A cloud server or VPS (Virtual Private Server) is a fully-fledged server with its own operating system and well-defined hardware features only that unlike a classic server it shares physical resources with other virtual machines in this way more VPS can be run simultaneously on the same server (hypervisor).
This virtualization technique allows significant cost savings and an optimization of hardware resources as it is possible to run multiple operating systems on the same hardware.
Server Cloud – Pros cons
♦ Migration: It is possible to “move” (migrate) a VPS from one server (hypervisor) to another (even without interruption of service).
Example: You have created a VPS on a hypervisor in Italy and you want to move it to a server in America. With a VPS, as long as the Cloud Provider has another Datacenter in America, this can be done quickly.
♦ Scalability: It is the possibility of increasing or decreasing the hardware resources (CPU, RAM, Disk, etc) without rebuilding the VPS and in some cases without restarting it in full transparency to users who use the services provided.
Example: A VPS of 2 cores, 1 GB of RAM and 20 GB of disk has been created but after a few months we realize that the RAM memory is insufficient for the services provided and it is necessary to increase it. With a VPS it is very easy to solve this problem, just increase the RAM from the configuration panel and the new configuration will be applied (in the case of linux systems without the need to reboot).
♦ Autoscaling: It is the possibility to increase or decrease the resources (scaling) automatically according to well defined hardware policies. This technique is extremely valid in cases of load peaks.
Example: A VPS has been created with 2 cores, 1 GB of RAM and 20 GB but in some periods of the year due to the high user access these resources are not sufficient, then in this case it is possible to configure these policies:
a) If the CPU is at 90% for more than 1h then the CPU of a core increases every 30min for a maximum of 6 cores and then if the CPU is less than 10% for more than 1h decrease the CPU of a core every 30 min up to a minimum of 2 cores.
b) If the RAM is 99% for more than 1h then increase the RAM of 1Gb every 30min for a maximum of 32Gb and then if the RAM is less than 50% for more than 1h decrease the RAM of a core every 30 min until at a minimum of 1Gb.
♦ Low cost: by comparing the cost of a VPS to that of a fiscal server like hardware resources, the cost of a VPS is much lower, especially considering that some cost items are already included in the VPS fee. :
a) Energy consumption;
b) Internet band;
c) Cost of public IP addresses;
d) Costs related to housing (cooling, surveillance, etc);
f) Technical assistance.
♦ Shared resources: Depending on the configurations and characteristics of the Cloud Provider, some hardware resources, such as the CPU, could be shared so performance may be lower than a physical server. This condition is not always true as it is possible to request a 100% allocation on all hardware resources to your Cloud Provider.
Server Cloud – Limits:
- ♦ OS Virtualization: Not all operating systems and platforms can be virtualized (Eg AS400, Apple OS).
- ♦ Band: Although this is not an inherent problem of virtualization itself there could be latency differences in the Internet connection between a physical server in the company and a VPS if users are predominantly within the company and if the company has not an adequate Internet line.
Example: A physical server in the customer’s DMZ is accessed by its LAN users via a 10Gb line, if the server is virtualized and becomes a VPS at a Cloud provider, access to it is transmitted via the client’s Internet line which may be more slow.
Server Cloud – False myths:
- ♦ A VPS does not have the same performance as a physical server: By allocating 100% of the physical resources and correctly dimensioning a VPS the latter has nothing to envy to a physical server from a performance point of view.
- ♦ A VPS is less secure than a physical server: A VPS can have the same degree of security as a physical server because it is possible to adopt the same security measures (Firewall, Antivirus, Hardening, VPN) applicable to a Fiscal server.
Check out the Cloud Server
- Predictive cybersecurity with our SOCaaS
- Secure Online Desktop 10 years later: our corporate anniversary
- Air-Fi: attacking computers that are disconnected and without network hardware is possible
- Examples of phishing: the latest campaigns mentioned by the CSIRT
- Event Overload? Our SOCaaS can help!
- Business email compromise (BEC) schemes
- XDR as an approach to security
- What is threat intelligence?
