Am I Protected from NHS like Cyber attacks?
Published: 15/05/2017 By Oliver ChappleGiven the current concerns around Cyber attacks at the moment, you might be pleased to know the following:-
Here is a link to our Backup Policy - http://www.webdadi.com/backup-policy. It’s cited in clause 4.13 of our Terms and Conditions.
The bottom line is that we would only use a backup in the case of a full database hack or other global data corruption.
Our layers of protection that specifically minimise hacking that you might be interested to know are: -
• We use salted and hashed password security.
• We use a proprietary storage key for non URL data in SQL called WorldData – only we have the key and can decode it.
• Web server side code execution is pre-compiled via DLLs.
• Windows server is patched with updates
• Webdadi has its own Private Cloud with 7 servers and RAID storage. We are not using the likes of Amazon or Google Clouds which are more prone to attack, targeted by hackers and to downtime from events such as DDOS attacks. There are many benefits in being housed in a rather obscure shed!
• Antivirus software is of course running on all servers.
• We do not use any Open Source server side software for the middle tier or bottom tiers in our n-tier architecture.
We have actually had a DDOS attack once before, you probably will not even remember it - it was a year or two ago. This was someone attacking one of our customers. It was well handled by MDS (our ISP) by periodically changing their IP addresses of the server farm and network every few hours so the hackers gave up, as is usually the case, since hackers are usually paid for ‘an’ attack, they are not often paid to keep attacking which would be very expensive and open them up to getting caught.
We are not impenetrable but I think we are far less penetrable than the likes of Amazon, TalkTalk and the NHS. We are far more likely to experience another DDOS attack rather than hacking to breach our data and corrupt it. It is worth noting that MDS do not have specific hardware for DDOS attacks, unlike Rackspace, that essentially ‘tries’ to route what it thinks are real requests from DDOS fake requests and provide computing power to manage both at the same time. The trouble with this solution is that it would literally double everyone’s monthlies I am not yet convinced that it’s worth it given how MDS adequately handled it on our behalf last time. We can’t say for sure that Rackspace could during an actual DDOS attack, if it was a smart one, could actually differentiate between a real request and a non-real one, given the IP attacking sophistication that keeps being evolved by today's hackers. It changes like a bacteria’s defence mechanism!
Those concerned about the recent NHS attack should know that the NHS should have updated their XP computers. Microsoft should have made it compulsory for everyone on XP to upgrade, and essentially this is where the NHS have got caught out by making it easy to get in. They have not only not locked their front door, but also they left the keys in it!
The important thing is with Webdadi your data is ultimately safe and you are well protected.