We’re advising all Maxihost customers to update their Intel, AMD and ARM processor-based servers.
Maxihost security advisories are usually sent by email to our customers, but due to the importance of this new vulnerability, we’ve also decided to publish it here.
Earlier this month a major hardware flaw appears to have been discovered in processors that could potentially have devastating consequences.
The hardware bug causes an Intel, AMD or ARM CPU to prefetch system memory areas and gain control of any application.
At worst, the hole could be abused by programs and logged-in users to read the contents of the kernel’s memory.
The fix is to separate the kernel’s memory completely from user processes using what’s called Kernel Page Table Isolation, or KPTI. These KPTI patches move the kernel into a completely separate address space, so it’s not just invisible to a running process, it’s not even there at all.
We urge all customers to apply the latest security patches for their Operating systems. Linux programmers, Microsoft and Apple have all already released emergency security updates for some versions of their OSs.
Cloud and Managed Solutions customers can expect Maxihost’s Security team to apply all current and upcoming security patches.
If you’re interested in how you can protect your infrastructure from this and other vulnerabilities, learn about our newest product: Hardware Firewall.
Keeping your account safe is an extremely important part of what we do at Maxihost. Today, we’re giving you a way to add extra security to your account by enabling two-factor authentication (TFA).
Why you should care
Two factor authentication provides stronger defense against credential theft attacks. It’s an easy way to verify that you’re who you say you are when signing in to Maxihost.
After typing in your password, just insert your six-digit code from an authenticator app such as Google Authenticator.
How to use it
To set up TFA on your account, log in to Control, click on Settings and then click on Security. From there you can click the enable button to start the setup process:
Once TFA is enabled, the next time you want to gain access to your account you’ll be prompted for your 6-digit code.
We highly encourage you to save your backup code—located right under the QR code when enabling TFA—in a safe place. If you lose your device and don’t have your backup code, you’re going to have to go through a really inconvenient process to verify your identity and get back into your account.
Safeguarding your data is a top priority. Today, as part of that effort, we’re happy to announce that Maxihost has achieved certification with ISO 27001.
ISO 27001 is recognized as the premier information security standard around the world. We’re excited to share this certification with Maxihost customers around the world.
In meeting the strict requirements of the International Organization for Standardization (ISO), we’re showing our commitment to using the best practices for information security management.
The 27000 series refers to the ISO family of standards dealing with information security. ISO/IEC 27001:2013 specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system within the organization. It also includes requirements for the assessment and treatment of information security risks.
Achieving ISO 27001 certification signifies that we’ve demonstrated our promise to continually improve the security of your data under the ISO/IEC 27001:2013 standard, shows Maxihost’s expertise in information security management and the company’s dedication in having the top levels of security in place.
Privacy and data protection regulations and norms vary around the world, and we’re confident this certification will help our customers meet their compliance needs.
Maxihost is committed to progressive improvement in information security standards. Our goal is to protect the data of our partners, customers and employees in this ever-evolving threat landscape.
You can view our ISO 27001 certificate here.
When deploying a server, security is always a major concern. The Internet is full of malicious code that examines vulnerabilities and open ports.
At Maxihost, we are constantly working to make the partnership with our customers easier and more transparent. Because of that, we decided to simplify how we sell our DDoS Protection service. We’ve moved from a model that was not very clear to most customers, ranging from $160 to thousands of dollars to a much simpler, straightforward pricing model: $169 per server.
The new pricing is already available for new customers here. If you already use our DDoS Protection service and want to change to the new pricing model, simply reach out to [email protected] and we’ll put you on the new plan.
Interested in protecting your servers against DDoS attacks? Contact us and see how we can help.
We’re excited to announce that we’ve added Power Management to Bare Metal servers.
Power Management allows you to reboot and turn the server on and off right from the Control Panel. You don’t have to open tickets with our team or access the iLO or iDRAC anymore.
This feature is enabled by default for all new customers starting today. Existing customers can request that the feature is enabled on a per server basis from the server page.
The more use an organization makes of a particular vendor’s products or services, the more dependent it becomes upon them, and, in turn, the more difficult it becomes to change providers.
So it’s extremely important for customers to understand what the exit looks like, even if it’s unlikely they will exit in the near future.
Picture this not so uncommon situation. You’re building a cloud-aware application, using proprietary cloud APIs to control the infrastructure, provision and deprovision resources dynamically and send data back and forth between your application and your cloud provider.
Your application gets large and complex, and for whatever reason—costs, lack of features, reliability, scalability, etc—you decide to look for an alternative vendor.
You call a meeting to get opinions as to where you should be moving your workloads to, only to find out that switching requires you not only to change the API calls but to re-think and re-architect your application.
The problem is that an API is an abstraction of the underlying technology and the technology choices of the vendor. So using an API often dictates using an architecture style and designing an application around a specific implementation. That’s the lock-in.
Your engineering team is extremely busy, with no shortage of important projects to get to, and you know refactoring would be incredibly expensive and impractical, so you’re faced with the dilemma of either staying with a provider that’s pushing you back or spending valuable resources on refactoring.
Customers need to understand the trade offs of vendor lock in and should always enter lock in scenarios with their eyes open to the potential threats that it can cause. Above all, customers should always have an exit strategy from lock in.
Think about using open APIs as an insurance policy for the future.