Yesterday at Open Camp, our Director of Network Services did a session on Designing Enterprise Drupal Environments for a full house! The goal of the session was to help you understand what a highly available environment consists of so that you could avoid common mistakes and pitfalls when designing a highly available and scalable architecture to support Drupal.

He went over over different success criteria such as: What goes into the design, ie:

• Points of failure
• Capacity planning
• Ease of maintenance
• Reasons of choosing one technology over the other (ie: eAccelerator vs. APC,  Squid vs. Varnish, NFS vs. GFS vs. file synchronization)

Click to view the slides from the presentation: Designing Enterprise Drupal Environments

NeoSpire is proud to be a Gold Level Sponsor of Open Camp, the Southwest’s first multi-platform web conference, this weekend, August 27-29 at the Crowne Plaza Hotel in Addison, Texas. We are also excited to announce that on Saturday, August 28 at 11AM, at the conference, NeoSpire’s Director of Network Services Jason Burnett will be presenting “Better, Faster, Stronger—Designing Large/Enterprise Level Drupal Environments.”

OpenCamp will bring webmasters, web developers, bloggers, podcasters, and social media enthusiasts together to discuss the latest trends in web content creation and development. All weekend long there will be numerous sessions on topics that range from WordPress and Joomla to Drupal and .Net. If you are a web professional or developer in the Southwest you do not want to miss this event.

Make sure you come by Jason Burnett’s one-hour presentation! It’s part of the Drupal- centric track that will run all day Saturday. The session is designed to help attendees understand the important details of a highly available Drupal environment in order to avoid common mistakes and pitfalls. Burnett will discuss success criteria including points of failure, capacity planning, ease of maintenance, and reasons for choosing one technology over another; eAccelerator vs. APC, Squid vs. Varnish, NFS vs. GFS vs. file synchronization. After this session developers will be able to design “better, faster, stronger” Drupal environments for large and enterprise level websites.

There is one day left to vote for NeoSpire as the best Linux friendly hosting in the Linux Journal 2010 Readers’ Choice survey!

Linux Journal’s Readers’ Choice Awards offer the opportunity for anyone to vote for their Linux and Open Source favorites.  They compiled nominations and NeoSpire was honored to be on the list for best Linux Friendly Hosting!

Our customers and regular readers of our blog know that NeoSpire is and has always been an avid supporter of the Open Source community.  We are proud to have been providing managed hosting services for Linux from the very beginning of NeoSpire in 1999.

At NeoSpire we are committed to doing our part to make this world a better place and strive to help our communities on a local, national and world-wide level in any way we can.  We are please to be working with several non-profit organizations whose various causes we believe in.  NeoSpire is proud to be the hosting provider for Wipe Out Kids’ Cancer, Heroes for Children, Greater Texas Community Partners, Texas Council of Children’s Welfare, Texans Can, and The Mike Modano Foundation.

More about NeoSpire’s non-profit partners:

Wipe Out Kids’ Cancer

Wipe Out Kids’ Cancer’s (WOKC) mission is to invest in the lives of children by funding cancer research, by healing the soul through fun experiences and by advocating for a cancer-free tomorrow. WOKC invests in the lives of children in many ways from serving as a valued support network for patients and their families to ensuring that newly diagnosed children get all the necessities for sudden hospital stays to funding research projects searching for cures for pediatric cancers. WOKC has over thirty years of history improving the lives of children with cancer and is more committed than ever to ensure that one day all children will be living cancer free.

To learn more about Wipe Out Kids’ Cancer and how you can help out visit: http://wokc.org/

Heroes for Children

Heroes for Children provides financial and social assistance to families, within the state of Texas, with children (0-22 yrs of age) battling cancer. The money Heroes for Children donates directly to families helps relieve some of the strain and stress during this difficult time in their lives. Whether it is to pay a medical bill, buy gas for the frequent trips to the hospital, or keep a family from having their electricity turned off, Heroes for Children is committed to helping families. There is no other organization that provides such versatility when it comes to financially assisting families.

To learn more about Heroes for Children and how you can help to assist these families and make a difference in the community visit: http://www.heroesforchildren.org/

Greater Texas Community Partners

Greater Texas Community Partners’ (GTCP) mission is to meet the critical needs of abused and neglected children through state and local collaborations. By building partnerships with community volunteers, and state and local governments, GTCP increases community awareness of child abuse and helps children grow up to be healthy, productive adults.  GTCP is dedicated to helping Child Protective Services in their work of protecting children from abuse and neglect and reaches out to all abused and neglected children of Texas through the communities in which they live.

