Profile cover photo
Profile photo
Datasoft Networks
Providing Dedicated servers.
Providing Dedicated servers.


Post has attachment
Intel's Core i9 (Gulftown) Platform Review Benchmarks

We know the general trend is unchanging: every new CPU generation is faster, smaller, cheaper. And yet, the new i9 from Intel will blow your socks off with its performance (and initially also a hole in your wallet!)

If you can't wait till its release early next year (only a few months away actually) here are some benchmarks culled from various sites who already tested the i9, also known as Gulftown.

Particularly for tasks such as 3D modeling and video encoding, the 2.8GHz Core i9 is about 50 percent faster than a Core i7 at the same clock speed.

Here are some test results by PCLab:

Not all tests show as large gains, as those limited to a single core or which didn't properly use their extra code threads saw smaller gains or even no advantage at all.

Some of this is attributed to the prototype nature of the i9 platform, as its memory performance isn't as high as anticipated for production hardware. Its memory speed won't be as high as on the quad-core processors, however.

Intel isn't due to launch Core i9 until early 2016, possibly early as January, and will initially reserve it for high end systems as it should have a high price and consume about 130W of power versus the 95W for most Core i5 and i7 chips.
Add a comment...

Post has attachment
Introducing economical & reliable FTP cloud Storage services at just $9/mnth for 100 GB visit
Add a comment...

