Did you notice your website was responding slower than usual this week? If so, the chances are you weren’t alone, as it was reported that many sites were impacted by what has been described as the biggest cyber attack in history.
It began due to a dispute between a hosting firm said to be facilitating spam emails and a site seeking to combat junk messages, which escalated into a huge Distributed Denial of Service (DDoS) attack that affected sites far beyond the intended target.

Straining the web
In fact, it was so large that security firm CloudFlare, which was contacted by antispam group spamhaus to help them mitigate the attack, claimed in a blog post that the scale was so large that it “almost broke the internet”.
It was claimed that millions of ordinary internet users experienced delays in services as a result, while major providers such as Netflix were also alleged to have experienced service interruption.

Over-hyped?
However, while there’s no doubt the attack was huge and one of the most wide-ranging attacks ever, some analysts did questions some of the more dramatic claims spread by some news organisations.
VentureBeat noted that while there was some clear disruption, it was far from global. In fact, the worst of the disruption was contained to countries in western Europe where the spat between the hosting firm and spamhaus originated. The UK, Netherlands and Germany were said to be worst affected countries, with speeds down by 5-10%.

Illustration of dangers
But even if the attack wasn’t as widespread as claimed, it just goes to show how DDoS attacks are becoming an increasing problem from the internet and, with the amount of traffic growing all the time, such incidents may be seen more regularly in the future, so businesses and website owners need to make sure they have robust solutions to mitigate their risk.
The attack has been taken very seriously, with police forces in five countries said to be investigating, so it could be the wake-up call the industry needs to improve its systems.

We all know that managing an IT system for a large enterprise can be a daunting task. With so much to keep on top of, it’s not surprising that many professionals feel the need to give higher priority to tasks identified as more important to the successful running of the system. But one question that needs to be looked at extremely closely is where you focus your security efforts. Analysis firm ESG recently asked security professionals at medium and large enterprises what their approach to this is and the results are highly interesting.
What it uncovered was that many personnel place a much higher priority on network security solutions that their server security. The study found:

– 58% said network security processes are more thorough than server solutions.
– 37% said the two areas are treated the same.
– 7% focused more heavily on server security than network protections.
ESG observed in many cases, server security is considered to be little more than a necessary checkbox to be ticked off for compliance purposes. In fact, it could often be true that all IT professionals do when it comes to server security is install antivirus software and assume their work is complete.

But if you’re doing this, you could be leaving your dedicated servers vulnerable to attack. Hackers are getting more sophisticated all the time and if you don’t react to the latest threats you could end up facing serious problems. Fortunately, ESG found attitudes to server security are improving as more IT and security professionals change their behaviour to take this are into account.
The company said: “Chief information security officers recognise that servers are under attack so they are increasing their use of tools like application controls, HIPS (host intrusion prevention systems) and File Integrity Monitoring (FIM) on critical servers.
ESG’s data suggested most companies still view their networks as a security hub, but it was noted that if you know what you’re doing, you can utilise network segmentation, security services and monitoring to help provide a strong secure environment for your servers.

When it comes to setting up a web server, one area that it’s vital you don’t overlook in the current environment is security. Cybercriminals are becoming more innovative all the time and constantly developing new ways of compromising websites. For instance, figures from Kaspersky reveal the firm detects an average of 200,000 new threats every day, so it’s clear that if you don’t have the latest up-to-date protections, you’ll be leaving yourself vulnerable.

But installing anti-malware solutions is only the first step in keeping your servers secure, as there are many more steps you can take to protect your systems and confidential information. If you’re running your website on Apache HTTP Server, there are a few simple security tips you should be considering. It was observed by information provider the Hosting News that this is far and away the most popular web server software, so offered a few basic tips for keeping your server secure.

Disable directory indexing
The site explained that if directory indexing is enabled, any visitor to your site can view the contents of directories that don’t have default pages. This can be a serious security risk, so preventing these from being visible is one of the simplest steps you can take to make your site secure

Disable Apache Signature
Under the default settings, Apache sends information about itself to the client, which may include details such as the name of the application, version number and in some cases even the operating system, all of which an attacker can use to find vulnerabilities. Switching off ServerSignature and ServerTokens prevents this and makes life more difficult for criminals.

Install an application firewall
While you should already have network firewalls in place to protect your internal systems, having an application firewall that is designed to secure your web applications is a must. This sits between your server and the internet to stop hackers exploiting your scripts.
These tips were noted to be just some of the simplest things you should be doing to protect your web server and should be viewed as a start, rather than a comprehensive solution. But once you’ve got the basics set up, you’ll be well-placed to ensure all your systems are protected from attack.

Last week, the open-source Linux operating system openSUSE announced the launch of its version 12.3, which is one of the first in what is expected to be a series of upgrades to several of the Linux platform’s most popular distributions. It was noted by online news provider ZDNet that other solutions set to receive an update in the coming weeks include Debian, Ubuntu and Korora, but openSUSE has managed to beat them out of the gate and offer users an improved experience.

Stable and easy to use
In the release announcement for the platform, openSUSE noted the 12.3 version provides a stable solution that should be simple to get to grips with. The latest update offers finishing touches to the boot infrastructure and package management, as well as more cloud capabilities for dedicated server users.
For administrators, openSUSE 12.3 is the first build to offer complete packages for open-source cloud computing platform OpenStack. It also comes with enhanced virtualisation tools, while for database users, the distribution has moved from MySQL to MariaDB as its default solutions.
“It provides an efficient mechanism for creating and storing documents for web APIs. Range Types allow developers to create better calendaring, scientific and financial applications,” openSUSE stated.

OpenSUSE 12.3 ‘a winner’
The operating system has been evaluated by ZDNet, with the publication stating there’s a lot to like about the latest build. It was observed the system works well with a wide range of hardware, including almost all Intel core processors and AMD chipsets and the publication said it was unable to find a device on which the system didn’t run. OpenSUSE 12.3 was also praised for its ease of use, with users able to get up and running on any system without the need for any extra effort or special installation procedures.
But this is just one of the many Linux distributions available for your server. Each might have different pros and cons depending on how you intend to use it, so it pays to look at the various options closely before making a final decision.