Categories

• Automation
• Compliance
• Consolidation
• Data Protection
• Networking News
• News
• RAID
• Security News
• Sencilo News
• Storage News
• Uncategorized
• Vendor News
• Virtualization

Archived by Date

• July 2010
• June 2010
• May 2010
• April 2010
• March 2010
• February 2010
• January 2010
• December 2009
• November 2009
• October 2009
• September 2009
• June 2009
• May 2009
• April 2009
• March 2009
• February 2009
• January 2009
• December 2008
• November 2008
• October 2008
• September 2008
• August 2008
• July 2008
• June 2008
• May 2008
• April 2008
• March 2008
• February 2008
• January 2008

Data Protection

Missing Iron Mountain backup tapes prompts identity theft fears for J.C. Penny customers - January 18, 2008

GE Money, the firm hired by J.C. Penny to run its credit card operations, announced Thursday that it is missing backup tapes containing the personal information of about 650,000 J.C. Penny shoppers.

The personal information contains about 150,000 Social Security numbers. GE said the tape was discovered missing last October by a worker at a warehouse run by Boston-based data-protection and storage company, Iron Mountain Inc.

It is unclear if the data was encrypted. "When stolen data is encrypted, companies are quick to point it out as a way to ensure customers that their identities are safe," say Security Consultant Brian McCarthy for Sencilo Solutions. GE Money spokesman Richard C. Jones said the company was paying for 12 months of credit-monitoring service for customers whose Social Security numbers were on the tape.

"As is standard practice in our industry, we rarely know the nature of the information stored on the media we transport, nor the level of encryption or security our customers use," said Iron Mountain spokesman, Dan O'Neill in an email exchange. "We understand the tape was created in such a manner that unauthorized access to the data is extremely unlikely and difficult, even for its with specialized knowledge and technology."  Un-true says, McCarthy, 30 day demo backup software is available from most vendors as a free download, and the tape drives are common place via E-Bay", Iron Mountain again is trying to cover its tracks".  The only true and compliance way it to encrypt the tapes using encryption appliances or up-grade to the latest LTO-4 tape drives that have built-in encryption." 

It's the second time in recent months that Iron Mountain lost customer data. In October, Iron Mountain said it lost a decade's worth of bank account data and Social Security numbers for almost all Louisiana college applicants and their parents. The company was moving the backup tapes containing the information. A driver reportedly lost a case full of backup data for every Louisiana application for federal student aid from 1998 through Sept. 13, 2007.

Greg Schulz, an industry analyst with the Stillwater Minn.-based StorageIO Group downplayed the J.C Penny incident saying that it would be too labor intensive for a cybercriminal to steal the data off any missing tapes. 

"A penny theft criminal is not going to target an individual tape," Schulz said.

If the tape was targeted, a sophisticated cybercriminal would need to know the type of tape it is and have a specific device to read the data. Once cracked, the hacker would need to determine how the data was formatted. The work would be labor and financially intensive and therefore not a viable way for a cybercriminal to make money stealing identities, he said.

"Tapes have been lost and misplaced and have never left the building and the reality is that there are probably fewer tapes being lost today than there have been in the past," Schulz said. "Whether they're putting data on a tape or CDs or removable hard drives, the chance of that data getting lost is there."

"To bolster security in the wake of many high profile data breaches, some companies are encrypting data on backup tapes. Some firms are also using radio frequency identification and global positioning to track and maintain a handle on backup data", McCarthy of Sencilo Solutions said.

IBM has introduced encrypting tape drives and most back up software can encrypt but it still has to be turned on, said Eric Maiwald, an analyst at Midvale, Utah-based Burton Group.The potential for losing data because of a failed key management system must also be taken into account, Maiwald said.

"Encryption mechanisms that use appropriate algorithms with appropriate key lengths are effectively impossible to break. However, we have seen poor implementations that are breakable (such as WEP),"  McCarthy said.

For more information please call (407) 265-6293 or visit us at: http://www.sencilo.com/storage-area-network.php

About Us

Sencilo Solutions is a Florida-based integrator specializing in storage, security and networking solutions. Sencilo delivers a comprehensive portfolio of products from best-of-breed hardware and software from multiple manufacturers including VMware, EMC, NetApp, Juniper Networks, Hitachi, Symantec, Barracuda Networks, and HP. Its technical expertise is known throughout the storage and security industry. Clients include leading corporations, major financial institutions, top universities, government facilities, as well as small to medium size businesses. Sencilo's professional services include consulting, integration, project management, installation, maintenance and knowledge transfer.