Post has attachment
25 Hardening Security Tips for Linux Servers
Everybody says that Linux is secure by default and agreed to some extend (It’s debatable topics). However, Linux has in-built security model in place by default. Need to tune it up and customize as per your need which may help to make more secure system. Linux is harder to manage but offers more flexibility and configuration options.
Securing a system in a production from the hands of hackers and crackers is a challenging task for a System Administrator. This is our first article related to “How to Secure Linux box” or “Hardening a Linux Box“. In this post We’ll explain 25 useful tips & tricks to secure your Linux system. Hope, below tips & tricks will help you some extend to secure your system.
1. Physical System Security
Configure the BIOS to disable booting from CD/DVD, External Devices, Floppy Drive in BIOS. Next, enable BIOS password & also protect GRUB with password to restrict physical access of your system.
Set GRUB Password to Protect Linux Servers
2. Disk Partitions
It’s important to have different partitions to obtain higher data security in case if any disaster happens. By creating different partitions, data can be separated and grouped. When an unexpected accident occurs, only data of that partition will be damaged, while the data on other partitions survived. Make sure you must have following separate partitions and sure that third party applications should be installed on separate file systems under /opt.
3. Minimize Packages to Minimize Vulnerability
Do you really want all sort of services installed?. It’s recommended to avoid installing useless packages to avoid vulnerabilities in packages. This may minimize risk that compromise of one service may lead to compromise of other services. Find and remove or disable unwanted services from the server to minimize vulnerability. Use the ‘chkconfig‘ command to find out services which are running on runlevel 3.
# /sbin/chkconfig -list |grep '3:on'
Once you’ve find out any unwanted service are running, disable them using the following command.
# chkconfig serviceName off
Use the RPM package manager such as “yum” or “apt-get” tools to list all installed packages on a system and remove them using the following command.
# yum -y remove package-name
# sudo apt-get remove package-name
4. Check Listening Network Ports
With the help of ‘netstat‘ networking command you can view all open ports and associated programs. As I said above use ‘chkconfig‘ command to disable all unwanted network services from the system.
# netstat -tulpn
5. Use Secure Shell(SSH)
Telnet and rlogin protocols uses plain text, not encrypted format which is the security breaches. SSH is a secure protocol that use encryption technology during communication with server.
Never login directly as root unless necessary. Use “sudo” to execute commands. sudo are specified in /etc/sudoers file also can be edited with the “visudo” utility which opens in VI editor.
It’s also recommended to change default SSH 22 port number with some other higher level port number. Open the main SSH configuration file and make some following parameters to restrict users to access.
# vi /etc/ssh/sshd_config
Disable root Login
PermitRootLogin no
Only allow Specific Users
AllowUsers username
Use SSH Protocol 2 Version
Protocol 2
6. Keep System updated
Always keep system updated with latest releases patches, security fixes and kernel when it’s available.
# yum updates
# yum check-update
7. Lockdown Cronjobs
Cron has it’s own built in feature, where it allows to specify who may, and who may not want to run jobs. This is controlled by the use of files called /etc/cron.allow and /etc/cron.deny. To lock a user using cron, simply add user names in cron.deny and to allow a user to run cron add in cron.allow file. If you would like to disable all users from using cron, add the ‘ALL‘ line to cron.deny file.
# echo ALL >>/etc/cron.deny
8. Disable USB stick to Detect
Many times it happens that we want to restrict users from using USB stick in systems to protect and secure data from stealing. Create a file ‘/etc/modprobe.d/no-usb‘ and adding below line will not detect USB storage.
install usb-storage /bin/true
9. Turn on SELinux
Security-Enhanced Linux (SELinux) is a compulsory access control security mechanism provided in the kernel. Disabling SELinux means removing security mechanism from the system. Think twice carefully before removing, if your system is attached to internet and accessed by the public, then think some more on it.
SELinux provides three basic modes of operation and they are.
Enforcing: This is default mode which enable and enforce the SELinux security policy on the machine.
Permissive: In this mode, SELinux will not enforce the security policy on the system, only warn and log actions. This mode is very useful in term of troubleshooting SELinux related issues.
Disabled: SELinux is turned off.
You can view current status of SELinux mode from the command line using ‘system-config-selinux‘, ‘getenforce‘ or ‘sestatus‘ commands.
# sestatus
If it is disabled, enable SELinux using the following command.
# setenforce enforcing
It also can be managed from ‘/etc/selinux/config‘ file, where you can enable or disable it.
10. Remove KDE/GNOME Desktops
There is no need to run X Window desktops like KDE or GNOME on your dedicated LAMP server. You can remove or disable them to increase security of server and performance. To disable simple open the file ‘/etc/inittab‘ and set run level to 3. If you wish to remove it completely from the system use the below command.
# yum groupremove "X Window System"
11. Turn Off IPv6
If you’re not using a IPv6 protocol, then you should disable it because most of the applications or policies not required IPv6 protocol and currently it doesn’t required on the server. Go to network configuration file and add followings lines to disable it.
# vi /etc/sysconfig/network
12. Restrict Users to Use Old Passwords
This is very useful if you want to disallow users to use same old passwords. The old password file is located at /etc/security/opasswd. This can be achieved by using PAM module.
Open ‘/etc/pam.d/system-auth‘ file under RHEL / CentOS / Fedora.
# vi /etc/pam.d/system-auth
Open ‘/etc/pam.d/common-password‘ file under Ubuntu/Debian/Linux Mint.
# vi /etc/pam.d/common-password
Add the following line to ‘auth‘ section.
auth        sufficient likeauth nullok
Add the following line to ‘password‘ section to disallow a user from re-using last 5 password of his or her.
password   sufficient nullok use_authtok md5 shadow remember=5
Only last 5 passwords are remember by server. If you tried to use any of last 5 old passwords, you will get an error like.
