|Read the Digest in
You need the free
Thanks to This Month's Availability Digest Sponsor
In this issue:
Browse through our useful links.
See our article archive for complete articles.
Sign up for your free subscription.
Visit our Continuous Availability Forum.
Check out our seminars.
Check out our writing services.
The Connect Boot Camps Are Here Once Again
Every year, Connect, the Independent HP Business Technology Community, sponsors the OpenVMS Boot Camp and the NonStop Technical Boot Camp to bring the latest technologies for these systems to their users.
This year, the OpenVMS Boot Camp is being held from Sunday, September 28th, to Wednesday, October 1st, at the Doubletree Bedford Hotel in Bedford, Massachusetts. In addition to three general sessions on Monday, Tuesday, and Wednesday, the OpenVMS Boot Camp features 48 breakout sessions organized in nine tracks. Sunday is dedicated to a Pre-Conference Deep Dive Seminar. With HP’s announcement of its agreement with VMS Software, Inc. (VSI) to continue the development and support of OpenVMS into the indefinite future, this conference is a must for all current and future OpenVMS users.
The NonStop Technical Boot Camp is scheduled from Sunday, November 16th, through Wednesday, November 19th. It will be held at the Hayes Mansion in San Jose, California. This year celebrates forty years of NonStop. With several hundred attendees expected, the conference promises to provide unparalleled opportunities to meet with NonStop users, vendors, developers, and executives.
More details about the Boot Camps and registration are available on Connect’s web site at www.connect-community.org.
Dr. Bill Highleyman, Managing Editor
On Wednesday morning, August 27, 2014, people all over the United States woke up to find that they had no Internet service. The outage lasted for hours. It turned out that a human error had taken down the high-speed Internet backbone of Time Warner Cable (TWC), terminating Internet service for millions of subscribers from coast to coast.
As the second largest cable provider in the U.S., TWC is in the middle of an effort to merge with Comcast, the largest cable provider in the U.S. The combined company will be in a position to provide high-capacity Internet services to two-thirds of American households.
TWC has the lowest satisfaction rating of any big cable provider. Of equal importance is that Comcast has the second lowest rating. This does not bode well for a cable provider that would effectively control Internet services for most of the country.
This outage and the potential for poor performance of a merged company is further warning that it is imperative that a company anticipate such downtime in its Business Continuity Plan. It must have a means to continue services to its customers in the event of an Internet interruption.
In the business world of today, access to real-time online transactional data must be available at anytime from anywhere. This requirement necessitates an application service that is continuously available and an adequate business continuity plan to ensure application-service continuity under both planned and unplanned circumstances. Studies show that the average business revenue lost per hour of downtime across a range of industry segments is about US $1.4M per hour.
A business continuity plan must be designed to enable operations to survive despite the loss of a system or an entire datacenter. Such plans typically include multiple geographically distributed systems with at least some form of online data replication between them. The question is, are these plans sufficient?
Even though you may already have a business continuity plan in place, it may not be satisfactory, well-tested, or well-supported. If this plan relies on an active/passive replication architecture, significant issues with this approach could hamper a fast and successful takeover in the event of an outage. You can avoid this risk since other replication technologies are readily available, such as sizzling-hot-standby and active/active architectures that provide fast and reliable failover.
Over the 2013 December holidays, Target was hit with a massive theft of credit-card information by malicious software that read magnetic-stripe data from a payment card as it was being swiped at a POS terminal. More recently, it appears that Home Depot has suffered a similar fate. This personal information is sold on the Darknet.
The Darknet is a private network where connections are made only between trusted peers. It is structured to maintain the anonymity of its users. A person can only access a Darknet web site if he has been approved by the other members of the web site.
The United States is a mecca for stealing personal card information because it is one of the last countries to adopt smart-card technology, which encrypts the card number using a computer chip embedded into the card.
However, this is about to change. The U.S. payment-card industry has mandated that all merchants be smart-card-compatible by October, 2015, or face a “liability shift.” If a merchant does not process at least 75% of its transactions through a smart-card-enabled terminal and accepts a disputed or fraudulent card payment, the merchant will be liable for the transaction rather than the issuer.
This is the tenth year that Verizon has issued its Verizon Data Breach Investigations Report (DBIR). The DBIR analyzes reported security incidences, data breaches (those in which data was exposed), and confirmed data disclosures (those in which information was actually stolen).
The 2014 DBIR covers 63,437 security incidences that resulted in 1,367 data breaches. The security incidences originated from 95 different countries around the world.
Verizon was able to categorize most of the security incidents into nine categories. These categories describe 94% of all data breaches over the last four years and range from POS Intrusions and Cyber Espionage to Distributed Denial of Service (DDoS) attacks.
Verizon notes that in most cases, it took weeks to months for the victim to discover the breach. Most security incidences did not result in data disclosures except for POS Infiltration and Payment-Card Skimming attacks. 100% of these attacks resulted in data disclosures. Phishing and browser infections are the primary threat actions.
Verizon’s 2014 Data Breach Investigations Report is well-written, informative, and easy to understand. This short review expands to fifty-eight pages in the report. We recommend that anyone who is concerned about malicious attacks on their systems read the report.
A challenge every issue for the Availability Digest is to determine which of the many availability topics out there win coveted status as Digest articles. We always regret not focusing our attention on the topics we bypass.
Now with our Twitter presence, we don’t have to feel guilty. This article highlights some of the @availabilitydig tweets that made headlines in recent days.
Sign up for your free subscription at https://availabilitydigest.com/signups.htm
Would You Like to Sign Up for the Free Digest by Fax?
Simply print out the following form, fill it in, and fax it to:
+1 908 459 5543
Managing Editor - Dr. Bill Highleyman firstname.lastname@example.org.
© 2014 Sombers Associates, Inc., and W. H. Highleyman