Many organizations implement the use of serial naming procedures for individual host servers. In most cases, access to these servers is through a single well known host name which uses some kind of load balancing or round robin allocation of web traffic to direct customer requests to each individual host.  This round robin technique can also be used for balancing the load of  email servers.  So clustered email servers are just as much at risk with using serial host naming.  For example, responding to a well known name www.supersales.com there could be 3 individual hosts called www1.supersales.com, www2.supersales.com and www4.supersales.com.

Problems with the foolish adoption of a serial host naming convention lie with the probability that hackers will eventually cycle through individual host names in order to discover forgotten or insecure hosts. Many times an organization may have many “load balanced” hosts typically available through a well known host name or URL. Some of these hosts may not be configured as well as the others. So a hacker can use the individual hosts name to connect directly to the server. There is a good chance these attempts can potentially compromise the weaknesses of one or more servers.

Continue reading Serial Host Naming is Dopey

Today, most enterprises turn to Email Archiving and Management (EAM) to reduce costs and control information overload. With digital information, specifically email and messaging mushrooming faster than most enterprises can manage it, EAM projects have become a cost of doing business. EAM is fast becoming a business necessity.

The “Email Archiving and Management Report“,  published by CMS Watch, provides a clear strategy for your implementation team.

The domain of EAM is broad enough to touch multiple areas within your enterprise, including both technical and business departments. Managers have several common reasons to justify applying EAM technologies:

• To be proactive with legal requests and ediscovery requests
• To be in compliance with local governing requirements regarding information management
• To improve the performance of their e-mail environment (Exchange, Notes, or Groupwise)
• To reduce email volume on servers to reduce the need to buy more licenses
• To provide back up and disaster recovery for their e-mail system
• To improve storage management costs and needs

The marketplace keeps finding new reasons for applying EAM technologies. Compliance, for example, is a relatively new rationale. Traditionally, the sales and buying processes focused on systems management and storage requirements.

Continue reading Applying Email Archiving and Management Technologies

Although a bit dated, a white paper titled “The Use of Honeynets to Detect Exploited Systems Across Large Enterprise Networks“  provided many security lessons which are still appropriate today. This white paper was the result of a honeynet implemented at Georgia Institute of Technology.

Two or more honeypots on a network form a honeynet.  A Honeynet is a network, placed behind a reverse firewall that captures all inbound and outbound data. The reverse firewall limits the amount of malicious traffic that can leave the Honeynet. This data is contained, captured, and controlled. Any type of system can be placed within the Honeynet, to include those systems that are currently employed on the network that the Honeynet is intended to protect. Standard production systems are used on the Honeynet, in order to give the hacker the look and feel of a real system. A Honeynet is a network that is intended to be compromised, to provide the system administrator with intelligence about vulnerabilities and compromises within the network.

Some of the lessons realized:

1. Start Small – If you are going to install a Honeynet within your enterprise, start small. Begin initially with a single machine and operating system that you are familiar with installed behind the reverse firewall. This will allow you to begin to understand how to analyze the data that you will receive on the Honeynet. You will also be able to fine tune your configuration. The more machines that you have, the more data you will most likely receive going to and from the Honeynet.

Continue reading Six Good Lessons taught by Honeynets

Archive solution implementation dictates that the project management team balance 3 variables:

1. Archiving solution still facilitates the day to day business operations, in-line with the company mission.
2. Meet regulatory requirements and minimize turn around time for legal document requests.
3. Provide flexibility to maintain service level agreements with email user community.

With his paper on “Deep Dive Into Email Archiving Products“,  Stephen Foskett displays obvious experience in the archiving arena.  This paper is a result of Stephen working as a vendor independent storage consultant to end users for over 10 years.   Stephen has also been a feature writer for industry publications, such as TechTarget’s “Storage Magazine“. He has taught full day seminars on storage virtualization.  In 2008 Microsoft awarded Stephen Foskett MVP status in the area of File System Storage.

Stephen’s document explains essential attributes of email archiving solutions. These attributes aid in managing mail server growth, meeting compliance standards, and managing system usage.  Archiving solutions must consider that it is still “business as usual” with email service level agreements (SLA).  The IT department must still ensure email systems are continuously running throughout the entire archive solution implementation.

Continue reading Why should you archive your emails?

Today the United States Computer Emergency Readiness Team (US-CERT) updated their website regarding the potential of rogue SSL certificates being generated.  US-CERT is part of the United States Homeland Security Agency. This alert is based on a report that identified a vulnerability in the Internet Public Key Infrastructure (PKI) used to issue digital certificates for secure websites. As an Internet standard, MD5 has been employed in a wide variety of security applications, and is also commonly used to check the integrity of files. The authors of the report provided a proof of concept by executing a practical attack scenario and successfully creating a rogue Certification Authority (CA) certificate trusted by all common web browsers. This certificate allows the authors to impersonate any website on the Internet, including banking and e-commerce sites secured using the HTTPS protocol.

