Payment Card Industry – PCI Compliance

If you are running an e-commerce business chances are you have heard about the PCI compliance. The goal of PCI is to set security standards for safer online payments. The Payment Card Industry Security Standard Council developed a security standard called Payment Card Industry Data Security Standard (PCI DSS) to be incorporated into the data security compliance program of credit card issuers like MasterCard, Visa, American Express and many more. 

If you accept online payment – collect, process and store credit card information – you are required to adhere to a set of standards set by PCI standards Council. Failure to adhere to PCI compliance might result in fines and penalties, legal costs, loss of customer confidence and revenue loss. 

PCI compliance continues the process, as a business owner you need to continually Assess your online payment process and analyze server vulnerabilities. Remediate the vulnerabilities by applying security patches and you should submit a quarterly scan Report to the acquiring financial institution. Most of the PCI compliance requirements are common sense security measures such as:

  • Configure and manage your firewall
  • Install SSL certificate
  • Control and monitor the server/data access
  • Update the OS and Antivirus regularly
  • Regularly test the servers and apply security patches as soon as they become available

To become a PCI compliant you are required to go through an audit process, many approved scanning vendors in the market will conduct the external vulnerability scanning service to validate that you meet the standards set by the PCI DDS. 

At Cirrus Hosting we offer a wide range of service dedicated server, public and private cloud so you can customize a solution based on your requirements to host your sensitive financial information. Our data center in downtown Toronto is PCI compliant and our knowledgeable technicians can help you through the challenging process of passing a vulnerability scan.  

Denial of Service (DoS) and Distributed Denial of Service (DDoS) Attack

As our dependence on computers and computer network connectivity grows so do the vulnerabilities and the risk of falling victim to a costly cyber-attack(s). We tend to forget that most computer systems and their underlying technologies are susceptible to cyber-attacks. According to Kaspersky researchers, Denial of Service (DoS) and Distributed Denial of Service (DDoS) are the most prevalent type of cyber-attacks in 2019. But what is Denial of service attack – DoS attack is a malicious attempt to slow down or render a website or computer unavailable by flooding a server or network with a large number of simultaneous requests. When the network and computer resources are exhausted, the victims’ system is unable to fulfill legitimate requests and the victim’s website or computer becomes inaccessible. The DDoS attack is more sophisticated as it uses hundreds or even millions of compromised devices to lunch a Denial of Service attack.   

Here is the list of most common DoS attacks:

  • SYN Flood:  SYN flood targets the TCP layer. In general to establish a connection in TCP/IP network a three-way handshake method is used, whereby both client and server exchange SYNchronize-ACKnowledge (SYN/ACK) packets (SYN, SYN-ACK, SYN).  Hackers attack the server by sending a series of SYN requests; the server responds with SYNC-ACK and leaves an open port ready to receive the response from the client. In order words, attackers create multiple half-open connections with the server in an attempt to exhaust the system resources to the point that the system becomes unresponsive to the legitimate traffic.
  • UDP Flood: It targets the User Datagram Protocol (UDP), unlike TCP the UDP protocol does not require a three-way handshake however when server receives a UDP packet at a specific port, it first looks for the application listening to the port and if there are no applications receiving the packets server responds with Internet Control Message Protocol (ICMP), notifying the client that the destination was unreachable. When Hackers lunch their attacks by sending series of UDP packet requests to random ports server has to go through the above-mentioned process as a result system is forced to send multiple ICMP packets to the point the server becomes unreachable to legitimate requests/clients.
  • HTTP Flood: this is an application layer attack whereby HTTP client (web browser) sends an HTTP GET or POST request to the application or web server. Attackers utilizing multiple bots to send GET requests to retrieve the large image, documents or files from the server. In HTTP POST attack hackers try to trigger a complex and resource-intensive process like database search.  In both cases, the webserver is overwhelmed and unable to service the legitimate request.  

According to Kaspersky in 2019, 84% of DoS attacks are SYN flood, 8.9% UDP flood and 3.3% HTTP flood. Due to the nature of these types of attacks no organization is 100% immune. One of the most high profile DDoS attacks in 2018 was the GitHub, hackers launched the first wave of attacks peaked at 1.35Tbps followed by 400Gbps secondary attack which brought down the host. In a separate incident in September 2016 OVH was under DDoS attack peaking over 600Gbps which affected their operations. 

The reality is that due to the nature of DDoS attacks no one is 100% immune, however, there are various DDoS mitigation and resilience options available to reduce the impact of DDoS attacks.

  • Over Provisioning, Increase bandwidth capacity improves resilience to withstand low to mid-volume DoS attacks and provides much needed extra time to take action to mitigate the attack. At the server level, extra resources combine with solutions like mod_ evasive is a good place to start.
  • Cloud DDoS mitigation services, whereby the incoming traffic goes through a 3rd party network that has a much bigger bandwidth which means they will absorb the attack before it reaches your server. They are specialized in early DoS attack detection and mitigation.
  • A hybrid solution, for an enterprise organization a hybrid solution –a combination of cloud and on-premise DDoS mitigation – strikes a balance between security and flexibility.

Here at Cirrus Tech. we are continuously monitoring and improving our infrastructure. In order to increase our resilience against DDoS attacks, we have significantly improved our capacity and peak throughput by upgrading our core routers and networking gears. We are on track to increase our pipeline by almost tenfold by the end of 2019. We recommend our web hosting clients to scan their website, application, and plugins and eliminate any vulnerability from their website; keep their PHP, WordPress, and plugins up-to-date. We also suggest to our Linux VPS and Cloud VM clients to configure mod_ evasively or if you lack the expertise you can contact our support team for assistance and recommendations.

New Vulnerability in Exim Mail Server, CVE-2019-16928, cPanel & WHM Patch Is Out

National Vulnerability Database (NVD) posted a warning on 27/09/2019 about the new vulnerability
effecting Exim Versions 4.92 to 4.92.2, to read more please click here. For those of you who are not
familiar with Exim, Exim is an open-source message transfer system and its main task is to accept the
messages from the source and deliver them to the final destinations (to a remote host or a program). Since
cPanel & WHM uses Exim this vulnerability could affect any server running cPanel & WHM or any Linux
server running Exim mail server. We advise you to upgrade your cPanel & WHM by taking the following
steps in the WebHost Manager interface:

WHM >> Home >> cPanel >> Upgrade to Latest Version

If you have subscribed to our Management plan III and IV we will be scheduling a management task to
update your cPanel&WHM.