Things haven’t really changed much in 2012. The just released January 2012 Symantec Intelligence Report revealed that while spam and viruses have been on the decline since the latter half of 2011, the types of attacks have changed. Phishers and spammers are being more specific in their targets and their attack approaches have become much more sophisticated. Some have started to use legitimate database sources and even recognizable brand websites. In addition to popular social platforms, malware purveyors are also using real distribution lists to improve their success rates.

Spammers have discovered that small to midsized businesses or SMBs are easier to target because they don’t have the same resources as the big boys to counter threats coming from the Internet.

And while the growth of the Internet has become the preferred channel for attacks, the Internet has also become an enabling platform for the creation of cost-effective security solutions that cater to just about everyone. Managed security services (MSS) is a systematic approach to managing an organization’s security needs. Usually outsourced to a service provider that oversees other companies’ network and information system security needs.

Functions of a managed security service include round-the-clock monitoring and management of intrusion detection systems and firewalls, overseeing patch management and upgrades, performing security assessments and security audits, and responding to emergencies. There are products available from a number of vendors to help organize and guide the procedures involved. This diverts the burden of performing the chores manually, which can be considerable, away from administrators.

What makes MSSPs popular with SMBs, particularly in Asia, is the relatively cost-effective offerings available in the market. From simple web filtering of emails, to 24×7 protection of websites and e-commerce applications, MSSPs use economies of scale to offer the same level of protection previously only afforded by large enterprises. After all, can you afford to hire an information security professional and keep these experts reasonably up-to-date with the latest in infosecurity best practices? Probably not!

With global ecommerce estimated to have reach USD711 billion in sales in 2010 (eMarketer) and China’s growing affluent consumers projected to spend USD134 billion online by 2012 (IDC), businesses of all sizes are scrambling to ride on this opportunity. But like all new ‘blue ocean’, caution must be exercised and efforts protected to ensure that risks are mitigated in this journey towards a globally connected world.

Like all things outsourced, identifying the right MSSP presents both an opportunity and a challenge. Just as importantly, identifying the right technology that offers the right level of security will be critical towards ensuring that your investment goes a long way towards achieving your business objectives.

A central tenet all MSSPs often choose to keep secret is the ability to use automation to deliver uninterrupted service 24×7. Partnering with innovators like Parallels has allowed many hosting service providers like us to achieve the economies of scale our business demands while ensuring our customers remain secure in the knowledge that their systems are protected 24x7xforever.

In my coming blog, I will list out proven steps to identifying what to look for in your MSSP so you are able to protect your investments and achieve the best outcome for your money. I’ll also uncover some of the best kept technology secrets in the hosting business. Stay tuned.

b. Use sender score to make sure that sending reputation of your e-mail server is good.

c. Use DNSStuffs.com to make sure that your IP address for e-mail sending is not being blacklisted.

d. Send e-mails on tuesday, wednesday and thursday

e. Average open rates is usually 45% for paying customers

f. Average open rates are usually 15% to 20% for prospects

g. Remove e-mails that didnt open e-mails for a long time

Acceptance of credit cards for payment has grown exponentially at small businesses across the US. Small merchants of all sizes should be aware of the risk for theft and fraud, and take action to combat this by certifying with the industry standard for handling credit card data, called the Payment Card Industry Data Security Standard (PCI-DSS). The PCI DSS is required for all businesses accepting credit cards.

What is PCI DSS? The five major card networks (American Express, Discover Financial Services, JCB, MasterCard Worldwide, and Visa Inc.) established the PCI DSS as a set of requirements for business of all types to use when configuring their IT and payment-processing environments. Understanding the requirements is the first step. Some businesses will need IT support to ensure all of the requirements are met prior to taking action to certify compliance. (For additional information, please visit www.pcisecuritystandards.org.) The 12 requirements are as follows:

• Install and maintain a firewall configuration to protect data

• Do not use vendor-supplied defaults for system passwords and other security parameters

• Protect stored data

• Encrypt transmission of cardholders data sensitive information across public networks

• Use and regularly update anti-virus software

• Develop and maintain secure systems and applications

• Restrict access to data by business need-to-know

• Assign a unique ID to each person with computer access

• Restrict physical access to cardholder data

• Track and monitor all access to network resources and cardholder data

• Regularly test security systems and processes

• Maintain a policy that addresses information security

There are two components required to validate or “prove” that a business has achieved PCI DSS compliance certification:

• Self-Assessment Questionnaire: All businesses are required to self-assess their IT and payment processing environment using the appropriate PCI Self-Assessment Questionnaire (SAQ). Please see the PCI Security Standards site for examples of the four questionnaires, www.pcisecuiritystandards.org

• Vulnerability Scanning: Depending on how you process payments and the Internet connection, network vulnerability scanning may also be required. (This step requires an Approved Scanning Vendor (ASV). The list of ASVs can be found at (https://www.pcisecuritystandards.org/qsa_asv/find_one.shtml)

The questionnaire and the scanning will help identify if any weaknesses or vulnerabilities exist in the network. These issues must be fixed before PCI DSS certification can be achieved.

