• Nightmares restoring mailboxes with BackupExec and Exchange 2007

    19Jun
    Author: ben Categories: Infrastructure, Ramblings Comments: 0

    Imagine a world in which you had diligently backed up data in your Active Directory and Exchange environment every day, carefully labeling your tapes and filing them away to an off-site storage facility in case you one day encountered a server failure. Continuing in our Imaginationland, pretend that a real scenario arose  in which you had none of your domain controllers, Exchange systems, backup servers, or any of the environment in which the backups were created, but you still need to recover some of your mail data. Would you take comfort in the knowledge that your recovery tapes were a short drive away?

    If you’re using Symantec’s Backup Exec product, I wouldn’t be so sure. Read on for more of my rant on Symantec… and partially Microsoft.

    Read more »

    Tags: ,

  • Dear Ned

    19Jun
    Author: ned Categories: IT Management, Infrastructure, Ramblings Comments: 0

    Here at Applied Trust, we’re often asked tricky IT questions – sometimes, we have answers that might be interesting to a larger audience.  The “Dear Ned” podcast is our chance to share these IT infrastructure questions and answers.  Larry Nelson from w3w3.com will be interviewing us for regular episodes throughout 2009.

    Our first two “Dear Ned” episodes are already on-line and accessible over at w3w3.com!  The first gives an introduction to the series and a discussion of the Conficker worm.  The second is a followup to an earlier blog post, and addresses the question “I saw your blog recommending setting data center thermostats to 75°. Do you really do that? And if so, how’s that working out?”.

    Do you have a tricky IT question?  Submit it here and it may be the next Dear Ned topic!

    A special thanks to our friend Don Wrege for writing and recording our truly wonderful Dear Ned jingle!

    [Slashdot] [Digg] [Reddit] [del.icio.us] [Technorati] [StumbleUpon]
    Tags: , ,

  • Applied Trust wins Apex award; Launches new website

    10Jun
    Author: trent Categories: Ramblings Comments: 1

    What a crazy day at Applied Trust!  Traditionally, we’ve stuck to technical or at least IT topics on this blog, but today I’m making an exception to share some good news.

    First, last night at the annual CSIA Apex awards dinner, Applied Trust won the Apex Distinguished Services award.  For those of you that aren’t familiar with the Apex awards, they are truly the “academy awards for Colorado technology.”  The Distinguished Services  award recognizes the company whose professional services enable its customers to conduct their businesses more effectively and efficiently, and that has demonstrated not only innovative solutions but also tangible benefits.  This award is an incredible honor for us, and a fantastic surprise.

    Read more »

    Tags: ,

  • Compliance Series: PCI Data Security Standard

    28May
    Author: ben Categories: IT Management, Security Comments: 0

    I’ll kick off my much-delayed series on compliance and regulation with the Payment Card Industry’s Data Security Standard. This highly visible, widely applicable standard applies to any company that processes credit card data. Importantly, the standard was developed by the industry rather than congress. This is in direct contrast to many other industries (such as health care and finance) that are regulated by the federal government.

    The standard consists of 12 requirements, each with a number of sub-requirements, ranging from firewall configuration to security policy to ongoing vigilance. There are four tiers of merchants, and slightly different requirements apply depending on the tier. Read on for details and tips.

    Read more »

    Tags: , ,

  • A Tangible (negative) Impact of the Sun/MySQL Acquistion

    17May
    Author: ned Categories: Infrastructure, Ramblings Comments: 1

    MySQL didn’t escape the Sun acquisition unscathed… hopefully Oracle doesn’t make the same dumb mistakes.

    I took (what I thought would be) a few minutes this afternoon to upgrade a group of production MySQL servers at Applied Trust. I started by following the same process I have followed for at least four or five years: browse to mysql.com, click on “Download”, and follow the links to the latest RPMs for my Linux distributions.

    The download went as expected, with the consistent MySQL branding lulling me in to a false sense of ease – this was something I’ve done dozens of times. I shouted down the hall that I’d be ready to start grilling dinner in a few minutes. Next, I scheduled downtime, did the necessary change documentation, and brought one of the slave MySQL servers down – I was ready to upgrade the database.  I typed sudo rpm -Uvh MySQL-*-5.1.34-0.rhel5 and my pleasant ride through upgrade-land came to a screeching halt:

    Read more »

    Tags: , , ,

  • Incident management – start now, before there is an incident!

    01May
    Author: terry Categories: IT Management, Security Comments: 0

    Many organizations think they don’t need to worry about incident management. They think their data is not interesting enough, or they are too small – no one will find them, or they have a firewall – so they feel secure. Unfortunately, none of these things are true. In 2008, the FBI reported that 43% of the companies they surveyed had sustained a breach in the prior 12 months. This is scary, particularly given the fact that if 43% actually had a breach, it is like that nearly 100% of the companies had an attempted breach.

