Server and Network Security at SimplerCloud
SimplerCloud has a full range of managed security solutions that can be applied to any SimplerCloud cloud range.
Anti-Virus for Windows (Server)
Trend Micro Worry-Free Business Security Services – Antivirus For Windows
Powered by XGen™ security, the Trend Micro Worry-Free Service is a blend of threat protection techniques to eliminate security gaps – in any activity, on any endpoint, anywhere. XGen™ security: Trend Micro Worry-Free Service progressively filters out threats using the most efficient technique for maximum detection without false positives. It blends signature-less techniques, including machine learning, behavioral analysis, variant protection, census check, application control, and good-file check with file and web reputation.
Can be used for Windows cloud plans or Windows dedicated servers.
Trend Micro Worry-Free Business Security Services – Antivirus For Windows
Yearly: $50 (per 2 users)
Anti-Virus for Email
Emails have become one of the most popular means of communication over the Internet, therefore the security aspects on email services are very important. In addition to the importance of having a good anti-virus software on our email clients and workstations, it is equally important to have a good anti-virus system which can scan emails going through the mail server and block it before being downloaded by the users.
If you are using hosting control panel such as cPanel or DirectAdmin, ClamAV antivirus is already included — just need some additional steps to activate the integration with Exim, the mail server being used by the control panels. Even if you are not using the control panels and run stand-alone mail server such as Postfix or Exim, you can always engage our system admin services for us to install ClamAV anti-virus and integrate it with your mail server for you.
Firewall Services: Dedicated, Shared and Host-Based
The purpose of a firewall is to reduce or eliminate unwanted network communications and allow valid communication to flow freely. Firewalls are placed between your network and the internet, protecting it by filtering incoming and outgoing network traffic. Firewalls analyze data such as packet header, protocol type, source address, destination address, source and/or destination ports, and block or drop traffic that does not match preset rules. Firewalls can also filter access to external networks, establish secure VPN connections for hybrid cloud functionality. Newer firewalls, now called Next Generation Firewalls (NGFW), also act as both traditional firewall and deliver IDS/IPS features.
A managed shared or dedicated firewall service is a firewall device, such as a Fortigate from Fortinet, installed between your private network at SimplerCloud’s data center and the Internet. The Dedicated Firewall management service comes with free consultation, policy configuration and rule management on a regular basis.
If your server is on the Internet but not within its own private network, you can still deploy firewall-like protection for your server. Host-based Firewalls, such as iptables for Linux or Windows Firewall for Windows, can be set up for Virtual Machine plans that are not within their own VLAN, such as server plans from the Simple and Custom Cloud range. Host-based firewalls can also be installed on individual VMs within Private Clouds. Hybrid and private cloud platforms can deploy shared or as direct firewall in front of private cloud networks in our data center.
Firewall Services for your SimplerCloud plans
Adding Firewall Services to your SimplerCloud Service
* Host-Based Firewall: Price, for Simple, Custom Cloud and Hybrid Cloud Plans.
* Managed Shared Firewall: Price, for Dedicated Servers, Co-Location and Dedicated Private Cloud Plans.
* Managed Dedicated Firewalls: Price, for Dedicated Servers, Co-Location. Managed firewall services are included in some Dedicated Private Cloud plans
More information about Firewall services at SimplerCloud
Intrusion Detection and Prevention Services
Intrusion Detection and Prevention Systems both work by actively monitoring network traffic and/or system logs for suspicious patterns. For example, multiple failed login attempts to your server from an external IP — may be from a country where your organization does not have any presence on — will trigger IDS/IPS system alert. Once triggered, IDS/IPS will automatically send alerts to a specified contact, for example the system administrator, and the IPS will also integrate firewall-like functions to make active changes to block the suspicious traffic or activity. IDS/IPS contains databases of regularly updated attack signatures and it compares the inbound traffic against to the database. The main function of an IDS product is to warn you of suspicious activity taking place so that necessary follow up action can be taken.
All SimplerCloud’s managed dedicated firewall services already include IDS and IPS capabilities, and configuration of IDS/IPS is included under our managed dedicated firewall service. For SimplerCloud servelet ranges like Simple Cloud, Custom Cloud and Virtual Private Cloud (VPC) plans, customers can subscribe to our Managed Host-Based IDS/IPS Service. The service includes installation of a host-based IDS/IPS agent on your server, which will send system logs and traffic information to our centralized IDS/IPS server. It will detect any suspicious traffic and automatically send email alerts to a designated email address (for example, your system administrators) and at the same time, automatically block the offending source IP from reaching your server.
You may order our IDS/IPS service here.
Server Hardening & Optimisation
Our system administration plans deliver professional and affordable server administration that you can rely on for help with security, updates, and routine patching, as well as application-level issues that affect your production. With a range of ad-hoc or monthly plans, our team of system administration professionals can assist in many business scenarios, from assistance with figuring out a specific server problem to if you just need to be freed up from performing simple upgrades or tasks.
