For most clients, security is often regarded as simply a component of their infrastructure. However, from a system administrator’s perspective, security is paramount. With the omnipresence of the Internet and constant connectivity, it should never be forgotten that at any given point in time, we are no more than 100 milliseconds away from some of the most dangerous criminals in the world. The issue at this point becomes a question of how we can best defend ourselves against these threats, or perhaps more importantly, what is my hosting provider doing to help me stay secure.
One of the hottest topics in the information security community is the issue of botnets and the threats they pose to both public and private networks. Beyond merely addressing botnets, the issue of much focus now is a problem known as Conficker. While there are a lot of finer technicalities on this matter, the basics will suffice.
Simply put, a botnet is a network of compromised machines, both publicly and privately owned, that are controlled by one or more individuals, often for surreptitious purposes. These compromised machines (zombies) can be controlled from multiple locations by one person or a group. Once the botnet master(s) have control of the servers, they are most often used to launch distributed denial of service (DDoS) attacks for the purpose of extorting money from the targets of these attacks or simply disrupting service for one reason or another. The unfortunate reality to all of this is that there are literally tens of thousands of botnets, but the latest to gain major attention is also the largest known botnet- a creation known as Conficker.
The botnet was named Conficker due to the name of the worm through which it propagates. To clarify, there are various forms of the worm known as Conficker, Kido, and Downadup; however, despite the variants, they all connect to the same network of zombie machines. Based on public knowledge, the Conficker botnet has not yet been utilized for any attacks, but due to its estimated size, the threat it poses is very real.
Due to the potential problems a worm like this can cause, it is obvious that you can never be too careful, and as such, preventative measures are in place on the SingleHop network. Today we conducted massive scanning of all internal network components, and we are proud to announce that all internal services on our network, including those that are used for storing client data, are free of infection. Additionally, to make sure that we could be part of the solution rather than the problem, all client machines were scanned for known signatures of infection, and the results came back 100% clean. It should also be noted that for new installs, all servers are being racked 100% updated and are not publicly exposed to the internet until having been fully updated and patched due to the rate at which this worm is currently spreading.
At SingleHop, we pride ourselves on providing a secure network for our clients, and we simply wanted to take a moment to let you know that while the risks are real, your data is in good hands.