A recent survey by the META Group revealed that 80% of executives
view email as their preferred method of communication. I don't know
about you but I found this surprising. Somehow I thought the telephone
would still be their preferred way of communicating.
What does this mean?
Well, for one thing, it means we all better have another look at how we
are protecting our email.
How many of you that are not using Microsoft Exchange are backing up your local hard drive?
(That's where your email is most likely stored after you download it.)
How many of you have redundant Internet connections to insure that you can still
send/receive mail if there is a disruption in service from one of your Internet Service Providers (ISP's)?
How many of you realize that the vast majority of email messages are not sent securely across the Internet?
How many of you have acceptable use policies in place for email usage? (Or for web and Instant Messaging use, for that matter?)
Food for thought.
Joe Tartaglia / High Caliber Solutions
If there are any topics you would like to see discussed in the future or
if you have any comments, please contact me at
JoeT@HighCaliber.com
Microsoft Corp is entering the disk-based backup and recovery industry with
its Data Protection Server (DPS), a continuous, disk-based backup and
recovery solution.
DPS is designed to provide robust data protection for the Windows Server
System family, reducing complexity and improving operational efficiency for
Windows customers, officials said.
Microsoft said its customers have found backing up and recovering their data
to be labor intensive and complex.
"It's been one of our major objectives in the Windows server division for
some time [to enter the backup and recovery market]," said Rakesh
Narasimhan, general manager, Windows server division, for Microsoft in
Redmond, Wash. "The feedback we've been getting from our customers is
there's still a lack of data protection that's easy to manage, and an
affordable storage solution on the Windows platform."
"There are certain (storage and data recovery) features people are used to
on high-end systems, we're trying to bring that same functionality to the
masses at an affordable price point," he said. "This gives small- and
medium-sized businesses the opportunity to really leverage Microsoft's
and its' partners' solutions."
DPS provides three specific capabilities:
Rapid and reliable recovery through use of disk-based backup allows IT
administrators and end users to recover data in minutes instead of hours;
Continuous, efficient protection allows data to be backed up without
impacting IT infrastructure;
Integration with tape through a backup interface under development that is
based on the Volume Shadow Copy Service (VSS) API included in Windows Server
2003 will allow tape backup partners to address customer needs for backup
and recovery in Windows-based environments.
"The use of disk as a data-protection medium delivers significant
improvements in recovery time and recovery-point objectives, and makes
possible a continuum of data recovery options spanning backup and
replication," said Alex Gorbansky, senior analyst at the Taneja Group in
Hopkinton, Mass.
Currently available in a private beta version, Data Protection Server is
scheduled to be generally available in the second half of 2005.
Security Improvements in Windows XP Service Pack 2
Windows XP Service Pack 2 is a major operating system update that
contains a number of new security updates and features. Here is a
summary of the new security updates and features in Service Pack 2:
Windows Firewall
Windows Firewall helps to protect you from worms and other malicious code that
spread via the Internet.
Internet Explorer Local Machine Zone Lockdown
New settings for Internet Explorer disable the execution of
ActiveX controls and Active scripting in the Local Machine Zone.
This protects you from attacks and vulnerabilties such as Download.Ject.
Additional Internet Explorer Security Changes
Internet Explorer now includes a pop-up blocker, additional window
restrictions, and changes in MIME type handling that better defend
against social engineering and "phishing" attacks.
Email Handling Technologies
Outlook Express now supports the ability to read and compose
messages in plain text and to block external HTML content such as
"web bugs." Security checks are now performed in a more consistent
way to help prevent the execution of malicious attachments.
Security Center
The Security Center "...provides a central location for changing
security settings, learning more about security, and ensuring that
[your] computer is up to date, with the essential security
settings that are recommended by Microsoft."
Automatic Updates
The update services and automatic update feature of Windows XP
have been improved.
Data Execution Prevention
Memory protection helps prevent attackers from executing code on your computer.
In a denial-of-service (DoS) attack, an attacker attempts to prevent
legitimate users from accessing information or services. By targeting
your computer and its network connection, or the computers and network
of the sites you are trying to use, an attacker may be able to prevent
you from accessing email, web sites, online accounts (banking, etc.),
or other services that rely on the affected computer.