More information: System Administration/ Server Hardening options
Distributed Denial-of-Service (DDOS) Attack Mitigation
Denial-of service (DDOS) attack is a type of cyber-attack in which the perpetrator tries to disrupt normal traffic to a targeted server, service or network, preventing normal users from accessing the service. This is usually accomplished by overwhelming the target server or the surrounding network infrastructure with a flood of Internet traffic. In a distributed denial-of-service (DDOS) attack, the flood of traffic is coming from multiple sources instead of one single source. Those multiple sources are normally compromised computer systems and servers which are being used to generate the malicious traffic to the target server.
DDOS attack mitigation service refers to the process of successful mitigation of the attack, so that the target server will be protected from all the malicious traffic and can serve normal requests from genuine users as usual. On this mitigation environment, all traffic from the users would normally go to the DDOS mitigation service provider’s network first before being forwarded to the actual target server. The traffic will then be scanned for any possible malicious attack attempts, and only genuine traffic will be forwarded to the target server, while any malicious traffic will be blocked at the provider’s network.
Vulnerability Assessment and Penetration Testing (VAPT) – Web Application
– Vulnerability Scan Assessment – Web Application: USD 1,500 (per website URL per scan)
– Penetration Testing – Web Application: USD 2,500 (per website URL per test)
– Penetration Testing – Network/OS (please request pricing)
Tools being used: Netsparker
Vulnerability Scan Assessment – Web Application
- Conducting vulnerability scan assessment on the stated website using Netsparker – https://www.netsparker.com/
- Automatically crawls and scans all the web pages and scripts on the stated website.
- Vulnerabilities are automatically assigned with severity levels (highest to lowest severity).
- Performing scanning based on industry security standards and classifications, which include:
o OWASP Top 10 (Open Web Application Security Project – Top 10)
o PCI DSS (Payment Card Industry – Data Security Standard)
o CVSS (Common Vulnerability Scoring System)
o CWE (Common Weakness Enumeration)
o CAPEC (Common Attack Pattern Enumeration and Classification)
- Comprehensive and easy-to-understand reports on the vulnerabilities and the recommended actions to resolve the vulnerabilities in PDF format to be generated within 7 working days after start of service.
- Vulnerability Scan will be conducted during Singapore office hours (Monday to Friday, 9am – 6pm).
Penetration Testing – Web Application
All services covered by the above Vulnerability Scan Assessment, plus:
- Scanning the websites and the web applications by simulating how a real attacker would penetrate the website. This includes crawling and attacking the target web applications, web services, and web APIs available through HTTP/HTTPS.
- Emulate hacking attacks on the stated website, performing penetration tests to discover attack surfaces and perform security testing.
- Checking target website for thousands of vulnerability variants such as SQL injection and cross-site scripting (XSS).
- Identifying vulnerabilities and issues, and provide recommendations to fix the issues. We also provide proof of exploits for each of the identified vulnerabilities and issues.
1. Information Gathering
Firstly, we use the penetration testing tools like Netsparker to gather information about the target web server. We do this by configuring the scanning policy to do crawling, without attacking. We analyze the information generated and use it to fine-tune the scanning policy to improve the vulnerability scanning and penetration testing process, according to the web application’s settings and platform.
2. Vulnerability Identification, Exploitation, and Post-Exploitation
In the next stage, we simulate attack mode by performing the following actions. In addition to crawling, we will simulate a real attacker who attempts to identify vulnerabilities and exploits and tries to exploit the vulnerabilities without causing actual damage to the system, by using “proof-based scanning technology” to validate any findings and eliminate false positives.
We might run another re-crawl of the site to ensure that all items discovered are valid, and any newly discovered paths are validated. Lastly, we validate the findings further by generating exploits at runtime, just like how an attacker would attack the web application. The penetration testing tool helps us to figure out how to bypass, how to exploit the vulnerability, and then exploits it safely without causing damage to the system.
In a post-exploitation stage, we also use the tool’s Proof-Based Scanning Technology to validate a finding by exploiting it and providing proof-of-exploit or proof-of-concept in the finding details.
Below is the list of security standards we are using:
- OWASP 2013
- OWASP 2017
- ASVS 4.0
- NIST SP 800-53
- DISA STIG
We will generate a comprehensive Penetration Testing report based on the outcome of our penetration testing and analysis. This includes the security status of the target web application, what vulnerabilities are found, and how we can fix the issues.
PENETRATION TESTING: OS AND NETWORK
Number of target public IP address(es): 1 (one)
• Conducting vulnerability scan assessment on the cloud infrastructure’s public IP address on OS and network-level using Tenable Nessus Professional – https://www.tenable.com/products/nessus/nessus-professional
• Vulnerabilities are automatically assigned with severity levels (highest to lowest severity).
• Performing scanning based on industry security standards and classifications, which include but are not limited to:
– DISA STIG
• Scanning the target IP by simulating how a real attacker would penetrate the system.
• Emulate hacking attacks on the target IP, performing penetration tests to discover attack surfaces and perform security testing.
• Identifying vulnerabilities and issues, and provide recommendations to fix the issues. We also provide proof of exploits for each of the identified vulnerabilities and issues.
• Vulnerability Scan and Penetration Testing will be conducted during Singapore office hours (Monday to Friday, 9 am – 6 pm)
• Tools being used: Tenable Nessus Professional, Others.
Which Security Plans Can Be Added to Which SimplerCloud Plans
Want to know more about all SimplerCloud Plans? Compare cloud server features here.