Blogs on detail technical administration tasks related to cloud hosted virtual private servers with Linux or Windows operating systems

What Type of Hosting Does My Business Need?

There are a lot of different web hosting options out there. Any provider can have a multitude of options. If you have not worked with web hosting, you might feel totally lost when it comes to figuring out just what you need. Cirrus Hosting provides an array of services, and we’re here to help you sort through the details to figure out just what type of hosting you need for your business.

Understand the Types of Hosting

Before you can figure out just what you need, you need to be familiar with the different types of hosting options out there. These are the most common:

  • Shared hosting
  • VPS (virtual private server) hosting
  • Cloud hosting
  • Dedicated server hosting

You will find that different hosting companies will potentially have different services available for their customers. Here’s a brief overview.

Shared Hosting

Shared hosting is pretty much exactly as it sounds. You are sharing your server space with other users. This is generally the most affordable hosting option out there. For some users, it’s sufficient. If you’re just getting started or don’t need to worry about heavy volume and traffic, this could be a good option for you. With shared hosting, there could be thousands of users on the same server. The server is managed by the host, so it’s up to them to control the users.

The downside of shared hosting is that you never know what resources you will have available. You can be affected by the action of others with things like malware or viruses. Your speed could suffer based on other traffic. Some providers that offer shared hosting will also allow you to upgrade. They help you transition to a different type of hosting when you are ready or your site grows.

VPS Hosting

VPS stands for virtual private server. This is very similar to shared hosting, but there are some safeguards in place. This helps you not have to worry as much about security from what others are doing. On a VPS, you are on a shared server, but you are offered your own spot on that server. That spot is yours and no one else can tap into it or subject you to their risks from it, either.

Cloud Hosting

Cloud hosting takes it all to the cloud for you. You have resources, speed, and storage on demand and you can adjust your cloud based on your needs. With cloud hosting, you rely on your provider. It is up to them to have the appropriate measures in place, and you just work within your cloud. You can manage it, add software and applications, and customize everything however you need it.

Dedicated Server Hosting

Dedicated server hosting is the top level. This is the ultimate form of hosting service and the more expensive option. You get an entire server dedicated solely to your needs. Within that server, you can do whatever you want to the space. You can customize it, manage it, add security, add tools, and work within your server. You don’t have to worry about anyone else on the server. It’s dedicated to you so the resources are ALL YOURS! The best part is you also do not have to maintain the server. That’s what we’re for!

Tips to Make Your Type of Hosting Decision

Now, let’s take a look at a few simple tips to help you know just what to look for before you choose a type of hosting.

Available Features

Think about the different hosting service options and the features of each one. What type of features do you specifically want or need? How can you be successful with your hosting plan? If you have any idea what type of storage you need or the traffic that you can expect, this could be very helpful. Determine what you NEED and then work from there.

Think about the security you will need and whether you will have high traffic or even need to be able to handle e-commerce on the site. Now, what type of hosting feels most suitable to those needs?

Security

Some sites don’t require a lot of security, while other sites demand high security protocols. The type of hosting that you choose will probably have something to do with the security that you need. You also will want to be familiar with how much support your provider offers in terms of security. What do they have in place for security, and how will that benefit your site? What type of added security do you need, and can you implement additional security measures?

Keep in mind that shared hosting offers very little security and you can’t really do much to add it. VPS has a similar setup to shared hosting, but offers you a layer of security between you and the next person there.

Budget

It’s quite possible that if you are just starting out, you might not have much of a budget. It’s safe to say that your budget will affect the type of hosting that you end up choosing in the end. Remember that shared hosting is the most affordable. Dedicated server hosting is the most expensive. You might need one of these or you might need somewhere in between.

We can help you choose the right fit for you based on your needs.

Let Cirrus Hosting Serve Your Needs

When you find yourself faced with choosing the type of hosting for your site, let Cirrus Hosting help you out! Not only do we offer multiple types of hosting plans and services, but we also offer you a company with experience in the field. We are a secure and reliable hosting provider that has been operating since 1999. We would love the opportunity to work with you for your hosting needs. Contact us today to get started.

