Availability Tools

Data Loss Costs

Data loss is a huge problem. See these facts, from http://www.ontrack.com/library/rdr_2003_whitepaper.pdf

• According to the National Archives and Records Administration in Washington DC, USA:
  • 93% of companies that lost their data center for 10 days or more due to a disaster filed for bankrupcy within one year of the disaster.
  • 50% of businesses without data management for this same period filed for bankruptcy immediately.
• According to the 2001 Cost of Downtime Survey Results, companies said the cost of downtime is:
  • 46% said up to US$ 50,000 per hour.
  • 28% said US$ 51,000 - 250,000 per hour.
  • 18% said US$ 250,001 - 1,000,000 per hour.
  • 8% said over US$ 1,000,000 per hour.
• According to the 2001 Cost of Downtime Survey Results, companies said that loss of data threatens the survival of a business within:
  • 40% said 72 hours.
  • 21% said 48 hours.
  • 15% said 24 hours.
  • 8% said 8 hours.
  • 9% said 4 hours.
  • 3% said 1 hour.
  • 4% said less than 1 hour.

Data loss causes, according to Ontrack engineers (who seem to have lost no data to malicious intruders):

According to a Gallup poll, most businesses value 100 megabytes of data at US$ 1,000,000.

Disk Longevity and Failure Rates

Have you considered the longevity of your storage media? The article "Ensuring the Longevity of Digital Documents" [Scientific American, January 1995, pg 42] discussed this. An updated revision is available for download. More recently, "Avoiding a Digital Dark Age" [American Scientist, v98, n2 (Mar-Apr 2010), pg 106] and "Now we know it..." [New Scientist, 30 Jan 2010, pp 37-39] also discussed it.

Summary: All media erodes, ink on paper is far better than any magnetic media, and we just don't have enough information to really say how long optical media is likely to last. The longevity of the logical format may be more important. Consider that the last heiroglyphs were carved in 394 AD, but soon after that we lost the ability to read the still very sharp and distinct writing. Also consider that the Dead Sea Scrolls are ink-on-parchment technology about 1900 years old but still readable. Egyptian papyrus is up to twice as old also also readable. The oldest true paper we have is from 868 AD. But computer media from a decade ago is often useless.

I have a personal story about attempts to recover data from old media in which both the logical format and the physical media had problems.

How long do you expect a disk to last before it fails? Is one brand better than another?

Who knows, and not particularly....

Disk manufacturers do studies, but they are accelerated failure tests on their own systems only under very specific conditions. Any manufacturer can have a short run of worse or better devices, and comparisons between various manufacturers' products haven't been very meaningful.

A couple of papers presented at the 5th USENIX Conference on File And Storage Technology (FAST '07) have gotten some attention:

• "Failure Trends in a Large Disk Drive Population", Eduardo Pinheiro, Wolf-Dietrich Weber, and Luiz Andre Barroso, of Google
• "Disk Failures in the Real World: What Does an MTTF of 1,000,000 Hours Mean To You?" Bianca Schroeder and Garth A Gibson, of Carnegie Mellon University,
  • CMU Technical Report
  • FAST '07 paper

Here is my summary of the Google paper:

Archiving

Data Risk Management has a very interesting model for data archiving: http://www.datariskmgmt.com/

A section above discussed media longevity. But format longevity may go out first. The article "Are We Losing Our Memory? Or: The Museum of Obsolete Technology", from Lost magazine, discussed this problem as experience by the U.S. National Archives.

I have also run into this problem.

Laptop Theft Prevention

• Security cables
  • Kensington http://www.kensington.com/
  • Philadelphia Security Products http://www.flexguard.com/
  • American Power Conversion http://www.apcc.com/
  • PC Guardian http://www.pcguardian.com/
  • Secure-It Inc http://www.secure-it.com/
• "Phone home" style laptop tracking (Windows only as far as I know)
  • PC PhoneHome, from Brigadoon Software Inc http://www.pcphonehome.com/
  • zTrace http://www.ztrace.com/
  • ComputracePlus, from Absolute Software Corp http://www.absolute.com/

Spam, or Unwanted Junk E-Mail

It's a denial-of-service attack.

