If you follow the efforts of the team at Hedgehog Hosting, you know that through our relationship with the i2Coalition, we are actively engaged with M3AAWG, the Messaging, Malware and Mobile Anti-Abuse Working Group. This group meets three times a year not only to discuss abuse issues that plague our industry but to actually establish real working groups and committees that come up with concrete ways to mitigate issues such as spam, malware, phishing, hacking and other related hazards.
For the past two years, Richard Feller has represented Hedgehog as a member of the team that comprises M3AAWG's Hosting Committee. As a member of this Committee, Hedgehog has been on the front line of the discussions and the possible remediations of these threats. To that end, we have come up with our final draft of a Best Practice document called Operation Safety-Net. This document focuses on five main areas and their related best practices.
1. Malware and Botnets
2. Phishing and Social Engineering
3. Internet Protocol and Domain Name System (DNS) Exploits
4. Mobile, Voice over IP (VoIP) and Telephony Threats
5. Hosting and Cloud Threats
Operation Saftey-Net doesn’t just describe today’s threats. It provides straightforward, recommended best practices for governments, businesses, educators and other members of the Internet and mobile industry to join in the fight against these threats. The report is a synopsis of the current risk environment and was a truely global collaborative effort from the industry partners that fight spam, malware, phishing, hacking and related hazards.
M3AAWG Chairman Michael Adkins said, “Operation Safety-Net isn’t just for network or operational professionals. It aggregates the anti-abuse industry’s global experience in identifying and curtailing current threats to help non-technical executives understand and manage online risk in their organizations.” To that end we are pleased to share this document with our clients and collegues and we encourage everyone to review it while looking at their own internal networks.
Hedgehog Hosting is pleased to have been a major contributor to the Hosting and Cloud Threats section as well as a contributor to the many of the other sections that involve the infrastructure threats in general. Operation Safety-Net has been officially posted on the M3AAWG website and can be found at:
https://www.m3aawg.org/sites/default/files/M3AAWG_LAP-79652_IC_Operation-Safety-Net_2-BPs2015-06.pdf
Tuesday, July 28, 2015
Wednesday, July 15, 2015
Do we make the right decisions about how we run our companies
I recently read a story that led me to ponder the varying ways that we look at companies and the services they provide. The particular story I read was about a Southwest Airlines flight that allowed one of their planes to return to the jetway after initiating its departure to let a woman off the plane who had just been notified that her son had been in a major accident. Southwest pilots returned to the gate where the woman was led to a private room and then even redirected onto a different flight to where her injured son was in the hospital.
The social media praises came pouring in. And as I read these praises, I could not help but remember a previous story about Southwest. In this story there was a different flight that was in the news for NOT letting a woman off a plane when she had been notified by her husband, before take-off, that her son had just called his father saying that he was contemplating suicide. This mother later found out that her son did in fact commit suicide.
These are obviously abbreviated stories and one is very uplifting and the other is very sad. As I look at this from the perspective of a business owner rather than a father or a business traveller, it illustrates what I have always felt and that is that businesses aren't their policies and procedures, but rather their people. The biggest difference in these two stories are the people that reacted.
In speaking with a close friend the other night, I was wondering if we, as business owners, make the right decisions about how we run our companies and what we feel is important to our clients. My business partners and I have always wanted Hedgehog Hosting to be that company that is not just our policies and our procedures, which are very important, but more importantly is "US".
In an industry where it is common to focus more resources on the systems rather than the people that maintain and operate those systems, Hedgehog strives to be that company. No matter who you work for or what your company's policies and procedures are, there's always a human response that sometimes makes more sense.
I will always be thankful for the people who make the right decisions and strive to make their companies better for it.
The social media praises came pouring in. And as I read these praises, I could not help but remember a previous story about Southwest. In this story there was a different flight that was in the news for NOT letting a woman off a plane when she had been notified by her husband, before take-off, that her son had just called his father saying that he was contemplating suicide. This mother later found out that her son did in fact commit suicide.
These are obviously abbreviated stories and one is very uplifting and the other is very sad. As I look at this from the perspective of a business owner rather than a father or a business traveller, it illustrates what I have always felt and that is that businesses aren't their policies and procedures, but rather their people. The biggest difference in these two stories are the people that reacted.
In speaking with a close friend the other night, I was wondering if we, as business owners, make the right decisions about how we run our companies and what we feel is important to our clients. My business partners and I have always wanted Hedgehog Hosting to be that company that is not just our policies and our procedures, which are very important, but more importantly is "US".