How Does Dedicated Server Hosting Work?

When you are trying to determine what type of server hosting service you need, there is much to know to make an informed decision. In this guide, we’re going to focus on dedicated server hosting. We will cover just what it is and how it works. We can even give you some tidbits to compare it to other types of hosting to give you some reference. Cirrus Hosting does have several options available for dedicated hosting. Give us a call for your needs.

Dedicated Server Hosting Explained

Dedicated hosting is designed to give you all of the server access to yourself. It’s like the penthouse of server options. It’s not for everyone, as it is more expensive to utilize and may provide way more power and functionality than you actually need. However, this is a good option for you if you need high levels of performance and security.

When you use dedicated server hosting, one single physical server is dedicated solely to you – or to an individual business customer that pays for the service. The customer doesn’t just get access to the server, either. You get total control of the server for their needs. Customers make changes and customize it so that it works for them.

A customer with a dedicated server can use it however they want to. They have the performance and it’s like a clean slate for them to create. They don’t have to worry about sharing data, performance, or space. We will talk about the benefits in more detail later, but a dedicated server gives a client control, flexibility, security, and performance all in one place.

In our explanation of a dedicated server, we also want to mention that the customer isn’t responsible for maintaining or managing the server. That duty is performed by their provider. Basically, they get all of the access without any of the background work to keep the server running and operational.

The Benefits of Dedicated Server Hosting

There are several benefits to using dedicated hosting. Again, we want to mention that it isn’t for everyone. However, there are substantial benefits to those who use it.

  • You get control of the space
  • You have optimized performance
  • It’s fully flexible to your needs
  • Dedicated hosting is secure
  • Maintenance and tech support

Now, let’s look at these in a bit more detail!

You’re in Control!

Perhaps one of the best things about this type of hosting plan is that you still get to be in control. Where some hosting platforms will have major limitations on what you can change or if you can even make changes, that isn’t the case with dedicated servers. This means you are the only tenant and this is your penthouse, so you get to decorate it and organize however will work best for you.

As long as your changes are within the capabilities of the server, your options are endless. You can add and remove apps and operating systems. It means you establish the rules and security detail and you can grant people access or take access away whenever is necessary.

Ultimately, you will feel like you’re the boss of your domain and space. Your landlord will have nothing to say about you hanging that photo on the wall or painting the room bright green.

Optimal Performance

Since you have an entire server dedicated just to you, you get all the performance you could possibly need. Here’s the thing: when you use a shared server, a cloud server, or other shared platform, you don’t get the space all to yourself. While some of these can be great options for certain uses, they are not dedicated solely to you. This can sometimes affect your performance because the system can get weighed down or busy.

When you use dedicated server hosting, the performance is at your fingertips and your stuff will perform much better. You get speed, you get storage space, and you get the support you may need in the background as well.

dedicated server hosting
Photo by Mediensturmer on Unsplash

Total Flexibility

This benefit again relates directly back to this being your own space. You aren’t sharing with others so you have a little bit more flexibility. Rather than having to work in the confines of the same lease that many other businesses are, you get to do it your own way.

Under the flexibility of a dedicated server, you can change things when and if you need to. You don’t have to get approval to change any of your configurations or setup. Simply make changes to software and applications and even add them when you want to. You can also take control of your resources so you can allocate how the server resources are split between applications and processes.

This allows you to make changes and create a space where your business can benefit from the dedicated space. There is so much more than just having your own space at play here.

Reliable Security

Thanks to dedicated hosting, you also get the benefit of a secure space. You can add security protocols as you need to. A business can also amend or make changes in order to be compliant when you need to be.

Your hosting provider will have some responsibility for offering security on their end, particularly with the physical server but you can add your own internal security controls.

Maintenance and Tech Support

Finally, when you have a dedicated server, you are paying a provider to take care of that server. You are not managing the physical server; you are simply taking advantage of having access to the entire server for yourself.

The hosting provider is responsible for maintenance and upkeep of the physical server. It’s one less thing for you to have to worry about. Your hosting provider should also be available to you for tech support should you run into issues.

