Technik BlogWhat our employees have to say
No one knows as much as all of us ...
Make websites faster
Finding the root causes of website performance problems is a complex and time-consuming task. The analysis is very complex, as a number of factors influence the load time of a website on the route from the server to the user.
Use this Page Speed Monitoring to analyze the load speed of your websites to optimize them.
TAGS: Monitoring, Page Speed
Domain Message Authentication
Email phishing was one of the main reasons why a group of leading organizations developed the Domain-based Message Authentication Reporting Conformance (DMARC) method. DMARC integrates the previously developed methods SPF (Sender Policy Framework) and DKIM (Domain Keys Identified Mail) and adds a Policy how the recipient should handle unauthenticated emails. DMARC also offers reporting functions that support the analysis of implementation problems.
For large companies with an extensive email infrastructure, implementing a DMARC policy is not without pitfalls. We show you the way to a successful implementation.
TAGS: IT-Security, Email, DMARC
Disaster recovery strategies for MySQL database systems
xtrabackup or just mysqldump? One of many decisions that are important in choosing a backup and disaster recovery strategy. But above all, it is important to define objectives. How long can the recovery take (RTO) and how much data loss is tolerable (RPO). Important decision parameters that have a major influence on the definition of the backup scheme and the selection of backup tools.
A well-planned and proven backup and recovery system can make the difference between a small failure and a serious threat to an organization.
TAGS: MySQL DB, Backup, Disaster Recovery
Egress Traffic Filter and FQDN in Firewall ACLs
Companies are better served when firewall administrators are equally concerned with threats that are associated with outbound connections. You should be aware that data theft often results from software vulnerabilities or configuration errors. Irrespective of the cause, data piracy is a threat you can’t mitigate without egress traffic enforcement.
Egress filtering prevents you from sending unwanted traffic out to the Internet.
TAGS: IT-Security, Firewall Policy, FQDN ACLs
HTTP Security Extensions - HTTP Strict Transport Security (HSTS)
More and more website owners have already decided to offer their content exclusively via secure connections. HSTS gives the operators of websites the opportunity to set their policy for the web clients.
In the first part of our HTTP Security Extensions series we introduce HSTS and explain which risks can be reduced by this mechanism.
TAGS: HSTS, HTTPS, SSL-Stripping, MITM, Man-in-the-middle, Preload-Liste
Ansible - Basis für automatisierte Konfigurationsprozesse
The open-source software Ansible can support configuration management. However, automated configuration processes require considerably more than the controlled execution of configuration scripts. Without a comprehensive framework, Ansible is not recommended for larger infrastructures.
This blog describes the enhancements required for productive use of Ansible.
TAGS: IT-Automation, Konfigurationsmanagement, Playbook, Versionierung
DNSSEC - DNS Security Part III
A security flaw of the DNS is that the data is transfered unencrypted and via simple UDP datagrams. This vulnerability is inherent in the system, i.e. the authors and developers of the DNS protocol focused primarily on the performance, scalability and reliability of the systems. Can DNSSEC fix this vulnerability?
In the third DNSSEC blog we evaluate whether this technology is an effective security control for protecting DNS services.
TAGS: IT-Security, DNSSEC, Security Control, Risikomanagement
DNSSEC - DNS Security Part II
DNSSEC is based on an asymmetric cryptographic algorithm. Each individual record of the zone definition is signed using a private key. DNS clients can validate this signature with the public key to verify authenticity and integrity.
In this blog post we explain how domains can be secured with DNSSEC and what to consider.
TAGS: IT-Security, DNSSEC, Chain of Trust, Key Signing Key, Zone Signing Key, Domain Nameserver
DNSSEC - DNS Security Part I
A consistently configured DNSSEC reduces the risk of DNS spoofing. In DNS cache poisoning, an attacker attempts to inject fake information into the resolver cache during name resolution.
In the first part of our DNSSEC series, we show different threat scenarios in domain resolving and explain how the risk can be reduced by DNSSEC.
TAGS: IT-Security, DNSSEC, Domain Resolving, DNS Threats, DNS Injection, DNS Cache Poisoning