Heartbleed Raises Questions on Security

Preparing for and addressing intrusions are part of the security procedures for any hosting company. While some hackers are interested in the data contained within a network, others are simply challenged by trying to break into a system they may have thought of as impenetrable. Some intrusions are easy to combat, while others may access systems undetected and inflict damage behind the scenes until such time that the damage is so evident that the root cause is found.

Case in point, Heartbleed is a security bug that was announced to the public in April, 2014. The exploit has been credited with stealing untold amounts of the world’s private information – anything from passwords to social security numbers – for the past two years, completely unnoticed. While this security bug became famous for its detrimental impact, it’s important to know that other exploits still exist and are attempting to penetrate into systems every day. Security breaches can be attempted at any time, so your Cloud Sites team wants you to know exactly how we are working to protect you.

First of all, none of our Cloud Sites customers have, nor will any be affected by Heartbleed, not only because our load balancing software is not decrypted or encrypted by OpenSSL, but also because “We use a variety of security systems. The best way to explain our security measures is the most standard, but best practiced,” explains Cloud Sites Systems Architect, Jeff Escamilla.

As part of our commitment to protecting our infrastructure, the expert team at Cloud Sites frequently monitors the security and state of all of our customers’ sites. We routinely perform vulnerability tests and keep software up-to-date. A crucial part of the successful history of deflecting such attempts at Cloud Sites is owed to running IDS (Intrusion Detection System) across ports on our load balancers. “Our load balancing software is optimized for speed and efficiency. OpenSSL may be easy to implement, but not as performance as our custom optimized solution,” says Escamilla.

As part of our managed hosting service, we secure and monitor the infrastructure rigorously, from security patches to upgrades up to the application layer. Please keep in mind, though, that we do not have control over the security of your code or updating your CMS versions. “We ensure up-to-date packages and perform vulnerability tests as a practice to protect our customers, however, it is very important that the customer has the most updated code and CMS software,” explains Cloud Sites Shift Lead, Tony Barrera. Outdated CMS and code creates malicious files within the infrastructure, thus making you more vulnerable to security breaches. While the Cloud Sites team consistently scans for these malicious files and disables the vulnerability, it is important to maintain an updated CMS for the safety of your sites.

Unfortunately, other divisions within Rackspace were affected to varying degrees by Heartbleed, but the technicians quickly reacted to the threat and diffused the bomb avoiding major damage to the security of customer data. While Cloud Sites was and will remain unharmed by Heartbleed, it’s important to know that if another major threat were to occur, our technicians are prepared to react swiftly and effectively.

Click here to learn more on how our managed hosting can benefit you.