Cirrus Hosting Dedicated Server Hosting

If you are interested in using a dedicated server, let us help you. Cirrus Hosting offers a variety of packages for dedicated servers so that you can choose what is right for you! How can we help you?

How To Disable TLS 1.0 & TLS 1.1 on a Windows Server, VPS or Cloud VM

We talked extensively about Google, Microsoft and PCIs push to create a more secure internet. From supporting an open-source SSL certificate initiative like Let’s Encrypt to prompting “Not Secure” warning when visiting all HTTP sites through chrome, IE, and Mozilla. Those of you who are running an e-commerce site are familiar with PCI and already know that PCI has deprecated TLS1.0 & TLS 1.1 so the minimum requirements are TLS 1.2 and the gold standard is TLS 1.3. For those of you how are not familiar with PCI you can find out more here.

Transport Layer Security (TLS) is a critical part of a secure online transaction between two systems as it secures communications by authenticating one or both systems. Serious vulnerabilities prompted PCI to deprecate SSL/early TLS on 30 June 2018. So if you are using a Windows server or Windows VPS or Windows cloud VM you can do your part and be an agent of change by disabling TLS 1.0 and TLS 1.1 on your server. Doing so not only secures your server but also forces others who are still using SSL/early TLS to make the switch to more secure encryption technology.

Here is the step by step instruction on how to disable TLS 1.0 and TLS 1.1 on a Windows server:

  1. Open up Registry Editor by clicking on the Start Button, type in Regedit, and then hit Enter. Since we are dealing with registry, we strongly suggest backing up the current Registry state. Misuse of the Registry might have detrimental effects on your system. (In the Regedit screen highlight computer >>File >>Export >> Save file to a location you want)
  2. In Registry Editor, locate the following registry key:

HKey_Local_Machine\System\CurrentControlSet\Control\SecurityProviders \SCHANNEL\Protocols\TLS 1.0\Server ( or TLS 1.1)                

  1. On the Edit menu, click Add Value.
  2. In the Data Type list, click DWORD.
  3. In the Value Name box, type Enabled, and then click OK.

Note if this value is present; double-click the value to edit its current value.

  1. Type 00000000 in Binary Editor to set the value of the new key equal to “0”.
  2. Click OK. Restart the Server.

Transport Layer Security (TLS) are together cryptographic protocols provides communication safety over a network; for instance a customer linking to a web server. A “handshake” is done at the start of a TLS or SSL connection. During this handshake the customer and server will work out what mutual ciphers and hash algorithms are sustained. This is also where a server will deliver its digital certificate to a linking customer.

TLS is the continuation of SSL. Over the years susceptibilities have been and carry on to be exposed in the denounced SSL and TLS protocols. For this reason, you must disable SSLv2, SSLv3, TLS 1.0 and TLS 1.1 in your server configuration, leaving simply TLS protocols 1.2 and 1.3 enabled.

Transport Layer Security (TLS) is additional security protocol to make sure privacy and information-integrity during web based communication among two applications. Like SSL Protocol, TLS Protocol also comes with two modules – TLS Record Protocol and TLS Handshake Protocol. Elementary properties of TLS Protocol are as follows:

TLS Protocol encrypts data by symmetric cryptography and makes sure privacy during web based communication procedure.

All the mails, which are switch over over the Internet, are tested while transferring from one computer to another. This feature delivers the trustworthiness of the web based communication.

TLS protocol restricts unauthorized users to interfere as a third party in the middle of a communication process over the Internet. The third party will take part in the communication only after identified by the two official communicators or operators.

Transport Layer Security Protocol comes with the cryptographic security to deliver vital privacy between two operators. Like SSL, Transport Layer security Protocol is extensible, i.e., you can integrate new encryption approaches in the TLS framework. By this you can decrease the effort of making new protocols as well as remove the obligation of implementing new set of safety library.

Cryptographic operations delivered by Transport Layer Security Protocol hinge upon the technical configuration of the CPU. These types are also alike to Secure Sockets Layer Protocol. ‘Optional session caching’ is available in TLS Protocol that enhances the number of networks and linkage activity to make the message process effective.