- Backup as a Service (2)
- Cloud Conference (3)
- Cloud CRM (1)
- Cloud Server/VPS (20)
- Conferenza Cloud (4)
- ICT Monitoring (4)
- Log Management (2)
- News (18)
- ownCloud (4)
- Privacy (6)
- Secure Online Desktop (14)
- Security (11)
- Web Hosting (15)
- Did Companies Fail to Disclose Being Affected by SolarWinds Breach? June 21, 2021The SEC has sent out letters to some investment firms and publicly listed companies seeking information, Reuters says.
- Software-Container Supply Chain Sees Spike in Attacks June 21, 2021Attackers target companies' container supply chain, driving a sixfold increase in a year, aiming to steal processing time for cryptomining and compromise cloud infrastructure.
- Data Leaked in Fertility Clinic Ransomware Attack June 21, 2021Reproductive Biology Associates says the data of 38,000 patients may have been compromised in the April cyberattack.
- Baltimore County Public Schools' Ransomware Recovery Tops $8M June 21, 2021The school district has spent seven months and a reported $8.1 million recovering from the November attack.
- Fintech at SaaS Speed June 21, 2021
- Are Ransomware Attacks the New Pandemic? June 21, 2021Ransomware has been a problem for decades, so why is government just now beginning to address it?
- Attackers Find New Way to Exploit Google Docs for Phishing June 18, 2021Tactic continues recent trend by attackers to use trusted cloud services to send and host malicious content.
- Accidental Insider Leaks Prove Major Source of Risk June 18, 2021Research reports highlight growing concerns around insider negligence that leads to data breaches.
- This Week in Database Leaks: Cognyte, CVS, Wegmans June 18, 2021Billions of records were found exposed this week due to unprotected databases owned by major corporations and third-party providers.
- 11 Security Certifications to Seek Out This Summer June 18, 2021The more you know, the more you grow. The Edge takes a fresh look at leading security certifications that can help advance your career.
- Trojan-Dropper.Win32.Googite.b / Unauthenticated Remote Command Execution June 18, 2021Posted by malvuln on Jun 18Discovery / credits: Malvuln - malvuln.com (c) 2021 Original source: https://malvuln.com/advisory/4a8d6bc838c09c6701abfa8b283fd0de.txt Contact: malvuln13 () gmail com Media: twitter.com/malvuln Threat: Trojan-Dropper.Win32.Googite.b Vulnerability: Unauthenticated Remote Command Execution Description: The malware listens on TCP ports 3388, 4488 and 10002 and drops executables under both Windows and SysWOW64 dirs. Third-party attackers who can...
- Trojan.Win32.Alien.erf / Directory Traversal June 18, 2021Posted by malvuln on Jun 18Discovery / credits: Malvuln - malvuln.com (c) 2021 Original source: https://malvuln.com/advisory/57ab194d8c60ee97914eda22e4d71b68_C.txt Contact: malvuln13 () gmail com Media: twitter.com/malvuln Threat: Trojan.Win32.Alien.erf Vulnerability: Directory Traversal Description: The malware deploys a Web server AM6WebMgr.exe (JAO build 809) listening on TCP port 1789. Third-party attackers who can reach an infected host can read any […]
- Trovent Security Advisory 2105-01 / CVE-2021-32612: VeryFitPro unencrypted cleartext transmission of sensitive information June 18, 2021Posted by Stefan Pietsch on Jun 18# Trovent Security Advisory 2105-01 # ##################################### Unencrypted cleartext transmission of sensitive information ########################################################### Overview ######## Advisory ID: TRSA-2105-01 Advisory version: 1.0 Advisory status: Public Advisory URL: https://trovent.io/security-advisory-2105-01 Affected product: VeryFitPro Android mobile application (com.veryfit2hr.second) Tested versions:...