Password has been already used. Choose another.
13. How to Check Password Expiration of User
In Linux, user’s passwords are stored in ‘/etc/shadow‘ file in encrypted format. To check password expiration of user’s, you need to use ‘chage‘ command. It displays information of password expiration details along with last password change date. These details are used by system to decide when a user must change his/her password.
To view any existing user’s aging information such as expiry date and time, use the following command.
#chage l username
To change password aging of any user, use the following command.
#chage -M 60 username
#chage -M 60 -m 7 -W 7 userName
-M Set maximum number of days
-m Set minimum number of days
-W Set the number of days of warning
14. Lock and Unlock Account Manually
The lock and unlock features are very useful, instead of removing an account from the system, you can lock it for an week or a month. To lock a specific user, you can use the follow command.
# passwd l accountName
Note : The locked user is still available for root user only. The locking is performed by replacing encrypted password with an (!) string. If someone trying to access the system using this account, he will get an error similar to below.
# su - accountName
This account is currently not available.
To unlock or enable access to an locked account, use the command as. This will remove (!) string with encrypted password.
# passwd -u accountName
15. Enforcing Stronger Passwords
A number of users use soft or weak passwords and their password might be hacked with a dictionary based or brute-force attacks. The ‘pam_cracklib‘ module is available in PAM (Pluggable Authentication Modules) module stack which will force user to set strong passwords. Open the following file with an editor.
Read Also:
# vi /etc/pam.d/system-auth
And add line using credit parameters as (lcredit, ucredit, dcredit and/or ocredit respectively lower-case, upper-case, digit and other)
/lib/security/$ISA/ retry=3 minlen=8 lcredit=1 ucredit=-2 dcredit=-2 ocredit=-1
16. Enable Iptables (Firewall)
It’s highly recommended to enable Linux firewall to secure unauthorised access of your servers. Apply rules in iptables to filters incoming, outgoing and forwarding packets. We can specify the source and destination address to allow and deny in specific udp/tcp port number.
17. Disable Ctrl+Alt+Delete in Inittab
In most Linux distributions, pressing ‘CTRL-ALT-DELETE’ will takes your system to reboot process. So, it’s not a good idea to have this option enabled at least on production servers, if someone by mistakenly does this.
This is defined in ‘/etc/inittab‘ file, if you look closely in that file you will see a line similar to below. By default line is not commented out. We have to comment it out. This particular key sequence signalling will shut-down a system.
#ca::ctrlaltdel:/sbin/shutdown t3 -r now
18. Checking Accounts for Empty Passwords
Any account having an empty password means its opened for unauthorized access to anyone on the web and it’s a part of security within a Linux server. So, you must make sure all accounts have strong passwords and no one has any authorized access. Empty password accounts are security risks and that can be easily hackable. To check if there were any accounts with empty password, use the following command.
# cat /etc/shadow | awk F: '($2==""){print $1}'
19. Display SSH Banner Before Login
It’s always a better idea to have an legal banner or security banners with some security warnings before SSH authentication. To set such banners read the following article.
20. Monitor User Activities
If you are dealing with lots of users, then its important to collect the information of each user activities and processes consumed by them and analyse them at a later time or in case if any kind of performance, security issues. But how we can monitor and collect user activities information.
There are two useful tools called ‘psacct‘ and ‘acct‘ are used for monitoring user activities and processes on a system. These tools runs in a system background and continuously tracks each user activity on a system and resources consumed by services such as Apache, MySQL, SSH, FTP, etc. For more information about installation, configuration and usage, visit the below url.
21. Review Logs Regularly
Move logs in dedicated log server, this may prevents intruders to easily modify local logs. Below are the Common Linux default log files name and their usage:
/var/log/message – Where whole system logs or current activity logs are available.
/var/log/auth.log – Authentication logs.
/var/log/kern.log – Kernel logs.
/var/log/cron.log – Crond logs (cron job).
/var/log/maillog – Mail server logs.
/var/log/boot.log – System boot log.
/var/log/mysqld.log – MySQL database server log file.
/var/log/secure – Authentication log.
/var/log/utmp or /var/log/wtmp : Login records file.
/var/log/yum.log: Yum log files.
22. Important file Backup
In a production system, it is necessary to take important files backup and keep them in safety vault, remote site or offsite for Disasters recovery.
23. NIC Bonding
There are two types of mode in NIC bonding, need to mention in bonding interface.
mode=0 – Round Robin
mode=1 – Active and Backup
NIC Bonding helps us to avoid single point of failure. In NIC bonding, we bond two or more Network Ethernet Cards together and make one single virtual Interface where we can assign IP address to talk with other servers. Our network will be available in case of one NIC Card is down or unavailable due to any reason.
24. Keep /boot as read-only
Linux kernel and its related files are in /boot directory which is by default as read-write. Changing it to read-only reduces the risk of unauthorized modification of critical boot files. To do this, open “/etc/fstab” file.
# vi /etc/fstab
Add the following line at the bottom, save and close it.
LABEL=/boot     /boot     ext2     defaults,ro     1 2
Please note that you need to reset the change to read-write if you need to upgrade the kernel in future.
25. Ignore ICMP or Broadcast Request
Add following line in “/etc/sysctl.conf” file to ignore ping or broadcast request.
Ignore ICMP request:
net.ipv4.icmp_echo_ignore_all = 1
Ignore Broadcast request:
net.ipv4.icmp_echo_ignore_broadcasts = 1
Load new settings or changes, by running following command
#sysctl -p
If you’ve missed any important security or hardening tip in the above list, or you’ve any other tip that needs to be included in the list. Please drop your comments in our comment box. TecMint is always interested in receiving comments, suggestions as well as discussion for improvement.
Add a comment...