• Anti-spam software tools
  • The best anti-spam tool I have used is Spam Assassin: http://spamassassin.apache.org/
  • IronPort seems to be a very good anti-spam system, based on my observations as a user of e-mail at some ISPs and Purdue University.
  • Several free spam filters are listed at: http://www.paulgraham.com/antispam.html
  • http://www.postini.com/
  • MIMESweeper blocks junk mail and filters content for viruses and malicious applets: http://www.mimesweeper.com
  • SpamCan: http://www.kernel.org/pub/software/admin/spamcan/
  • Post.Office from Software.com, Inc.
  • IMail Server for Windows NT from Ipswitch, Inc.
  • Blackmail spam filter: http://www.bitgate.com/spam/

How can you tell where spam was injected? Read the "Received:" fields in reverse, looking for inconsistency where the promiscuous relayer accepted the spam from the source. Using a real example I received, my comments inserted below the relevant lines in red:

									">
	From Bio-Med5241_a@linux.com.pk Thu Oct 26 15:38 EST
No, the message did not come from Pakistan (.pk), see below
	Received: from sclera.ecn.purdue.edu (root@sclera.ecn.purdue.edu [128.46.144.159])
		by rvl3.ecn.purdue.edu (8.9.3/8.9.3moyman) with ESMTP id PAA16066
		for <cromwell@rvl3.ecn.purdue.edu> Thu, 26 Oct 15:38:34 -0500 (EST)
Hop #3 — sclera forwarded my mail to rvl3.ecn.purdue.edu
	From: Bio-Med5241_a@linux.com.pk
	Received: from glasgow3.blackid.com ([212.250.136.251])
		by sclera.ecn.purdue.edu (8.9.3/8.9.3moyman) with ESMTP id PAA13819
		for <cromwell@sclera.ecn.purdue.edu>; Thu, 26 Oct 15:38:24 -0500 (EST)
 Hop #2 — glasgow3.blackid.com, the spam relayer, hands the spam to sclera.ecn.purdue.edu
	Date: Thu, 26 Oct 15:38:24 -0500 (EST)
	Message-Id: <XXXX10262038.PAA13819@sclera.ecn.purdue.edu>
	Received: from geo5 (host-216-77-220-220.fll.bellsouth.net [216.77.220.220])
		by glasgow3.blackid.com with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2650.21)
		id 449GZRTV; Thu, 26 Oct 21:33:01 +0100
Hop #1 — glasgow3.blackid.com, the spam relayer, accepts mail from the source,
a dial-in client of bellsouth.net using the IP address 216.77.220.220.  The
dial-in client undoubtedly got its IP address via DHCP, and so any system using
that IP address right now is not necessarily the original spam source.  However,
bellsouth.net should be able to figure out which of their clients used this
IP address at this particular time.
	To: customer@aol.com
That's odd — I'm not sure how they're getting SMTP to send it to me but with this
bogus address in the "To:" field — maybe I was a blind carbon-copy recipient...
	Subject: A New Dietary Supplement That Can Change Your Life....
	MIME-Version: 1.0
	Content-Type: text/plain; charset=unknown-8bit
	Content-Length: 5463
	Status: R

	[ long pseudo-medical nonsense deleted.... ]

Further investigation could use traceroute or whois to figure out where 216.77.220.220 really is in case the reverse resolution above either failed or was faked. As per the GNU version of whois

% whois 216.77.220.220
NetRange:   216.76.0.0 - 216.79.255.255
CIDR:       216.76.0.0/14
NetName:    BELLSNET-BLK5
NetHandle:  NET-216-76-0-0-1
Parent:     NET-216-0-0-0-0
NetType:    Direct Allocation
NameServer: NS.BELLSOUTH.NET
NameServer: NS.ATL.BELLSOUTH.NET
Comment:
Comment:    For Abuse Issues, email abuse@bellsouth.net. NO ATTACHMENTS. Include IP
Comment:    address, time/date, message header, and attack logs.

Also see the great tool at http://samspade.org/.

Security Page

Home Unix/Linux Networking Infosec Travel Technical Radio Site Map Contact