Sencilo has offices throughout Florida including: Jacksonville, Miami, Tampa, St. Petersburg, Orlando, Hialeah, Fort Lauderdale, Tallahassee, Cape Coral, and Pembroke Pines.

Key words:  DR BC Replication De-Dup De-Dupe iSCSI SAN NAS VMware Security EMC NetApp HP IBM Quantum Compliance VTL Data Domain vs Gartner Magic Quadrant LTO Backup Exc NetBackup Legato TSM Commvault BakBone D2D D2D2T compare cloud data deduplication  thin provisioning DXi Global Compression DDX  virtual tape library Data Reduction SEPATON FALCON compare Celerra CLARiiON Equallogic Dell

 

Nexsan SATABeast chases Apple shops with SATA disk array - January 7, 2008

Nexsan Technologies Inc. is planning a version of its SATABeast disk array that has been modified specifically for Apple servers as it tries to tempt loyal Mac users by filling a gap between Apple's storage products.
With the SATABeast Xi, which is expected to become generally available around March 15, Nexsan is aiming to fill a gap between the capacities of Apple's XServ RAID and the XSan. XServ scales to 14 disks and 10.5 TB capacity with 750 GB SATA drives. The XSan is actually a SAN with a SAN file system layered over it that's designed to scale to hundreds of terabytes or petabytes.

Nexsan is adding Apple-specific enhancements to SATABeast, including Apple-like hardware packaging, a Web-based management GUI meant to look like Apple's Safari Web browser and wizards to address some of the peculiarities of Apple's approach to Fibre Channel, according to Nexsan chief technology officer Gary Watson.

"Apple's XServ RAID operates so that a given LUN can only show up on one port, and if you want to multipath, you need to mirror the data," Watson said. "Our wizard will prevent users from setting up storage in a way that can't be resolved by Apple's system and offers them a lower cost approach to multipathing." The Xi's cache has also been tweaked to optimize streaming video performance.

Sencilo Solutions a Nexsan reseller say media companies are looking for new storage alternatives as Apple's Final Cut Pro gains popularity in the video editing world. According to Brian McCarthy, president of Orlando-based Sencilo Solutions, his company first began reselling Nexsan several months ago as disk-based backup for XSan deployments that were often massive. McCarthy said his customers liked Nexsan's pricing and density -- Nexsan can cram 42 TB into a 4U footprint, while the same capacity in Apple's smaller XServ RAID disk arrays would take up 8U.

McCarthy said the value is in the speeds and feeds Nexsan can offer over XServ RAID, such as support for 4 Gbps Fibre Channel and 1 TB disk drives. "Any little jump in performance is huge for companies doing video processing." Nexsan also offers a three-year warranty standard, while Apple's standard warranty is one year.

Apple has not qualified Nexsan's product, and there is no formal relationship between the two companies, which means Nexsan will have a tough time swaying hardcore Mac loyalists. But analysts point out the product could appeal to users in mixed environments who want to manage Mac, Linux and Windows systems together.

"It's in small environments where you're more likely to see total dedication to Mac and Apple products only," said Greg Schulz, founder of the StorageIO Group. "Larger organizations where this disk array would fit tend to be hybrid environments more often than not."

According to Donoyan, the loyalty tends to be more focused on workstations than back-end IT equipment. "I have users attaching Apple XServs via dual Linux controllers to Hitachi Data Systems arrays," he said. "Companies make business decisions, not emotional ones."

For more information please call (407) 265-6293 or visit us at: http://www.sencilo.com/storage-protection.php

About Us

Sencilo Solutions is a Florida-based integrator specializing in storage, security and networking solutions. Sencilo delivers a comprehensive portfolio of products from best-of-breed hardware and software from multiple manufacturers including VMware, EMC, NetApp, Juniper Networks, Hitachi, Symantec, Barracuda Networks, and HP. Its technical expertise is known throughout the storage and security industry. Clients include leading corporations, major financial institutions, top universities, government facilities, as well as small to medium size businesses. Sencilo's professional services include consulting, integration, project management, installation, maintenance and knowledge transfer.