Post has attachment
We at Datasoft Networks, , use Digital Realty Datacenters in both our St. Louis and Miami Datacenters.

How to build physical security into a data center
There are plenty of complicated documents that can guide companies through the process of designing a secure data center—from the gold-standard specs used by the federal government to build sensitive facilities like embassies, to infrastructure standards published by industry groups like the Telecommunications Industry Association, to safety requirements from the likes of the National Fire Protection Association. But what should be the CSO's high-level goals for making sure that security for the new data center is built into the designs, instead of being an expensive or ineffectual afterthought?

Read below to find out how a fictional data center is designed to withstand everything from corporate espionage artists to terrorists to natural disasters. Sure, the extra precautions can be expensive. But they're simply part of the cost of building a secure facility that also can keep humming through disasters.

1. Build on the right spot. Be sure the building is some distance from headquarters (20 miles is typical) and at least 100 feet from the main road. Bad neighbors: airports, chemical facilities, power plants. Bad news: earthquake fault lines and (as we've seen all too clearly this year) areas prone to hurricanes and floods. And scrap the "data center" sign.

2. Have redundant utilities. Data centers need two sources for utilities, such as electricity, water, voice and data. Trace electricity sources back to two separate substations and water back to two different main lines. Lines should be underground and should come into different areas of the building, with water separate from other utilities. Use the data center's anticipated power usage as leverage for getting the electric company to accommodate the building's special needs.

3. Pay attention to walls. Foot-thick concrete is a cheap and effective barrier against the elements and explosive devices. For extra security, use walls lined with Kevlar.

data center physical security
4. Avoid windows. Think warehouse, not office building. If you must have windows, limit them to the break room or administrative area, and use bomb-resistant laminated glass.

5. Use landscaping for protection. Trees, boulders and gulleys can hide the building from passing cars, obscure security devices (like fences), and also help keep vehicles from getting too close. Oh, and they look nice too.

6. Keep a 100-foot buffer zone around the site. Where landscaping does not protect the building from vehicles, use crash-proof barriers instead. Bollard planters are less conspicuous and more attractive than other devices. Or you could do as Apple and Google have done in hiring security guards.

7. Use retractable crash barriers at vehicle entry points. Control access to the parking lot and loading dock with a staffed guard station that operates the retractable bollards. Use a raised gate and a green light as visual cues that the bollards are down and the driver can go forward. In situations when extra security is needed, have the barriers left up by default, and lowered only when someone has permission to pass through.

8. Plan for bomb detection. For data centers that are especially sensitive or likely targets, have guards use mirrors to check underneath vehicles for explosives, or provide portable bomb-sniffing devices. You can respond to a raised threat by increasing the number of vehicles you checkperhaps by checking employee vehicles as well as visitors and delivery trucks.

9. Limit entry points. Control access to the building by establishing one main entrance, plus a back one for the loading dock. This keeps costs down too.

10. Make fire doors exit only. For exits required by fire codes, install doors that don't have handles on the outside. When any of these doors is opened, a loud alarm should sound and trigger a response from the security command center.

11. Use plenty of cameras. Surveillance cameras should be installed around the perimeter of the building, at all entrances and exits, and at every access point throughout the building. A combination of motion-detection devices, low-light cameras, pan-tilt-zoom cameras and standard fixed cameras is ideal. Footage should be digitally recorded and stored offsite.

12. Protect the building's machinery. Keep the mechanical area of the building, which houses environmental systems and uninterruptible power supplies, strictly off limits. If generators are outside, use concrete walls to secure the area. For both areas, make sure all contractors and repair crews are accompanied by an employee at all times.

13. Plan for secure air handling. Make sure the heating, ventilating and air-conditioning systems can be set to recirculate air rather than drawing in air from the outside. This could help protect people and equipment if there were some kind of biological or chemical attack or heavy smoke spreading from a nearby fire. For added security, put devices in place to monitor the air for chemical, biological or radiological contaminant.

14. Ensure nothing can hide in the walls and ceilings. In secure areas of the data center, make sure internal walls run from the slab ceiling all the way to subflooring where wiring is typically housed. Also make sure drop-down ceilings don't provide hidden access points.

15. Use two-factor authentication. Biometric identification is becoming standard for access to sensitive areas of data centers, with hand geometry or fingerprint scanners usually considered less invasive than retinal scanning. In other areas, you may be able to get away with less-expensive access cards.

