Well, Merry Christmas to both of you, no matter what IP you are sending from!
]]>It is now December 25th here in Phoenix AZ, so Merry Christmas!
-Badtux the Christmas Penguin
]]>Now Prometeus can offer free DNS by R4 to all their clients (Std for low-end basic hosting, Pro for VPN, Server & Cloud hosting), and since the nodes are in their facilities (Dallas and a 2nd Italian site will be up in 2015), they are damned fast! 😀 R4 also wanted a 2nd location here in Aus. (they had one in Syd. Wanted a different city and decided to put one here after learning I helped CyberGhost choose and setup their facility here earlier this year. They located their DNS in the same facility. A huge bonus for me!) Aus. has 3 undersea fiber links (Syd., Melb., & WA). The Melb bundle goes via SA to NT, from Darwin NT to Singapore (DNS node), to Taramani India (DNS node) to Pune India (Prometeus + DNS), then to Greece (DNS), Then Italy. So I’ll have no DNS problems (and the ones I was having have all disappeared) and damn! Is it fast! And RAGE 4 are totally paranoid about security! The min pwd on everything is 16 mixed characters, and must be changed every 30 to 90 days and pass a rigorous dictionary check to be accepted. And they require a two-factor authentication token also! Of course, only login via HTTPS are supported to your DNS management services, and their nodes can only be managed on-site or via secured hardware VPN. We also use DNSSEC with chained sig’s. 🙂
If a client uses up to 250,000 DNS requests / Mth / Domain, it’s free. Up to 1 million requests, it’s 1 euro / mth. 🙂
R4 liked Prometeus Anti-DDOS system and helped strengthen it for their managed anycast BGP gateways, and client use. 🙂 Prometeus & R4 offer high-end Anti-DDOS protection for 100 Euro/Mth!
And… prometeus have yet another new VPS hosting service in Italy & USA called XenPower!
http://xenpower.com/
It’s been an interesting, and very hectic year. It’s meant I’ve had to delay my own roll-out that was planned for July, but it was well worth delaying. 🙂
Well, it’s Xmas day here, I’m off to bed. Until boxing day! 😉 😀
Whatever you are all doing tomorrow, enjoy! 😀
]]>Oh yeah, why the firewall needs to talk to the domain server in the first place — VPN access. That’s how VPN users are authenticated. Double-sigh!
]]>But even having a decent Firewall/IDS doesn’t make anyone invulnerable. Even they eventually need updates or replacing. Curiously, there are lessons to be learned from the mining industry. 🙂 They can take several Months to plan for major equipment maintenance and replacement, whilst lessening the impact to production. Most of them still use DOS on Mil spec systems! LOL They understand reliability better than anyone. Doesn’t mean they don’t get it wrong, but in this specific case of maintenance of existing systems, they usually do it right. You only have to look at BP’s recent history to see what happens when Corp. greed is in the driving seat!
Until quality and reliability become more important than profits, and companies are held severely accountable, it won’t improve. Sometimes, it’s simply a case of “the devil you know”, or the least bad option. *shrug*
]]>And why is that so? Let me list the reasons…
1. A sizable percentage of the time, a patch or update breaks a critical application on the corporate network. For example, a Windows Server update broke domain validation between our firewall router and our domain servers. To the point we had to call in a consultant to fix it, and even he is baffled.
2. A sizable percentage of the time, a patch or update requires a reboot. Reboots in a 24/7 server environment simply aren’t acceptable, and are invariably scheduled for once per year so that you can reach the 9/9’s uptime requirements of your customers.
3. A sizable percentage of the time, a patch or update renders the server unbootable. As in, dead in the water. As in, you just created a shitload of trouble for yourself and for your company.
In short: The reason patches and updates don’t get applied is because *THEY’RE AS BAD AS WHAT THEY’RE SUPPOSED TO BE PROTECTING AGAINST*. I don’t care whether it is a hacker or a Microsoft patch that downs my Windows domain servers. They’re down either way — and it’s much less likely that a hacker will do it, given our firewall and IDS, so I’d rather risk hackers than Microsoft “quality”.
– Badtux the DevOps Penguin
]]>I needed a suit that fit me, but I didn’t need to spend the money right now, and the haircut makes my neck cold. I trim my beard this time of year to avoid the Santa Claus jokes, but leave what hair I have left on the back of my head alone until it warms up a bit.
You don’t need much to point to North Korea because the government owns all of the computers and there aren’t really that many IP addresses active in the country. The reaction of the country is also a big tell that they did it. All governments do this stuff, so the problem is the lack of any real security at Sony, not that they got hacked.
]]>The only way of changing this is for insurance companies to stop paying claims where companies aren’t taking reasonable steps to secure their systems. Most corporate systems are months or years behind in patches and updates to their system software, and their routers are a joke. The news isn’t that they are being hacked, but how infrequently the hacks are reported. My credit union has pretty good security, but I have had to change my debit card twice in a year because of hacks at the corporate sites of large retailers. That cost is not added to whatever the corporations claim for damages and I don’t get reimbursed for the time I have to spend getting a new card.
It is years past the time when these fools have needed to spend serious money on security. Solid security should have been designed in when the companies decided to connect to the ‘Net.
]]>Regarding the Sony hack: I think we’re being played. See http://www.wired.com/2014/12/evidence-of-north-korea-hack-is-thin/
I haven’t quite figured out the motivation by the players but this “incident” will certainly be used to clamp down on internet security. BTW: there is nothing wrong in forcing someone who’s transferring huge data chunks to meet certain ID criteria.
]]>Read this Bryan? I was going to post a comment a few days ago, but thought I’d wait and see if they figured out who was doing what. 🙂
The FBI has formally accused North Korea of being behind the Sony hack
What a surprise.
And of course, thanks to the NSA, CIA (and several other 3-letter acronyms) , Comm’s Companies, and big Business for making security a complete joke. You know what I mean. I actually hope this is the start of a big trend. Then maybe morons will finally start taking *actual and real* security seriously! But I shan’t hold my breath. LOL
]]>