Certification with PCI DSS is achieved with both a compliant, passing questionnaire and if necessary for your business, a compliant, passing vulnerability scan. There are many tools available in the marketplace to help small merchants achieve these steps easily. Your business may have been automatically enrolled in PCI DSS Compliance programs by your bank, processor or acquirer. If you are unsure if you are PCI DSS compliant or enrolled in a program, please call your payment processing provider.

ReadySpace partner with Trustwave who is both an ASV and a Qualified Security Assessor (QSA) for the card brands.

It is very common to find the two words – bandwidth and data transfer, used synonymously on the internet, specially on web host’s pricing plans. However, technically speaking, there is quite a difference between these two terms. Bandwidth denotes the volume of data that can be transferred per unit of time. Data transfer is the measure of the traffic generated from your website. The difference is that the bandwidth is a rate of data transfer.

If the bandwidth is high, the website will load faster because it can transfer more data per second. This does not mean that the data transfer will be high, because the amount of data transferred will depend on the number of visitors to your website and the file sizes of your website pages (including image, audio and video files etc.). The greater the number of visitors, the greater the amount of data transferred from your website, and so larger will be the data transfer.

Bandwidth and connection to internet

Bandwidth is usually expressed in bits per second (bps) or bytes per second. It is a very important measure of an input output (I/O) device. For example the modem that we use to connect to the internet has a certain maximum bandwidth (say 56 Kbps). On the other side a cable modem can transfer more data per second and usually has a bandwidth of around 200 – 1000 Kbps. A T1 line to the internet can transfer at the rate of 1.5 Mbps or higher.

Data transfer requirements for websites

Data transfer is measured in bytes, kilo bytes (KB), mega bytes (MB) or giga bytes (GB). If a website delivers 100,000 pages each month with average page file size of 20 KB, the data transfer per month will be 2 GB. Almost 80% of websites on the internet uses less than 5 GB of data transfer per month.

30 Gigabytes of monthly bandwidth or data transfer translates to about 30,000 unique visitors per day. The average website uses less than 250MB of bandwidth per month and receives about 50 visitors per day, so only very popular sites ever exceed 30GB.

Truths about unlimited data transfer

Some web hosts claim that they offer unlimited or unmetered data transfer. Higher bandwidth cost money and tie up server resources, so if any host truly offered unlimited data transfer at any price they would not be in business for very long. If you read their Terms of Service, you will find the following language or something similar:

“If at any time the Customer’s website generates enough bandwidth usage to affect the performance of other customer sites on the server, we reserve the full right to terminate the Customer’s domain name without refund.”

What this means is if the host feels that any customer’s website is costing them more money in bandwidth than the amount that customer pays, they will close the account without refund. Of course the resources of each server are set up not to exceed a certain amount of traffic, so higher bandwidth usage by any customer will automatically have an impact on other accounts on that server. The big question is what kind of bandwidth do they consider excessive, 1GB, 2GB, 3GB, 5GB, etc.? Is their bandwidth really unlimited or unmetered? If they do not measure bandwidth, how would they know when someone is using too much, and how can they keep their servers from running out of resources?

Viruses inside emails… how do they work?

Malicious content can be found inside the body of an email. These days, HTML is such a common element of emails, because it is used to embed pictures and links into the message body. However, HTML can also be used to embed viruses: scripts that execute automatically and can subsequently infect your computer with a virus. That’s why so many mail programs block HTML display by default and users must click a button to display the content, depending on whether you evaluate the content as being from a trustworthy source. As a rule, this precaution should never be turned off.

Hidden viruses in URLs

Surprisingly, an innocent looking URL could be a virus in disguise. While you may see a harmless link that leads you to a website, it could also execute a viral script or even link to a completely different URL that exposes you to a self-downloading virus.

The same rule applies to this as to email attachments: never open an attachment from an untrusted source.

The reason why the various tactics like malicious attachments and hidden html work is because the entire email is designed to fool its recipients. Users tend to be looking for useful information or to solve a problem and an email that offers up this facility on a plate is the best way to fool an email user.