16. Harden the core with security layers. Anyone entering the most secure part of the data center will have been authenticated at least three times, including:

a. At the outer door. Don't forget you'll need a way for visitors to buzz the front desk.

b. At the inner door. Separates visitor area from general employee area.

c. At the entrance to the "data" part of the data center. Typically, this is the layer that has the strictest "positive control," meaning no piggybacking allowed. For implementation, you have two options:

1. A floor-to-ceiling turnstile. If someone tries to sneak in behind an authenticated user, the door gently revolves in the reverse direction. (In case of a fire, the walls of the turnstile flatten to allow quick egress.)

2. A "mantrap." Provides alternate access for equipment and for persons with disabilities. This consists of two separate doors with an airlock in between. Only one door can be opened at a time, and authentication is needed for both doors.

d. At the door to an individual computer processing room. This is for the room where actual servers, mainframes or other critical IT equipment is located. Provide access only on an as-needed basis, and segment these rooms as much as possible in order to control and track access.

17. Watch the exits too. Monitor entrance and exit—not only for the main facility but for more sensitive areas of the facility as well. It'll help you keep track of who was where when. It also helps with building evacuation if there's a fire.

18. Prohibit food in the computer rooms. Provide a common area where people can eat without getting food on computer equipment.

19. Install visitor rest rooms. Make sure to include bathrooms for use by visitors and delivery people who don't have access to the secure parts of the building.
Add a comment...

Post has attachment
We at Datasoft Networks, , uses Dell PowerEdge servers for all of our servers and services.

Dell PowerEdge blade servers: performance, efficiency, versatility

Compute more in less space, with less energy. Blade servers can be key elements in reducing ever-growing power costs, and for implementing environmentally conscious IT initiatives.

And because they’re an integral component of shared infrastructure, they have server- and chassis-based redundancies that make them highly reliable. PowerEdge blades benefit from numerous fans and power supplies, failsafe hypervisors, and fault resilient memory — as well as redundant embedded management, hot swappable and fault tolerant drive options, and compatibility with up to three redundant (and converged) IO switching networks.

They also help you: 

Accelerate workloads
PowerEdge blade servers are designed with carefully balanced memory, IO and internal storage options to optimize workload performance. Next-generation PowerEdge blade servers help you enhance virtualization environments, accelerate applications and step up high-performance computing capabilities. With dense designs, flexible internal Flash storage options—including Fluid Cache for SAN — and the latest Intel processors, we help you get more done in less time. 

Manage efficiently
PowerEdge blade servers give you the benefit of our innovative agent-free management based on the intelligence of our powerful iDRAC (integrated Dell remote access controller) —with Lifecycle Controller — embedded right into each server. Our systems management capabilities help you more easily deploy, monitor, manage and maintain servers across their entire life cycles with much greater automation and ease-of-use.

And our next generation blade servers make systems management easier than ever before with features like:
Zero touch deployment that automatically retrieves predefined configuration settings and applies them to bare-metal servers
iDRAC Direct for fast, local server deployments
OpenManage Mobile for round-the-clock remote access from your smart device.

Scale flexibly
PowerEdge blade servers empower you to deploy multiple generations or processor families within the same density, power, and cooling infrastructure. And their wide array of performance and configuration options give you the flexibility to choose the servers that are optimized for your specific IT operation and applications. Our scalable designs grow with the needs of your business, and give you the performance, efficiency and versatility that today’s future-ready data centers demand.

Learn more about our PowerEdge Blade Server portfolio here. Or, if you want to know more about the blade servers right for your enterprise, talk to a Dell expert.
Add a comment...

Post has attachment
We at Datasoft Netowrks, , offer 24/7 Support for all of our servers, as well as maximum security Digital Realty Datacenters.

Protecting Your Server Before It's Too Late
The server has gone, and with it all the hard work and effort you put in to configure and customize it. Whether this is a bitter feeling you've already experienced or the thought of it happening to you is soul destroying, then you need to consider a number of steps you can take to protect your server in case of a spontaneous meltdown.

Hopefully this disastrous possibility will not occur, but there are ways of being safe rather than sorry.

First and foremost, backup your server. This simple process should be an obvious security applicable to all forms of computing and a server is no exception. To ensure an efficient backup service is running coherently on your computer, set up automatic system to run along with manual backups. Doing this regularly is vital, as even a week's worth of loss data can be an inconvenience.

