The DataGuard Data Protection Newsletter
October, 2004
To subscribe: Click Here
Newsletter archives: Click Here
Suggestions, comments: Click Here

Welcome!

The cost of keeping your IT systems secure is going up. InformationWeek research just showed that U.S. companies will spend 12% of their tech budget on information security, substantially up from 8% in 2002. Security breaches and malicious code attacks are considered more threatening to business continuity this year than in 2003, and many companies fell victim to either a worm or virus attack over the last 12 months. Smaller companies were breached more often in the past year. Downtime attributed to security attacks rose over the last 12 months caused by vulnerabilities in key technology products.

One of the main reasons is that the average time period between the disclosure of a vulnerability and its first exploit has gone down from several weeks to less than six days in the first half of 2004, and in some cases there were global exploits ready in just two days. The vast majority of the 2004 vulnerabilities were moderately to highly severe. One of the most recent ones is the new JPEG hole. Malicious hackers now are seeding porn newsgroups with JPEG images that take advantage of this hole.

There is also another somewhat disturbing trend that was published by security company Qualys. They compared the difference in time frame that holes were fixed for internal and external systems. "External" in this case is defined as systems like Web, e-mail and gateway servers. Compared to 2003, in 2004 the amount of systems still vulnerable decreased with 50% every 21 days, whereas in 2003 that was 30 days.

However, they observed that internal systems take longer to fix (a whopping 62 days), giving worms much more time to wreak havoc. There is definitely a misconception in IT that external systems have greater exposure. They don't. Another reason internal systems stay vulnerable longer is that there are many more of them and patching is more involved. It is still very important to continue to scan and patch internal systems, as malware has many ways to compromise systems.

Food for thought.

Joe Tartaglia / High Caliber Solutions

If there are any topics you would like to see discussed in the future or if you have any comments, please contact me at JoeT@HighCaliber.com

Top

Bullet Points

  • Cell Phone Erasing Data?

    If your cell phone has a vibrate mode, there is a possibility that it can erase data on nearby storage media. Vibrating phones and pagers typically use a small electric motor to spin a deliberately imbalanced weight on a shaft. The imbalance causes the vibration.

    Electric motors use magnetic coils--- electromagnets--- to generate their motive force; and magnets of any kind can be bad news for something like the "swipe strip" on a bank card, security card, key card, etc. The strip is really just a length of magnetic recording tape laid flat and bound to the card. Any magnet can delete or scramble the data there. The ringer/beeper in a phone, pager or PDA also generates a small magnetic field when it goes off.

    Moral of the story: Don't put your USB "thumb" drives or other portable backup media in the same pocket as your cell phone or beeper!

    Top

  • Internet Blackmail

    Internet fraud has taken a dark twist: pseudo-hackers threatening to steal your data, wipe your hard disk or plant pornography on your computer if you don't pay them.

    The latest scare preys on computer users' fears about Internet security and the many reported cases of hackers bringing down systems, accessing confidential information or planting "back door" programs that allow them to take control of computers remotely. This scam is particularly nasty because the extortionist doesn't even have to have any skills; the threat alone is often enough to scare paranoid computer users into paying the relatively small amounts demanded (often $25-50) rather than take the risk that the blackmailer will follow through.

    Often these blackmail messages are sent out as mass mailings - spam - with the hope that out of thousands sent out, hundreds will respond. It's easy money for the extortionist; persuading someone to avoid the pain of data loss or the very real consequences that could result if, for example, child pornography were found on his/her work computer, is easier than convincing someone to part with hard-earned money to buy a product.

    Your vulnerability to this sort of scam is directly proportional to how seriously you take the threat - and you're going to take it more seriously if you know that your system is not protected from hack attacks and viruses. The best defense is to take standard security precautions: install a good firewall, use a good anti-virus program and update its definitions regularly, disable indiscriminate running of scripts in your browser and other applications, etc. If you get one of these blackmail messages, don't pay. If you do, you can bet the blackmailer will be back for more. Report the blackmail attempt to your local authorities.

    Top

  • Patch Facts

    Microsoft constantly releases patches for all supported versions of its Windows operating systems (98/ME/NT/2000/XP/2003) and for applications that it publishes (e.g. Office, Internet Explorer, Outlook, Media Player, etc.) Among other things, these patches fix security vulnerabilities and "bugs."

    FACT: Networks and individual PC's are vulnerable to intrusion if the latest patches are not applied.

    FACT: Managing the "patching process" is complex and time-consuming.

    Do you know which patches to install?
    Do you know which ones can be safely installed and in what combination/order?
    Can you validate that all patches were installed properly?

    A malicious intruder can steal critical files, destroy customer data, or worse. These real events result in downtime for your company and affect the bottom line. Make sure that all patches are applied to your workstations and servers regularly. If you don't feel comfortable doing it yourself, have a qualified computer technician do it for you.

    Top

  • Manually Updating Virus Deffinitions

    Most of you are probably using antivirus software that is designed to automatically download new virus deffinitions from the author's web site when they become available. There are times, however, when you may need to force the software to download new deffinitions (for example, when some new threat has just broken out.)

