Posts Tagged ‘Security’

Prepare Your Business for a DDoS Attack – 5 Recommendations

DDoS AttackDistributed denial of service (DDoS) attacks have become a part of having a presence on the web. While the question used to be if you will be attacked, today it is only a matter of when. Because of this, it is more important than ever to have a defense strategy in place. But, for all the media coverage and attention any DDoS attack may receive, their purpose and how to best defend against them are not always well understood.

According to the 2016 Verizon data breach incident report (DBIR), DDoS and web app attacks have increased substantially over the last year. Successful data breaches of web app attacks where data was stolen increased from 7% to 40% with targeted data including:

  • Credit card data
  • Personal information
  • Financial credentials
  • Passwords

If you want to ensure that your business is ready for a DDoS attack there are a number of best practices you should keep in mind. What follow are 5 recommendations from our 10 years of experience managing over 80,000 servers. If you want an even more in depth overview, as well 5 more recommendations, you can download the full white paper here.

Read the rest of this entry »

Challenges in the Cloud: Data Privacy & Sovereignty

IDG Roundtable in Cobramuseum, 17.11.2016. Foto: Yvonne Witte

Data privacy is one of the hottest topics in all industries globally. Understanding the critical due diligence from a data privacy and sovereignty perspective will help mitigate risk.

Privacy is not a security issue

Today, we face other and more complicated challenges than ever before regarding data privacy. Privacy is not a matter of security. Privacy concerns the contents of data -personal data- and its storage, transfer, access and processing methodologies. Under EU law, personal data can only be gathered legally under strict conditions, for a legitimate purpose.

Disrupted data

In this day and age tech-disruption causes new business models requiring even profounder use of data; leading to increased transfer of vast amounts of personal information across borders. GDPR and other data protections laws are being implemented to protect data from misuse, respecting the rights of the data owners. The rules are strict but data-privacy shows itself to be a wheel with many spokes.

The new currency

Data is currency, and the sense of urgency surrounding this is obvious; worldwide regulations develop fast and data leaks easily get in the eye of the (social) media storm causing heightened concern about privacy risk. The sanctions of the GDPR (4% of global annual revenue) will even hurt giants like Google, Apple and Microsoft. Times will change in benefit of privacy for the individual but conflict in data protection rules per country cause a bottleneck for business.

Challenges are plenty Read the rest of this entry »

We partner with Northwave to offer managed security services

leaseweb_northwave_partnershipWe are happy to announce that we have started a strategic partnership with Northwave to offer clients advanced managed security services. LeaseWeb clients are now able to put their IT environments under the permanent protection of the Northwave Computer Emergency Response Team (CERT).

The partnership is set up to guide and advise LeaseWeb customers on all security related topics.

The new security services are delivered as a tailor made extension to the Leaseweb Private Cloud, Dedicated Hosting and co-location services and available December 1st 2016. 

For more details, read our press release here.

DDoS protection – what is a DDoS attack and how to mitigate it?

In today’s hyper-connected world, it has never been more important to address and mitigate security threats to your business. The shift to cloud services has increased substantially over the past few years and it is vital to understand how to reduce the risks that come with the move to this platform. More than 90% of internet traffic will be video within two years. The ratio of connected devices to internet users is projected to be 10:1 by the year 2020. With such a high level of connectivity, outages due to cyber security threats can cost a company up to $100,000 per minute.

The most common threat to cloud users are distributed denial of service (also known as DDoS) attacks. Studies show that targets are not limited to some specific activities but rather that every organization is a potential target. The top four reasons for attacks are:

  • Hacktivism illustrated by Anonymous or Wikileaks organizations.
  • Cyber warfare in order to destabilize a foreign government or an election.
  • Cyber espionage to steal intellectual property of a competitor.
  • Cybercrime in the form of cyberextortion, in which an attack or the threat of an attack is coupled with a demand for money to prevent or stop the attack.

Cybercrime is responsible for over 65% of attacks. It does not matter how large or small your cloud footprint is, everyone is at risk as no segment of activity is immune to attack. With an ever growing array of targets, attacks are becoming more sophisticated. Multi-vector attacks are becoming more aggressive than before with an 84% increase in multi-vector attacks over the past few years. It is also easier than ever to launch an attack due to the availability of tools that do not require special knowledge. One does not need to be a security expert to launch a damaging attack. Events of last week show that the growth of IoT (Internet of Things) is making us more vulnerable as personal devices such as webcams were used as weapons to bombard major sites like Netflix and Twitter with millions of requests. Read the rest of this entry »

Remote Management: how it secures and gives you more control over your Bare Metal Servers

bareMetal_USP_controlLeaseWeb is always striving for the best customer experience and we believe that putting you in the driver’s seat is a key factor in this. After all, the more control you have, the faster you can get things done. To help you with this, we automate important self-service processes that enable you to manage your infrastructure.