- Trojan.Win32.Alien.erf / Remote Stack Buffer Overflow June 18, 2021Posted by malvuln on Jun 18Discovery / credits: Malvuln - malvuln.com (c) 2021 Original source: https://malvuln.com/advisory/57ab194d8c60ee97914eda22e4d71b68_B.txt Contact: malvuln13 () gmail com Media: twitter.com/malvuln Threat: Trojan.Win32.Alien.erf Vulnerability: Remote Stack Buffer Overflow Description: The malware deploys a Web server AM6WebMgr.exe (JAO build 809) listening on TCP port 1789. Third-party attackers who can reach an infected host can […]
- Trojan.Win32.Alien.erf / Remote Denial of Service June 18, 2021Posted by malvuln on Jun 18Discovery / credits: Malvuln - malvuln.com (c) 2021 Original source: https://malvuln.com/advisory/57ab194d8c60ee97914eda22e4d71b68.txt Contact: malvuln13 () gmail com Media: twitter.com/malvuln Threat: Trojan.Win32.Alien.erf Vulnerability: Remote Denial of Service Description: The malware deploys a SMTP server JAOSrv821.exe listening on TCP port 25. Third-party attackers who can reach an infected host can trigger a denial […]
- Email-Worm.Win32.Kipis.a / Unauthenticated Remote Code Execution June 18, 2021Posted by malvuln on Jun 18Discovery / credits: Malvuln - malvuln.com (c) 2021 Original source: https://malvuln.com/advisory/aa703bc17e3177d3b24a57c5d2a91a0c.txt Contact: malvuln13 () gmail com Media: twitter.com/malvuln Threat: Email-Worm.Win32.Kipis.a Vulnerability: Unauthenticated Remote Code Execution Description: The malware listens on TCP port 1029 and writes incoming packets to an executable file that is renamed as "winlogins.exe". Third-party attackers...
- Re: popo2, kernel/tun driver bufferoverflow. June 18, 2021Posted by Robert Święcki on Jun 18Hi, wt., 15 cze 2021 o 09:56 KJ Jung napisał(a): While I agree that it might be not the best of programming patterns to accept length of a local stack buffer from the parent function (this can easily be misused over time), there's probably no bug here, as all […]
- Re: popo/popo2 linux kernel vulns June 18, 2021Posted by RaziREKT via Fulldisclosure on Jun 18Hello KJ Jung, neither of the mails you sent contain bugs. The kernel code is sound and the vulnerabilities you reported don't seem to exist. In your first mail (popo:: linux kernel vulns of it), you point out a flaw in bond_do_ioctl() and bond_set_dev_addr(). It is impossible to […]
- [SYSS-2021-007]: Protectimus SLIM NFC - External Control of System or Configuration Setting (CWE-15) (CVE-2021-32033) June 18, 2021Posted by Matthias Deeg on Jun 18Advisory ID: SYSS-2021-007 Product: Protectimus SLIM NFC Manufacturer: Protectimus Affected Version(s): Hardware Scheme 70 / Software Version 10.01 Tested Version(s): Hardware Scheme 70 / Software Version 10.01 Vulnerability Type: External Control of System or Configuration Setting (CWE-15) "Time Traveler Attack" Risk Level: Medium Solution Status: Open Manufacturer Notification: 2021-02-04 […]
- Backdoor.Win32.Zombam.gen / Information Disclosure June 15, 2021Posted by malvuln on Jun 15Discovery / credits: Malvuln - malvuln.com (c) 2021 Original source: https://malvuln.com/advisory/ff6516c881dee555b0cd253408b64404_D.txt Contact: malvuln13 () gmail com Media: twitter.com/malvuln Threat: Backdoor.Win32.Zombam.gen Vulnerability: Information Disclosure Description: Zombam malware listens on TCP port 80 and deploys an unsecured HTML Web UI for basic remote administration capability. Third-party attackers who can reach an infected...
Estimated reading time: 5 minutes threat intelligence data provides companies with relevant and timely insigh… https://t.co/ahmvXSKAqK
Estimated reading time: 7 minutes La data loss prevention (DLP) è un insieme di strumenti e processi utilizzati p… https://t.co/srZSzUqVNy
Estimated reading time: 7 minutes data loss prevention (DLP) is a set of tools and processes used to ensure t… https://t.co/jrpmsxB85k
Estimated reading time: 8 minutes Il termine shoulder surfing potrebbe evocare immagini di un piccolo surfista su… https://t.co/PKEpO1Mvzn
Ten years ago, on June 16, 2011, Secure Online Desktop was born. Many things have changed in ten years and we have… https://t.co/DN23n6BK7q