In an industry where it is common to focus more resources on the systems rather than the people that maintain and operate those systems, Hedgehog strives to be that company. No matter who you work for or what your company's policies and procedures are, there's always a human response that sometimes makes more sense.
I will always be thankful for the people who make the right decisions and strive to make their companies better for it.
Wednesday, April 23, 2014
Richard Feller to speak about Best Practices at this year's HostingCon in Miami
Richard Feller has been invited by the i2Coalition to speak at the 2014 HostingCon this June in Miami, Florida. Hedgehog Hosting attends the annual HostingCon conference to keep abreast of trends within our industry, facilitate partnerships with other like-minded businesses and to advance our industry as a whole.
Sessions this year will focus quite a bit on Cloud Hosting and the many issues involved with that hosted platform. Other sessions will include talks about mergers and aquisitions, products and toolsets that support hosting platforms and best practices within our industry. Richard will be moderating a panel of experts in a best practice session called:
Piracy, Porn & Privacy: Why Best Practices Work
Session Description:
The Internet infrastructure industry is committed to fighting piracy, fraud, child pornography, and other Internet-based legal offenses, and supports initiatives that will make the Internet a better place. By working together to develop sensible self-policing policies, we can ensure safety and openness in the Internet community while working with experts and industry professionals to enforce existing laws and develop ongoing best practices. We need to find the right balance between safety and privacy while fostering the growth of the Internet economy. Building an Internet community dedicated to safety will strengthen our businesses and create room for the Internet to grow by heading off unnecessary government regulation.
Finally, the 2014 HostingCon will be extra special as the show is celebrating its 10th anniversary. Hedgehog has enjoyed being a part of that history and we are excited to continue to expand and celebrate our industry.
Sessions this year will focus quite a bit on Cloud Hosting and the many issues involved with that hosted platform. Other sessions will include talks about mergers and aquisitions, products and toolsets that support hosting platforms and best practices within our industry. Richard will be moderating a panel of experts in a best practice session called:
Piracy, Porn & Privacy: Why Best Practices Work
Session Description:
The Internet infrastructure industry is committed to fighting piracy, fraud, child pornography, and other Internet-based legal offenses, and supports initiatives that will make the Internet a better place. By working together to develop sensible self-policing policies, we can ensure safety and openness in the Internet community while working with experts and industry professionals to enforce existing laws and develop ongoing best practices. We need to find the right balance between safety and privacy while fostering the growth of the Internet economy. Building an Internet community dedicated to safety will strengthen our businesses and create room for the Internet to grow by heading off unnecessary government regulation.
Finally, the 2014 HostingCon will be extra special as the show is celebrating its 10th anniversary. Hedgehog has enjoyed being a part of that history and we are excited to continue to expand and celebrate our industry.
Wednesday, April 16, 2014
Register now for our free webinar: How Best Practices Can Help Make Children – and Your Hosting Company – Safer
Hedgehog Hosting is always striving to do our part to keep the Internet a safe and open place for people to interact, do business and broaden one and others horizons. Now, Hedgehog Hosting, along with our industry friends at The Web Hosting Industry Review and the National Center for Missing and Exploited Children want everyone, especially hosting companies, to better understand their role in fighting child endangerment on their networks?
To that end, Richard Feller will be participating in a webinar explaining what hosting companies can do to help protect children online. This information will be very informative even for those not directly tied to the web hosting industry. We would ask everyone to take some time and register for this free webinar being held tomorrow April 17 from 2-3pm ET.
More information and a link to the free registration can be found here:
http://www.i2coalition.com/upcoming-whir-webinar-how-best-practices-can-help-make-children-and-your-hosting-company-safer/
Thank you for your support of a safer Internet for everyone!
To that end, Richard Feller will be participating in a webinar explaining what hosting companies can do to help protect children online. This information will be very informative even for those not directly tied to the web hosting industry. We would ask everyone to take some time and register for this free webinar being held tomorrow April 17 from 2-3pm ET.
More information and a link to the free registration can be found here:
http://www.i2coalition.com/upcoming-whir-webinar-how-best-practices-can-help-make-children-and-your-hosting-company-safer/
Thank you for your support of a safer Internet for everyone!
Wednesday, February 26, 2014
E-mail Authentication (DKIM) - Google Apps Setup
If you use Google Apps for your business e-mail, you should consider setting up e-mail authentication (DKIM). Many major ISPs use this form of authentication to help determine if your message is really coming from your organization, improving your chances of delivery.
If you're familiar with the Google Apps admin interface, this should be fairly easy to setup. It's not always obvious where to find these settings, so I've created a step-by-step outline of what to do.
