No doubt most people are aware of the recent issues highlighting state sponsored surveillance and monitoring of world-wide internet usage. The purpose of this blog post is not to discuss the intricacies of government intervention or moral implications, but rather the security impacts for the protection of services. While the threat of state sponsored and criminal activity has always been high on our list of threats to be mitigated, the scope of the alleged surveillance has been significant and unlawful access to private data by either criminal or state-sponsored groups presents a risk to the reputation, compliance and operations of our customers and all online business.

We have always advocated a very security focussed approach to delivering services, however, the extensive scope of the activities uncovered have reinforced this view and have prompted a review of all solutions over the next few months in line with ensuring the best possible levels of security and privacy.

The IETF (Internet Engineering Task Force – responsible for many of the internet standards) released the below policy in response to recent events and a statement available at http://www.ietf.org/media/2013-11-07-internet-privacy-and-security.html.

1 "WE ALL BELIEVE THAT PERVASIVE SURVEILLANCE IS AN ATTACK AND THE IETF NEEDS TO ADJUST OUR THREAT MODEL TO CONSIDER IT WHEN DEVELOPING STANDARDS TRACK SPECIFICATIONS, SO WE SHOULD CONSIDER THIS EVOLVED THREAT MODEL WHEN CONSIDERING WHETHER TO STANDARDS TRACK SPECIFICATIONS ARE ACCEPTABLE OR NOT" 

2 "THE IETF SHOULD INCLUDE ENCRYPTION EVEN OUTSIDE OF AUTHENTICATION WHERE PRACTICAL." 

3 "THE IETF SHOULD STRIVE FOR END-TO-END ENCRYPTION EVEN WHEN THERE ARE MIDDLE BOXES IN THE PATH." 

4 " THE IETF SHOULD CREATE SECURE VERSIONS OF POPULAR NON-SECURE PROTOCOLS"

What does all this mean? All managed applications and solutions hosted with us already adopt best practice security measures including encryption, access control, intrusion prevention, intrusion detection, network firewalls, application firewalls, security zone segregation and may other policy and technology measures designed to limit the ability to compromise any applications. We are committed to maintaining the highest levels of uptime and security so we will be systematically reviewing all solutions, technologies and implementations to ensure that they continue to provide the best possible protection.

We also recommend that all customers who do not have a managed services agreement and manage their own environments take a regular action (at least 6 monthly) to review their security strategy and technologies to ensure they remain up to date and effective.

If you have any questions or would like to understand how we can help you with this review, please do not hesitate to contact us at support@manageddatasolutions.com.au.

As a foundation customer of NextDC, Managed Data Solutions has been delivering services out of NextDC facilities since the commencement of operations at the Melbourne Data Centre (and slightly before!). MDS is proud to announce that, as of late last week, we are the first organisation to provide production end user services out of the NextDC S1 facility!

For those of you that are interested, we had a very interesting customer request:

• Deliver a 32 node virtualised environment based out of Sydney for consumption across Melbourne, Sydney, Brisbane & Perth
• Provide services for week long intensive periods and then be able to scale down utilisation in intervening periods
• Deliver a highly available network
• Deliver a high capacity network in Sydney and to Melbourne
• Provide SLA backed services
• Deliver the solution, production ready, within 4 weeks

If you have any questions or would like to understand how we can help you with this review, please do not hesitate to contact us at support@manageddatasolutions.com.au.

We recently came across an interesting article on Ars Technica (original link here http://arstechnica.com/security/2013/05/how-crackers-make-minced-meat-out-of-your-passwords/) which described how hackers set out to reveal user passwords. While we take more than a passing interest in security processes and related technologies, the results of the hacking attempts (and our own subsequent tests) proved to be disturbing.

No doubt, everyone knows (and also loathes) the golden rules of managing passwords:

1. Always use a complex password with upper and lower case letters, special characters and numbers;

2. Never use the same password on multiple systems;

3. Never use words found in a dictionary or that can be easily guessed; and

4. Never use a password less than 8 characters.

Most businesses view an incoming financial year as an opportunity to assess exactly where they are at in relation to their goals, objectives and targets.

The start of a new financial year is also a chance to explore your company’s current IT infrastructure, ascertaining whether it still meets your requirements or whether you need to strategize a solution to any issues.

Here are a number of burning questions you should ask yourself – and your IT department – throughout July 2013.

On face value, outsourcing your company’s IT team may seem like a logistical nightmare.

But business owners that dig a little deeper will find a multitude of benefits, ranging from financial to the company immediately having more IT scope than it has had before.

Many small businesses may operate on a shoestring IT budget, with one or two full or part-time team members. In some cases, having an in-house IT department can even be prohibitive, particularly in workplaces with limited resources and space.