Superior Access Control

Security FootageSecurity at a datacenter can’t be an afterthought. With tens of millions of dollars of equipment and countless transactions and secure connections being made throughout the day, a responsible datacenter must have first-rate access control systems in place. Security must be made a priority, which has led us to invest in state-of-the-art access control systems in addition to more traditional security measures.

Cisco Physical Access Manager (CPAM)

The datacenter is only accessible with an encoded badge that is monitored by a system called Cisco Physical Access Manager (CPAM). The HID badges we use are encoded with our employees’, clients’, and contractors’ information, then catalogued, monitored, and regularly audited. When a badge is issued, it is given a “time to live”—a pre-specified period of time that the badge will be active—after which the badge’s credentials will no longer work unless a datacenter access control employee reauthorizes them.

A database is kept of every active badge and is regularly audited to ensure that only currently authorized clients and employees have access to the colocation facility. The system tracks the time of each entry and exit into the building and the datacenter so any suspicious activity can be flagged. While the badges do give authorized personnel access to their equipment in the datacenter, some areas of the facility are still not accessible to every badge holder. CPAM and HID technology allows us to grant access to those who need it, such as specific datacenter employees, without compromising the security of the datacenter.

Other Security Measures

Norwood Security provides our datacenter with an added layer of protection. Security guards walk the premises every hour to make sure there haven’t been any security breaches. In addition, security cameras closely monitor every inch of the datacenter.

Your Servers Are in Good Hands

A datacenter has two primary roles: to keep servers running at all times and to keep them safe. Data102 takes both roles seriously, which is why we have layers of protection in place. Set up a time with us to see our state-of-the-art datacenter and discuss our colocation and managed services.

Facebooktwittergoogle_plusredditpinterestlinkedinmail

Importance of Password Policy

password policyOne of the defining attributes of computer security is the principle of multifactor authentication, which boils down to three basic concepts: something you know, something you are, and something you have.

Something You Know – a password, a pin number, a code

Something You Are – retina scan, finger prints, DNA

Something You Have – a smart card, a USB token, a magnetic strip card

A system with all three methods of authentication is thought to be fairly secure as far as logins are concerned, but the downside is that most systems don’t use multifactor authentication. Most organizations rely very heavily on passwords for authentication because they are the easiest to deploy and the most affordable. Biometric scanners like read retina and fingerprint data can be unbelievably expensive and typically require the user to be on location to work. Smart cards, USB tokens, and magnetic cards can all be misplaced and/or stolen. This leaves passwords and the like as the most cost and time effective way to authenticate with a system, so long as the user doesn’t keep theirs on a sticky note under their keyboard.

Passwords have been a contentious subject for many different groups and for good reason. As the single point of failure for user authentication, no one can agree on how complex or simple a password should be. Should a password consist of uppercase, lowercase, numbers, and special characters? Should it be several random words jumbled together? The Internet has many things to say about this and the results are often hilarious.

No matter what side of the tracks your opinion lies on, there is but one truth to passwords and their weaknesses: When your password gets cracked it will be by a machine not a person. What I mean by that is that the likelihood of a random person on the Internet stumbling across your account and guessing at the password until they gain entry is slow, inefficient, and quite frankly a waste of their time. Hackers will instead use a database of password hashes and algorithms to crack many passwords at the same time, and they are fast. However, there is an easier method of access which trumps programmatic password cracking in required effort and speed, which is simply to crawl the Internet for systems and devices that are still using their factory default password, i.e. admin/admin.

A story broke news in late 2013 about a family who awoke in the night from the sound of an intruder that turned out to be someone accessing their daughter’s IP-based webcam. The portion of the story that the media carefully left out was that the parents were negligent in setting up their webcam and left the webcam out on the Internet with defaulted passwords, not knowing that factory passwords are publicly accessible. PROTIP: They very much are. Even more likely is that their router was defaulted as well and accepting traffic from the Internet on all ports. This is equivalent to leaving the front door to your house open 24/7 because it makes it easier for you to get in and out. So the short answer to the question of what criteria to base your password policy off of is simply put, “Don’t be those guys.”

Our knowledgable technicians here at Colorado’s top data center, Data102, have some of their own helpful tips for choosing the optimal password. There are a few hard and fast rules to live by when creating passwords that will keep a user safe from unauthorized access across the board:

  • Though maximum complexity isn’t necessary, avoid using any words that reference your personal life in any way. Like real-life intruders, malicious users on the Internet do their homework too.
  • Still though, make your passwords as complex as you can remember.
  • Change your passwords every 1-3 months.
  • Use different passwords for all of your online profiles. A single common password becomes a single point of failure. There is a huge difference between someone accessing old e-mail and having their way with your bank account.
  • If you have trouble with any of these, enlist a password manager to do the heavy lifting for you. Password managers are a godsend for system administrators or just those with a horrible short-term memory.
  • Even if you believe your newly created password is safe, our experts would still suggest you get some AntiSpam protection solutions in place for your email accounts. DirectMX, for an example, provides yet another thick locked gate for intruders to try to break down if hacking your email account is something on their to-do list. Don’t make the hacking process easy for bad guys, add another lock and key situation to the mix with AntiSpam filters.
Facebooktwittergoogle_plusredditpinterestlinkedinmail

