Implementations of new solutions for all customers

HDD to SSD Migration

To achieve optimal results in the functionality of the services provided, Hostico constantly implements the latest software and hardware technologies. As part of this effort, we have decided to migrate all shared hosting servers from mechanical storage (SATA III) to SSDs (Solid-State Drive).

Currently, over 50% of the equipment has already been migrated, and the rest is in the process of migration. This change brings major benefits, including lower response times for all services and increased capacity to support your application's needs.

KernelCare

Hostico has installed the KernelCare application to eliminate the maintenance operations required for updating the Linux kernel. Typically, updating the kernel involves rebooting the equipment, which leads to service interruptions. However, ignoring these updates can create significant security vulnerabilities.

KernelCare updates the kernel automatically, without requiring server restarts. This completely eliminates downtime, and updates are applied through a special module, without affecting the functionality or performance of the server.

DNSSEC

Hostico continues to innovate to optimize and secure services. DNSSEC (Domain Name System Security Extensions) is an essential technology for preventing DNS spoofing attacks.

DNS: How does it work?

Computers use IP addresses to communicate, but it's easier for users to remember names. DNS (Domain Name System) translates names (e.g. hostico.ro) into IP addresses (e.g. 77.81.2.1) through an automated process:

• If the website has not been accessed recently, the browser queries the DNS servers set on the internet connection.
• If the DNS servers do not have the necessary information, they query the ROOT nameservers for the accessed extension (.ro, .com, etc.).
• The ROOT nameservers send information to the specific domain servers, such as ROTLD for .ro domains.
• The ROTLD servers indicate the domain's nameservers, which provide the corresponding IP address.

Security Issues

An attacker could intercept the DNS process and provide a false IP. Thus, the user may be redirected to a malicious site, where confidential information such as passwords or authentication data can be stolen.

DNSSEC: Added Security

DNSSEC prevents IP address spoofing by signing DNS zones and publishing these signatures in the domain's TLD. This is achieved by using two types of keys:

• ZSK (Zone Signing Key): Signs the DNS zone records.
• KSK (Key Signing Key): Signs the ZSK.

After applying these keys, a file with the signature values (Digest Type, Digest, Key Tag, Algorithm) is generated and sent to the registrar. The signature is verified by the DNS client to ensure the validity of the received information.

Steps for Configuring DNSSEC

The values generated by the cPanel DNSSEC plugin must be entered in the domain control panel:

• Registration 1: Digest Type, Digest, Key Tag, Algorithm
• Registration 2: Digest Type, Digest, Key Tag, Algorithm

The validity of the signature can be verified using the DNSSEC Debugger. All boxes must be green for a correct signing.

Although ROTLD does not support DNSSEC for .ro domains, the technology is available for popular extensions such as .com, .net, .org, .info, etc. Hostico signs all hosted DNS zones with DNSSEC, and clients need to complete the setup in the registrar panel, where the extension and registrar support this option.