Where would DrupalCamp be without Firehost as a sponsor?  Let's put it this way... it wouldn't be good.  For those of you who are not familiar with Firehost, they are a "secure web hosting company that provides premium managed hosting solutions with enterprise level security to companies of all sizes."  They are based locally in Plano, and have been delivering top notch hosting services since 2002.

The following is an interview we did with them, watch for the clever bonus question at the end.

Q: How has FireHost evolved since it began in 2002?

A: Before founding FireHost, Chris Drake was the founder of and partner in a web development company, Target Scope, which oversaw hundreds of website projects containing critical data, applications and ecommerce. After seeing time and again that companies were not adequately protected from new hacker threats, viruses and other malicious activity, Drake began offering hosting services that addressed the security and performance needs of the market. FireHost emerged when Drake saw a need in the market for higher levels of security and protection that other hosting companies simply were not offering. FireHost is now recognized as one of the only Secure Web Hosting companies that addresses the advanced security needs for businesses who manage important commerce and company information on the Web.

Q: What brought you to this community and why did you sponsor this event?

A: Drupal is a great open source content management platform that we recommend for many of our customers. As an open source solution, Drupal’s code is freely available for anyone to use or adapt, and the limitless extensibility is great. Unfortunately, it means hackers have easy access to the code too, giving them an open invitation for exploitation. As a secure web hosting provider, FireHost helps protect open source platforms like Drupal from cybercrime and exploitation. We are excited to sponsor this event to learn more about how Drupal is being used and to share our capabilities with Drupal-lovers who need security for their installation, whether the know it or not – whether they’ve been compromised or not.

Q: How much of an increase in the use of Drupal are you seeing from a hosting perspective?

A: Drupal hosting continues to grow in popularity, and the audience using Drupal has expanded from web developers making custom projects to businesses who request Drupal by name.

Q: There was a recent study detailing that open source sites are greatly more susceptible to hacks. What specific security measures can FireHost utilize for Drupal sites?

A: Our Drupal Hosting Features include:

Professional Installation / Configuration

• FireHost engineers can professionally configure your Drupal installation and ensure that all the settings are done to perfection and all permissions are fully locked down.

Multi-Level Intrusion Prevention

• Every FireHost web server uses special intrusion detection and prevention systems (IDS, IPS) to block malicious network, application, and operating system-level activity. We detect and mitigate overly active hosts, bad logons, inappropriate content, and other network-layer events on our clients’ websites every day.

Application Protection

• FireHost uses the Imperva’s SecureSphere web application firewall (WAF) to protect online applications such as Drupal from sophisticated hacker attempts like SQL injections and XSS (cross-site scripting) attacks. FireHost helps prevent data theft and information leakage from open source web applications such as Drupal.

Q: What’s the most common hack that occurs on open source sites?

A:

• Backdoor openings from vulnerabilities and compromised plug-ins.
• Cross Site Scripting (XXS) attacks.
• .htaccess hacks.

Q: How much monitoring does FireHost provide for their customers?

A:

• FireHost provides customers the ultimate peace of mind with advanced server monitoring. We can configure the server monitoring software to check for service up-time, hard drive size, memory utilization, etc on any schedule you designate.

• Physical Monitoring-FireHost data center facilities are monitored inside and out at all times. Proximity readers and biometric scanners are used to control access to the building and to the server room. Our facilities are all manned 24 hours a day, 7 days a week, 365 days a year.

• Electric Monitoring-Daily Vulnerability Monitoring helps ensure your website is protected from identify theft, credit card fraud, spyware, spam and viruses. FireHost follows the McAfee Secure™ vulnerability auditing process to identify possible vulnerabilities within your server. Vulnerability scanning activity is safe for your website and users, and the monitoring process never disrupts your network operations.

Q: What sort of virtual and private servers can FireHost provide?
A:

• VPS- Virtual private servers are isolated operating system slices that perform and execute like a dedicated server, but VPS Hosting is more affordable than a dedicated server because the physical server is shared. We provide Linux or Windows hosting. Powerful Dell PowerEdge servers with dual processors, fast 15K RPM SAS hard drives, redundant power supplies, and self-healing architecture make up the FireHost Virtual Private Server Hosting infrastructure.

 

• Dedicated- FireHost professionally configures dedicated server solutions to meet a customer’s precise needs. They are virtualization-ready and run on Dell enterprise quality hardware. We deploy 15k RPM SAS drives in our dedicated servers, the fastest available on the market. Our redundant power infrastructure, redundant managed firewalls and network and application protection keeps your dedicated server secure.

Q: FireHost has a back up Data Center in Arizona. What added value does this bring to you customers?

A: Weather or natural disaster problems are very rare in Arizona. This data center is used exclusively for data replication, fail-over storage and co-location. The contents of all backed-up servers in our primary facility are maintained in encrypted, static form in Arizona for extra protection and redundancy.

Q: Bonus - What do you think about the Obama Administration inviting Jeff Moss, AKA Dark Tangent to the Homeland Security Council on Cybercrime?

A: We think this is a great idea, and we completely agree with the hire. Hiring on Jeff Moss will provide a very different yet important and knowledgeable insight to cybercrime in the United States. We hope the government considers bringing in aggressive private organizations to assist in the fight.

And there you have it folks!  I think it goes without saying, if you haven't checked out Firehost's website yet, DO IT NOW!  I think you'll be pleasently surprised.