Posted on May 29th, 2019 - By Matthew Porter
Microsoft has released a patch in May which will rectify over 70 vulnerabilities, which perhaps most importantly resolves an issue whereby malware can exploit systems and devices running Remote Desktop Services (RDS), which used to be known as Terminal Services. This is being treated as one of the biggest threats in recent years but has not made it to mainstream media so many people are unaware of the threat.
The vulnerability could provide easy access for an opportunist hacker to infiltrate a system undetected by the user. Requests are made through bespoke requests directed towards the servers RDS using the Remote Desktop Protocol, or RDP.
Interestingly, Microsoft has released patches for older systems such as XP and Server 2003, which are no longer updated or supported by Microsoft. The Patch also fixes the issues in newer Operating Systems such as Windows 7 and Server 2008, which still have relatively large user bases despite their end of life rapidly approaching in 2020.
The risk to business users globally is significant, particularly in the industrial sectors as RDS is used heavily for remote access purposes, allowing personnel to use a variety of control systems. This sector is also more likely to be running older operating systems that are no longer monitored or patched as frequently as newer Microsoft OS iterations.
This is not the first occasion such an exploit has been found. As recently as 2017, the WannaCry Ransomware targeted EternalBlue, the cyber-attack exploit used by the National Security Agency (NSA) in the US.
Those running Windows Server 2012 or above, and similarly Windows 8 or above need not worry as these newer operating systems are already protected from the exploit.
Since the initial release of the CVE a number of proof of concepts have now been developed by security researchers, which show how the vulnerability can be exploited and demonstrates the severity of the vulnerability – in particular with how many servers are out there that expose RDP publicly.
Please find the link to the patch below:
Posted on May 14th, 2018 - By Matthew Porter
Windows 7 will be officially retired come 2020. Much the same as XP being retired way back when (2009 to be pedantic) there will no doubt be the customary last minute dash to upgrade home and work systems to avoid potential conflicts and security breaches…. or so one would think.
Microsoft has recently released figures suggesting that over 200 million enterprise users alone are now using Windows 10 as their Operating system. *Joe Belfiore, Corporate Vice President who leads the Windows 10 team said, “We’ve seen that Windows 10 adoption rate increase now at 79% year over year growth”.
From a business aspect, this makes sense as upgrading to Windows 10 gradually now can ease the changeover process and lower the risk of missing the deadline and having to upgrade all users at once potentially causing delays elsewhere in the business. A staggered approach in upgrading at that time could lead to higher security breaches, viruses and compatibility issues, which could be harmful in the short and long term.
The other main reason could be that Windows 10 is just a more reliable upgrade from 7 than XP was to Windows 8/8.1 which windows was marketing heavily at the time and was a problematic operating system that caused controversy with its lack of start button (initially until 8.1 revision) and it’s app influenced desktop environment. Windows had previously failed with its resource hogging Vista iteration, and Windows 7, which was more akin to XP, was clearly revisited in many areas when Microsoft came to creating Windows 10, although many of Windows 8.1 refinements would remain for the latest Windows Operating System.
Whilst these numbers may seem impressive at first, they do in fact account for less than half of the current corporate representation of Windows Licensed business systems currently provided by Microsoft. Furthermore, much like before with XP’s retirement it is unrealistic to think all businesses will have made the switch by the deadline and may continue to run instances for many years after. XP is still used in some business settings even without security updates. From a consumer point of view, the mass upgrade is even less likely with most Windows users still preferring 7 to 8/8.1 to Windows 10 though for the casual consumer Windows 10 will still find its way into many more homes post deadline due to it being bundled with new laptops and OEM systems.
Even though in 2018 Windows 10 is not the majority Windows Operating System in use for either business or home users, the rate in the uptake leads me to believe that by 2020 the upgrade compliancy will be much higher than the during the retirement of XP in 2009. In this time, Windows will no doubt have released further Windows 10 service packs with additional fixes and features to entice business and home users to make the jump. Here at VooServers we have been using Windows 10 for some time and while there was no doubt a slight adjustment we can recognise that it put plenty right from the ever-divisive Windows 8.
Do you currently run Windows 10 in your workplace, and if not are you planning to in the near future?
Let us know here or via our Twitter feed!
