Call Us (877) 740-5028
Call Us (877) 740-5028
How to Configure a High Availability Rack For most small to medium-sized Michigan businesses, a high availability IT infrastructure is a necessity to conduct business, generate revenue, and ensure customer satisfaction. How do you reduce the risk of downtime? The answer lies in the anatomy of a high availability rack, designed and managed in a Michigan data center. High availability racks are uniquely designed to withstand single points of failure with redundant power and Internet connectivity. We have several resources for those of you interested in understanding the anatomy of a high availability rack and how to properly build one. Online Tech’s High Availability White Paper illustrates the redundant power supply and redundant Internet connectivity that ensure a greater level of protection against loss of power or network connectivity. Online Tech’s Ask an Expert: How to Configure a High Availability Rack video takes a step-by-step approach on how to build a rack for high availability. Detailed instructions are also noted below. How to Configure High Availability Power To configure high availability power, you need two rack PDUs – the primary and the secondary. The primary PDU is fed by the primary UPS and the secondary PDU is fed by the…
A laptop was stolen from a Stanford University affiliated hospital on Jan. 9th. The computer contained medical information, and was unencrypted, although password protected. The breach has affected around 57,000 patients from the Lucile Packard Children’s Hospital, as per an announcement this Monday from the hospital. Within their press release, the hospital explained that the affected persons were patients from 2009, and included names, dates of birth, basic medical descriptors, and medical record numbers. In some cases a small amount of contact information was present as well, but it was stated that “the patient data did not include financial or credit card information”. The stolen laptop was reported the day after the incident. An investigation was promptly launched with law enforcement, that is currently ongoing. They also quickly started contacting the patients who were potentially affected to inform them of the breach. In response to this theft, the victims are offering free identity protection services and can call 855.731.6016 in order to get answers to any questions that they may have. Anyone affected can also go to this website in order to get more information, or answers to the most frequently asked questions. In response to the breach, the hospital…
On November 5th, the Human Resources and Skills Development Canada agency in Gatineau, Quebec found that an external hard drive was missing from their office. This unencrypted hard drive had the names, social insurance numbers (much like American social security numbers), date of birth, loan balances and contact information for over 583 thousand individuals. This list was of students borrowing from the years 2000 through 2006. Last Friday, January 11th, the agency announced the breach to the public. It had taken more than two months, however, to start an internal investigation and get this information to the affected public. The authorities have been called and the Royal Canadian Mounted Police are currently involved in the investigation. The Vancouver Sun explained that this could be “one of the largest privacy lapses in Canadian history.” This lost hard drive was discovered in the midst of a different investigation regarding the loss of a USB key containing the data of over five thousand Canadian citizens, making this the second breach in just a few weeks. The hard drive was not encrypted, as is required by the government, and the hardware itself was not approved for use in the first place. Although it is…
In January’s Microsoft security updates, there are two critical patches to speak of. The first is a vulnerability in Windows Print Spooler components, where a print server that receives a specially crafted print job could allow for remote code execution. This patch does require a restart, and is relevant for all supported editions of Windows 7 and Windows Server 2008 R2. The second update is for vulnerabilities found in Microsoft XML Core Services. If a user views a specially crafted webpage using Internet Explorer, an attacker could potentially accomplish a remote code execution. This would be coupled, likely, with an email encouraging users to go to to this webpage. This patch may or may not require a restart. This update affects Microsoft XML Core Services 3.0, Microsoft XML Core Services 4.0, and Microsoft Core Services 6.0 on all editions of Windows XP, Vista, Windows 7, Windows 8, and Windows RT among others, (check the bulletin for the full list of affected softwares). The other five updates are all categorized as ‘important’, including three elevation of privilege vulnerabilities, a security feature bypass possibility in Windows, and a weakness in the Open Data Protocol that could allow, with a specially crafted HTTP…
In late December, the Office of the Comptroller of the Currency (OCC) issued a message to CEOs, technology service providers, federal savings associations and other interested parties about targeted DDoS (Distributed Denial of Service) attacks against national banks. According to the OCC, sophisticated groups are working together to deny Internet access to bank services by directing traffic from compromised computers to the bank, and distracting technical/personnel resources while gaining remote access to accounts. The groups then commit fraud via wire transfers. As a result, the OCC recommends that banks take a few preparatory security measures, including: Partnering with third-party service providers, such as secure hosting providers, that can help with identifying and mitigating risks. The OCC recommends that banks do their due diligence in reviewing service providers. They also recommend banks make sure they have enough staff and resources to help with any potential attacks. Banks should also ensure their incident response plan is streamlined across all vendors so it can perform smoothly when needed. Banks should also participate in information-sharing to learn about DDoS attacks and account takeover from other banks and service providers, due to the variety of methods that can be used during an attack. Banks should…