How To Configure Remote Desktop On Linux VPS / VM

Desktop environment is a bundle of programs that provides a graphical user interface (GUI). It provides end-users with a user-friendly and intuitive way to interact with computers. When it comes to virtual private servers (VPS) or Cloud Servers if you need a remote desktop environment you typically go with a windows VPS, you can simply use predefined applications and services to RDP to the windows server. When it comes to Linux VPSs you typically will be given a SSH access to manage and configure your server, although most Linux system administrators are comfortable managing their VPS through SSH access but sometimes the desktop environment is required during the application installation.

Unlike Windows and Mac, for Linux environment, you have many different desktop environments to choose from such as GNOM, Cinnamon, KDE, MATE, XFCE and etc… Most often than not (depending on the desktop environment) you need to have console access to complete the desktop environment installation and setup on your VPS or hosted server. Here at Cirrus Hosting every Cloud VPS/VM comes with console access free of charge.

XFCE is a light, fast and stable desktop environment and in this blog, we will cover how to setup XFCE on Debian 10.3 and remote desktop to your Linux VPS.

It’s a fairly simple and straight forward process, first you need to SSH to your server and type:

# apt install xfce4

Apt package manager will download and install all the required packages. Once the installation is completed we need to set up a remote server software. In this example, we are going to use tightvncserver:

# apt-get install tightvncserver

After installation is completed we need to run and you will be required to create a password to access your desktop.

# vncserver

To connect remotely to your desktop environment you can use VNC viewer. Type your server IP address xxx.xxx.xxx.xxx:1 and the password you created earlier to access your desktop.

Colocation Data Center with Cirrus Hosting – In the Age of COVID-19 Pandemic

IT professionals are constantly performing risk assessments to identify and modify their security and operational strategy. However, pandemics like COVID-19 presents different sets of challenges as non-essential businesses urged to close and employees are directed to work from home. This pandemic possesses a range of serious challenges in terms of managing, monitoring, security and business continuity specifically to on-premise server setups. As your IT team might not be able to go to the site to physically access the servers, you might not have enough bandwidth to support remote access as more people are instructed to stay home and work remotely or you might not be able to upgrade your gears and increase your pipeline.

In this post, I would like to highlight some of the features of colocation with Cirrus Hosting, at our prime downtown location.

  • Reduced downtime: Here at Cirrus Hosting we have significantly improved our capacity and peak throughput by upgrading our core routes and networking gears. We also increased our pipeline by almost tenfold. We utilize multiple major upstream providers to ensure continuous Internet connectivity, greater route diversity and ultimately enhanced internet performance. In terms of electricity, our data center has 2 feeders from a substation, multiple backup generators with separate generators supporting the cooling infrastructure, automatic transfer switches.
  • Security: The downtown facility is SSAE 16 SOC 1 Type 2 audited. There are multiple layers of security in place to protect your assets like 24/7 On-Site Security guard, tailgate proof mantrap, key card and biometric access, CCTV. You also have the option to work with our network security team to implement firewalls, intrusion dedication and prevention solutions.
  • Flexibility: You do not need to worry about lack of expansion capacity, we have ample space for your future needs with 20k SQF of space. You can add cabinet, power circuits and bandwidth as your business needs grow. This flexibility enables you to make long term plans without requiring a substantial upfront cost.

As you know in many regions co-location facilities are deemed essential services and staff are getting an exemption. You can take advantage of our remote hand services, extend your team by adding on-site expert technicians who are ready to provide you with assistance at the datacenter. Services like swapping removable media, racking and staking equipment and visual verification for remote troubleshooting.

To find out more about our colocation plans please visit here or call 1.877.624.7787

About Cirrus Hosting

Cirrus Tech Ltd. has been a leader in providing affordable, dependable cloud hosting as well as website hosting services in Canada since 1999. They have hosted and supported hundreds of thousands of websites and applications for Canadian businesses and clients around the world. As a BBB member with an A+ rating, Cirrus Hosting is a top-notch Canadian web hosting company with professional support, rigorous reliability and easily upgradable VPS solutions that grow right alongside your business.