    In Symantec (Norton) Antivirus, click on the Live Update button and Norton automatically downloads and installs the latest virus definitions. McAfee VirusScan has a similar update function. Go to File > Update VirusScan.

    If you are unsure how to update your virus definitions, visit the Web site of your antivirus software manufacturer and look for their "download," "update," or "technical support" section. And if you are on AOL, you can find the latest virus definitions for most antivirus programs at keyword: virus.

    Top

  • Protecting Non-Critical Data Systems

    Dealing with server outages typically comes down to two major factors:
    1. The amount of data that you can afford to lose
    2. The amount of time a data system can remain offline before severely impacting business.

    Critical data systems are generally much more vital to business operations, and organizations must usually restore them within one business day -- typically within an hour or less.

    Noncritical data systems that the company still needs to protect typically can be down for more than 24 hours before restoration and recovery take place. A common example is a reporting server that is only needed to generate compiled data on a daily, weekly, or even quarterly basis.

    As long as the data is protected, you can take your time (within reason) to bring a reporting server back online. However, that doesn't mean you can neglect these systems: Missing a reporting period can definitely impact revenue.

    Backing up data to tape is generally the method of choice for these systems, unless data changes at such a rate that the loss of 24 hours of data could spell disaster. If that's the case, you can always supplement these systems with more immediate data protection solutions, including snapshot technology and replication tools, when necessary.

    Failover solutions usually aren't necessary for noncritical data systems. You can typically replace hardware components and install software well before the expiration of the maximum time you believe the machine can be down.

    Remember that having a business day or more to recover will easily allow you to restore data from tape and/or other backup methods.

    While noncritical systems can play a very important role in your business, they may not play a day-to-day role. Planning to properly protect them and their data efficiently will allow you to restore that role on time -- and after you've recovered more critical systems

    Top

Improving Your Disaster Recovery Plan

With the rise in cyberattacks, terrorism, and industrial sabotage — not to mention natural disasters such as tornadoes, floods, earthquakes, and hurricanes — business continuity management has quickly come to the forefront as more and more firms are being forced to invoke their disaster recovery plans. Here are some tips on how to improve your disaster recovery plans:

1. Be proactive rather than reactive. Work through the possible disaster scenarios ahead of time so that you have an idea of what might happen to company operations and what steps you'll need to take to counteract the disruption. You'll pay a premium if you're caught scrambling after the fact.

2. Don't put all your eggs in one basket. Spread your vital operations across more than one location to provide sufficient redundancy should a disruption occur. Make backups frequently and store them inside and outside the facility. Randomly and periodically check on the backups to make sure they're actually viable and accessible. Many companies overlook the fact that a lot of vital data resides on employees' workstations and laptops. If these are not backed up, you're really out of commission.

3. Make your business continuity plan is kept up to date. Don't allow your plan to gathering dust on a back shelf. It needs to be a living document to remain viable. If business processes change or key emergency contacts no longer work for the organization, your plan needs to be updated.

4. Aim for the quickest recovery you can afford. When disaster strikes your company, your competitors will jump at the chance to fill the void. A strong business continuity plan will ensure that you don't lose market share in the event of a disruption. Especially if yours is a Web-based operation, you need to get up and running again as fast as possible. Statistics show that oftentimes when prospective customers can't log onto your web site, they don't come back.

5. Routinely test your plan. The drills you do today may be critical to your company's survival. It's all part of making sure that your plan stays current. Make sure a triage process is established. Otherwise, in the heat of a disaster, those heading up the team might decide to change priorities based on the last phone call received, rather than on an integrated approach to business recovery.

6. Tailor your business continuity investments to likely threats and key priorities. It's all about balancing protection against costs and survival. Recent events have made us think of terrorism as our foremost threat, but there are many other threats that are far more commonplace: employee or non-employee workplace violence, labor actions and disputes, cyberattacks (including computer viruses and denial of service), hoaxes, and industrial espionage. Your plan needs to focus on those issues most likely to cause disruption.

Physical plant security is another issue to consider. Does the physical security plan include instructions for contacting local fire, police, and rescue authorities? Do employees know where to report for work in case their usual facility is unavailable? Do you have technology in place to allow them to work from home? Can another facility provide space and resources in the event of a disaster at one location?

It's important to realize that it is neither possible nor cost effective to try to protect everything. You need to examine your operations and determine what you really need to survive.

7. Check that all your plan components sync with each other. To effectively respond to a business disruption, your business continuity plan needs to incorporate all the components required for your successful recovery: your data, your workforce, your facilities, your networks, even your vendors and suppliers. You must have procedures in place to ensure that events occur in the right sequence to get you back up and running as promptly as possible. It's a delicate balance, but a crucial one.

While the goal of a business continuity plan is to get you back up and running as quickly as possible, your vigilance and diligence before the fact may even help you prevent some disasters and business disruptions from ever occurring.

Top

To subscribe to this newsletter: Click Here
DataGuard archives: Click Here
Related Services from High Caliber Solutions:
    Data Protection Services
    Disaster Planning
    Email Archiving