In late December, the Office of the Comptroller of the Currency (OCC) issued a message to CEOs, technology service providers, federal savings associations and other interested parties about targeted DDoS (Distributed Denial of Service) attacks against national banks. According to the OCC, sophisticated groups are working together to deny Internet access to bank services by directing traffic from compromised computers to the bank, and distracting technical/personnel resources while gaining remote access to accounts. The groups then commit fraud via wire transfers. As a result, the OCC recommends that banks take a few preparatory security measures, including: Partnering with third-party service providers, such as secure hosting providers, that can help with identifying and mitigating risks. The OCC recommends that banks do their due diligence in reviewing service providers. They also recommend banks make sure they have enough staff and resources to help with any potential attacks. Banks should also ensure their incident response plan is streamlined across all vendors so it can perform smoothly when needed. Banks should also participate in information-sharing to learn about DDoS attacks and account takeover from other banks and service providers, due to the variety of methods that can be used during an attack. Banks should…
December’s Microsoft security updates were published Tuesday, the 11th. There were seven patches, predominantly regarding remote code execution in Office, Windows, and IE. In Internet Explorer there were critical vulnerabilities, the worst of which, caused by a user going to a malicious site, would allow a remote code execution, and has the potential to give the attacker the same permissions as the user. Another patch, this one for all supported releases of Microsoft Windows, addressed the way that that Window’s kernel-mode drivers were handling objects in memory, in regards to vulnerabilities that could allow remote code execution by someone opening a specifically made document or going to a webpage that embeds TrueType or OpenType font files. Both require a restart. There was also a critical vulnerability within Microsoft Word that could allow an attacker to gain the same rights as a user if the user opened a specially crafted RTF file or previewed/opened a specially crafted RTF email message in Outlook if Microsoft Word is the email viewer, triggering a remote code execution action. This is an interesting and particularly worrisome issue, because it doesn’t require any sort of interaction from the user. They wouldn’t have to actually click on…
On October 3rd, 2012, a piece of Allied and Nationwide Insurance’s network was breached, affecting upwards of 1.1 million users or potential clients. This affects both current clients, as well as prospects who have requested a quote from the insurance companies. In the statement made Wednesday by Nationwide, they explained that they identified the attack a little later that day, and immediately took measures to contain the issue. They called the authorities and investigated the data that was accessible, and on November 2nd confirmed the list of persons affected by the breach. Nationwide/Allied found that the exposed information is pretty extensive. Although we are still investigating the incident, our initial analysis has indicated that the compromised information included certain individuals’ name and Social Security number, driver’s license number and/or date of birth and possibly marital status, gender, and occupation, and the name and address of their employer. At this time, we have no evidence that any medical information or credit card account information was stolen in the attack. Currently they are working closely with law enforcement to get as much information as possible about the attack. In response to the attack, Nationwide and Allied Insurance is offering free credit-monitoring and…
On November 15th, Adobe confirmed on its blog a data breach originating on the Connectusers.com website. The hacker, who calls himself “ViruS_HimA”, took credit for the attack, and in proof posted some of the data on Pastebin. He claims to have broken into an Adobe server, and from there was able to copy the information of around 150,000 users. This information includes their name, email addresses, and password hashes. The hacker said that he got this information by finding and exploiting a SQL Injection hole. Adobe hasn’t verified the number of users affected at this time. The hacker explained also that he didn’t come across any roadblocks along the way, like a Web Application Firewall (WAF). A WAF would filter out HTTP requests that could be potentially dangerous, and is an important security measure. He also mentioned that the database contained unsalted MD5 hashes that could be cracked with relative ease. This brings up a couple security related tools that could be beneficial in preventing this sort of incident. One is the use of a WAF. Especially if a company has transactions happening on the site, protecting customer data is extremely important. The other is the use of proactive monitoring…
This Tuesday Microsoft released their November updates, with a few critical patches to take a look at. The biggest updates involved three vulnerabilities within Internet Explorer, as well as the first updates for all Windows releases, including Windows 8. The Internet Explorer patch resolves several remote code execution vulnerabilities, whereby just visiting a specially created webpage could potentially gain the same rights as the user. This was possible based on the way the browser was previously handling objects in memory. As a workaround, setting the browser’s security zone settings to high will block ActiveX Controls and Active scripting. The critical vulnerability in the Windows shell allows for another remote code execution. This would occur if a user browsed to a specially crafted briefcase in Explorer, allowing the attacker to run arbitrary code as the user. In the event that the user has administrative rights, they could gain control of the entire system and from there could begin to change data or account permissions. Within the .NET framework, the remote code execution vulnerabilities resolved needed a user to use a malicious proxy auto configuration file. The attacker would then inject code into the application while it was running. Check the specific…