To learn more about Greater Texas Community Partners and how you can help meet the needs of the abused and neglected children of Texas visit: http://www.gtcp.org/

Texas Council of Children’s Welfare Board

Texas Council of Children’s Welfare Board’s (TCCWB) vision is to lead a cohesive network of child welfare boards supporting services to vulnerable children and families and promoting prevention of child abuse and neglect so that all children live in a loving, nurturing and safe environment. TCCWB works with the Texas Department Family and Protective Services and others to develop resources, programs and strategies to enhance services to vulnerable children and families. Members of TCCWB advocate at the local, state and national level for children who have no voice.

To learn more about Texas Council of Children’s Welfare Board and how you can help visit: http://www.tccwb.org/

Texans Can

Texans Can strives to provide a second chance for at-risk youth and their families to achieve economic independence and hope for a better life through relationship-based education and training. Texans Can helps students and families achieve their dreams through a unique, adaptable, one-on-one educational model. Texans Can has served over 7,000 students providing them with a foundation for a better future since 1985.

To learn more about Texans Can and how you can help to provide at-risk youth with brighter futures visit: http://www.texanscan.org/

The Mike Modano Foundation

The Mike Modano Foundation’s mission is to raise funds to improve the quality of life for at-risk and under-served children in the Dallas, Texas area. The foundation’s primary focus is to serve children who have been abused, abandoned, or neglected. The foundation also provides funding for organizations whose purpose is to offer education to children and families suffering the devastation of abuse to help break the cycle of abuse.

To learn more about The Mike Modano Foundation and how you can help children and families suffering from abuse visit: http://www.mikemodano.com/foundation_home.php

NeoSpire applauds each of these organizations for the incredible work they do and encourages others to help in their efforts.

Summer is a great time to relax, hang out in the sun, then crank up that A/C too cool off. Perfection…until the A/C unit decides not to work anymore. We all know units tend to overheat and break down at the least opportune time. People get hot and irritated when there’s no cool air, but if this kind of incident occurs in a data center, customers would get a little more than hot under the collar. Crucial information and irreplaceable time would be lost, so power failure is not an option.

The power for NeoSpire’s critical employee workstations, all data, co-location center operations, and other critical infrastructure is provided by numerous redundant 450kVA Liebert UPSs that are configured in a parallel configuration and stepped down by multiple transformers. What does all of this mean in English? It basically means that in the unlikely event that NeoSpire’s primary power system would go down, everything would still be running smoothly. A backup Caterpillar 2,000kW Diesel Generator, capable of powering all data center, support, and operational needs for days, would kick in.

To ensure that our backup system works, we run a Power System Failure Test every year. The test involves shutting down the main utility feed circuit, thus creating a 100% power loss. Once the main power is off, a third-party monitors our entire backup power delivery system, to ensure everything is working properly. This is a critical test of NeoSpire’s core promise to our customers. We believe that it is necessary that we understand with 100% certainty the integrity of our systems in the unlikely event of emergency. By being constantly vigilant of all aspects of our infrastructure NeoSpire is confident is our ability to deliver 100% uptime to our clients. So even if your home A/C goes out on you, you can rest assured that your systems you have entrusted to NeoSpire will be nice and cool in our state-of-the-art data center.

NeoSpire’s proactive approach with our customers is the key to our continued success in this recent period of economic downturn. In November of 2009 we started to see some signs of a recovery, which continued into our 2010 record numbers. New customer demand was the highest it’s been over the past 12-18 months. We stayed ahead of the game because we took the necessary steps in preparing for our client’s increased demands before, not after, the return to high growth surfaced.

NeoSpire accomplished this by addressing infrastructure needs during the economic lull. Companies that are waiting for a full recovery of the economic climate before addressing their IT infrastructure needs are going to find themselves months behind the upswing. We are seeing that, by being the early optimists, we are seizing key market share and deploying environments that are significantly larger than we have seen in years past. As the economy continues to improve, and more businesses begin to grow again, NeoSpire finds itself ready and capable of handling the changing and expanding needs of our customers.

As the number one team in the NFL in terms of website traffic since 1999, the Cowboys know how important www.dallascowboys.com is to the fans. We have been proud to host the official Dallas Cowboys’ website (www.dallascowboys.com) and its affiliates sites since 2005 and are looking forward to another great year! To kick things off this year, KDAF CW33 did a news story about the importance of uptime and security to the Cowboys’ organization and how NeoSpire Managed Hosting plays a key role.

Check out the video clip of this story!

Along with the improving economy, the relationships that we have always maintained with our customers are crucial to our success. We have a tagline at NeoSpire that says, “We Secure Trust.” If we lose sight of that guiding light, regardless of the economic condition, we lose the right to service our customers every day. Hosting providers who showed true partnering with their clients during the bad times are seeing the rewards of that loyalty with the recovery. We were asked to help some key clients, national brand name companies, through some rough times last year. We did the right thing by them, and have heard and seen that good faith paid back in expansion opportunities this year.

