Category Archives: Privacy

News, Privacy, Security

Fight surveillance law in Romania

1 Comment

How does it influence the hosting and cybersecurity industry in Romania?


The law will require:

– Hosting provider to intercept communications, provide customer data and decrypt data if necessary, also at their own expense.

– IP resource hosting providers and electronic communication providers “to grant, at the request of authorized bodies, under the conditions of this law, the decrypted content of communications transited in their networks”


But what would this cause for customers in reality?

– decrypt encrypted content. So for example SSL/TLS based data has to be decrypted on request. In case the provider has access towards your key (for shared and managed hosting this is always the case, the same for most DDOS filter)

– provide details about website visitor (IP log)


How will be FlokiNET affected?


The law does include also foreign provider operating IP / network in Romania. However we and our legal team does clearly sees the proposed law as illegal under Romanian constition as well as under EU law. All passwords, decryption keys, SSL keys etc are managed by FlokiNET ehf Iceland and handing them over would violate Icelandic law. We are more then willing to discuss this in court and will not cooperate in any matter that would break Icelandic law.


Customer data remains safe?

Yes, it does! All our server are encrypted, without the keys stored safely in iceland no data can be decrypted.


Should i move my hosting / server towards a different location?

There is no need for this, in case our legal opinion changes or the law becomes permanent we will adress our customers.
What action will take FlokiNET to ensure customer data safety?Since FlokiNET was founded in 2012 customer data protection is our DNA.

This includes the encryption of all data and several technical and legal measurements to make sure this data remains safe. However in the case the law will become active in Romania we will immidiate challenge this in court and are confident to appeal the law.


Conclusion for our customers:

No changes or worries required for now. In case the situation changes we will let you know.

What can i do?

In our previous blog post we mentioned that the Romanian Senate is due to vote on a piece of legislation that severely crippled the ability that hosting companies have to provide secure services to you, the customers. If you want to take a stand against this, we urge you to send a letter to the Commissions inside the Romania Senate, as well as the representatives of Romanian political parties.

You can use the letter below as a template, add your own position to it, and send it. We recommend you act sooner rather than later, since the vote on this piece of legislation is scheduled, most probably, for Monday, February 14th.

Think of it as sending a Valentine’s Day letter to a secure Internet. 😉

The blog entry with the background:

ANTI-SURVEILLANCE OPEN LETTER
Privacy

DDOS protection in Romania

1 Comment

As a privacy and security focused company we want to deliver the best options to our customers.

A rising security problem within the last years are ddos attacks and FlokiNET takes the next step to ensure your service is secure with us.

From today our whole network in Romania include the 950gbit ddos protection.

Does this apply to all services?

All services at our location Romania include free ddos protection. This include shared hosting, VPS, dedicated server and colocation.

What does that mean for me? Do i have to activate anything?

No, the protection is active in the background and ensure your service stays online.

I dont want any protection! What can i do?

Just contact our support and we will deactivate it for your IP(s)

Info: What is a ddos attack? 

Does it protect from all kind of DDoS attacks?
Yes, it does. The protection system detects and mitigates all known kind of DDoS attacks. In case a unknown attack happens or it appears that an attack wasn’t recognized automatically, our techs will analyze the threat and adjust the algorithms immediately. Our staff works 24/7 and monitors all traffic anomalies.
Should an attack to your service keep undiscovered by our automatic system and our staff, please open a support ticket so our staff can have a look at this traffic and mitigate it for you.

 

How long does it take to mitigate an attack?
The automatic DDoS detection is real time, it detects an attack within <=5 seconds. After around 20 seconds, about 90% of traffic should be mitigated and the remaining 10% within 1 minute after an attack started. It may take a little longer if our tech team need manually to recognize an attack and adjust the filters.

 

Are there any negative side effects, such as a higher latency, during an attack is being mitigated?
No, there should not. A DDoS attack is recognized by patterns. It’s similar to an Anti-Spam protection for your e-mail box. You want to block all the bad spam mails, but don’t want false-positives that will block real e-mails. The same is with DDoS protection. The filters try to understand which traffic is not wanted and which is real traffic, not to lock-out your real users. For this reason it might still be that during an attack a little bit of unwanted traffic will reach your service, but it is very less.

Overview:
• Number of attacks doesn’t count
• The protection works for any known type of DDoS attack, on any layer
• Size of the attack doesn’t count
• Number of protected IPs/equipment is unlimited. You can choose to protect your entire AS through this service.
• You are allowed to re-sell the service.
• Specific request regarding costumized layers and protection ways are available.

Examples of filtered DDoS attacks:
• IP non-existing protocol attack such as Flood with IP packets with reserved values in protocol field;
• Attack with fragments such as sending mangled IP fragments with overlapping, over-sized payloads to the target machine;
• ICMP attacks such as: ICMP Flood, Smack, Smurf attack (OBSOLETE);
• IGMP attacks such as: IGMP flood;
• TCP attacks such as: SYN Flood, SYN-ACK Flood, ACK Flood, FIN Flood, RST Flood, TCP ECE Flood, TCP NULL Flood, TCP Erroneous Flags Flood, TCP Xmas, Fake Session, SRC IP Same as DST IP;
• UDP attacks such as: General Random UDP Floods, Fraggle, DNS query, DNS Amplification (+DNSSEC), NTP Amplification, SNMPv2, NetBIOS, SDP, CharGEN, QOTD, BitTorrent, Kad, Quake Network Protocol, Steam Protocol;
• HTTP attacks such as: Slowloris (Apache / IIS Attack), R-U-Dead-Yet (RUDY), HTTP Object Request Flood;
• Other category attacks such as: Misused Application Attack, Slow Read attack.