Another automatic process that needs user monitoring is regular updates. These are provided for a reason, and mean that improvements to your server have been made and are recommended to be used. This can often improve security and reliability.

Scanning, cleaning and general housekeeping tasks that can be made on your server are always useful so make the most of these diagnostics. Testing can provided valuable information about security inconsistencies and possible improvements so employ these provided tools and maintain the optimum security of your server.

Lastly, you should oversee the server personally at all times. You should monitor your network, hardware and other parts of you server, to make sure everything is running smoothly and your system is not in any danger.

So monitory your server personally, ensure the system is automatically protecting itself and if the inconceivable does unfortunately occur, by taking the first step you have guaranteed the protection of your data by backing it up, just in case.
Add a comment...

Post has attachment
We at Datasoft Netowrks, , uses DELL C6100 Blade Server to host Cloud Servers. We offer SSD based Cloud Servers starting from $8/Month. You can try our cloud servers for 5 days before you pay.

Dell PowerEdge C6100 Rack Server
Ultradense shared infrastructure in a 2U chassis
Scale-out environments such as HPCC, Web 2.0, gaming and cloud building, where high availability predominantly resides in the software layer.

Ultradense, flexible and efficient computing
The PowerEdge™ C6100 provides capacity, performance and flexibility in a very dense package. The highly efficient 2U rack chassis supports up to 12 x 3.5” or 24 x 2.5” hot-plug Serial Attached SCSI (SAS), Serial ATA (SATA) or solid-state drive (SSD) hard drives.

The PowerEdge C6100 features up to 94 percent efficient hot-plug redundant power supplies that can help you improve energy efficiency and lower operating costs by effectively reducing total power consumption. Plus, a shared infrastructure can help reduce floor space, power use and cooling, producing one of the most eco-friendly designs yet.

Best-in-class density without sacrifice
Increasing density shouldn't mean sacrificing critical features such as single-node serviceability and hot-plug hard-drive flexibility.
With four 2-socket server nodes in a 2U rack chassis, the PowerEdge C6100 offers maximum density with the convenience of both single-node serviceability and hot-plug 2.5" and 3.5" hard-disk drives. The result: an uncompromised, remarkably efficient server with twice the density capability of traditional 1U servers.
Ultimate Flexibility in a Standard 2U Chassis

The PowerEdge C6100 has the specialized features you need to run your hyperscale applications, while providing flexibility with open standards. The PowerEdge C6100 offers a number of flexible features in its standard 2U rack chassis, including:

Front-mounted 3.5-inch or 2.5-inch hot-plug hard drives
Up to four discrete 2-socket nodes
x16 PCIe slot and x8 mezzanine slots
Hot-plug redundant power supplies
Intelligent Platform Management Interface (IPMI) 2.0 dedicated management

Save power and increase efficiency
By sharing power supplies, fans and backplanes, the PowerEdge™ C6100 effectively supports reducing the total amount of power consumed for energy efficiency and assists to lower operating costs.
Add a comment...

Post has attachment
We at Datasoft Networks, , offer 5 days free trail on our of servers, test it out before you pay.

Busting the Myths About Network Security
Network Security

Knowledge is power… so what happens when hackers know more about your network’s security than you do.  Many online businesses have a false sense of security because they subscribe to numerous myths about their network’s security.  This false sense of security puts many customers and company’s reputations at risk every single day.  In an effort to enlighten online business owners, ControlScan refutes the most common myths to network security and gives the facts on how to properly ensure security.  

Myth:  “I have virus protection software so I am already secure”

Fact:  Viruses and security threats are two completely different things. Your anti-virus software will not alert you of the 11,000+ security threats for which a ControlScan vulnerability assessment will test your network.  A vulnerability assessment report will alert you of financial or customer records that are exposed and at risk to potential security breaches.

Myth:  "I have a firewall so I don't need to worry about security threats." 

Fact:  Firewalls are great and typically provide a good layer of security. However, firewalls commonly perform services such as port forwarding or network address translation (NAT). It is also surprisingly common for firewalls to be accidentally misconfigured (after all, to err is human). The only way to be sure your network is completely secure is to test it. Among the 11,000+ security threats ControlScan tests for, there is an entire category specifically designated to search for firewall vulnerabilities.