Posted on February 22nd, 2018 - By Matthew Porter
VooServers are very excited to announce that we are soon to go live with a Shared Oracle Cloud Service, with the aim of providing customers with an alternative option to dedicated oracle setups, which can require large commitments, expensive licencing and ongoing infrastructure changes. The licencing of hosting dedicated Oracle Services has always been significantly expensive especially for small companies and start-ups where cash flow optimisation is critical to success VooServers has experience in providing dedicated Oracle platforms over the past 8 years. Both our support and projects teams have high competency maintaining and troubleshooting both common and uncommon issues relating to the software/ hardware involved. VooServers pride ourselves with providing a both a professional and personal service that many competitors struggle to match alongside evidence of quick and efficient response times to any services issues.
VooServers Oracle service will sit on our proven resilient infrastructure, which provides dual feeds for power and network from the grid through to individual servers. Clustered load balancers, firewalls and application servers to deliver resiliency at every level will also back each service. In addition, customers can also be reassured that our environments are secure and configured to ISO27001:2013 standards under VooServers’ accreditation. VooServers’ services and solutions come designed with flexibility in mind allowing the deployments to scale both up and down at a minutes notice ensuring you get the optimal configuration/cost balance, in addition to the ability decrease/ increase in services depending on you circumstances. VooServers will provide these services on a month-to-month basis and depending on the size of your requirement may offer longer-term contracts with cost savings. Licences, Domain Hosting and SSL’s are available for purchase through VooServers or customers can bring their own licences.
Following the launch of our UK packages VooServers expect to the have our Oracle Cloud services extended to our other Datacentres – New York, Frankfurt and our upcoming expansion in Seattle, Washington providing extra resiliency options for customers including failover and high availability.
VooServers expect our Oracle services to be live early-mid March 2018 and so please continue to follow us on Facebook and Twitter to hear the latest on this project as well as many other exciting happenings here!
For more information, please contact firstname.lastname@example.org, alternatively you can give us a call on 01622524200 and press the option for Sales.
Posted on January 29th, 2018 - By Matthew Porter
Tuesday 22nd January 2018 saw NETSCOUT release the 13th Annual Worldwide Infrastructure Security Report (WISR). This report is useful in many sectors and in fact, particularly more so to the service provider and so we have summarised below the findings of the report in the interest of our customer base.
The survey demographic is made up primarily of, Enterprise, Government, Education and Service Providers. At this time, there are still respondents without network or security expertise. The aim is to exclude as many of these respondents as possible in future to allow for accurate results, however, this issue would be difficult to eradicate entirely without stringent auditing.
The survey concluded that a common form of attack (DDOS) found to be most prevalent within the gaming communities, those looking to display their hacking prowess and those that would look to extort and benefit financially from personal/ business accounts. Furthermore, the survey found 57% of respondents from Enterprise, Government and Education sectors found that DDOS attacks compromised their bandwidth. This figure has increased 15% from the previous year.
While Enterprise, Government and Education sectors cumulatively made up 45% of respondents. The highest response came from Service Providers at 55% who were highly respondent to the survey. Once again, the most common form of intrusion reported was DDOS attacks. This threat is almost universal to the service provider. Power outages were also highly significant according to the report, with over 50% of service providers affected over the past year.
Perhaps in light of the above it should be of little surprise that 60% of Service Providers run their own Security Operations Centre or equivalent. A further 20% outsourced their Security operations either fully or to a certain degree. The figures in the table above go some way to explain why security has become a quintessential part of business – whether public/ private, small/ medium or enterprise. It would be of little surprise to these take up of security services rise once more with next year’s survey results.
As well as using standard/ mass DDOS attack methods, DNS (Domain Name Service) has been targeted by DDOS more frequently than before. Domain main name is the global system, which is constantly self-acting – translating Internet addresses, we type in to our search engines on a daily basis to the numeric machine addresses (IP’s) that computers/ servers and most devices now use. Over the past year, the report found that 25% of attacks using this method led to noticeable public outages. Considering the increased threat of DNS attacks, only ¼ of service providers have dedicated protections set up to prevent or deal with such attacks.
In a year that saw many high profile security incidents involving networks you would associate as having been very secure including the NHS, Equifax and Tesco Bank it perhaps doesn’t come at any surprise that figures are on the rise. 2017 was also a particularly important year in VooServers commitment to security achieving our ISO27001:2013 accreditation for information security management and some of the highest profile incidents of 2017 demonstrate that the most common problem is internal processes.
