The RackFoundry Blog

Security, hosting and all the bits in between.

How will you manage your cloud?

When called upon to find an appropriate place to host your organization’s servers, do you choose a managed or an unmanaged solution? Consider carefully because it’s a vitally important decision–but not necessarily an easy one.What’s the difference between managed and unmanaged?With unmanaged hosting, the provider will ensure that power and…

 managed servers  systems administration

read more

Being secure on public wireless networks

I was at a hotel the other day and I was reminded about how diligent you need to be on public wireless networks. It's so easy to setup an access point and pretend to be "official". For example, this is what I saw when I connected my laptop to the network:As you can see, the "Studio6_Macrotech" is…

 encryption  hacking  secure best practices  security  wifi

read more

Email security - is that an oxymoron or is it actually possible?

Email is one of the oldest Internet technologies around, and fundamentally it hasn't really changed much in decades (the first standard, RFC 822, was developed in 1982!). Unfortunately it was developed during more trusting times when there were only a handful of users around who weren't really thinking about security and, although it's been updated several times since…

 email  encryption  secure best practices  security  smime

read more

The security lie (of omission)

Questions to ask your cloud vendorLooking around the Internet I am constantly reminded of how difficult it is to educate the average user on identifying the difference between "real" security and "checkbox" security. With every cloud and software vendor out there throwing out re-assuring words, usually around compliance terms like "PCI", "ISO, "HIPAA" or standards like "ISO" and …

 encryption  secure best practices  security

read more

VPN is not dead (or at least it shouldn’t be)

Today there is a concerning trend in the hosting world, and that is the popularization of "direct access" systems. Deploying systems on-the-fly with individual firewalls (or none at all!) is simply a security incident waiting to happen. Bring any system online and watch your auth logs - typically within minutes you will see brute force/dictionary attacks being performed. Of…

 encryption  secure best practices  vpn

read more

When’s an offsite backup not an offsite backup?

It always amazes me how often people don't think things through when deploying their infrastructure. Take the case of company Code Spaces. Back in June 2014 they shut their doors after a major breach where the attackers basically deleted all of their customer data. Before the breach the company boasted some impressive features, including fully redundant offsite backups. On the…

 backups

read more