Rin Ure - Verio
Performance Engineer
Speaking Topic: Virtual Subhosting Security

As a performance engineer for Verio, Rin Ure has been instrumental in the development and deployment of Verio’s Linux VPS solution. In addition to his role at Verio, Rin is a member of the ISACA Salt Lake City Chapter (Information Systems Audit and Control Association) and also serves as Vice President of the Forensics’s Academic Forum for ITT Technical Institute in Murray, Utah. Continual exploration of server environmental security has led Rin to begin development of algorithms which have the potential to create a new gigabit encryption standard.

Abstract

Virtual Subhosting is one of the most powerful features of the Virtual Private Server. This feature allows businesses to support multiple domain names that each resolve to their own unique subdirectories on a single Virtual Private Server. In other words, you can host bob.com and jim.com on the same Virtual Private Server, each with its own domain name and unique site content. Virtual Subhosting offers each Virtual Subhost a unique FTP login with access to his/her own subdirectory and e-mail addresses using an individual domain name. However, it is important to consider some of the security issues that relate to Virtual Subhosting. Many businesses not only provide clients with a hosting service, but also design their web content and write their CGI scripts. Because the Virtual Subhosts operate in the same VPS Environment, CGI scripts that are executed by any Virtual Subhost will inherit privileges to access any directory or file in a VPS directory hierarchy.

Attendees to this session will be provided solutions examples and best practices to avoid malicious Virtual Subhosted behavior in order to protect their business. Having invented Virtual Private Server technology in 1996, Verio continues to be the foremost expert in this innovative type of Web hosting. This session will provide insight on the benefits of Virtual Subhosting and help guide attendees through potential security threats that Virtual Subhosts occasionally face.