|Read the Digest in
You need the free
In this issue:
Browse through our Useful Links.
See our article archive for complete articles.
Sign up for your free subscription.
Visit our Continuous Availability Forum.
Check out our seminars.
Check out our writing services.
Did You Know Your Birth Date is Worth $11?
Hackers don’t steal your card information anymore for their own use. They steal it to sell on the hacker’s black market. They can make a lot more money doing so with less effort and with less risk. This online black market is populated with “card shops” that advertise “dumps” of personal information. The magnetic stripe information on a single card is worth anywhere from $4 to $100, depending upon the reputation of the card shop.
Malware is available online to allow even novices to launch attacks. Based on recent attacks such as those that hit Target (110 million cards), most companies are not even aware that they are under attack until someone outside the company notices.
It seems that our basic defenses are encryption of sensitive data in-place and in-flight. This should be coupled with monitoring of unusual network traffic – stolen information is of no use to an attacker if he can’t get it.
What does this have to do with availability? If you are losing sales because your customers don’t trust your security protections or because your systems are down, is there a difference? We discuss this aspect of availability in our seminars on High Availability: Concepts and Practice.
Dr. Bill Highleyman, Managing Editor
Hacking financial data-processing systems to steal credit-card, debit-card, and personal information has become big business. Not only are hundreds of millions of people put at financial risk each year, but the hackers make big profits without ever using this data. Rather, they simply sell it in a hackers’ black market to resellers. Did you know that your date-of-birth is worth $11?
Hackers are clever and resourceful. Whatever protections we put in place, it does not seem long before they have worked out ways to circumvent them. And they have good reason to do so. A theft of even a modest amount of personal information can mean big payments to them. Imagine stealing the data for one million credit cards and selling this data at $4 per card - $4 million dollars over and over as the data is sold to more and more resellers.
The protections we have against this malicious activity are well-known but not always followed. It is important that organizations and individuals incorporate protective actions in their everyday lives. Perhaps the key actions are for organizations to encrypt sensitive data in-place and in-flight and for individuals to avoid clicking on email links and attachments from unknown sources.
Unbeknownst to Target, hackers gained access to its payment-card systems and over a period of almost three weeks stole the card information of 110 million debit cards and credit cards. The attack took place during the busiest shopping season of the year, from November 27, 2013, to December 15, 2013.
Target discovered on December 15th that point-of-sales (POS) systems in its U.S. stores had been infected with malware that captured the magnetic-stripe information of 40 million cards that had been swiped. This information was sent to the attackers. Target later found that additional data had been stolen from 70 million more cards.
The Target breach illustrates a common attribute of such malicious attacks. Target had no idea that the assault was underway for almost three weeks after it began. As is often the case, someone from outside Target’s organization, not Target itself, detected the attack.
One thing that Target did correctly was to give priority to customer communication.
This sort of hacking is on the rise as more tools become readily available on the Web. Even novices can use these tools to crack open a company’s computers.
The management of data centers and the protection of their systems is at the mercy of power reliability. Data centers require uninterrupted power of the highest quality. An uninterruptible power supply (UPS) is a requirement for modern-day data centers to ensure that the data center systems continue to operate during a primary power failure until the backup generators can be brought online.
The classic UPS uses lead-acid batteries to provide several seconds of power to the data center while the backup generators are brought into service. However, battery-based UPS systems face several challenges. The lead-acid batteries are not environmentally friendly. They are not as reliable as one would like. They are expensive to maintain and generally require a specially-constructed battery room. They are difficult to monitor, and bad batteries that should be replaced are hard to detect.
The newer flywheel-based UPS systems solve these challenges. They are virtually maintenance-free with MTBFs measured in years. Monitoring of flywheel health is simple, as only the speed of rotation need be measured. There are many vendors of flywheel UPSs capable of delivering over a megawatt of power per UPS. Flywheels may well be the future of UPS systems.
High-availability clusters protect services and applications from unplanned downtimes and permit shorter planned downtimes by facilitating faster and easier maintenance. They monitor hardware and software for faults and fail over applications to healthy nodes in the cluster.
Among the many faults that clusters handle, network faults need more care and involve more complexity in handling since they can affect not only heartbeats but cluster membership as well. Arbitration mechanisms are needed to handle network faults. In addition, fencing mechanisms are needed to avoid data corruption, a possible side effect of network faults.
HP Serviceguard cluster for HP-UX as well as for Linux supports many mechanisms as arbitrators. There are different advantages and disadvantages for each type of arbitration mechanism. They are discussed in this article in the context of HP Serviceguard.
Arbitration and fencing mechanisms ensure clusters handle network partitions and the associated requirements to prevent data corruption and ghost I/O. The mechanisms associated with these actions are critical to the stable functioning of a cluster.
A challenge every issue for the Availability Digest is to determine which of the many availability topics out there win coveted status as Digest articles. We always regret not focusing our attention on the topics we bypass.
With our new Twitter presence, we don’t have to feel guilty. This article highlights some of the @availabilitydig tweets that made headlines in recent days.
Sign up for your free subscription at http://www.availabilitydigest.com/signups.htm
Would You Like to Sign Up for the Free Digest by Fax?
Simply print out the following form, fill it in, and fax it to:
+1 908 459 5543
The Availability Digest is published monthly. It may be distributed freely. Please pass it on to an associate.
Managing Editor - Dr. Bill Highleyman firstname.lastname@example.org.
© 2013 Sombers Associates, Inc., and W. H. Highleyman