you ever have a problem, you can submit a ticket and get support in just minutes. In addition, we offer extensive FAQs and other online support material to help you understand exactly how to best set up your DNS management system.

Don’t make the mistake of trusting that your DNS management system is working as well as it could, or worse, that it doesn’t matter.  If you want to optimize the performance and reliability of your website, consider taking advantage of the free, advanced systems provided to you by InterServer.  Moving your DNS doesn’t take long, and can be done without any downtime at all.  A small investment of your time now can provide you with important benefits long into the future.

Visit: http://my.interserver.net to sign up or login.