T : +(603) 7806 3550   |   F : +(603) 7806 5586
everworks it expertise

Cloud Computing

Offering you the best

everworks services

Data Backup

Data backup solution

everworks infrastructure

This is default featured slide 3 title

Go to Blogger edit html and find these sentences.Now replace these sentences with your own descriptions.

everworks cloudster

This is default featured slide 4 title

Go to Blogger edit html and find these sentences.Now replace these sentences with your own descriptions.

everworks databackup

This is default featured slide 5 title

Go to Blogger edit html and find these sentences.Now replace these sentences with your own descriptions.

Monday 31 March 2014

The Personal Data Protection Act 2010 (Malaysia)

What is the Personal Data Protection Act 2010 (Malaysia)? This Act regulates the processing of personal data in regards to commercial transaction. It was gazetted in June 2010. 

The penalty for non-compliance will be between RM100,000 - RM500,000 and/or imprisonment of between 1 - 3 years.

How does this affect your business?


This Act applies to any person who collects and processes personal data in regards to commercial transactions. The 7 principles of the Act are general, notice and choice, disclosure, retention, security, access and data integrity principles. 

Personal data relates directly or indirectly to a data subject, who is identified or identifiable from that information or from that and other information in the possession of a data user, including any sensitive data, and expression of opinion about the data subject. For example: name, identity card number, date of birth, mobile number and etc.

In the case where personal data processing is outsourced to a third party, known as the data processor, it is the responsibility for the data user to ensure that the data processor provides sufficient guarantees to protect the person data from any loss, misses, modification, unauthorized or accidental access or disclosure, alteration or destruction.

What are the main Challenges?


Increased complexity: This Act affects personal data management from the point data is collected, used, stored, and destroyed. This Act also applies to customers, employees, and third party service providers that handle personal data. Companies businesses will be affected as processes will be required to be refined to comply with the Act's requirements.

The process of personal data life cycle management becomes more complex with the involvement of International data transfer.

What should be the next steps?


The Personal Data Protection Act 2010, has already been effect and companies were required to register by 15 February 2014 or face penalties under section 16(4) of The Personal Data Protection Act 2010.

  1. Identify the gaps to meet the legal requirements and industry standards.
  2. Develop a strategic roadmap to address the gaps
  3. Develop structure, roles and responsibilities, policies and procedures.
  4. Audit processes and systems to assess compliance with policies, standards, and legal requirements.
Find the Personal Data Protection Act 2010 (Malaysia) from the Official Portal of the Ministry of Communication and Multimedia Malaysia. For more legal information you can refer to the Malaysian Bar.

EVERWORKS is Malaysia's leading Server Colocation, Server Colocation Hosting Services, and Mobile Hosting Provider. EVERWORKS has worked with prominent clients as the Ministry of Health Malaysia, PriceWaterhouse Coopers Malaysia, Media Prima Berhad, GAC Shipping, KLIA Express, CIMB Bank, Hong Leong Bank Berhad, and many others.

Further reading: Your Data is Your Data

Thursday 27 March 2014

DirectAccess vs VPN: The Difference That Could Break Your Security


This post was made to detail the differences between DirectAccess and VPN. Often misconceived as the same, but between DirectAccess and VPN they are Not the Same.

Although a lot of people are thinking of deploying DirectAccess, I have to remind them that while DirectAccess has many characteristics that might make you think that it is a VPN, but in actuality DirectAccess isn't a VPN. DirectAccess is more than just a VPN, it s much more. 

One way to understand how DirectAccess differs from VPN is to put in a different perspective with other types of clients on your network and look at the connectivity and security issues that are important with each of these client types.

Different 'client'.


Let's assume that there are two types of clients that are domain members and are under your control. 


  1. DirectAccess client
  2. the roaming remote access VPN client

DirectAccess Client


Very much like the VPN client, this computer can move from the hotel room to the airport and anywhere else that a roaming remote access VPN client might be located. 

The DirectAccess client will be connected to all networks, just like the roaming remote access VPN client, and the risk of physical compromise of the computer is also similar to that seen with the roaming remote access VPN client. 

The result being that often the VPN client and the DirectAccess client is often compared to be the same.