Payment Card Industry – PCI Compliance

If you are running an e-commerce business chances are you have heard about the PCI compliance. The goal of PCI is to set security standards for safer online payments. The Payment Card Industry Security Standard Council developed a security standard called Payment Card Industry Data Security Standard (PCI DSS) to be incorporated into the data security compliance program of credit card issuers like MasterCard, Visa, American Express and many more. 

If you accept online payment – collect, process and store credit card information – you are required to adhere to a set of standards set by PCI standards Council. Failure to adhere to PCI compliance might result in fines and penalties, legal costs, loss of customer confidence and revenue loss. 

PCI compliance continues the process, as a business owner you need to continually Assess your online payment process and analyze server vulnerabilities. Remediate the vulnerabilities by applying security patches and you should submit a quarterly scan Report to the acquiring financial institution. Most of the PCI compliance requirements are common sense security measures such as:

  • Configure and manage your firewall
  • Install SSL certificate
  • Control and monitor the server/data access
  • Update the OS and Antivirus regularly
  • Regularly test the servers and apply security patches as soon as they become available

To become a PCI compliant you are required to go through an audit process, many approved scanning vendors in the market will conduct the external vulnerability scanning service to validate that you meet the standards set by the PCI DDS. 

At Cirrus Hosting we offer a wide range of service dedicated server, public and private cloud so you can customize a solution based on your requirements to host your sensitive financial information. Our data center in downtown Toronto is PCI compliant and our knowledgeable technicians can help you through the challenging process of passing a vulnerability scan.  

Denial of Service (DoS) and Distributed Denial of Service (DDoS) Attack

As our dependence on computers and computer network connectivity grows so do the vulnerabilities and the risk of falling victim to a costly cyber-attack(s). We tend to forget that most computer systems and their underlying technologies are susceptible to cyber-attacks. According to Kaspersky researchers, Denial of Service (DoS) and Distributed Denial of Service (DDoS) are the most prevalent type of cyber-attacks in 2019. But what is Denial of service attack – DoS attack is a malicious attempt to slow down or render a website or computer unavailable by flooding a server or network with a large number of simultaneous requests. When the network and computer resources are exhausted, the victims’ system is unable to fulfill legitimate requests and the victim’s website or computer becomes inaccessible. The DDoS attack is more sophisticated as it uses hundreds or even millions of compromised devices to lunch a Denial of Service attack.   

Here is the list of most common DoS attacks:

  • SYN Flood:  SYN flood targets the TCP layer. In general to establish a connection in TCP/IP network a three-way handshake method is used, whereby both client and server exchange SYNchronize-ACKnowledge (SYN/ACK) packets (SYN, SYN-ACK, SYN).  Hackers attack the server by sending a series of SYN requests; the server responds with SYNC-ACK and leaves an open port ready to receive the response from the client. In order words, attackers create multiple half-open connections with the server in an attempt to exhaust the system resources to the point that the system becomes unresponsive to the legitimate traffic.
  • UDP Flood: It targets the User Datagram Protocol (UDP), unlike TCP the UDP protocol does not require a three-way handshake however when server receives a UDP packet at a specific port, it first looks for the application listening to the port and if there are no applications receiving the packets server responds with Internet Control Message Protocol (ICMP), notifying the client that the destination was unreachable. When Hackers lunch their attacks by sending series of UDP packet requests to random ports server has to go through the above-mentioned process as a result system is forced to send multiple ICMP packets to the point the server becomes unreachable to legitimate requests/clients.
  • HTTP Flood: this is an application layer attack whereby HTTP client (web browser) sends an HTTP GET or POST request to the application or web server. Attackers utilizing multiple bots to send GET requests to retrieve the large image, documents or files from the server. In HTTP POST attack hackers try to trigger a complex and resource-intensive process like database search.  In both cases, the webserver is overwhelmed and unable to service the legitimate request.  

