Archive for the 'Tech Tips' Category

Blog Series: Reducing Risk with PCI-Compliant and Secure Community Clouds

Published on January 4, 2012 in Cloud Computing, Hosting Industry, Infrastructure, Layered Technologies, PCI Compliance, Security and Tech Tips. Closed
Posted by

By Jeff Reich, Chief Risk Officer, Layered Tech

It seems almost daily a new report emerges detailing how a company suffered a data security breach, resulting in the release of sensitive data for hundreds of people.  To help guard against these attacks, companies can become PCI compliant, but it is not an easy goal to achieve and does not guarantee complete and total security.  As an alternative, community clouds provided through third-party resources like Layered Tech offer security options and a path to compliance without the cost and labor issues present with in-house systems.

To better understand these issues, this blog series will explore the hazards data breaches present and how, even with its challenges, PCI compliance and added security can help protect companies.  Additionally, the series will discuss how leveraging a community cloud provides companies with added benefits, such as scalable infrastructure, flexibility and availability, all in a cost-effective manner.

The real risk hackers pose

PCI compliance can help protect data from hackers, but there are still challenges.In today’s business environment, data breaches are no longer disasters that happen to other companies, nor are they an issue that only plagues large enterprises.  These adverse events can affect small- and medium-sized businesses that have made the leap to computerized systems and digital records.

Hackers are becoming more sophisticated and are able to employ several different tactics to retrieve information, such as exploiting backdoors and using spyware, forcing companies to focus on every aspect of security.  Instead of just looking for credit card and social security numbers or personal data, such as birthdates, hackers are increasingly stealing online banking login details.  According to Verizon’s 2011 Data Breach Investigations Report, the U.S. Secret Service arrested more than 1,200 cybercrime suspects in 2010 that were connected to more than $500 million in fraud loss.

PCI compliance helps but includes challenges

All companies that accept credit card payments, either online or offline, are required to takes steps to secure customer information.  One way companies can accomplish this task is to become PCI compliant, meaning that the organization meets certain criteria throughout the security process, including prevention, detection and response, as set forth by the PCI Data Security Standard (PCI DSS).  These standards, developed by the Payment Card Industry Security Standards Council, provide a range of requirements based on a company’s size, its type of business and the number of credit card transactions it handles.  (Want to know more about PCI DSS?  See the helpful PCI DSS resources available on our website.)

The strictness of these requirements, however, can make it difficult for businesses to achieve compliance.  Verizon’s Payment Card Industry Compliance Report for 2011 states that only 21 percent of the companies assessed were considered fully compliant.  Additionally, even though PCI-compliant companies are safer and less likely to encounter a breach, PCI compliance does not guarantee complete security of data.  Additional security measures, including but not limited to patching and system interfaces, must be taken.

Many companies leverage PCI compliant hosting and managed services from providers like Layered Tech to take advantage of its security, compliance and cloud expertise.  With this approach, organizations gain all the benefits of a hosted IT infrastructure but without the headaches of owning and maintaining hardware.  In addition, you can dedicate your resources to what matters most: your business and your customers.  To learn more about Layered Tech’s services, please visit our website or send us an email.

In the second installment of this blog series, we will discuss PCI compliance and security in community clouds and how this environment can provide businesses with unprecedented processing power, bandwidth and storage capacity, without the burdens of capital expenses and IT staff overhead.

Image credit: Mikael Altemark



pci-compliant-hosting-cta1



Jeff Reich, Layered Tech Chief Risk OfficerAbout the Author: As Chief Risk Officer at Layered Tech, Jeff Reich (@LayeredTechCRO+Jeff Reich) drives the company’s security and compliance services and guides risk mitigation efforts for clients. With more than 30 years of experience, Reich is a well-known risk management and security expert in the industry. He holds CRISC, CISSP and CHS-III certifications and is an ISSA Distinguished Fellow.

NEW: LT-TV Episode 2 ( Server Security )

Published on February 9, 2009 in A+ TECH TALK, Hosting Industry, Infrastructure, Layered Technologies, LT-TV Show, Security News, Tech Tips, Technology Bits and Videos COOL!. Closed
Posted by

WELCOME to Layered Tech’s 2nd Episode of LT-TV… “technology edification for the masses”.   This episode covers Server Security… and we all know there’s a lot to learn about keeping our computers and data safe.  (NO, don’t use your last name or birthday as your password.) Check it out TODAY! >>

lttv2securityjpg

TECH TIP: Load Balancers

Published on June 17, 2008 in Layered Technologies and Tech Tips. Closed Tags: , , .
Posted by

What does a Load Balancer do?

Hallie WeaverLoad balancers are an integral part of today’s Web infrastructure. They’re also complex and under documented pieces of hardware.

Today’s Web sites are often beasts. Every component must work together to create a site that is greater than the sum of its parts.

In the most basic sense possible, the internet works like this:

The Internet traffic comes into a Router, which passes that traffic through a Firewall to a Load Balancer, which distributes the traffic to a Web Server, which passes information along to an Application Server, and then the Application Server is connected to a Database Server, which is connected to….. Well, you get the picture.