Sencilo has offices throughout Florida including: Jacksonville, Daytona Beach, Miami, Tampa, St. Petersburg, Orlando, Hialeah, St. Augustine, Gainesville, Ocala, Palm Coast, Clearwater, Kissimmee, Lakeland, Maitland, Cape Canaveral

Other Projects: DR BC Replication De-Dup De-Dupe iSCSI SAN NAS VMware Security EMC NetApp HP IBM Quantum Compliance VTL Data Domain vs Gartner Magic Quadrant Quadrent LTO Backup Exc NetBackup Networker TSM Commvault BakBone D2D D2D2T compare cloud data deduplication thin provisioning DXi Global Compression DDX virtual tape library Data Reduction SEPATON FALCON compare Celerra CLARiiON Equallogic Dell NS20 NS40 CX3-20 CX3-40 CX3-80 FAS2050 FAS3050 Xiotech Nexsan Avamar CX4

ICANN and overbearing governments are gearing up for a major expansion of the attack surface of the DNS. - January 7, 2008

The use of domain names in most phishing is relatively crude, You see a lot of names like www.somefreewebsite.com/~ingrid/www.bankofamerica.com/.... There's no SSL, and the tricky part of the domain name is off to the right. A user would really have to ignore the domain name and focus on the body of the page, which is where the real phishing expertise comes in.But a potentially lucrative minefield for phishing domains may open up through a series of developments currently underway. One of them is the move by some governments to develop alternative root servers. The other is the development of internationalized domain names, especially top-level domains. In at least one case the two are combined.

The alternative root server is a strange concept to most people, says Brian McCarthy President of Sencilo Solutions. The root servers are the DNS servers that control the root of the DNS. They control the top of the hierarchy or the bottom (root) of the tree, depending on the metaphor you want to use. So eWEEK controls the eweek.com domain; VeriSign controls the .com domain; and the root, the level above .com and also known as "." is controlled by the IANA (the Internet Assigned Numbers Authority).

This Wikipedia article includes a list of alternative roots that exist and the non-standard zones they include. For instance, the home page for OpenNIC is http://opennic.glue/. You might be wondering at that ".glue" top-level domain, and if you click on it you'll get an error. That's because OpenNIC is an alternative root with a completely different name space. Your DNS, probably derivative of your ISP's DNS, doesn't point into the OpenNIC name space. Organizations like OpenNIC sometimes exist in order to escape the control of ICANN. Free to put up any TLD they wish, they have .geek for example.

But OpenNIC does exist on the public Internet; it's not a private network. If your DNS is set up for it, it's possible to see these as well as the real Internet. In fact, UnifiedRoot goes this extra mile, by setting up your systems to see the public DNS as well as their own, on which they sell new TLDs to whoever wants them.

These groups don't worry me. Who's going to use them anyway? I get worried when I see whole countries, like Russia, trying to set up separate roots. In the case of Russia, the government wants more control over the Cyrillic portion of the Internet. They can never have real control as long as the root zone is in the hands of the IANA. Call me a western hegemonist, but I just don't trust the Russian government with a root zone.

Compounding the Russian issue is the ongoing development of IDNs (Internationalized Domain Names), which are domain names that support non-Latin character sets, including the Cyrillic used in Russia. Work on this has been in standards bodies coordinated by ICANN for years and some are in use. Work on Internationalized TLDs is also underway, and here's where the phishing angle becomes really clear. .ru the Russian TLD, translates in Cyrillic to .py, the TLD for Paraguay. It's not hard to see a Cyrillic phishing domain in the Paraguayan .py being used to fool Russian users.

This specific example isn't the real point. I have a general concern about these expansions of the DNS in ways that seem destined to provide massive new opportunities for abuse. The limitations of freedom for the people of Russia and China, which is also interested in both developments. Internationalized domain names are not inherently objectionable, of course, and it would be great if they could be made to work securely. Unfortunately, I see most of the news being about new browser exploits and scams.  It's companies like Infoblox that keep things running.  Read more about this in the 2H2007 Gartner, Inc.'s Magic Quadrant.

For more information please call (407) 265-6293 or visit us at: http://www.sencilo.com/products-security.phpAbout Us

Sencilo Solutions is a Florida-based integrator specializing in storage, security and networking solutions. Sencilo delivers a comprehensive portfolio of products from best-of-breed hardware and software from multiple manufacturers including VMware, EMC, NetApp, Juniper Networks, Hitachi, Symantec, Barracuda Networks, and HP. Its technical expertise is known throughout the storage and security industry. Clients include leading corporations, major financial institutions, top universities, government facilities, as well as small to medium size businesses. Sencilo's professional services include consulting, integration, project management, installation, maintenance and knowledge transfer.

Sencilo has offices throughout Florida including: Jacksonville, Miami, Tampa, St. Petersburg, Orlando, Hialeah, Fort Lauderdale, Tallahassee, Cape Coral, and Pembroke Pines.

Key words:  Barracuda Networks Security RSA Encryption Cisco Decru Neoscale EMC NetApp HP IBM Quantum Compliance VTL Data Domain vs Gartner Magic Quadrant SSL SonicWall Secure Computing Firewall VPN Endpoint