How DomainKeys Identified Mail (DKIM) works:
Your outgoing mail server uses a private key to generate a digital signature and embeds that signature in your message. The recipient's mail server grabs the public key from DNS and uses that public key to verify your signature.
Step 1:
Login to your Google apps admin console and click on the Google Apps icon.
Step 2:
Select Gmail.
Step 3:
Select Authenticate email.
Step 4:
Under Authenticate email, select the domain you want to authenticate. The current status next to the domain will be Not authenticating email.
Click on the Generate new record link.
Step 5:
In the pop-up box, the Prefix selector will default to the word Google. You can use any prefix, but leaving the default is fine.
Click the Generate button.
Step 6:
Copy the key.
Step 7:
Create a new TXT record for your domain. In this example, we're creating a new TXT record for Google._domainkey.hedgehoghosting.net
If you don't manage your own DNS, ask your provider to create a TXT record for the hostname Google._domainkey using the key you just generated.
Step 8:
After your TXT record has been created, click on the Start authentication button. You should now see Status: Authenticating Email next to your domain name.
That's it. Your e-mails will now have a digital signature that all DKIM enabled mail servers can use to authenticate your message.
If you're familiar with the Google Apps admin interface, this should be fairly easy to setup. It's not always obvious where to find these settings, so I've created a step-by-step outline of what to do.
How DomainKeys Identified Mail (DKIM) works:
Your outgoing mail server uses a private key to generate a digital signature and embeds that signature in your message. The recipient's mail server grabs the public key from DNS and uses that public key to verify your signature.
Step 1:
Login to your Google apps admin console and click on the Google Apps icon.
Step 2:
Select Gmail.
Step 3:
Select Authenticate email.
Step 4:
Under Authenticate email, select the domain you want to authenticate. The current status next to the domain will be Not authenticating email.
Click on the Generate new record link.
Step 5:
In the pop-up box, the Prefix selector will default to the word Google. You can use any prefix, but leaving the default is fine.
Click the Generate button.
Step 6:
Copy the key.
Step 7:
Create a new TXT record for your domain. In this example, we're creating a new TXT record for Google._domainkey.hedgehoghosting.net
If you don't manage your own DNS, ask your provider to create a TXT record for the hostname Google._domainkey using the key you just generated.
Step 8:
After your TXT record has been created, click on the Start authentication button. You should now see Status: Authenticating Email next to your domain name.
That's it. Your e-mails will now have a digital signature that all DKIM enabled mail servers can use to authenticate your message.
Tuesday, February 25, 2014
What keeps Hedgehog competitive in today's ever changing hosting marketplace
As the team at Hedgehog continues to examine large cloud hosting providers such as Google and Amazon Web Services, we find that despite all the buzz they get, our services remain better suited for the needs of high-end, security minded hosting clients similar to the environments that we currently host.
We know that the big differentiator is the level of customized service and support you get from these different companies. But taking that a step further, we know that each of these companies react to challenges in markedly different ways. And it is in these cases where companies like Hedgehog rise above.
We see this most evidently with regards to security. Companies like Google and Amazon are so large that they function at a level that is sometimes counter to the needs of the individual client. For example, if you have a site that allows your users to share articles and that particular piece of code or functionality is not properly locked down, it could become compromised and a malicious person could use your forms to send spam. Generally, this will cause your provider to be alerted and can lead to the blacklisting of IP addresses or the shutdown of services.
In order to service their volume of clients, large companies have had to automate these processes to simply block certain traffic when they think there may be a problem. In the case of spam e-mails being sent, that may just mean the blocking of e-mail or it could mean the suspension of all implicated services until the root problem can be identified and rectification can be made. Unfortunately, where each client's architectures are not physically separate, one client’s services could be suspended because of a problem with another client. This possibility becomes even more dramatic in cases when the government must confiscate equipment for legal proceedings. What happens when client services are shared across physical equipment?
The equipment and the infrastructure are obviously core features of the hosting business. Many companies in this larger cloud arena say that economy of scale, with regards to the equipment, is what matters the most. The idea is that more equipment leveraged across their entire network will mean lower prices for the end user. Hedgehog's clients know that the team of people, that keep them up and running is the real differentiator. We know the ins and outs – including the history – of each architecture so if a problem does occur with one client, we can identify it and help them fix it – not simply automatically suspend service. Hedgehog also maintains individual client clouds – often called virtual clouds or silo'ed clouds – that are physically separate from our other clients’ environments, in an attempt to mitigate issues ensuring that one client's operations do not impact any other clients operations.