However there is some significant difference between the roaming remote access VPN client and the DirectAccess client:



  1. DirectAccess client uses two separate tunnels to connect. DirectAccess client connected through the first tunnel only to management and configuration infrastructure by default. If added access of general network isn't available until the user logs on and creates a separate infrastructure tunnel. 
  2. DirectAccess client is always serviceable. If you ever want to, you will need to connect to the DirectAccess client to perform custom software configuration or troubleshooting on an issue on the DirectAccess client, there shouldn't be a problem because both clients are bidirectional.
  3. DirectAccess client is always managed. This means that the DirectAccess client is always connected with management servers that keep the DirectAccess client well within the security compliance configuration of management servers.

VPN Client


The roaming remote access VPN client poses a different threat profile. 

These machines are domain members, have anti-malware software installed, have Windows Firewall with Advanced Security enabled. However, that configuration and security state doesn't last for long. A user may not connect to the VPN for days or weeks, and during that period of time, the VPN client then slowly falls out of compliance. 

Everything doesn't get updated, anti-virus updates, anti-malware software, security and compliance all fail to connect.

As this small problem grows it falls further and further out of your defined security compliance and requirements and magnifies to connect to a large number of networks with unknown trust. 

Soon the computer becomes compromised by worms, viruses, Trojans and various other forms of malware. The damage will be limited if you have NAP (Network Access Protection) enabled on the network, but not many networks have it.

The VPN client as you can see has a host of security issues:



  1. Users can do anything they want while they are connected to the internet without a filter in place
  2. Updating of malware softwares and policies may not be done in a timely basis
  3. Greater access to the VPN client computer than what has been initially thought of
  4. Irregular connectivity compromises security policies
  5. Exposure to unmanaged and poorly managed networks

The critical difference between the DirectAccess client and the VPN client


Here is the critical difference between the DirectAccess client and the VPN client:

"the DirectAccess client poses a lower threat profile."

---

My conclusion


There are concerns over the DirectAccess client as well, but in this article, it clearly shows that the DirectAccess client is always managed, and it is a much lower threat profile as compared to the threat posed by the VPN client.

If there are any strong objections or discussions in regards to this, please feel free to share your thoughts in the comments below!

Monday 24 March 2014

Understanding NTP-based DDoS attacks

Recently you might have heard of a new tool in the DDoS arsenal: NTP-based attacks. Recently becoming popular causing trouble for some gaming websites and service providers. 

This post explains how an NTP-based attack works and how web site owners can help mitigate them. EVERWORKS helps to defend web sites against DDoS attacks by making configuration changes to firewalls and NTP servers. Doing so makes the web safer for everyone. 

DDoS


A Distributed Denial of Service (DDoS) Attack is an attempt to get an online service unavailable by overwhelming it with a large amount of traffic from various sources. Normally targeting high profile targets and proves challenging for people to access and publish information.

DDoS Protection - EVERWORKS & Prolexic: EVERWORKS together with Prolexic have been working since 2008 to provide a solution for DDoS in Malaysia.

Results: EVERWORKS x Prolexic has successfully prevented 6Gbps of DDoS attack on colocation clients in Malaysia. (Their IP addresses, hidden behind Prolexic's Proxy Server/Scrubbing Center)

Prolexic Technologies is the world's leading DDoS protection and mitigation provider. Protecting and restoring mission-critical, Internet-facing infrastructures for global enterprises and government agencies.

Reflection attack


A reflection attack works when an attacker can send a packet with a forged source IP address. The attacker sends a packet from the intended victim to a server on the Internet, that replies immediately. The source IP address is forged, causing the remote Internet server to reply and send data to the victim.

This has two (2) effects:

  1. The actual source of the attack is hidden
  2. 'If' many Internet servers are used, an attack can consist of an overwhelming number of packets hitting a victim from all over the world.

Network Time Protocol attacks: as easy as (UDP port) 'abc'.


NTP is the Network Time Protocol that is used by machines connected to the Internet to set their clocks. 

Unfortunately, this simple NTP protocol is vulnerable to amplification attacks because it will reply to a packet with a spoofed source IP address. That makes it DDoS ready!

Avoid this problem


If you are running a normal NTP program to set the time on your server, you need to know how to configure to protect your machine.

