Here is an overview of how I am currently using the aila2 tools release here on Connect to provide updated data to users.
Only a couple of elements are missing from the image below:
More information will come on this implementation, with the full kit to install and run the aila2 set to your SMP or Site Servers.
Dr. Martin Luther King, Jr. once said, “Life’s most persistent and urgent question is: ‘What are you doing for others?’”
Today – January 20, 2014 – is the MLK Day of Service, a part of United We Serve, the President's national call to service initiative. It asks Americans from all walks of life to work together to provide solutions to our most pressing national problems. It’s the only US federal holiday observed as a national day of service.
Dr. Martin Luther King was also, of course, a prominent leader in the U.S. African-American civil rights movement, and originally the holiday was instituted in 1983 – after a long struggle – to commemorate his contributions to this movement.
As the executive champion for Symantec’s Black Employees Network (SBEN)– one of many Employee Resource Groups available to employees – I encourage each of you - employees, customers, technology professionals - to ask yourself the question I opened with. What am I doing for others?
“Dr. King is an agent for change in the lives of us all,” says Eric Hylick, Symantec technical support engineer and Heathrow’s SBEN Champion. “As I’ve grown to learn more about his sacrifices, accomplishments, and leadership, I have come to have a deeper understanding of his legacy. That legacy calls all of us to be change agents, as well – all of us should think about how we can make positive changes in our own lives and all those lives we come in contact with.”
Celebrating Diversity and a Commitment to Social Good
As a way to commemorate Dr. King’s legacy, Symantec's SBEN chapter in Heathrow, Florida, will feature several guest speakers for our employees beginning the week of MLK Day and stretching into February’s Black History Month. Featured speakers include Andrew West, author, technology thought-leader, philanthropist, and entrepreneur; Pastor Riva Tims of Orlando, Florida’s Majestic Life Church, and Cecil Miller, Lockheed Martin CIO. These speakers have been asked to share thoughts on African American figures who have inspired them, and the current projects they are focused on in their own lives.
Additionally, Symantec offers a number of opportunities and incentives for employees all over the world to become involved in their local communities, and to celebrate the diversity of our entire employee base. Employees can start an SBEN chapter or join their site's local community relations committee, Green Team, or one of our Employee Resource Groups. We currently have groups focused on women employees, Black employees, Hispanic employees, LGBT employees and allies, and our newest offering, Symantec Leadership and Empowering Asian Development (SymLEAD). All of these groups provide opportunities for community outreach and social engagement. Employees can also participate in the regional volunteer opportunities offered each quarter, arrange a team-building service project for their department, or simply engage with the charitable organizations they care most deeply about.
Lastly, employees can access Symantec's Matching Gift and Dollars for Doers programs to support personal charitable and volunteer contributions.
The MLK Day of Service website also offers project toolkits for service projects related to disaster services, economic opportunity, education, environmental stewardship, healthy futures, and veterans and military families. Anyone can search for volunteer opportunities in their local community here.
I believe that diversity within the workforce provides Symantec with a unique competitive advantage within the market, and that all of our individual differences should be respected and celebrated. I also believe that service is a cornerstone of integrity, something we should all strive for every day.
To learn more about Symantec’s commitment to community service, visit the Community Investment page of the Corporate Responsibility website.
Lenny Alugas is Symantec's Senior Vice President, Renewals.
HF3 for ITMS 7.5 is now available via SIM. Please review the attached screenshot for the seven products that it can update.
Are you passionate about security? Love solving difficult problems? Want to work with a wide variety of technologies and platforms? Come work with Symantec! Security Analysts in Symantec's Managed Security Services work on a world class team to identify threats within client environments, in order to keep clients secure. This includes real time review of security incidents, analysis of logs and alerts, and escalation to the client for severe incidents.
The full job description is below:
Responsibilities
• Monitoring and analyzing logs and alerts from a variety of different technologies (IDS/IPS, Firewall, Proxies, Anti-Virus, etc…), across multiple platforms.
• Assessing the security impact of security alerts and traffic anomalies on customer networks.
• Creating comprehensive security write-ups which articulate security issues, analysis and remediation techniques.
• Escalating and explaining severe security incidents to clients verbally.
• Responding to technical security questions and concerns from clients.
• Maintaining a strong awareness and understanding of the current threat landscape.
