Windows server intrusion prevention for hosting providers and cloud service providers with Syspeace

Syspeace - intrusion prevention for Windows servers

Moving to the cloud or a service provider

The more users and companies start using any kind of external hosted environment, whether it is a cloud serviced VPS, a hosted Exchange, SQL Server or Terminal Server or just a co-located server, the more responsibility will fall upon the service provider to ensure their customers data is protected from unwanted logins and have adequate reporting mechanisms in place.

Cloud service providers or any hosting provider will have firewalls in place. They will have monitoring of bandwidth, resource usage, hardware monitoring and probably some antivirus solution but one area that most service provider tend to ignore is intrusion detection on the host level.

PLease refer to this earlier blog post on why the standard methods are NOT adequate for maintain a secure environment, regardless of your a service provider or you host and manage your own servers

Verify your providers security awareness

I personally encourage any users / companies having their server hosted elsewhere to actually verify how the service provider handles intrusion attempts.

Try using your login name but the wrong password and simply try to login multiple times to for instance the Exchange OWA Webmail or your Terminal Server / Remote Destop / RemoteAPP Server / Sharepoint / Citrix.

What will happen ? Will you be blocked out and automatically handled as an intruder? Is your account locked out ? Are you alerted in any way by your provider that someone has tried to access your account ? If not, you should ask your provider hos this is possible? Isn’t that one of the ideas of having someone else handling your data and security that they also act upon it and have mechanisms in place for it ? Can they provide you with information on for instance from where your account has been logged in for the last 6 months?

Another interesting side of having your servers handled by others is the reporting capabilities.

When you had your servers in-house, you could verify user logins locally (assuming you’ve enabled auditing for it) but once you’ve handed over control of the WIndows server itself or if you’re in a shared environment, this can become quite tricky to get hold of.

Say for instance you want to verify if a specific user has been logged in and actually worked during July and August ? You also want to know from where? Can your service provider get you this information easily? In some cases, probably yes, not easily but with some manual labor and an extra cost for you, they can get parts of the informtion for you.

Are there any statistics provided by your provider on how many intrusion attempts that are actually blocked by them ? Probably not since this could scare customers away if they don’t have the appropriate solutions in place for securing their customers.

Cloud services and moving your servers to hosting providers and managed services are a great way of cutting costs and getting the benefits of shared environments but you should also demand that intrusion detection is in place, that reporting can be easily arranged from the cloud provider or service provider before even considering using external services. The idea is to get a heightened security , not a lowered one.

If you’re talking to a provider, simply ask them if they’ve thought of these questions and if they have, what countermeasures d they use and what processes do they have in place for intrusion attacks?

If they’re not aware of the problems or even worse, ignore them, maybe you should consider talking to another provider or have them take a look at Syspeace.

I personally believe that using Syspeace will become an advantage for any cloud service provider, hosting provider or outsourcing provider and it will cut administrative costs, strengthen security and be a selling pitch for customers that your using Syspeace to protect your customers from intrusion attemts and dictionary attacks.

Syspeace is not specifically targeted for Cloud providers but should be installed on any Windows based server as part of the baseline security, regardless if it’s a physical server or a virtual server.

Contact Juha Jurvanen