Security in an Insecure World
December 2, 2021
Unlocking the Power of AI for SEO: Keyword Generation, Content Creation, and Tools for Boosting Website Visibility
June 7, 2024
Let’s be honest here…
Imagine an entire castle has been constructed. It is designed to house people, give them a place to sleep, eat, farm and earn a living. Castles are great. Until the horde arrive at the door to try to break in and steal everything you have.
Such is the life of a Server Admin like myself. The server is built, the client is making money, all is well in the land of the server farm. Until someone knocks at the door so hard it nearly collapses in on itself.
Methods to protect the average server are pretty standard:
- Firewalls
- WAF Rules
- Security APPs
- RealTime Blacklisting
- CDN and program routing
In reality however, the same hordes at the door are also working to find ways to get around each of those.
There are a lot of options that work directly to detect intrusions and attacks on websites and servers both. The problem is that new vulnerabilities are being discovered all the time. The vendor for software, the server OS and the hosting software all have to work constantly to keep up with most of these reported bugs. It gets worse however when they ignore a bug report and never fix it.
There is not a single hosting solution that can guarantee 100% uptime. Tomorrow is not certain for the bugs, glitches and errors that could pop up that are completely unforeseeable.
AWS has a billion dollar company behind them. It seems Amazon is very serious about hosting solutions and technology development. This is great. It means if something happens they can throw money, time, and people at the problem until it goes away. Even then problems still happen. Just two months ago some bad code was uploaded to the service that had a comma out of place. This caused their entire West Coast CDN service to fail. Websites were offline, and services failed. This is the equivalent of a castle builder replacing a wall and forgetting to mix water in the mortar. It happens – but it shouldn’t.
With failures there is always a need for a fallback plan.
Hosting is great until it fails and clients, websites, and more must have a backup plan.
That brings us to the backup plan:
- Backup everything, twice, one on the server itself (if there is room) and one in S3 storage.
- Backup everything a third time in a different location. If your backups are in Amazon only and Amazon goes offline – you have no backups.
- Backups on a Hosting level need to include copies of every website, every database and server settings to allow you to rebuild any and all of those items.
- A third backup should go to an offsite location away from Amazon (or other cloud hosting)
- The backups need to be valid in every way to facilitate quick upload and replacement as needed.
Instance Level Backups:
If you are using AWS or any other cloud solution–ensure you have the ability to make a snapshot of the server image. This allows you to stop, shut down, move, replicate the entire server as needed.
Example: We started a new client in Ireland for AWS hosting close to them in the EU. It was quickly apparent however there was very bad latency from Ireland to the Client. From the USA to Ireland there was no latency. After one week of looking for solutions we resolved to move the entire server instance to Germany instead. The move took about 30 minutes to put everything in a better EU region.
Problems with Amazon:
- Technology is still new, the support staff do not always know how to use or implement them.
- Write-up and support documentation is sparse or entirely too technical.
- Default Security is terrible for a ton of reasons.
There is always a better way to do things, Amazon gives free DDOS support that comes built in–it does nothing for modern attacks. Extra steps are needed to bring standard Firewall and filtering to instances. Using WAF and Shield can be done in a timely manner to get things protected but the extra steps could be streamlined for certain. Another option for this same purpose would be CloudFlare–for a free or pro account to get started and implement much of the same protection that AWS has on tap–for $20 USD a month and comes with WAF and Firewall rules for most web applications right out of the gate. Not a bad idea! - (New Addition from experience) AWS Server Snapshots can be corrupted and rendered largely useless.
- Data contained inside seemed valid if attached as a drive to a NEW instance but restoring instances from snapshots are not always possible.
Amazon is great but with growth comes issues and potential problems. That is why it takes technical knowledge on all levels to manage, adapt and grow with the technology. We have many techies on tap–seriously I even had a pocket protector for my pens at one time, no joke!
All of that being said, Amazon is awesome, it takes time and configuration to get things right and even then there are those hordes just waiting to test your new found setup, and they will.
AWS is with you to help fight the hordes off however. The solutions they offer with you clicking the buttons will help move your castle into the Cloud and keep your kingdom safe.
Contact us today and we can help get you started in a Growing Infrastructure like AWS!