• Conducting research on emerging security threats and potential customer impact.
Candidate in this position must be able to work rotating assigned first and second shifts (weekday only) within a 24/7 operating environment.
Qualifications
• A passion for security, learning, and knowledge sharing.
• Strong knowledge of the TCP/IP protocol suite and related security concerns.
• Strong knowledge of identified operating system platforms, routers, network protocols, and security architecture
• Working knowledge of well-known security tools such as NMAP, Nessus, TCPDump, Wireshark, Netcat, and Metasploit.
• Working knowledge of common attacks and vulnerabilities.
• Strong understanding of common categories of malware and characteristics of each.
• Bachelor's degree in a security related field, or proven experience desired.
• Relevant industry standard certifications preferred (CompTIA, SANS, CISSP, C|EH, Etc.).
• Candidate expected to work towards SANS GIAC Certified Intrusion Analyst (GCIA) within 6 months of entry into this position.
For more details, view the job description at https://sjobs.brassring.com/tgwebhost/jobdetails.aspx?jobId=1688072&PartnerId=25471&SiteId=5529&type=mail&JobReqLang=1&recordstart=1&JobSiteId=5529&JobSiteInfo=1688072_5529&gqid=0
Come join our team!
Spammer success is dependent on two factors:
Spammers walk a fine line to balance these two aspects; relying heavily on one factor and ignoring the other will make the spam campaign fail. For example, spammers can evade spam filters by randomizing the subject and body of the message, however such randomization is likely to be ignored by even the most unsophisticated user as obvious spam. Similarly, crafting stand-out enticing messages to increase the email open rate often results in spam filters blocking the message. Spammers have a tough challenge.
Rising up to meet this challenge, spammers are now hiding the true content from the user more than ever before. While there are still spam campaigns with links to online pharmacies with subject lines mentioning a variety of popular Rx names—can it be more obvious?—more sophisticated spam campaigns now use enticing email content unrelated to the spam. One of the most popular methods is to use current events and news, such as the death of a celebrity or major figure or even a natural disaster. A spam message may look like a legitimate email from a news organization containing an article about current events, but actually links to a spam website. This spam strategy is common for spam messages that spread malware.
To increase the success of the call-to-action, spammers have realized that registering a domain for their spam has become less effective as it was too easy for anti-spam software to simply block that particular domain. To counter anti-spam efforts, spammers may now use hijacked URLs (otherwise legitimate servers hosting spam content without the owner’s knowledge) or URL shorteners that obfuscate the destination as call-to-action.
Let's take a look at how spammers adapted and changed their content through a six-week period to increase their success in both message delivery and email open rates.
We begin this journey with a message that spoofs a well-known voicemail service brand.
Figure 1. Malicious spam message
Clicking the Play button leads to the following URL:
http://[DOMAIN]/message/i9X8PSVcFk0n0QqhGNTJmh8e3/XSunSgPKMsrzQ7Y7s=/play
Instead of playing the voicemail, malware is actually delivered to the computer.
On December 19 spammers changed their content template from voicemail to a fake delivery failure notification from large retailers. How do we know this as the same attack? There are various clues in the message (including same type of hijacked URLs being used), but most obvious is the mistake the spammer made by using the same header as the first sample, indicating a missed voicemail, while the body of the message indicates a delivery failure notification from a retailer.
Figure 2. Wrong spam email subject reveals single spam campaign
Oops! This was obviously a mistake on the spammer’s part as the content was quickly fixed (in four minutes, or possibly sooner).
Figure 3. Fixed spam email subject
Two additional retailers were also spoofed as part of this particular spam campaign. The structure of the messages remained the same, but the spammers used a variety of hijacked URLs as a call-to-action, which changed the directory paths. This spam campaign hid the spam content in various first directories, but eventually used several directories over time.
Figure 4. Spammer uses various content directory names over time
This spammer preferred to use one particular directory path at a time, and then move on to the next one, rather than distributing the spam across multiple options all at once.
Another change occurred on January 7, when holiday shopping activity had presumably declined. Rather than using fake delivery notification from a large retailer, the spammers switched to spoofing a large utility company.
Figure 5 Spam campaign switches from retailer to utility company spoofing
The spammer made the same mistake once again with an email subject header that indicates a delivery notification from a retailer, but a body message showing an energy utility statement.