Myth:  "I have nothing to worry about; there are too many computers on the Internet."

Fact:  People understand the need to lock their homes, roll up their car windows, and guard their purses and wallets. Why? If these precautions aren’t taken, sooner or later you will be a victim.  People are just starting to be aware that the same is true with their computers and networks. A single hacker can scan thousands of computers looking for ways to access your private information in the time it takes you to eat lunch.

Myth:  "I know the security of my network and information is important, but all the solutions are too expensive and/or time consuming."

Fact:  While it is true that some network security products and services are very expensive and time consuming, ControlScan provides a service specifically designed to be very robust, efficient, and effective, yet still affordable for small, medium and large organizations.

Myth: "I can't do anything about my network's security because I'm not a geek."

Fact:  While network security is a technical problem, ControlScan has gone to great lengths to provide a solution that can easily be understood by both non-technical people and geeks alike. No downloading, installation or configuration is needed. The vulnerability assessment report has a Business Analysis Report that explains all discovered security threats and provides charts, graphs, and overviews to give a better visual understanding of a website and its vulnerabilities. The Business Analysis Report is specifically written for non-technical business owners and home users.

Myth:  "I know what is running on my computer and I am sure that it is secure."

Fact:  Only 2% of the networks scanned by ControlScan’s Verified Secure Scan receive a perfect score.  This means 98% of the companies have one or more possible security threats or vulnerabilities that a hacker could exploit. These threats could exist in your operating system, the software you run, your router/firewall or any other system running on your computer or network. The vulnerability assessment report also provides companies with a Comparative Security Ranking to let you know how the security of your network compares to all the other networks ControlScan has analyzed.

Myth:  "I tested my network a few months ago, so I know it is secure."      

Fact:  New security threats and vulnerabilities are discovered daily. ControlScan' database of security threats generally grows by 5-10 new vulnerabilities every week. Sometimes, we have even seen more than 80 new security threats in a single month! Just because your network did not have any vulnerabilities this month, does not mean it will still be secure next month - even if you didn't change anything. Just as you should frequently update your anti-virus software, it is also good practice to regularly analyze your network’s security.
Add a comment...

Post has attachment
Datasoft Networks, , offer 5 days free trail on our of servers, test it out before you pay.

Computer Security Today
This piece discusses some relatively simple local security measures you can take on your server to prevent a hacker from getting in and exploiting your system. This article covers some of the very basic considerations, but is in no way meant to be an inclusive set of instructions for creating a fully secure local server environment.

The integrity of your server is an ongoing challenge, and as hackers evolve, you will also have to do your best to stay on top of the latest methods for keeping hackers at bay. By following some of the steps below you will set yourself on the right path to shutting down some of the simpler ways for hackers to get into your system. If you make it difficult enough to get in, they will hopefully move on to an easier target.

MAINTAIN ACCESS LISTS (users and groups)
One key job of a system administrator is maintaining the list of people who may access the system. Your machine is pre-configured with several system accounts that are locked or disabled by default. These system accounts do not require additional maintenance.

Accounts may be created by the administrator over time that have served their purpose and are no longer required. It is recommended to remove, or at least disable, accounts that will not be used in the short term. A disabled account can always be re-enabled when required.

Commands are as follows:
passwd l username: Locks the password for a user's account
passwd -u username: Unlocks the password for a user's account
userdel username: Removes the user's account from the system

Many database-driven Content Management Systems (CMS) such as PHPBB, PostNuke, WordPress, Mambo, Joomla, and others recommend or require additional access to areas of your system's hard drive to store content, images, or even scripts. These applications, even when patched, may have undiscovered security issues that open these areas to intruders.

Rather than revoking your users' permissions outright and constantly policing their applications, you may consider purchasing a separate system for blogging use or even offer managed blog accounts. If you control the application you can upgrade it for your customers on a moment’s notice when a new vulnerability is discovered.

The command 'find / -perm +2' will find any files or directories designated as world-writable. The command 'find / -user apache' will find files and directories created by web applications that may be considered world-writable as well. You can expect to find system directories such as /tmp, /var/tmp, and /dev/shm with world-writable permissions by default. Permissions in Linux may be set using the 'chmod' command or through FTP. Several descriptions may be found online by searching Google for “unix permissions”.