The most common type of DoS attack occurs when an attacker
"floods" a network with information. A server can only
process a certain number of requests at once, so if an attacker
overloads it with requests, it can't process your request.
An attacker can use spam to launch a similar attack on
your email account. Email accounts are assigned a specific amount of
disk space (quota) which limits the amount of data you can have in your
box at any given time. By sending many, or large, email messages to
the account (mail bombing), an attacker can consume your quota,
preventing you from receiving legitimate messages.
What is a distributed denial-of-service (DDoS) attack?
In a distributed denial-of-service (DDoS) attack, an attacker may use
your computer to attack another computer. By taking advantage of
security vulnerabilities or weaknesses, an attacker could take control
of your computer. He or she could then force your computer to send
huge amounts of data to a web site or send spam to particular email
addresses. The attack is "distributed" because the attacker is using
multiple computers to launch the denial-of-service attack.
How do you avoid being attacked?
Unfortunately, there are no effective ways to prevent being the victim
of a DoS or DDoS attack, but there are steps you can take to reduce
the probability that an attacker will use your computer to attack others:
Install and maintain anti-virus software
Install a firewall, and configure it to restrict traffic coming
into and leaving your computer
Follow good security practices for distributing your email address.
Using an email filtering service will help manage unwanted traffic.
How do you know if an attack is happening?
Not all disruptions to service are the result of a denial-of-service
attack. There may be technical problems with a particular network, or
system administrators may be performing maintenance. However, the
following symptoms could indicate an attack:
Unusually slow network performance (opening files or accessing web sites)
Unavailability of a particular web site
Inability to access any web site
Dramatic increase in the amount of spam you receive in your account
Some experts estimate that 50% of all home computers have been compromised
with viruses, scumware, adware, etc.
Dell has some great information oh how to tighten up security on your home computer:
Key decision makers in an organization often look at data protection
systems as nothing more than an expensive insurance policy that the
organization hopes never to use. Overcoming this objection can require
some in-depth explanations on your part to the powers-that-be. To help
strengthen your case, you should also consider creating a data protection
plan that acts as more than just insurance.
In addition to discussing exactly how much money the company could lose
to a serious outage, you can also point out that lower recovery costs
will offset the expenses of the DP system--and a DP system can even
lower operational costs due to avoiding fines from regulatory agencies.
You should also consider designing your proposed DP solution to serve
other purposes in addition to protecting the data systems. While there
are several ways to do this, the two most common are centralized or
enhanced backup systems and multitasking the DP servers.
Enhanced backup involves using a replication system to transport data
to another physical device, using either software-based tools or SAN-based
hardware replication systems. In either case, you can typically back up the
replicated data systems from the replicated copy, freeing up the production
systems.
This means you don't have to worry about the production systems taking a
processor and/or memory hit when the backup is running. In addition, you
can reduce the number of open file issues you'd normally see with
standard backup technologies.
All this translates into more manageable backups and a longer "backup
window." Using an enhanced backup system, you can back up data in the
middle of the production day without impacting end-user performance or
requiring all files to be in a closed state.
A centralized backup system extends this concept to branch-office
operations. The system replicates data to a central or set of regional
offices, where you can back it up and protect it. Because branch offices
often don't have dedicated technical staff, this offers the added
benefit of performing backup operations where the knowledgeable staffers
are.
Multitasking the backup servers involves using the DP systems to
perform other operations while still being ready to stand in for a failed
primary data system. For example, two file servers can easily replicate or
otherwise copy data to each other. Under normal circumstances, these servers
act as single file resources. But during a disaster, either one can stand in
for its counterpart--while continuing to serve its original population.
Keep in mind that you'll experience a performance hit after a failover when
using this solution. But if this hit is acceptable, multitasking the backup
server is a valid methodology for getting more than just insurance out of
your DP plan.
However you decide to make the most out of your DP system, planning to do so
before asking for budget approval can often make the process go much more
smoothly. Demonstrating that your proposed plan offers value beyond
insurance can help you overcome budget hurdles--and get the company more
"bang for its buck."