Posted on June 23rd, 2017 - By Matthew Porter
Microsoft is changing the method in which it provides updates for Windows Server, which will fall in line with Windows 10 and Office 365 upgrades. Thanks to Microsoft’s user base growing tired of ambiguous release dates they have decided to provide a set release date for their Server product line. This should provide IT providers with more realistic upgrade paths for their customers saving valuable time for all parties involved.
Much like Windows OS and Office 365, Windows Server will see upgrades promised bi-annually in both March and September which is known as the semi-annual channel. This release has key areas of investment in support for Windows Server and Linux, improved usability, reliability and extensibility with security and management services. In addition, being able to provision Storage Quality of Service via self-service. This will also include a move to semi-annual updates for Server Core as well as System Centre. Now it’s well known that Microsoft provides multiple updates for its Nano service (which has a significantly smaller image file) yearly and so the move is somewhat questionable even though these releases were never defined to be available at a particular time. So while regular, the updates were not guaranteed and could not be planned in advance for. Microsoft has also announced twice annual upgrades would be supported for 18 months, providing reassurances for those companies with customers that did not wish to take advantage of every incremental upgrade. The benefit most likely appears to those using hybrid environments and will allow for simpler upgrades across multiple machines. Business’s and by proxy customers will still be able to purchase a brand new version of Windows Server every three years which will encompass many feature upgrades and fixes introduced in the semi-annual channel – presumably as Microsoft will look at which features worked best, and those that were not required moving forward.
In terms of support, the long term brand new Windows Server option has 5 years support with an additional 5 for extended life compared to the 18-month support for each upgrade to a particular version. Ostensibly this would only cause issues for those on the semi-annual channel who are looking to run on a particular update to their current Windows Server version and are perhaps wary of the latest long term Server release removing features they have been accustomed to within their current update.
Posted on April 19th, 2017 - By Matthew Porter
It seems that the threat to business IT infrastructure is constantly evolving and adapting to pierce even the tightest of security and failsafe’s available. While viruses, malware and credit card fraud seem ever prevalent there is one method for compromising systems that has gone unnoticed to a degree until now, and that is the threat posed by USB devices which can be used to siphon data and inflict massive damage to infrastructure. In fact, USB Malware was the number two cause of unlawful infiltration of security systems in the year 2016. In particular, the Stuxnet computer virus led to many businesses losing trust in using USB removable devices as the virus targeted the industrial control systems used to provide the infrastructure of power plants, waste processing systems and other operations within said industrial sector. Unfortunately, many cyber security products have not been able adapt to evolving threats and the demands of complex industrial systems targeted by a plethora of viruses.
There is now a promising product that claims to have the resolution for industrial security woes. Honeywell Process Solutions are rolling out a fresh innovation to businesses and industrial sectors. Using SMX (Secure Media Exchange) can offer a business high levels of cyber security and protection using multiple technologies which offer full control and transparency to the business and user. Updates and fixes are provided in house by Honeywell creating peace of mind for all involved in the process. This leads to a huge benefit to industrial sites, many of which have restricted USB use to their staff as it allows for flexibility and an increase in productivity by cutting out extra steps required when using outdated processes. For example, there are a large number of systems used within the individual industrial sectors which makes updating these systems through other technologies difficult due to updates from a central point being unable to cater for the diversity in the systems used. Not only are there a large number of individual systems but the longevity required for the systems in this environment means that some systems are outdated while other systems are contemporary which only complicates matters further.
By using the SMX Intelligence gateway to scan files and logging the use of removable media through advancements in a multitude of security measures as touched on above; this combined with ATIX (Advanced Threat Intelligence Exchange) (which uses the cloud in a hybrid environment) there is a more robust and safe option for industrial sectors to be assured when it comes to physically moving their data. There is also a pre-emptive assurance in that the SMX can be detected before they can infiltrate the USB device and ultimately nest in the critical infrastructure within the particular facility.
While the system is currently aimed towards the industrial sector in particular, we at VooServers expect similar systems to be rolled to businesses and consumers alike and will keep an eye on future developments. Although the threats mentioned in the article do not directly affect us and are not that crucial in our environments, the endpoints which connect to the infrastructure with us are the biggest threats so this is still a critical aspect to us and our customers.