Figure 6. Another wrong spam email subject reveals single spam campaign
Oops again! This mistake was soon fixed with a corrected email subject.
Figure 7. Fixed spam email subject
Why did these spammers chose to use utility statements for their spam content? They may be leveraging consumer fear of a large electricity bill due to the Christmas holiday period to make their spam message more enticing to click on. The spam message contains a large bill, and that piques the recipient’s interest enough to make the spam campaign a success.
There was a small spike in retailer-spoofed spam on January 12, well after the utility spam increased in volume. Those messages, while retaining the overall structure of the previous campaigns, dropped the reference to the Christmas holiday.
Figure 8. Post-Christmas delivery notification spam
As the above examples have demonstrated, spammers are always attempting to make their spam messages undetectable by spam filters. They also want to appeal to recipients by pretending the spam contains some legitimate content. In this particular case, clicking on the link leads to a .zip file download containing Trojan.Fakeavlock malware.
There will be more avenues for spammers to entice recipients to click on spam messages as we live more of our lives online. These same spam strategies will continue. Unfortunately, this means that Web users must continue to be on high alert for spam and observe the following best practices to stay protected:
Symantec constantly monitors spam attacks to ensure that users are kept up-to-date with information on the latest threats.
After Disabling UAC via Domain GPO and Re-enabling it Users that logged in with account when UAC was disabled are now broken and need to be recreated.
Could your baby monitor be used to spy on you? Is your television keeping tabs on your viewing habits? Is it possible for your car to be hacked by malicious attackers? Or could a perfectly innocent looking device like a set-top box or Internet router be used as the gateway to gain access to your home computer?
A growing number of devices are becoming the focus of security threats as the Internet of Things (IoT) becomes a reality. What is the Internet of Things? Essentially, we are moving into an era when it isn’t just computers that are connected to the Internet. Household appliances, security systems, home heating and lighting, and even cars are all becoming Internet-enabled. The grand vision is of a world where almost anything can be connected—hence the Internet of Things.
Exciting new developments are in the offing. A connected home could allow you to logon to your home network before you leave work in the evening to turn on your central heating and your oven. If your alarm goes off while you are out in the evening, you could logon to your home security system from your smartphone, check your security cameras and reset your alarm if there isn’t a problem.
Unfortunately, every new technological development usually comes with a new set of security threats. Most consumers are now very aware that their computer could be targeted with malware. There is also growing awareness that the new generation of smartphones are also vulnerable to attack. However, few people are aware of the threat to other devices.
Linux worm
The Internet of Things may be in its infancy but threats already exist. For example, Symantec investigator Kaoru Hayashi recently discovered a new worm that targeted computers running the Linux operating system. Most people have probably never come across Linux, but it plays a big role in the business world and is widely used to run Web servers and mainframes for example.
The worm, Linux.Darlloz, initially appeared to be nothing out of the ordinary. It utilizes an old vulnerability in scripting language PHP to gain access to a computer; attempts to gain administrative privileges by trying a series of commonly-used usernames and passwords and propagates itself by searching for other computers. The worm leaves a back door on the infected computer, allowing the attacker to issue commands to it.
Since the worm exploits an old vulnerability in PHP, the threat relies on finding computers that haven’t been patched in order to spread. If this was all that the worm did, it would be fairly unremarkable. However, as Kaoru investigated the threat further, he discovered something interesting. The version circulating in the wild was designed to infect only computers running Intel x86 chip architectures, which are usually found on personal computers and servers. Kaoru then discovered versions designed for the ARM, PPC, MIPS and MIPSEL chip architectures hosted on the same server as the original worm. These architectures are mostly found in devices such as home routers, set-top boxes, security cameras and industrial control systems. The attacker was in a position to begin attack these devices at a time of their choosing.
One of the interesting things this worm does is scan for instances of another Linux worm, known as Linux.Aidra. If it finds any files associated with this threat, it attempts to delete them. The worm also attempts to block the communications port used by Linux.Aidra. There is no altruistic motive behind removal of the other worm. The likelihood is that the attacker behind Linux.Darlloz knows that the kinds of devices infected by Linux.Aidra have limited memory and processing power, and does not want to share them with any other piece of malware.