Recently we launched a new free feature for our Bare Metal and Dedicated Server products which gives customers secure access to their server’s IPMI interface. The IPMI interface is a very powerful tool that can be used for many things, especially:

  • For debugging issues if your server becomes unreachable
  • Installing an operating system which LeaseWeb does not offer through the Customer Portal
  • Customizing your OS installations

All these actions are made much easier by giving access to the IPMI interface.

LeaseWeb already offered access to the IPMI interface on request by assigning a public IP address so it would be accessible over the internet. However, IPMI interfaces are not known for their security, so exposing them over the internet is far from ideal.

Read the rest of this entry »

Techsummit Berlin 2016 preview: Managing secrets at scale

Managing secrets is hard to get right, and can be very expensive if you get it wrong. In our latest podcast, Alex Schoof, principal engineer at Fugue, previews some of the topics he’ll be addressing during his presentation at TechSummit Berlin.

TechSummit Berlin takes place on 13 April 2016. Join others from the tech community for a day of informal chat and information exchange – all in the cool surroundings of Berlin. More info, full lineup and tickets: www.techsummit.io/berlin

Security: it’s all about managing risk!

EnterPrise_01_ComplianceOrganizations are increasingly dependent on their digital infrastructure. At the same time, these organizations seem to be more vulnerable than ever as cyber criminals’ techniques become more and more sophisticated. So how can you handle this situation? In other words: how do you become a secure online organization?

This was one of the topics discussed by Dell and LeaseWeb customers during a roundtable discussion about security. IT security specialist and journalist Brenno de Winter provided interesting insights in his introduction: “If your company wants to be a secure organization, you have to manage risks. There are four options when dealing with risks: accepting them, reducing them through security measures, avoiding risks by ceasing certain activities, or to partially outsource risk management to a third party. There are also affordable insurance policies against hacks available which are worth considering. But no matter what you do, make sure you have a risk management strategy in place, supported by tools that identity the security risks of your organization.”

Read the rest of this entry »

Stay safe: how to install the patch for Linux bug CVE-2016-0728

200px-Tux.svgA security bug affecting Linux versions 3.8 and higher was recently identified. Although this bug (CVE-2016-0728) was first introduced into the Linux Kernel in 2012, it was only discovered and made public a few days ago. When we learned of the bug’s existence, we immediately patched all internal LeaseWeb servers. We advise everyone to patch their servers as well.

The vulnerability in the Linux kernel could potentially be used by attackers in order to obtain higher privileges from a regular account. It uses a technique called “use-after-free” to control the way memory is freed on kernel objects which is then replaced with user supplied data, while keeping the privileges of that memory object.

Read the rest of this entry »

How LeaseWeb restructured its compliance approach

Trust_01_0Trust is built with consistency.

LeaseWeb has rapidly expanded its business across the globe in the past years. As a result, there were many separate and standalone certifications for different services and products within our organization, several of which overlapped. A restructuring of the compliance portfolio was needed. Last year, we started with a clean sheet to completely rebuild our global portfolio. In addition, we initiated the search for new audit partners who could support this mission together with our procurement department.

Today, I would like to provide you some insight into how we handled the restructuring.

Read the rest of this entry »

LeaseWeb and StopBadware unite to combat cybercrime

Stopbadware logoLeaseWeb, a leading global hosting provider, is sponsoring StopBadware (www.stopbadware.org) to make the internet safer through the prevention, mitigation, and remediation of malware websites. LeaseWeb will provide hosted server infrastructure, physical capacity and redundancy for the network and services, to support the growth of the global initiative.

Read the rest of this entry »

LeaseWeb on Twitter

Joy and fun today: happy to support the Hoogvliegers day at the Lelystad airport

test Twitter Media - Joy and fun today: happy to support the Hoogvliegers day at the Lelystad airport https://t.co/DZmEeQVnU2

Our Product Manager for Dedicated Servers giving a speech at ESL Benelux Championship 2017. Visit us during the event.

test Twitter Media - Our Product Manager for Dedicated Servers giving a speech at ESL Benelux Championship 2017. Visit us during the event. https://t.co/PVTopS0f62

Vladimir Smirnov of @bookingcom talks about Graphite@Scale or how to store millions points per second #TechSummitIO lsw.to/lhX

2 days until #ESL Benelux Championship. All the competitive games in the competition will be powered by our servers: lsw.to/lhp

test Twitter Media - 2 days until #ESL Benelux Championship. All the competitive games in the competition will be powered by our servers: https://t.co/q8Ev9k4wbW https://t.co/a9Wl5Oxttz