Posted on March 22nd, 2017 - By Matthew Porter
At one point AMD was rivalling and indeed outperforming Intel in the CPU market, this was certainly the case as I was becoming a teenager (some 17 years ago now). Not only were AMD faster in many benchmarks, on many occasions they were better value than their Intel processor equivalent. Sadly, for AMD, that hasn’t been the case for many years and their desktop products seem to be marketed towards low to mid-end desktop computers and laptops. AMD have also rarely had much success when it comes to the Dedicated Server/ Workstation market, however, with Enterprise becoming such an integral part of big business, AMD decided to try their luck with a new range of processors providing a large number of dedicated cores per processor. AMD has already released their new desktop range earlier this year, and has also made clear their plans for a new APU launch to hit the mobile market. However, between the release of these two product lines comes Naples (current codename and not official) and as a IT Hosting provider with experience in large customer server and Enterprise solutions we are most excited about the Naples product line in particular, what it could mean for Enterprise solutions available to ourselves and of course in turn our current and prospective customers.
With so much of the Enterprise market being dominated by Intel products, AMD will at least not have to be concerned about other competition, and will most likely gain a small portion of Intel’s Market at the very least. The early benchmark released by AMD show much promise although the specific processor tested is not known for either brand:
From a business standpoint it will be interesting to see where the pricing will align itself in the market, but even if AMD are able to provide more value compared to the Intel range, will their previous efforts in this market lead to incredulous would be customers. AMD’s Opteron range was quite successful to a point, but has been less relevant in the past 5 years, possibly down to the performance when compared to Intel’s range (Opteron processors tended towards more cores with weaker clock speed and performance) and would major server providers be willing to adapt their products to fit the AMD range.
As a provider of dedicated servers to a wide audience, and with our increase in Enterprise based solutions for our customers, we appreciate the potential competition and the increase in different options AMD’s new processors will provide. We also looking for to stress testing/ benchmarking the Naples Processors to ascertain whether or not they can compete with Intel’s processors in other areas such as reliability, performance, thermal output, I/O and whether or not they can offer a wide enough range to appeal a broad range of customer requirements.
Interestingly there seems to be somewhat of a bottle neck when it comes to using dual processors. A single Naples 32 Core Processor will provide 128 PCIe lanes. However, when in dual mode the processors will need to use 64 PCI-e lanes each to communicate with each other which results in the same number of PCIe lanes being required. This may prove to be a deal breaker for some users who were otherwise interested in the product.
VooServers has already had customers show interest in the new range and should that interest continue as the year progresses then it’s certainly an option we’d consider providing to our customers, which is especially relevant as we are soon to be launching our own Enterprise website. VooServers will also be eager to see the full product line to see whether customers using basic and intermediate setups can also benefit from the new architecture.
AMD’s new Naples architecture will be available some time during Q2 of 2017.
If you have further questions on the new AMD Enterprise architecture then please email us at email@example.com or alternatively, please call us on (01622) 524200.
Posted on December 30th, 2016 - By Matthew Porter
2016 has been an inspired year for VooServers. From launching a new Datacentre location in Los Angeles, USA to introducing a new GPU server range there have been many exciting developments for the team and of course our clients as well.
GPU Server Range:
VooServers recently introduced our off the shelf GPU server packages. These servers use cutting edge NVIDIA graphics cards featuring a wide variety of product lines such as GeForce, Tesla and GRID technologies. For those in architectural, rendering and design industries our GPU servers provide the horsepower you need to create multiple desktop environments without the need for dedicated GPU hardware for each user. GPU servers can also be used for multiple gaming implementations similar to NVIDIA’s own GRID system. Many of these cards provide increased computational processing power allowing applications to take the load off the processor providing significant performance boosts. It is for this reason that Dedicated GPU servers are being used within scientific field, for example Tesla cards can accelerate scientific computations significantly assisting scientists to replicate disease reproduction and accelerate the finding of new drugs to combat these diseases. The system is also helpful for imaging departments and other medical professions to get a clear picture inside the human body improving diagnoses. Bit-coin as well as many other mining based companies have been using GPU’s for the past few years as they provide faster mining than a CPU can offer. As well as off the shelf packages VooServers can also provide custom GPU server specifications for customers looking for specific setups. For more information on our GPU servers please see: https://www.vooservers.com/gpu-dedicated-servers/
VooServers had been keen to provide an additional datacentre location to its customer base for some time, however with the Brexit vote and uncertainties around repercussions of the result the project was put on hold. As the end of the year approached VooServers decided to execute our expansion plans by launching its 4th datacentre location in Los Angeles, California, USA with 100 servers initially installed. Having covered the East Coast for the past 3 years with our New York datacentre, this new location gives VooServers presence on the US west coast. This in turn means that the VooServers high availability and failover platform provides multi homed infrastructure with sub 30 second failover. These measures can be achieved within the same country for customers who wish to have their infrastructure based solely in the USA. Additionally the Los Angeles datacentre provides a more local service to those in Central/ South America/ Canada.