The report further explained how the authors’ simulated attack took advantage of a weakness in the MD5 cryptographic hash function that allows the construction of different messages with the same MD5 hash. This is known as an MD5 “collision”. Previous work on MD5 collisions between 2004 and 2007 showed that the use of this hash function in digital signatures can lead to theoretical attack scenarios. Our current work proves that at least one attack scenario can be exploited in practice, thus exposing the security infrastructure of the web to realistic threats.

Continue reading Microsoft Calms SSL Security Alert

The “Electronic Discovery Law Blog” published by K & L Gates provides detailed information for plotting an archiving course.  Rule 26 is an amendment to the United States Federal Rules of Civil Procedure (FRCP). This rule covers the discovery of “electronically” stored information. Hence, in walks eDiscovery for email archiving.  Rule 26 sets the stage for magnifying why companies need to get with the program for implementing archiving solutions. A video by comedian, John Cleese, offers sound advice on the seriousness of Rule 26.

A couple of areas Rule 26 covers:

1. Electronically Stored Information from Sources that Are Not Reasonably Accessible
Amended Rule 26 creates a two tiered approach to the production of electronically stored information. It makes a distinction between information that is reasonably accessible and that which is not. Under this section of Rule 26, a company receiving a legal request for information does not necessarily have to produce it. Requested information does not have to be produced, if  electronically stored information from sources that it [a company] identifies as not being reasonably accessible because of undue burden or cost. If the requesting legal entity tries to compel discovery of such information, the company must show the information as being not reasonably accessible because of undue burden or cost. Once a company proves this request is unreasonable, a court can only order discover for good cause, subject to the provisions of Rule 26.

Continue reading eDiscovery FRCP Rule 26 – Can your company comply?

So your company is still sitting on the fence about implementing archiving software for proactive eDiscovery.  Will the global financial crisis become your company’s wake up call for eDiscovery solutions?

As world economic events unfold, it’s becoming painfully clear that archiving software is not just for financial institutions that must follow corporate or government compliance regulations.

Laid off employees are filing record numbers of wrongful termination law suits. According to the The Denver Post labor and employment lawyers are warning that a tidal wave of wrongful-termination lawsuits is expected in the coming months as the jobless burn through their savings, run up debt and find few work prospects in the worst economic downturn in decades.

Continue reading Archiving Software Key to Global Financial Crisis

A report submitted to Congress on improving national cyber security is right on time, as U.S. President elect Barrack Obama prepares to assume his official duties in January 2009.

The Chicago Tribune reported that earlier this month, Center for Strategic International Studies (CSIS) Commission delivered a “Securing Cyberspace for the 44th Presidency” report to Congress. Recommendations in the report call for the creation of a new White House office that would guard the United States against computer attacks from hackers and foreign governments.

According to the commission, “unknown foreign entities” in 2007 hacked computers at the Departments of Defense, Homeland Security and Commerce, as well as NASA. Hackers broke into Defense Secretary Robert Gates’ unclassified e-mail and probe Defense Department computers “hundreds of thousands of times each day,” said the commission, a panel of leading government and computer industry experts.

Continue reading Perfect Timing with Obama and Cyber Security Report

As of 2007, cross-site scripting carried out on websites were roughly 80% of all documented security vulnerabilities.  Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications which allow code injection by malicious web users into the web pages viewed by other users. Examples of such code include HTML code and client-side scripts. An exploited cross-site scripting vulnerability can be used by attackers to bypass access controls such as the same origin policy. Vulnerabilities of this kind have been exploited to craft powerful phishing attacks and browser exploits.

The diagram attached shows exactly how Cross Site Scripting (XSS) dupes online customers. During an XSS attack everything looks fine to the unsuspecting online customer, who may be subject to unauthorized access, theft of sensitive data, and financial loss.

Tim Wilson of Dark Reading reports American Express has been wrestling for more than a week with cross-site scripting vulnerabilities that could jeopardize the personal information of its customers, according to security researchers.

Continue reading The Dangers of Cross Site Scripting

Let’s eliminate the confusion by understanding the difference between archiving and eDiscovery. Both are tied together, but serve two (2) distinct functions. The everyday operations performed with software processes that maintain historical email correspondence is that component referred to as archiving.  eDiscovery enters the business picure as an official legal or regulatory compliance request. eDiscovery requests ask for specific documentation which may be attached to an email or may contain relevant verbiage within the body of an email.

Let’s focus on those companies that perform eDiscovery. These companies are very different and unrelated to companies that provide archiving software solutions. You will find in your research that archiving software is referred to as “eDiscovery software”. The interchangeability of terms is semantical, at best.

Continue reading Email Archiving Facilitates eDiscovery Processes