Keep these points in mind:

- Don’t make quick decisions when filtering email

- Don’t trust suspicious or unexpected sources

- Don’t participate in email forwarding

- Don’t open suspicious attachments

- Invest in thorough email security to prevent these emails getting through in the first place

Google Apps becomes a paid service once the number of users increase to more than 10 and it is at a really low price of about $4.50/mth per user. More than just business e-mails features, it also comes free with tools like Google Docs and others making the other competition almost impossible to beat. These questions then came to my mind.

a. With such competitive pricing, how is Google really make their money?

b. Is it really a savings or a cost to you as a business owner?

Well, many of us know that Google Apps for business makes its money not by the subscription paid by end users, but really, they make money by having advertisements on the applications that you are using.

So what does it mean to you?

In 1 perspective, it actually helps you save money by allowing advertisements to be displayed to you and your staffs on their Google interface when they are working and replying their e-mails. In another perspective, it actually list down advertisements that might be related to you where you could easily locate vendors without having the need to search for them. 

However, there are also cons and its cons might easily cost you more than pros. Whenever staffs uses Google Apps, they will be displayed with bountiful amount of information that are unrelated to them. This could cost their efficiency and effectiveness in their work. Think about this, they are hired at a price to help the organisation effective. There are already enough distractions that would cause them to slow down, having it directly on their desktop could cost more for business owners.

Choose ReadySpace Web Hosting or MailOnCloud, you will get effectiveness and efficiency in your organisation. And all these translate to profitability at the end.

Always think about effects of savings. It might cost you more.

Anirban Banerjee, VP of R&D

Speaker Profile

Anirban is a co-founder and technical lead at StopTheHacker. Anirban holds a Ph.D. in Computer Science from the University of California at Riverside. For the last 5 years he has been active in various security circles and working groups that focus on eradication of web-malware and has presented lightning talks at HostingCon.

Synopsis

The face of Webmalware is changing dramatically. Websites are the new battleground between malicious hackers, security professional and online business owners. Malicious hackers are targeting websites in order to compromise them and steal precious business information. Every website is a target, businesses, government and military websites.

This leads to possible revenue losses and reputation damage for SMBs. Since SMB customers often assume that with the Hosters, Service provider or ISP ensure that the websites they host are bulletproof against hackers this leads to SMBs canceling their contract in the worst-case, and in the best-case cause additional support effort.

Stopthehacker’s advanced services not only protect the reputation of online business and websites, but also enable Hosters, Service providers or ISPs to create a new revenue stream for their businesses by offering the STH services white-labeled or branded) with minimal investment.

During the Webinar we will highlight the following areas:

- The change of security issues from desktop to web

- Why it is important to be protected

- What can you do to protect

- Presentation of the StopTheHacker solution

- Show how selling STH feeds your revenue stream

- Q&A

Register today at the following URL

https://readyspace.webex.com/readyspace/onstage/g.php?t=a&d=861739597

A virus is one of the oldest known parasites. When computers came around, genius programmers copied the traits of viruses into little computer programs, with the sole purpose of replicating and spreading itself. The most common way for a virus to enter a computer system is STILL via email. So how does that work?

We know the top 3 ways your network got infected, and today we examine the first.

Viruses in spam and phishing emails

Viruses are usually little programs. A lot of viruses out there in the 90’s and early 2000’s preyed on users naivety of the Internet. How many times did you forward a chain email, or a virus warning or even one of those desperate “donation” emails? Did they have an attachment? Usually a virus. People used to fall for these hoaxes quite often and they helped to spread these viruses.

While some people didn’t forward on hoax emails, or even open their attachments, a lot of people did and the viruses could embed into their computer without the user knowing. On top of this, many people forward these chain emails that just serve to clog up other people’s inboxes.

How can we stop spam and hoax emails?

These days it’s easy to block out all of these emails by simply installing the latest email security.

What was the problem for Canterbury Cathedral?

Canterbury Cathedral employs over 250 staff and hundreds of volunteers and is a much larger organization than most assume. The challenges faced by most modern businesses are also evident within this organization. One of the greatest challenges is to ensure that its operations run as efficiently and effectively as possible.

When Canterbury Cathedral staff found themselves spending the first part of their day trawling through spam email, management knew it was time to seek a solution. Much of the spam was offensive and even pornographic – and was having a serious impact upon productivity. According to IT Manager, David Tunbridge, who reports to the Chapter (the body responsible for all aspects of the Cathedral’s day-to-day management): “The old system we had in place to identify and manage spam simply wasn’t working. So we took the decision to look for a replacement.”

What’s the solution for email security?

The major problem to be tackled was the sheer volume of email spam, and Tunbridge was quite clear that this was the first prerequisite for any email security solution. On top of this, a managed and easily customized service was desirable.