Minor errors in SUID-root programs (files owned by root with the Set User ID execution-bit set) can possibly lead to root compromise of your system. Intruders are known to leverage existing bugs to gain additional privileges leading to further damage. Unfortunately some software requires SUID-root privileges to operate.

You can find SUID/SGID files with the command 'find / -type f -perm +06000'. Files in /bin, /sbin, or /usr are normal; be suspicious of files within a world-writable location though. SUID-root files in unexpected places almost always indicate a system compromise. Know what and where your SUID files are so you can at least compare a listing of them on a regular basis.

Red Hat Enterprise Linux Enterprise Server 4 (RHEL ES 4) includes features donated by the U.S. National Security Agency (NSA) called “Security Enhanced (SE) Linux”. SE Linux adds mandatory application security mechanisms to Linux that prevents software from operating outside of its normal parameters. A high-level description and documentation may be found at

Without appropriate security policies, SE Linux will prevent many applications from running. For this reason we set 'SELINUX=disabled' on all ServerBeach Dedicated Hosting servers by default. If you would like to experiment with SE Linux, we recommend using a test server and setting the option to “permissive” in /etc/selinux/config so that it will only warn about errors. You will need to read the documentation on the NSA's website on how to set the appropriate policies and security contexts for your applications.

Administrators usually read logs in response to an incident and ignore them in-between. In fact, the amount of information can often be too much to deal with and isn't usually in a usable form. Enabling SE Linux will only increase the amount of logs you must go through daily.

Intrusion attempts may be logged hours, days, or even weeks in advance. One example is the brute-force attempts against the Secure Shell (SSH) service: “sshd: Failed login from user 'test'”. If you've removed or disabled your test accounts you may be safe; if you're thinking about that account just now...

Red Hat includes a utility called “logwatch” that does some simple log processing. All you need to do is give it an email address in the form “MailTo = user@host”(cat “/etc/logwatch/conf/logwatch.conf” for more information). Once it's been configured you should expect an email every morning.

Splunk ( offers a free log processing server that can process up to 500 megabytes of logs per day. Please see their website for more information.

While there are many things you may consider to increase the security of your system, please remember that you are an integral component. By staying on top of your system’s security, taking the precautions mentioned above, being alert to new intrusion methods and the availability of new patches, you should be well on your way to maintaining a relatively secure system.

See more at:
Add a comment...

Post has attachment
We at Datasoft Networks, , offers Balck Lotus Based DDoS protection starting at $19 per Month.

Statistics on botnet-assisted DDoS attacks in Q1 2015
Main findings
In Q1 2015, 23,095 botnet-assisted DDoS attacks were reported, which is 11% lower than the 25,929 attacks in Q4 2014.

There were 12,281 unique victims of DDoS attacks in Q1 2015, which is 8% lower than the 13,312 victims in Q4 2014.

China, the USA and Canada were the countries that faced the largest number of DDoS attacks.

The most prolonged DDoS attack in Q1 2015 lasted for 140 hours (or about 6 days). The most frequently attacked resource faced 21 attacks within the 3 months.

In Q1 2015, SYN DDoS and HTTP DDoS were the most common scenarios for botnet-assisted DDoS attacks.

Geography of attacks
In Q1 2015, 23,095 DDoS attacks were reported, targeting web resources in 76 countries. The number of attacks was down 11% against Q4 2014 (25,929). There was an increase (76 against 66 in Q4 2014) in the number of countries where DDoS targets were located.

Most DDoS attacks targeted web resources in China, the USA and Canada – this was no change from Q4 2014. There were some changes in the order of the 10 most frequently attacked countries, but there were no new additions to that list.

There has been a significant decrease in the number of attacks against the web resources in China and the United States of America; however, there was an increase in the number of attacks against Canadian servers. There was also an increase in the number of attacks against web resources in Russia, South Korea and France.

In Russia, South Korea and France, the number of attacked web resources has increased compared with Q4 2014, and so did the number of attacks on all targets located in these countries. In Canada, the number of attacks has increased, but the number of targets has decreased, which suggests that cybercriminals are more actively attacking a limited number of web resources in the country.

The fact that China and the USA lead the two rankings, both in terms of numbers of DDoS attacks and in numbers of victims, is explained by the relatively low web hosting prices in these two countries that encourage many companies to use hosting providers there.
Add a comment...
Wait while more posts are being loaded