Here are two (2) Secure NTP Template that from what I have read seems to be good:


  1. Enisa's Secure NTP Template
  2. Team Cymru's Secure NTP Template (This shows how to secure the NTP client on Cisco IOS, Juniper JUNOS or using iptables on a Linux system.)


---

This is a very brief update on NTP-based DDoS attacks, if there are more in-depth explanations or solutions please feel free to share it with us.

Additional Reading: If you are concerned on DDoS attacks you might also be concerned about SQL Injection. Find out if you Are Vulnerable to SQL Injection.

Thursday 20 March 2014

{Tomcat} Proxy: How to Block Direct Access





This topic discusses about Tomcat 7 on Ubuntu. It is a topic on how to Block Direct Access based on an article here. I wanted to be able to make these changes and benefit from it too.



Ubuntu


Ubuntu is a Linux operating system. According to some matrix it is the most popular operating system. You can find out more about Ubuntu through their official website and download Ubuntu for free (Server Ed.).

Tomcat 7


Apache Tomcat is an open source software implementation of Java Servlet and JavaServer Pages Technologies. More on Apache Tomcat can be found through their official website and you can download Tomcat 7 for free.

Java Servlet:



Java Servlet is a programming class that extends the capability of the server.

Java Server Pages:


 (JSP Model 2 Architecture)

This helps software developers create dynamically generated web pages on HTML, XML or other document types.

Tomcat 7 on Ubuntu:


The configuration file is /var/lib/tomcat7/conf/server.xml

Just add address = '127.0.0.1" into the related Connector section as follows:

<Connecter executor = "tomcatThreadPool" address="127.0.0.1" port="8080"
protocol="HTTP/1.1" connectionTimeout-"20000"
maxKeepAliveRequests ="100" proxyPort= "80"/>

"For servers with more than one IP address, this specifies the address which it will be used for listening on the specified port." 

Although this method is easy, it isn't as flexible as using iptables; which it can work on multiple ports and is preferred if you have a complex environment with complicated requirements.

---

Is there more to this discussion that what it is natively? If there is a more deeper understanding on this, please feel free to share in the comments below.

Thursday 6 March 2014

Cloud Database


This is something I wanted to share with readers as they read and find out more about. A lot of topics revolving technology can be over the top and filled with jargon. Stuff normal people just don't get. So I thought through this approach it would be informational for any person who might come across this article.

What is a Cloud Database?


A Cloud Database is simply a database that runs on a Cloud Computing Platform. There are generally two methods that you could go about Cloud Database, one option being able to run independently on a virtual machine image, or you could go for the more straightforward option that is to purchase a database service offered by a cloud service provider.

Advantages


Increased accessibility

The cloud is known for increased ability for any user to access required data and information on the go from anywhere. It allows for users to fix any known issues, or add data as and when it is most crucial or required.

Automated failover

Failover servers are redundant servers built for the event of failure or abnormal termination. 

Fast automated recovery

With automated failover servers readily in place in any case of failure, quick automated recovery is possible.

automated on the go scaling

With in-house hardware servers it isn't possible to immediately demand for an increase of power and scale down when power isn't required.

minimal investment and maintenance of in-house hardware

Ability to rent servers greatly reduce initial high investment for hardware servers.

and possible better performance

With Cloud Service Providers constantly having stiff competition, the ability for these service providers to provide their customers with the best possible service. 

Disadvantages


potential privacy & security issues

As with most cloud services the main issue that worries most users is the ability for service providers to provide an increased ability for privacy and ensure that data security is well in place.

Common deployment methods


virtual machine image

Build a hypothetical computer emulate a computer architecture and functions of a real world computer.

DBaaS

Data-Base-as-a-Service is a service that is managed by a Cloud Operators with already ready application functions that allow application developers freedom from the need of database experts and database administrators (DBA) to manage the database. 

What database is more better suited to Cloud?


NoSQL databases (included within NoSQL: Apache Cassandra, CouchDB, and MongoDB) are inherently better suited to the cloud, as they are more scalable and build to service heavy loads.

--

Does this explain enough of Cloud Databases to you? What is your take on Cloud Databases, would you use it or would you not use it?

photoby Melina