If one component or piece of this passing data back and forth process fails, it can take down the entire site. (It’s like what happens when one of the Holiday lights goes out, the whole string goes out!)

Load balancing, in regards to dedicated hosting, is often used by high traffic sites to spread traffic across multiple servers that have identical content. In addition to diverting traffic to multiple servers for high traffic sites, it can also be very effective as a fail over solution if it is mission critical that your website be online at all times.

How on earth does it accomplish this feat?

Simple answer… A busy web site typically employs two or more Web servers in a load-balanced scheme. If one server starts to get swamped, requests are then forwarded to another server with more capacity. Load balancing is therefore usually a service that is employed on more sophisticated site deployments.

In slightly more technical terms… A Load Balancer shows a single, virtual server address to the outside world, which maps to the addresses of each server within the cluster. When a request comes to the Load Balancer, it rewrites the request’s header to point to other machines in the cluster. If a machine is removed from the cluster, the request does not run the risk of hitting a dead server, since all of the machines in the cluster appear to have the same IP address. This address remains the same even if a node in the cluster is down. Moreover, cached DNS entries around the Internet are not a problem. When a response is returned, the client sees it coming from the hardware Load Balancer machine. In other words, the client is dealing with a single machine, the hardware Load Balancer.

Methods of load balancing

1. Round Robin DNS Load Balancing
The in-built round-robin feature of BIND of a DNS server can be used to load balance multiple web servers. It is one of the early adopted load balancing techniques to cycle through the IP addresses corresponding to a group of servers in a cluster.

Pros: 

- Very simple, inexpensive and easy to implement.

Cons: 

- The DNS server does not have any knowledge of the server availability and will continue to point to an unavailable server.

- It can only differentiate by IP address, but not by server port. The IP address can also be cached by other name servers and requests may not be sent to the load balancing DNS server.

Software Load Balancing
Most commonly used load balancers are software based, and often come as an integrated component of expensive web server and application server software packages.

Pros:

- Cheaper than hardware load balancers. More configurable based on requirements.

- Can incorporate intelligent routing based on multiple input parameters.

Cons:

- Need to provide additional hardware to isolate the load balancer.

- Can be difficult to maintain. Requires supervision.

Hardware Load Balancing
Hardware load balancers can route TCP/IP packets to various servers in a cluster. These types of load balancers are often found to provide a robust topology with high availability, but come with a much higher cost.

Pros:

- Uses circuit level network gateway to route traffic.

Cons:

- Higher costs compared to software versions.

The Benefits of Hardware Load Balancing:

Load Balancers Improve:

>> Server availability by avoiding overload of individual servers and monitoring effectiveness and responsiveness of each node in a cluster

>> Server efficiency by relieving servers of resource-intensive housekeeping functions such as SSL encryption and decryption.

>> Customer and end-user responsiveness by ensuring that each new visitor to a web site or application is connected to the server which will handle their request fastest.

>> Network security and stability by eliminating single points of failure and downtime for server farm maintenance or upgrade

>> Network and website management by eliminating failed connections, improving response time and availability, and securing stable SSL connections communications.

>> Ecommerce satisfaction by ensuring high responsiveness and session/account persistence over multiple customer connections to the site

>> Traffic management by routing different traffic types based on user-defined criteria.

>> Web-site performance by eliminating server failures and overload, adding backup and failover capabilities, and maximizing use of server resources

>> Business continuity by eliminating many key initiators of website failure

>> Resource use by gaining up to 25% improved use of existing servers     

Test Results: Load Balancing

See here a set of test results that clearly show the benefit of a Load Balanced solution when testing with different user sets, and different numbers of transactions. You can clearly see what Load Balancing can do for sites that have a large amount of traffic.

Coyote Point Test Results 

Test conducted by Sean Doherty who is a senior technology editor and lawyer based at Syracuse University Real-World Labs®

Our offerings:

We currently offer two Coyote Point Load Balancers, both are currently priced the same. We select the Load Balancer that our customer needs, thus providing the best possible quality of hardware every time.

Coyote Point Options

In this comparison of the two Coyote Point Load Balancers we offer, please see the differences between the two.  As you can clearly see, they are certainly different as far as what they are capable of. The 350 is a much more robust version, but unless you are running a lot of traffic through the Balancer, is all that robustness really required? Sometimes it may be better to just utilize the smaller version.

The bottom line here is that although a Load Balancer comes with a hefty price tag, in some cases it is just a necessary thing. Some websites simply cannot maintain their traffic without additional help. There are other solutions, but in some cases, the hardware piece of the equation is just the right one. In those cases, we are wise to have an offering for our customers that not only makes sense to them, but also makes sense to our bottom line.

Load Balancers are traditionally very expensive, but in my research I found that not only do the Coyote versions stand up to the competition, they are also one of the most cost effective versions out there. Good choice Layered Technologies!

~ Hallie Weaver, LT Account Manager, hallie.weaver@layeredtechnologies.com >>