Linux.Aidra, the malware that Linux.Darlloz attempts usurp, also exemplifies this new generation of threats. Like some of the variants of Darlloz discovered by Symantec, Linux.Aidra targets smaller devices, specifically cable and DSL modems. The worm adds them to a botnet, which can be utilized by the attackers to perform distributed denial-of-service (DDoS) attacks. Whoever authored Darlloz obviously believed that Aidra infections were so widespread that it posed a potential threat to their own malware.
What is particularly worrisome about these kinds of threat is that, in many instances, the end-user may have no idea that their device is running an operating system that could be attacked. The software is, by and large, hidden away on the device. Another potential issue is that some vendors don’t supply updates, either because of hardware limitations or outdated technology, such as an inability to run newer versions of the software.
Vulnerable security cameras
This worm is just the latest in a series of incidents highlighting the emerging security threat around the Internet of Things. Earlier this year, the US Federal Trade Commission settled a case against TRENDnet, a firm that makes Internet-enabled security cameras and baby monitors. The FTC said that TRENDnet had marketed the cameras as being secure. “In fact, the cameras had faulty software that left them open to online viewing, and in some instances listening, by anyone with the cameras’ Internet address,” the FTC said. “As a result of this failure, hundreds of consumers’ private camera feeds were made public on the Internet”.
In January 2012, a blogger made the flaw public and this resulted in people publishing links to the live feeds of nearly 700 of the cameras. “The feeds displayed babies asleep in their cribs, young children playing, and adults going about their daily lives,” the FTC said. As part of the company’s settlement with the FTC, the firm had to beef up the security on its devices and promising not to misrepresent their security in future promotional material.
What is notable about the TRENDnet incident is that the devices targeted were not infected with any form of malware. Their security configuration simply allowed anyone to access them if they knew how. This was not an isolated incident. There is now even a search engine called Shodan that allows people to search for a range of Internet-enabled devices.
Shodan searches for things rather than websites. Aside from security cameras and other home devices, Shodan can also find building heating control systems, water treatment plants, cars, traffic lights, fetal heart monitors and power plant controls. If a device is simply found using Shodan, it does not mean a device is vulnerable. However, services such as Shodan do make it easier for devices to be discovered if attackers know of vulnerabilities in them.
The connected world
Not all concerns relate to security vulnerabilities. Internet-enabled televisions are now quite common and offer a number of useful additional features such as access to video streaming services and Web browsing. Recently, electronics manufacturer LG confirmed that several of its television models track what people watch and send aggregate data back to the company. The company said that it did this in order to customize advertising for its customers. However, an error in the system meant that the television continued to collect data even when the feature was turned off. The company has said a firmware update is being prepared that will correct this problem.
Figure 1. Estimate on the growth in the number of connected devices in the world (Source: Cisco)
The Internet of Things is still only in its early stages. The number of Internet-enabled devices is beginning to explode. According to Cisco, there are now more than 10 billion connected devices on the planet. Given that the world’s population is just over 7 billion, that means that there are now more connected devices than there are people. Cisco, which has been keeping tabs on the numbers of devices, now believes that the number of connected devices will hit 50 billion by 2020. Interestingly, the company believes that around 50 percent of the growth will occur in the last three years of this decade.
Within the past number of years, we have seen a huge range of connected devices emerge. For example the humble thermostat is now Web-enabled. So too is the light bulb, which can now be controlled with a smartphone. Even the automotive industry is sitting up and paying attention, promising connected vehicles that can receive a stream of real-time information.
What is driving this explosion? Simply put, there is now more “room” on the Internet and devices are becoming cheaper to manufacture. Every device connected to the Internet needs an address in order to communicate with other devices. This is known as an Internet Protocol (IP) address. The number of available addresses under the current system of addresses, Internet Protocol Version 4 (IPv4), has been almost exhausted. A new system, IPv6, is currently being adopted. It can provide a vastly larger number of IP addresses, billions upon billions for every single person on the plant.
Other standards are also evolving. For example, the industry charged with overseeing the Bluetooth standard for wireless communications recently announced the latest version of the technology. The group said that Bluetooth is evolving to take into account the development of the Internet of Things. The new Bluetooth standard will make it easier for devices to find and talk to each other in an increasingly crowded environment. And it will now be easier for Bluetooth-enabled devices to link up with an IPv6-enabled Internet.
