To those outside of our industry, the words “Network Compliance” probably sound a bit cryptic – even bureaucratic. But network compliance actually affects every single customer we have. I’d like to take this opportunity to explain how, and why.
First, a little about me. I’ve been at ServInt for more than ten years now — roughly 100 years in Internet time. I first cut my teeth as a member of ServInt’s Managed Services Team and worked my way up to management from there. Over the years, I’ve seen our service offerings evolve dramatically, and it’s been an exciting ride.
When I started here in 2000, the vast majority of the content on the Internet was static – basically little strings of HTML. These sites rarely broke on their own, if ever. Since then, there have been seismic shifts in web technology and there is a constant race to remain up-to-date and competitive.
But, as always, there’s a tradeoff. For every internet app that changes our lives for the better, there’s a new security concern, and a new way for the bad guys to reach out and cause trouble. As head of ServInt’s Network Compliance Team, my job is to protect and defend our customers, content creators, and ServInt as a whole, to the best of our ability. Here are just a few of the challenges my team and I face daily and some tips on how to avoid becoming a victim.
Phishing and Malware
When it comes to hosting, there’s one rule of thumb you should always remember. In fact, let’s call it “Mike Witty’s Golden Rule of The Internet”:
Your server is only as secure as the stuff you put on it.
Sure, it may sound simple, but like everything else in life it requires more attention than you’d expect. By granting an application access to your server’s resources, you’re making your data more vulnerable to attack. I’m not just talking about using some script you found on a forum somewhere, either. Well-supported, popular software, both commercial and otherwise, can compromise the security of your server.
That shouldn’t necessarily scare you, but it should cause you to think twice about what you’re installing and where it came from.
In the past 5 years, phishing sites have been growing in numbers – and in their ruthlessness. Phishing sites usually hide their illegal behavior in the form of innocuous e-mail messages, purportedly sent by companies you know and trust – like your bank or favorite social networking site. These doppelganger messages send you to fake sites that ask you for important, private information — perhaps a credit card number or your username and password from a popular website. The phishers then mine that information, frequently selling it to other ne’er-do-wells.
Regardless of how it begins, it never ends well.
Part of my team’s role is to hunt down and eliminate these sites from our network. More often than not, they appear because a perfectly legitimate client has a server that has been hacked or compromised in some way. Here’s the important part: almost every compromised server we’ve ever discovered on our network was weakened because the server’s owner installed a piece of third-party software that introduced an exploitable vulnerability. So be careful! When think you’re ready to install a new application on your server… stop. Check our forums and other web resources for customer war stories and suggestions regarding your hot new app. Do your homework!
The same warnings about exploitable apps apply for malware such as viruses, trojans, and spyware applications. Very few hosting providers would willingly host that kind of content, and it certainly doesn’t have a place at a company like ServInt. But these things do happen, so we have to remain vigilant.
Spam and unsolicited email
No one likes spam. Spam messages kill productivity, spread malware and phishing attacks, and can cripple unprotected servers and the networks that power them. From the perspective of a provider like ServInt, spam can also have a demonstrably negative impact on all of our customers, not just the folks getting the email. Spam infested networks can cause IPs — even entire networks — to be blacklisted. This can cause serious problems for completely innocent businesses that just happen to use the same network or IP space.
So it goes without saying that we have a fierce, zero-tolerance policy towards spammers here at ServInt. My team and I work very closely with our Network Engineers and Managed Services Team to help identify spammers and ensure they are booted off our network as quickly as possible.
I’m sure most people would agree that the Digital Millennium Copyright Act, or DMCA, is nothing if not controversial. For better or worse, the law is not going away, and we have a duty to obey the law as well as to protect the rights of our customers.
My team and I take a pragmatic approach to ensuring we remain compliant with the DMCA, but we do not believe in knee jerk reactions. We look at every case with a clear assumption of positive intent and work with the customer and the issuer of the notice to resolve the issue quickly, fairly, and accurately. If the complaint is frivolous, we’re more than willing to go to bat for our clients and defend them.
These laws are constantly being tested, and while we do receive many bogus notices, we take compliance very seriously.
Luckily, content publishers have a lot of legal alternatives that don’t involve using other people’s content without their permission. Without question, the most beneficial innovation in copyright in the Internet age is Creative Commons licensing.
Creative Commons licensing gives content creators the ability to control how their work is used by publishers on the web. It removes the often vague restrictions on how people can use a copyrighted work, increases visibility for creative works, and makes all of our jobs (as those who are tasked with enforcing DMCA) a whole lot easier.
ServInt’s Network Compliance Team has been tackling these issues since we first opened our doors in 1995. Over the years, I’ve come to understand that every aspect of this company, from our sales team to our Network Engineers, is focused on a creating as positive an experience for our customers as possible. I’m proud to help fulfill that promise, and I’m honored to be given the opportunity to earn your trust and respect.
Photo by Les Haines