ClickCease

Posts on Jan 1970

MCS Offers DR and Business Continuation Services

We are proud to announce that we have launched our Business Continuation center. It is located right next to our data center so we can provide high speed access to your critical data. In the event of a disaster, our clients that have signed up for business continuation services will have access to workstations with phones, Internet, and their DR servers. By securing workstations before a disaster, our customers have the ability to install their custom software and run drills to prepare. Then, if this service need to be used in the real world, the process will be smoother and quicker.

We feel this addition to our existing Disaster Recovery services is a great fit for the demands of our customers. If you are interested in adding Business Continuation to your service, contact us for a quote and a tour today.

Continue Reading

The OpenSSL Bug, Heartbleed, Has Vast Security Implications

As you may have heard in the news, a vulnerability, the “Heartbleed Bug”, was discovered this week in OpenSSL (Version 1.01 and beta 1.0.2), the software that is widely used for encryption across much of the internet. MCS run servers were not found to be vulnerable to this bug.

The security risk is that a vulnerable server could be exploited to feed data contained in RAM to an attacker. Among this data could be SSL private keys. With a private key, secure website traffic can be eavesdropped.

Along with private key information, attackers could also gain access to any sensitive data residing in memory. On a database server for instance, this could lead to direct access to any database content currently being stored in memory. The implications of what types of data that can be exposed will vary from server to server and the full scope of what that data could be used for in the future is unclear.

To test your servers, use the tool at https://filippo.io/Heartbleed/. You can also let the engineers at MCS take the burden off of your shoulders and perform a Heartbleed audit and patch any affected servers. Request a Heartbleed audit now.

As a web user, you also need to be mindful of sites that you have used and logged into before they were patched. As a precaution, changing your password to these sites is recommended as long as they have been patched and a new SSL private key has been created. The reason for this is if a private SSL key was compromised at any point, any traffic to the server is considered insecure and your login information, as well as any information you saw on your screen while at that site, could have been seen. Odds are that your data was not snooped in on by a malicious party and changing passwords should just be a precaution. As with most security recommendations though, your should always plan for the worst and hope for the best.

Continue Reading