Posted on April 20th, 2018
Microsoft aim for their Office 365 product to meet an organisations needs concerning both data usage and content security compliance. In order to fulfil content security and data usage compliancy Microsoft offer a range of diverse products and services.
As we push further into 2018, organisations are under growing pressure to adhere and be complicit with certain business industry standards and regulations. Office 365 offers multiple, easy to use, Data Loss Prevention (DLP) policies for organisations, which have the main purpose of protecting sensitive data and preventing unintentional exposure of data. The DLP policies give users the ability to identify and monitor sensitive information across multiple platforms such as One Drive for Business and Exchange online. Within the Security and compliance centre, you can view and manage DLP policies enabling you to assess how your organisation is complying with various said policies.
It is reported in a number of annual statistics that users are the biggest source of data breaches and that figures has been consistently rising. It is also perhaps even more worrying that these types of breaches are inadvertent and that’s what DLP is designed to protect against.
Office 365 also employs Data encryption in order to secure sensitive data for consumers both within an organisation and whilst in transit. Perhaps most notable is their file protection system within SharePoint and Microsoft Exchange. Data Encryption involves the process of encoding data, and this encoded data is only accessible if it is decrypted first. To decrypt this data you need to have an encryption key that authorises appropriate users. In some services such as Exchange online it is now also possible to utilise “bring your own key” rendering data unreadable even to the service provider.
The protection methods already in operation and being developed are becoming increasingly important especially as GDPR (General Data Protection Regulation) comes into force as of May 25th 2018 and focuses on data protection within the European Union and how we export data (personal data especially) to businesses outside this jurisdiction. Office 365 offer multiple ways in which to assist organisations with maintaining GDPR compliancy including real-time dashboards with actionable recommendations as well as a built in audit tool for consistent monitoring.
Office 365 offer an advanced threat protection service for their users that in summary protects customer data against malware/viruses and unknown attacks. This service is an added feature, which for a small cost (per users) can be an addition to Office 365 subscriptions. The stand out benefit of the Advanced Threat Protection service is that it protects customer data in a real-time cycle, which enables customer’s data to be protected from online threats all day every day. For example, Advanced Threat protection includes a tool called safe attachments; this gives organisations the power to stop potentially malicious attachments affecting their messaging environment. As touched upon earlier this is achievable using emails, which are automatically analysed through a real-time cycle constantly monitored for suspicious activity.
Office 365 has also recently introduced intelligence sharing with Windows Defender Advanced Threat protection. This service allows admins to see malware activity across Office 365 and the latest Desktop Windows Operating Systems. Malware activity is monitored in real-time, allowing administrator’s further resilience in addition to Windows 365’s Advanced Threat protection. Perhaps the main benefit of Windows Defender ATP is that being cloud-powered it has the ability to modify its defences and deploy to devices quickly in order to react quickly to evolving threats to business data.
VooServers can provide and support Office 365 licences including Standard, Business and Business Premium in addition to Microsoft Azure and AWS cloud services. As an organisation, VooServers also offers a plethora of Microsoft licences including antivirus, database and customer relationship management software. For further information on security and the upcoming GDPR enforcement date, please contact our support team via email@example.com. Alternatively, if this article has helped you decide on a potential O365 deployment then please contact sales our sales team on 01622524203 or by email at firstname.lastname@example.org
Posted on March 15th, 2016
DDOS attacks are becoming more common and more easily produced, with DDOS attack services even being available to buy online now. Due to this, these attacks are no longer just limited to hackers but can be performed by anyone from a disgruntled customer of a company to an angry teenager that’s been banned from a gaming server. DDOS stands for Distributed Denial of Service, this means that a DDOS attack is simply where an attacker uses a number of compromised systems in order to target a single system causing a Denial of a Service.
The main way an attack begins is by firstly setting up a botnet. A botnet is a network of infected machines which can be millions of machines strong, these machines are intentionally infected by distributing malicious software via emails, websites and social media. The botnet can be systematically controlled to send an overwhelming volume of traffic to a targeted system and cause the system to go offline. There is a vast amount of different methods that can be used to perform a DDOS attack, some you should be aware of; for example, an ICMP flood and Slowloris are just two types of DDOS attack methods that can do some serious damage to a targeted machine.