According to Kaspersky in 2019, 84% of DoS attacks are SYN flood, 8.9% UDP flood and 3.3% HTTP flood. Due to the nature of these types of attacks no organization is 100% immune. One of the most high profile DDoS attacks in 2018 was the GitHub, hackers launched the first wave of attacks peaked at 1.35Tbps followed by 400Gbps secondary attack which brought down the host. In a separate incident in September 2016 OVH was under DDoS attack peaking over 600Gbps which affected their operations. 

The reality is that due to the nature of DDoS attacks no one is 100% immune, however, there are various DDoS mitigation and resilience options available to reduce the impact of DDoS attacks.

  • Over Provisioning, Increase bandwidth capacity improves resilience to withstand low to mid-volume DoS attacks and provides much needed extra time to take action to mitigate the attack. At the server level, extra resources combine with solutions like mod_ evasive is a good place to start.
  • Cloud DDoS mitigation services, whereby the incoming traffic goes through a 3rd party network that has a much bigger bandwidth which means they will absorb the attack before it reaches your server. They are specialized in early DoS attack detection and mitigation.
  • A hybrid solution, for an enterprise organization a hybrid solution –a combination of cloud and on-premise DDoS mitigation – strikes a balance between security and flexibility.

Here at Cirrus Tech. we are continuously monitoring and improving our infrastructure. In order to increase our resilience against DDoS attacks, we have significantly improved our capacity and peak throughput by upgrading our core routers and networking gears. We are on track to increase our pipeline by almost tenfold by the end of 2019. We recommend our web hosting clients to scan their website, application, and plugins and eliminate any vulnerability from their website; keep their PHP, WordPress, and plugins up-to-date. We also suggest to our Linux VPS and Cloud VM clients to configure mod_ evasively or if you lack the expertise you can contact our support team for assistance and recommendations.

New Vulnerability in Exim Mail Server, CVE-2019-16928, cPanel & WHM Patch Is Out

National Vulnerability Database (NVD) posted a warning on 27/09/2019 about the new vulnerability
effecting Exim Versions 4.92 to 4.92.2, to read more please click here. For those of you who are not
familiar with Exim, Exim is an open-source message transfer system and its main task is to accept the
messages from the source and deliver them to the final destinations (to a remote host or a program). Since
cPanel & WHM uses Exim this vulnerability could affect any server running cPanel & WHM or any Linux
server running Exim mail server. We advise you to upgrade your cPanel & WHM by taking the following
steps in the WebHost Manager interface:

WHM >> Home >> cPanel >> Upgrade to Latest Version

If you have subscribed to our Management plan III and IV we will be scheduling a management task to
update your cPanel&WHM.

What Is a Web Server?

A web server is a software that is running on dedicate, virtual or embedded server, which is capable of delivering the requested data made through the web. Typically web server’s task is to process and deliver the requested information (website contents and data) that is stored on the server. Thanks to uptick in internet of things (IoT) adaptation the web server is embedded in smart devices such as wireless security camera, fridge, and thermostat so that you can manage and monitor your devices on your network.

Some of the well-known web servers are Apache, NGINX, and IIS; the most common communication protocol used between the browser and the web server is Hypertext Transfer Protocol (HTTP). Once the web server receives your request it will fetch the requested data (document, Image or files) and send it backs to the browser.

Vulnerability in Exim mail server, CVE-2019-10149, cPanel & WHM patch is out

National Vulnerability Database (NVD) posted a warning on 06/05/2019 about the flaw that was found in Exim Versions 4.87 to 4.91 to read more please click here. For those of you who are not familiar with Exim, Exim is an open source message transfer system and its main task is to accept the messages from source and deliver them to the final destinations (to a remote host or a program).  Since cPanel & WHM uses Exim this exploit could affect any server running cPanel & WHM bellow v78.0.27. We advise you to upgrade your cPanel & WHM by taking the following steps in the WebHost Manager interface:

WHM >> Home >> cPanel >> Upgrade to Latest Version

Individual Linux distros also released their patches, for more information please refer to Debian, OpenSuse, and Red Hat.