    Now is the time to prepare for an incident. Industry best practice incident management begins with being well prepared. Some things to keep in mind:

    Read more »

    Tags:

  • Blackberry Security: Risking the Whole Enterprise

    30Apr
    Author: trent Categories: Security Comments: 0

    I was speaking with a respected colleague today about the security of Blackberries vs. other mobile devices.  The conventional wisdom of the business community, apparently, is that the Blackberry is some form of superhero-grade magical device, impervious to all forms of cybersecurity attack, and hence suitable for handling all levels of sensitive communication (and soon suitable for President Obama).

    It’s true that RIM (Research in Motion), Blackberry’s maker, has an excellent marketing department (and, as excellent marketing departments are hard to come by, I at least give them kudos for that).  They have spun a fantastic tale about how, by simply installing their superduper-secure Blackberry Enterprise Server (BES) product, you have created a secure channel between the enterprise network and a user’s eyes/ears.  As far wireless communications channels go, they have an “ok” solution for securing transport to the Blackberry device itself.  The highest security risk of using a Blackberry is NOT that your data is compromised while being transmitted wirelessly.  Instead, there really are two high risk scenarios when using a Blackberry in an enterprise:

    Read more »

    Tags: , , ,

  • Anti-Virus for Mac OS X?

    30Apr
    Author: randy Categories: Security Comments: 3

    As Apple laptops and desktops gain market share, new users are being introduced to OS X. One of the questions that often comes up is, “Do I need anti-virus software for my Mac?” There has been a lot of debate back and forth as to whether AV software is useful. Apple had a Knowledge Base article recommending the use of multiple anti-virus packages for maximum protection. On December 2, 2008, the article (was at http://support.apple.com/kb/HT2550) was removed from their site. Shortly after the page was removed, an Apple statement telling users that no system is 100% secure and AV software may be helpful was released.

    So what does all this mean for Mac OS X users?
    Read more »

    Tags: , , , ,

  • Encrypted Storage in the Cloud

    21Apr
    Author: ned Categories: Infrastructure, Security Comments: 2

    854998249_6686eb8991_m The smart folks over at Amazon Web Services just published a new white paper titled Creating HIPAA-Compliant Medical Data Applications. I’m a strong believer that it is possible to deploy Internet applications as securely “in the cloud” as in a private data center somewhere, and vendor documentation like this goes a long way toward helping others grasp this reality.

    One weakness is that the white paper barely mentions encrypting data at rest.  Here’s their accurate but incredibly concise statement:

    HIPAA’s Privacy Rule regulations include standards regarding the encryption of all PHI in
    

    transmission (“in-flight”) and in storage (“at-rest”). The same data encryption mechanisms
    

    used in a traditional computing environment, such as a local server or a managed hosting
    

    server, can also be used in a virtual computing environment, such as Amazon EC2 and
    

    Amazon S3.

    Their blog post mentions some software libraries and commercial tools for achieving encryption at rest, but generally leaves any implementation for you to figure out. There are encryption recommendations for software developers and end users, but not for system administrators (aren’t we their key demographic?). Never fear – encrypting your data at risk is easy with Linux! There are many ways to achieve encryption of data when it is stored on disk, but whole-volume encryption is often appealing because it can be implemented completely transparently to the application.

    One of the best tools for securing your data “at-rest” while it is stored on Amazon’s Elastic Block Store (EBS) is dm-crypt. It’s already built into most modern Linux kernels, and gives you extra confidence that noone else could read your EBS volumes. Anyone who’s thinking of deploying any app that stores sensitive information (in “the cloud” or in your data center) should consider implementing dm-crypt on their Linux servers. Below are instructions for creating and using an EBS volume which is protected by dm-crypt encryption…

    Read more »

    Tags: , , ,

  • Passwords… in your ear?

    21Apr
    Author: brian Categories: Security Comments: 0

    earJust a quick update…  if you’re interested in biometrics (see our home made keystroke dynamics demo),  I read an interesting article published by newscientist.com that claims one day our ears may be used to uniquely identify us :

    YOU are the victim of identity theft and the fraudster calls your bank to transfer money into their own account. But instead of asking them for your personal details, the bank assistant simply presses a button that causes the phone to produce a brief series of clicks in the fraudsters ear. A message immediately alerts the bank that the person is not who they are claiming to be, and the call is ended.

    Sounds pretty cool to me.  Read the rest here:

    http://www.newscientist.com/article/mg20227035.200-our-ears-may-have-builtin-passwords.html

    Guess it’s time to clean out that ear wax.

    [Slashdot] [Digg] [Reddit] [del.icio.us] [Technorati] [StumbleUpon]
    Tags: , ,
« Previous Page

Subscribe:

Popular Posts