We strongly feel that our commitment to our customers in tough times is defined by their ability and readiness to grow with us in times of recovery. We are seeing that now – and that recovery only furthers our resolve to ensure our commitment to every customer we have every day. Hard economic times force companies to focus on what really matters – the customer. I am proud to say that we have never lost sight of that at NeoSpire. We are truly excited about the recent growth, our record sales trending, and the economic recovery that will yet again put web hosting firms at the forefront of global growth.

SQL injection vulnerabilities continue to be the leading cause of compromise for web-based applications. Last week a wide scale SQL injection attack occurred which breached approximately 10,000 websites, including some high-profile properties such as wsj.com. Unfortunately, no conventional firewall can protect against these types of attacks as they occur over the ports required for normal website operation. While often these vulnerabilities can be introduced to your environment through outdated web application framework components (such as CMS systems), it is often the custom code written for your particular website that enables these exploits.

These attacks succeed when developers have not checked data sent to your webserver for evidence of attempts to override the desired database instructions. SQL injection can, and frequently does, result in unauthorized access to sensitive information that you store in your databases. In fact, the largest case of identity theft in history was carried out in 2009 against Heartland Payment Systems using this type of attack. Reflecting the marked increase in exposure and exploitation, the Open Web Application Security Project has updated the well-respected list of the top-10 web application security risks, promoting injection attacks to the number one most critical risk.

The most convenient way to validate the susceptibility of your application to SQL injection attacks is to leverage a semi-automated assessment platform such as Acunetix WVS, HP WebInspect, and IBM Rational AppScan. These tools will help a security analyst discover the user-supplied inputs to your web applications and blaze through hundreds of thousands of simulated attack sequences against them. While neither cheap nor easy to operate, they still represent one of the only effective methods of assessing the security of but the smallest web applications. Proactive protection is also available through the deployment of Application Firewalls. More closely related to Intrusion Prevention Systems than traditional firewalls, Application Firewalls intercept requests sent to your webserver and prevent the execution of code for any request that appears to be an attack.

Of course, ensuring that your developers are aware of injection threats, and how to combat them is the key component in protecting your applications. The list of resources below contain links to documentation on preventing SQL injection attacks on the most common web-based platforms. NeoSpire’s managed hosting customers should also know that our security analysts can be leveraged for any questions you may have regarding SQL injection or other threats to your applications. Please feel free to give us a call should you like to discuss this event or the security of your application in more detail.

10k Websites Compromised by SQL Injection

http://www.scmagazineus.com/wall-street-journal-others-hit-in-mass-sql-attack/article/172153/

The Largest ID Theft Breach in History

http://news.bbc.co.uk/2/hi/americas/8206305.stm

OWASP Top 10 Web Application Threats

http://owasptop10.googlecode.com/files/OWASP%20Top%2010%20-%202010.pdf

Protecting PHP from SQL Injection

http://php.net/manual/en/security.database.sql-injection.php

Protecting ASP.NET from SQL Injection

http://msdn.microsoft.com/en-us/library/ff648339.aspx

Protecting Java from SQL Injection

http://www.owasp.org/index.php/Preventing_SQL_Injection_in_Java

Protecting ColdFusion from SQL Injection

http://kb2.adobe.com/cps/300/300b670e.html

Passwords are the path of least resistance for most attackers, so logically the first line of defense is to choose a strong password.  Even as a marketer, I know a password isn’t going to stop a determined hacker (that’s why we have to have an awesome security team!), but some effort is better than no effort. I know I need all the help I can get in remembering a tricky password, so here are three ideas on how to choose a strong one that is easier to remember than a random series of letters and numbers:

1. Use the first letter of each word in a phrase.  Remember to include the symbols and case to make it as complex as you can, but still easy to remember.  An example:
   Phrase: ‘We’re all happy here. I’m happy. You’re happy.’
   Password: Wahh.Ih.Yh.




2. A common method of generating a more secure password is to replace letters with other symbols and numbers.  The catch is that it is common, so it should not be based on dictionary words and should not be obvious. Combining 2 or more words with this method can make it more effective.
   Bad Example: orange=> 0rang3
   Good Example: dogs and cats => d0gs&c4ts




3. The upper left method. Another method of generating a secure password is to use the keys off of the standard, for example to the upper left. This gives us a standard letter substitution to use that is easy to remember and often will be the complexity requirements.
   Original Word: Worldclocks!
   Password: Qieksxkixja~

Remember a strong password should be at least eight(8) character long and contain 3 of the following conditions:

• At least one number
• At least one symbol (such as $, -, &, %, etc)
• At least one lowercase letter
• At least one uppercase letter

Using these ideas you can help protect your company, and yourself.  Be smart and be safe.  Do you have any other ideas on password protection to share?