Layer 3 Security and Linux

Layer-3-Security-LinuxYour web server has been defaced for the third time in two months and your customers are starting to wonder. Some may even start to fear their personal information is at risk. With recent security breaches from big corporations like Michaels, Neiman Marcus, and Target2, you would be hard pressed to come up with a reason why they shouldn’t be. These days, the Internet can be a caustic place and computer security (especially of the web variety) is becoming much more important to everyone, from the lowly startup to the great big software corporations.

The fact is the majority of visitors to a website may not be actual people at all butautomated bots searching pages for weaknesses (think computer programs that scan the web)1. This information creates a very scary scenario of an Internet where malicious users can accomplish things automatically and in heavy volume.

However information one knows can also help them be prepared, which in this case would be fighting fire with a firewall. Many users have the IPTABLES service running on their Linux boxes right now, but have little to no idea how to configure it. It works as a firewall with rules set in place to allow network traffic in or out. Manually configuring IPTABLES can be a bear, especially when you are talking about possibly hundreds of unique IP’s hitting a server in an hour. It would be impossible for someone to be as dynamic as the Internet when it comes tomalicious traffic.

In order to counter the ever-increasing stream of garbage from the Internet, one could enlist the help of dynamic services like fail2ban to add an extra bit of security to their system. Fail2ban is a service that runs while your system is live and scans logs for diversions in a baseline that you can configure. It’s safe to say that a malicious user trying to break a system via the login screen of your web page will not be successful on the first go. Well with fail2ban, the malicious user might get 3 tries before fail2ban sees the login failures in the log file and bans the host by adding their IP to a jail file. Once in the jail, the host won’t even be able to request the page that it’s trying to break, effectively stopping the automated attack. The rules for what and when to ban are entirely up to the administrator, and work in tandem with many “native” Linux services. New filters can be applied using regex that looks for specific strings or methods of attack. Basically, if a person is consistent with their maintenance, they will be able to mitigate most bot-based attacks, at least of the web variety. The best part is that since fail2ban is just a daemon, you can run it on both virtualized and stand-alone servers without any issue.

Since fail2ban sits on the server and watches interactions with the logs, it doesn’t care what type of virtualization it might be using in regards to a VPS. However you do have to keep semi-decent logging for it to watch, which shouldn’t be an issue if your installs are defaulted. In short, fail2ban and other types of dynamic log monitoring services are great for watching real-time data and protecting from malicious users out on the net. That being said, there is no replacement for strong authentication protocol to include frequent password changes. In our next article, your premier Colorado data center will address the truth about passwords and what makes them strong or weak, as well as the importance of a firm password policy.

Facebooktwittergoogle_plusredditpinterestlinkedinmail

Colorado Springs Datacenter Partners With Cisco For New High-Tech Security System

Cisco Logo

Colorado Springs datacenter, Data102, has announced partnership with Cisco to expand on existing security measures. Physical security measures have been increased on location for further compliance with security standards

CiscoColorado Springs datacenter, Data102, is partnering with Cisco, a global leader in security and networking, in order to provide another layer of protection for their client’s equipment and sensitive data.

Data102 has been offering secure colocation services for years, with physical security gaining in popularity as more companies see the benefit of such a barrier. Data102’s staff members are trained to insure the highest security standards and close monitoring for any potential threats. Physical security is a necessity in order to avoid malicious invaders. This Colorado datacenter’s physical security is maintained in compliance with PCI, HIPAA, and SSAE16 datacenter standards.

The people managing the systems are just as integral to security as the hardware and software. Travis Taylor, the Director of Business Development, explains that, “All of our physical security measures are monitored around the clock by our experienced staff which guarantees a strong line of defense against even the most dangerous intruders.” The Data102 staff is available 24 x 7 x 365 to answer queries or fix problems, ensuring security is maintained at all times.

Physical access to the Colorado Springs location has been entirely revamped with the installation of a Cisco Physical Access Manager. In keeping with the standards that have been set for SSAE16 datacenters, physical security is closely monitored. As you would expect, video and access information is logged for any visitor that enters the datacenters, but access to other areas is now being monitored as well. Employee office space and conference areas are restricted so that only those with an access badge may enter. Visitors may be allowed inside the facility with limited access and are escorted by a staff member at all times.

ABOUT DATA102
A Colorado Springs datacenter and IT services provider, Data102 offers products and services such as managed firewalls, Virtual Private Servers, anti-spam services, backups, colocation and bandwidth. In addition to affordability, reliability and flexibility, Data102 offers unparalleled customer service and technical support. For more information about Data102 LLC, visit data102.com.

 

View this press release at prweb.com

Facebooktwittergoogle_plusredditpinterestlinkedinmail