Posted on December 14th, 2016 - By Matthew Porter
The General Data Protection Regulation was set to be in place by May 2018. However due to the 2016’s referendum where the UK public voted out of the European Union, this will now influence how the government works with the GDPR. Once Article 50 completes, UK Datacenters will no longer be under EU jurisdiction and therefore will not need to comply with EU data protection rules. While many UK businesses will not be concerned over the GDPR, a vast majority of business’s who work inside and outside of the UK will have concerns of potential impact on the services they provide. The Information Commissioner’s Office (ICO) are in talks with the government to put forward their view that “reform of UK data protection law remains necessary”. With digital communication and functions being such an integral part of day to day life, it’s important that every step is taken to ensure protection for organizations and their clientele.
Article 50 is believed to be a 2 year process at the very least, and is unlikely to be initiated before we are well into 2017. As the GDPR is expected to be rolled for May 2018, its rules and regulations will have to be met by UK businesses and more specifically and more relevant to us and our customers, UK datacentres. Furthermore going forward any UK businesses which market and provide services to European countries will still have to comply GDPR legislation regardless of Article 50 having gone through. Karen Bradley, the UK secretary of state for culture, media and sport, said: “We will be members of the EU in 2018 and therefore it would be expected and quite normal for us to opt into the GDPR and then look later at how best we might be able to help British business with data protection while maintaining high levels of protection for members of the public”. The adoption of GPDR at brexit is with the intention for all EU laws and legislation incorporated into UK law at the point of exit.
So, how does the GDPR compare to the Data Protection Act. Well, the GDPR and DPA both apply to personal data. The GDPR goes a step further than the DPA in that their definition of personal data is broader, for example it will class an individual IP address as personal data. The GDPR will apply to both auto AND manual filing systems. The GDPR also expands on sensitive personal data by including genetic, cultural, biometric and even mental health data as protected information. Other directives include people having the right to their data being erased (known as ‘right to be forgotten’) when and if they decide to do so. Businesses will also be expected to provide details on what data they are using and what they are using said data for. Penalties for breaching compliancy are more significant compared to the DPA’s policy. With fines of up to 4% of annual turnover or 20 million Euros (whichever is greater)this could prove devastating to many businesses who haven’t planned ahead.
Now is the time to for those companies confused around the GDPR to research and check their current level of compliancy. VooServers will be keeping a close eye on both our own national DPA as well as the GDPR to make sure that across all our services we deliver consistent data protection rights and laws for our clients from wherever they are based. It is very likely that the next few years will be heavily influenced by the GPDR and the risks associated with not following the protocol is too significant to ignore, and therefore early compliancy is key to preparation.
Posted on September 2nd, 2016 - By Matthew Porter
GPU-accelerated computing combines the GPU and CPU components, which together can then be used for a host of applications. GPU accelerators are now more frequently used in datacentres in high profile companies as well as universities, technical/medical laboratories and can also be useful for smaller companies and medium sized businesses. These GPU’s can also be used to accelerate applications for mobile devices such as smartphones, tablets and a range of automobiles.
By combining the CPU and GPU, there is less workload on a system which only uses (or primarily uses) the CPU for running its application. To the user this ultimately translates to improved performance across a wide range of applications.
VooServers is now offering a variety of dedicated graphics processing servers. GPU’s compliment your CPU and can offer more graphics horsepower, supporting a wider array of environments including those that are fully virtualised. These options can help you access 3D applications and can add highly sophisticated computational processes. GPU’s have the ability to take the load off of the CPU to give optimum performance for your business needs.
NVidia GeForce Series (GTX 970)
Mostly used for personal gaming computers, GeForce cards can also be used to run less intensive graphic applications and support basic computational requirements. This package provides an excellent option for those on a budget.