We feel that this higher level of service will never cease to be needed no matter how technologically advanced the underlying equipment and infrastructure become. After 13 year in business, Hedgehog feels that the foundation that our company was built on is still relevant in today's hosting industry. Clients first!
We know that the big differentiator is the level of customized service and support you get from these different companies. But taking that a step further, we know that each of these companies react to challenges in markedly different ways. And it is in these cases where companies like Hedgehog rise above.
We see this most evidently with regards to security. Companies like Google and Amazon are so large that they function at a level that is sometimes counter to the needs of the individual client. For example, if you have a site that allows your users to share articles and that particular piece of code or functionality is not properly locked down, it could become compromised and a malicious person could use your forms to send spam. Generally, this will cause your provider to be alerted and can lead to the blacklisting of IP addresses or the shutdown of services.
In order to service their volume of clients, large companies have had to automate these processes to simply block certain traffic when they think there may be a problem. In the case of spam e-mails being sent, that may just mean the blocking of e-mail or it could mean the suspension of all implicated services until the root problem can be identified and rectification can be made. Unfortunately, where each client's architectures are not physically separate, one client’s services could be suspended because of a problem with another client. This possibility becomes even more dramatic in cases when the government must confiscate equipment for legal proceedings. What happens when client services are shared across physical equipment?
The equipment and the infrastructure are obviously core features of the hosting business. Many companies in this larger cloud arena say that economy of scale, with regards to the equipment, is what matters the most. The idea is that more equipment leveraged across their entire network will mean lower prices for the end user. Hedgehog's clients know that the team of people, that keep them up and running is the real differentiator. We know the ins and outs – including the history – of each architecture so if a problem does occur with one client, we can identify it and help them fix it – not simply automatically suspend service. Hedgehog also maintains individual client clouds – often called virtual clouds or silo'ed clouds – that are physically separate from our other clients’ environments, in an attempt to mitigate issues ensuring that one client's operations do not impact any other clients operations.
We feel that this higher level of service will never cease to be needed no matter how technologically advanced the underlying equipment and infrastructure become. After 13 year in business, Hedgehog feels that the foundation that our company was built on is still relevant in today's hosting industry. Clients first!
Monday, February 24, 2014
Why is ECPA reform so important?
The Electronic Communications Privacy Act was established in 1986 and as you can imagine the technology of the day in 1986 was much different than the technology of today. Just like computers, our laws need to be checked regularly to make sure they are operating at peak efficiency.
Hedgehog Hosting, along with the i2Coalition, is working hard to ensure that our elected officials get this right. If we do not get a good markup of this Act we fear that US based hosting companies will lose our ability to compete globally. Moreover, we know that it will be very hard to operationalize the process needed to work effectively with agencies when there is a need to.
While there are many other points that can be brought up with regards to ECPA, the key issue for Hedgehog is the 4th Amendment protections of our customer's data. Anything that lessens our ability to say that we will fully protect the privacy of our client's data under these already established rights is not something that we will support. We take this responsibility very seriously, and as in the past with SOPA and PIPA, we will make our voices heard to ensure that ECPA reform will be prudent for today's Internet standards.
Hedgehog Hosting will stand with other like-minded companies on March 5th at the i2Coaltion's Internet Education Day on Capitol Hill to discuss how small to medium businesses can strike the right balance between safety and privacy while fostering the growth of the Internet ecosystem as a whole. If you are interested in learning more visit the i2coalition website and follow us on Twitter @HedgehogHosting.
Hedgehog Hosting, along with the i2Coalition, is working hard to ensure that our elected officials get this right. If we do not get a good markup of this Act we fear that US based hosting companies will lose our ability to compete globally. Moreover, we know that it will be very hard to operationalize the process needed to work effectively with agencies when there is a need to.
While there are many other points that can be brought up with regards to ECPA, the key issue for Hedgehog is the 4th Amendment protections of our customer's data. Anything that lessens our ability to say that we will fully protect the privacy of our client's data under these already established rights is not something that we will support. We take this responsibility very seriously, and as in the past with SOPA and PIPA, we will make our voices heard to ensure that ECPA reform will be prudent for today's Internet standards.
Hedgehog Hosting will stand with other like-minded companies on March 5th at the i2Coaltion's Internet Education Day on Capitol Hill to discuss how small to medium businesses can strike the right balance between safety and privacy while fostering the growth of the Internet ecosystem as a whole. If you are interested in learning more visit the i2coalition website and follow us on Twitter @HedgehogHosting.
Subscribe to:
Posts (Atom)