Adobe has issued an advisory warning of the zero-day flaw (CVE-2015-0313), a previously unknown point of vulnerability within the latest version (version 22.214.171.1246), as well as earlier versions of its Flash Player plugin. If exploited, this download attack causes a system crash that allows the attacker to take control of the affected system. Unfortunately this kind of attack is quite commonly and actively used; at this point the download attack has been actively linked to maladvertising against Internet Explorer and Firefox users, on either Windows, Mac or Linux (versions 126.96.36.1990 and earlier).
Data loss can be an insurmountable challenge for firms and unfortunately it is a common problem. Disasters come in many forms, such as power interruption, corrupted database, hardware failures, software glitches, or network outages. In a cost-cutting environment with intense global competition, you need a solid plan that is cost-efficient, yet ensures that backups are performed regularly and recovery from any disaster quickly.
Organizations are finding that cloud collaboration is becoming critical to their ability to compete. The growing importance of collaboration is being fed by fundamental trends…
Are you considering outsourcing part of or your entire IT environment? Do you need to add capacity for growing workloads but don't know by how much?
It's becoming increasingly clear that cloud computing by Amazon Web Services (AWS) can provide some answers and bring significant benefits to small and medium businesses (SMB) such as yours. With cloud computing you don't need to make large upfront investments in hardware. Instead you can provision exactly the right type and size of computing resources you need to operate your IT department. You can access as many resources as you need, almost instantly, and only pay for what you use.
The Benefits of Utilizing AWS Include:
- Pay for Infrastructure as you need it, not up front.
- Lower Total Cost of IT
- You don't need to guess capacity
- Increase innovation: experiment fast with low cost and low risk
- Get rid of undifferentiated heavy lifting
- Go global in minutes
Amazon Web Services Infrastructure Services
Amazon Web Services offers a complete set of infrastructure and application services that enable you to run virtually everything in the cloud. It is made up of four components:
Compute: Processor, memory and operating system
- Storage: Block or object based (EBS or S3), flexible and cost effective
- Network: Your own Virtual Private Cloud (VPC)
- Database: Managed database services (RDS)
CWPS Cloud Assist - Managed AWS
With the implementation of AWS, you will need assistance in deployment and maintenance. The CWPS Cloud Assist package consists of foundation managed services that include:
- Backup and Disaster Recovery
- Identity Access Management
- Network Element Management
- Billing and Optimization
There are also optional services that include incremental offerings for customers with specific needs not addressed by foundation managed services. One of them includes Advanced Security Services provided by Alert Logic. Alert Logic SOC and CWPS NOC work together 24X7X365 to provide deep security insights, continuous protection, and lower total costs.
AWS and CWPS Cloud Assist reduces total IT costs by at least 30% compared to an on premise deployment. Not only do you save money but you can also spend more time focusing on your business and not the daily IT hassles.
Moving your IT applications to the cloud may eliminate unpredictable capital expenditures and many "pain points" of owning your own infrastructure, but what happens once you have your workloads and applications in the cloud? When everything is offsite, your connection is critical and Quality of Service (QoS) is not available over the Internet. This is essential for voice, video and other real-time communications.
For businesses, both large and small, Microsoft’s Office 365 suite has become an integral part of day-to-day operations. This is understandable due to the all-encompassing nature of the product line – from word processing and spreadsheets to PowerPoint and email.
Here’s a quick High Level Overview of the CWPS response to the Shellshock bug:
- What is Shellshock?
Shellshock is the name given to a bug that affects the Bourne-Again Shell (BASH) in Linux and UNIX operating systems. Successful exploitation of this bug could result in a full system compromise.
- Who is affected?
Largely any UNIX or Linux system is impacted (this includes Mac OS & Android). A smattering of Cisco products are also impacted.
- How would this bug affect your business?
95% of customers are unlikely to see any immediate impact relating to this bug. This stems from the fact that an overwhelming majority of these impacted systems are not Internet-facing. In order for an attacker to exploit this bug for nefarious purposes, they would have to have external access to these affected systems, either through SSH, web or publicly-accessible service endpoints. Even then, the attacker would have to find a vulnerability /outside/ the realm of the Shellshock bug in order to then “get in” and /then/ make use of the Shellshock bug.
- What is CWPS doing about this?
So far, we have ensured that our internal infrastructure (much like many of our customers’) is not exposed in such a way that would cause concern. We are continuing to monitor our vendors’ updates & patch releases, and as we receive and digest this information, we will (as necessary) work to address these individual impacted systems with our customers individually.
- How can we be more proactive about these types of security incidents in the future?
CWPS now offers a managed security service, consisting of several components:
If you’re interested in learning more about our managed security service, please contact your Account Executive and/or Customer Account Manager.
For a quick ~4 minute explanation in video form, we’d definitely recommend watching YouTube contributor Tom Scott’s video.
The Bottom Line
Any Linux/UNIX-based device that serves up Internet-facing webpages and/or services may be vulnerable to the Shellshock bug. This assumes that these websites and/or services are calling direct system functions through commands issued on said site (widely considered to be a no-no from a security perspective) -or- are vulnerable to a remote command execution vulnerability. Therefore, successful exploitation of this bug requires three things:
Server virtualization is a powerful term that has a lot of important people buzzing for its possibilities. But amid the clamor, it can be easy to not have a full understanding of what sever virtualization actually is or why it will help your business. The following will serve to point out some of virtualization's most powerful benefits.
Today’s information technology departments have more complex challenges as businesses, governmental entities and other organizations harness technologies like mobility, cloud computing and social media to improve internal operations, deliver product and services and build relationships with customers. They must not only build and manage a cost-efficient IT infrastructure, but keep it operating at optimal capacity.
Savvy CIOs, IT executives and system administrators understand the importance of the role IT support plays in helping organizations meet strategic objectives. Not only does the IT support staff need to have the necessary skills to solve technical issues, but it must also provide responsive and effective services.