We recently started offering our clients a new firewall. In addition to the Cisco ASA 5512 and Cisco ASA 5508-X, we now offer the Fortinet FortiGate FG-100D.
The initial reaction from most of our clients went something along the lines of, “Why would you suggest this noname product over Cisco?” Truth be told, we had mixed feelings about it here at Selectel, too; however, our experience with these firewalls has shown us that this solution at least deserves a try. Read more
When working with potentially dangerous, unverified, or simply raw software, developers often use sandboxes. These are special environments that isolate or restrict programs and code from accessing data outside the environment. Sandboxes limit the software’s network access, OS interactions, and information from IO devices.
Lately, people have been turning more and more towards containers for launching unverified and non-secure software. Read more
Way back in 2013, we wrote an article on Habrahabr (Russian) about Bitcoin mining. The main idea was that there was little profit in mining due to the difficulty of the algorithms. Things haven’t changed much up to now, and the market has been overtaken by mining behemoths from China, who operate mining farms the size of aircraft hangars.
In this article, we’d like to retract our statement and say that, for the time being, mining can be and is in fact profitable. Read more
Once you’ve acquired and set up your dedicated or virtual server, the next step is to establish a monitoring system. Monitoring keeps you up-to-date on your service’s status by regularly checking your site’s main subsystems. Read more
As we’ve mentioned in previous articles, the Selectel Virtual Private Cloud is built on the OpenStack platform.
A lot of our clients are already used to using Ansible, a configuration management system that lets you automate routine tasks. Among its other advantages, Ansible already has a wealth of ready-made modules available, including those for automating processes with OpenStack components (list of modules). Read more
The audit subsystem is used to raise the level of security in Linux systems. Although it doesn’t offer additional security per se, it’s used to retrieve detailed information on system events. This provides detailed information on system violations, which can be used to implement additional targeted security measures. We’ll be taking a deeper look at the audit subsystem in this article. Read more
In May 2016, the developers of Sysdig released Falco, a tool for detecting anomalous system behavior.
Falco consists of two main components: the sysdig_probe kernel module (which Sysdig also runs on) and the daemon for writing the information it collects to the disk.
Falco tracks applications according to user-defined rules, and if any anomalies are detected, it writes the information to a standard output, syslog, or user-defined file. in their blog, the developers jokingly call Falco “…a hybrid of snort, ossec and strace,” and position it as a simple IDS that puts almost no additional load on the system.
Today we’ll be continuing our containerization blog series with a discussion about runC, a tool for launching containers according to Open Container Initiative (OCI) specifications. The initiative’s mission is to develop a single standard for containerization technology and is supported by such companies as Facebook, Google, Microsoft, Oracle, EMC, and Docker. The OCI Runtime Specifications were published in the summer of 2015.
Every online service needs at least two things: the first is a working server that handles site requests; the second is an Internet connection that connects clients to the server. Here, bandwidth is a pivotal factor: the higher the reserve, the more stable the site. 1 Gbps, for example, is enough to handle sudden spikes in traffic—a typical consequence of a successful ad campaign.
If a client was looking for a faster connection, there were few options. Either they ordered the default plan, which included unlimited traffic and a 100 Mbps connection, and paid separately for additional bandwidth, or they could choose to pay for an expensive guaranteed 1 Gbps connection.
We’re happy to offer our clients another option that combines the best of both worlds: the price of the first option with the speed of the second. Read more