June 11, 2009

By: Rajesh Goel, Chief Technology Officer, Brainlink International Inc.

Raj Goel, CISSP
CTOBrainlink International, Inc.

Raj’s LinkedIn profile

This article appeared on CPN Online

Q: HELP! My Web site disappeared and I can’t get any emails!!

A: Determine why the Web site disappeared.

  • Is it a short outage at the Web host?
  • Is your Internet circuit down?
  • Did your designer fail to pay the bill?
  • Or is it something else?

As companies rely more and more on their Web sites, hosted email servers and other outsourced IT services, a new threat has slowly emerged: the disappearing Web site.

Traditional factors usually involve money: The Web hosting bill wasn’t paid or the designer wasn’t paid or there’s a dispute between the client and the designer.

A newer trend is for sites and services to go down due to malware infections or government actions. For example, in the past two weeks, 40,000 virtual servers, representing more than 200,000 Web sites, went offline because the hosting provider, VAServ, was attached with a new virus. Those sites are in further jeopardy because the underlying technology, HyperVM, has additional flaws that may not be patched for a while, if ever.

Closer to home, we’re seeing a large number of small real estate- and realtor-owned Web sites being hacked and injected with malware. Why? Because most small businesses do not have the tools and the expertise necessary to secure their Web code. Many of these were put together as low-cost/get-it-done-cheap projects. Furthermore, most small-business owners do not consider themselves to be a big enough target, so security is never even considered.

As a result, automated attack tools are constantly scouring the Internet for easily hacked Web sites. Once the attacker is in, they either use the attacked site as a transfer point for storing/transferring data or they use it to infect visitors.

Why are hackers and criminals attacking your Web site? Because the more people they infect, the more money they can make. And at some point, either your Web hoster will shut your site down or they will suffer an extended attack that takes them down, too. Furthermore, in a growing number of cases, the FBI is seizing servers and shutting down complete data centers.

That gives rise to a number of questions:

  • What will you do when your Web site becomes infected?
  • What will you do when your Web site goes down?
  • What will you do when your email goes down?
  • Do you have good, trusted backups of your Web site?
  • Do you have control of your domain name?
  • Does someone on your staff know how to make changes to DNS?
  • How often does your staff back up emails?
  • How critical is email to your daily operations?

This technologist considers secure, reliable backups and good systems documentation to be the backbone of a successful business. Because data equals dollars.

If you have any questions regarding backups, securing your business, building and maintaining your disaster recovery policies and procedures or IT in general, feel free to contact me.

Send your technology questions to Rajesh Goel, chief technology officer at Brainlink International Inc., via Raj@brainlink.com.