First of all, you have an Internet Control Message Protocol (ICMP) flood which has a simple principle of basically sending ICMP Echo Request packets as fast as possible without waiting for any replies. This technique will consume the targets incoming and outgoing bandwidth significantly making the overall system slowdown as the victim’s server will be attempting to respond with ICMP Echo Reply Packets. Slowloris is a highly used method of performing a DDOS attack, here one web server takes down another server without physically affecting other ports or services on the targeted network. The way in which this works is by Slowloris trying to keep as many connections open on the targeted server for as long as possible. It sends more HTTP headers but never completes a request leaving false connections being open on the targeted server making the server reach its maximum amount of connections which will cause legitimate customers/clients unable to connect.
Another way in which a DDOS attack can be used other than to disrupt services is in the form of a disguise for more malicious traffic. For example, an attacker could send a certain volume of traffic like 10Gbit to someone which contains 100kbit of malicious traffic. This can be very dangerous to a company, whilst they are trying to distinguish between the natural traffic and the attack the attacker could be injecting a code of some kind to possibly steal the company’s database or test a security hole elsewhere on the network.
Don’t feel you can’t do anything against a DDOS attack once it has commenced as there are many ways in which you can fight back in order to reduce the impacts of an attack and even prevent them from occurring all together. First of all, if you’re getting small annoying attacks from the same attacker, even a firewall containing a simple rule can stop traffic coming into your server or machine. So make sure you set up a rule inside your firewall to deny all incoming traffic from the attackers, this can be done by taking into account the protocols, ports and the originating IP addresses. With regards to larger scale DDOS attacks a simple firewall won’t cut it, as rules put in place to stop all incoming traffic can lead to the abrupt stoppage of legitimate traffic to your server or machine. You can always take the Black hole route which is used to discard traffic and drop it once it first enters the network; this works by injecting a static route into the network with a specific community string. This method however is not a very effective one as it can have a negative effect and end up helping the attacker to become successful with a DDOS attack, as by taking the target IP offline yourself this will mean that the attacker will no longer need to attack it.
As mentioned before there are a range of websites that allow anyone to purchase DDOS support services, providing a managed service which can offer support on many features for example features like HTTP, ICMP, UDP and SYN flooding. Most of these service providers pitch that they use private tools as well as having many expert members of staff to provide the DDOS support services to customers. Some providers offer 15 minute trial periods in order to show customers what they can do and their effectiveness, on average the price is £5 for an hour of DDOS attack and can range up to £1000 depending on how long the DDOS attack has been in action for.
Probably the most popular way in order to retaliate to DDOS attacks is via Cloud mitigation and there are expert providers who offer this service, so for example if you were being attacked by an ICMP attack to your server, the cloud mitigation would provide multiple sites that can take in any type of network traffic. They then take in all of the traffic that the server is receiving, then they get rid of all the bad traffic and pointless ICMP sessions in order to only send you back the clean traffic straight to your server in your data centre.
In simple terms cloud mitigation providers have a few key benefits:
- Large amounts of bandwidth – The providers have more than enough bandwidth for customers to migrate their traffic to in order to deal with even the biggest of DDOS attacks
- Resources and Hardware – Cloud Mitigation providers have a range of resources and hardware in order to compete with the growing danger and growing complexity of DDOS attacks by keeping up-to-date with the software via multiple layers of filtering in order to have the latest trends.
- Knowledge – All of these providers normally have a large amount of highly skilled security engineers who daily monitor the very latest DDOS news and tactics in order to help customers in the most efficient way possible.
In my opinion I believe Cloud mitigation providers are the most reasonable and realistic choice when battling DDOS attacks and are the most reliable source in keeping up with the increasing dangers of DDOS attacks.
Posted on March 4th, 2016
On Friday 26th February the KM Charity Team commenced an annual awards ceremony in order to emphasise and show many businesses making a true difference to charity services across the whole of Kent. The awards ceremony took place at Hempstead House Hotel in Sittingbourne where the winners, out of fifty organisations, were granted awards warranted by their assistance to the KM Charity Team enabling them to deliver their vast amount of services to many good causes around the country.
Additionally to the annual awards ceremony the KM Charity Team last year managed to raise a total of £150,000 obtained from organising and running an extensive number of other fundraising events which include Charity walks, a bike ride and their most successful event the dragon boat race. Alongside these events the charity have also been in charge and hosted Four Big Quiz events staged in towns all over Kent like Maidstone and Medway which added an additional £30,000 to their total.
At the award ceremony businesses whom had helped the charity’s work received a KM Charity Team Partnership award. VooServers Technical Director Matt Parkinson was there to receive our KM Charity Team Partnership award with Bill Parkinson alongside.
There is a current Walk to School campaign which involves the projects Walk on Wednesday (WOW), Active Bug and Green Footsteps which will further demonstrate the positive impact the KM Charity Team has on many communities and charities.