In tandem with this increase in network space, Internet-enabled devices are becoming easier to manufacture. Many people may be aware of Moore’s law, the axiom that predicts that that the computing power of processors will double every two years. A corollary is that lower powered chips are becoming cheaper to manufacture all of the time. Other technologies, such as Wifi chipsets, have dropped significantly in price over recent years. All of these factors are combining to mean that it’s becoming easier and cheaper to produce Internet-enabled devices.
Staying protected
Many of your devices are attached to your home network, which is in turn connected to the Internet. Your router/modem is what stands between your devices and the wider world. Securing it is of paramount importance. Most come equipped with a Firewall, so ensure that it is turned on and properly configured.
The Symantec Product Listing XML was updated on 20th January 2014 with new data for the release of the 7.5 hotfix 3.
スパマーにとって、成功を収めるには 2 つの要因があります。
スパマーは、巧妙なバランスでこの 2 つを両立させます。どちらか一方に偏ってもう一方を軽視すれば、スパム攻撃は失敗してしまうからです。たとえば、件名も本文もランダムなものにすればスパムフィルタをすり抜けることは可能ですが、それではどんなに不用心なユーザーにも露骨なスパムとして無視されてしまいます。逆に、際立って魅力的なメッセージを作成すれば電子メールの開封率は上がりますが、大部分のメッセージはスパムフィルタによって遮断されてしまいます。スパマーにもそれなりに厄介な課題があるということです。
そうした課題に対処するために、スパマーは今まで以上にコンテンツの真意をユーザーから隠そうとしています。定番の各種医薬品を件名に挙げて(もっと露骨な場合もあるかもしれません)オンラインの医薬品販売サイトにアクセスさせようとするスパム攻撃は今でも後を絶ちませんが、スパムらしからぬ説得力のあるコンテンツを利用した高度なスパム攻撃も増えてきています。頻繁に使われているのが、有名人や重要人物の死亡記事、あるいは天災のような最新のニュースや事件を利用する手口です。スパムメッセージは、報道機関から送信された正規の電子メールを装い、最新のニュース記事を掲載していますが、実際にはスパム Web サイトにリンクしています。このようなスパム戦略は、マルウェアを拡散するスパムメッセージで一般的です。
コールトゥアクションが実行される確率を上げるうえでは、スパム専用のドメインを登録するのが効果的ではないことにスパマーも気付いています。特定のドメインは、スパム対策ソフトウェアによって簡単に遮断されてしまうからです。スパム対策機能に対抗するために最近スパマーの間で広まっているのが、乗っ取った URL(所有者には知られずにスパムコンテンツをホストしているだけで本来は正規のサーバー)を利用する手法や、コールトゥアクションのリンク先を不明瞭化する短縮 URLを利用する手法です。
メッセージの配信率と電子メールの開封率をどちらも増やすために、スパマーがスパムのコンテンツを変更し、状況に対応してきた 6 週間の変遷の実例を見てみましょう。
この変遷の最初は、有名な音声メールサービスのブランドを詐称するメッセージでした。
図 1. 悪質なスパムメッセージ
[Play](再生)ボタンをクリックすると、以下の URL に移動します。
http://[ドメイン]/message/i9X8PSVcFk0n0QqhGNTJmh8e3/XSunSgPKMsrzQ7Y7s=/play
実際には、音声メールが再生されるどころか、マルウェアがコンピュータにダウンロードされます。
12 月 19 日になると、スパマーはコンテンツの形式として音声メールをやめて、大手小売業者を騙った偽の配達不能通知に切り替えました。これが同一犯による攻撃であると判明したのは、メッセージにいくつかの手掛かり(同種の URL 乗っ取りが使われていたことなど)があったからですが、特に目立ったのはスパマーが犯した失敗でした。最初のサンプルと同じヘッダーを使ってしまったため、件名は音声メールの送信エラーとなっていながら、メッセージ本文には小売業者からの配達不能通知と書かれていたのです。
図 2. スパムメールの件名が誤っていたことから同一のスパム攻撃であることが発覚
この間違いにはスパマーの側もすぐに気付いたようで、コンテンツはたちまち修正されました(4 分後、またはもっと短時間で)。
図 3. 修正後のスパムメールの件名
この一連のスパム攻撃では、ほかにも 2 つの小売業者が詐称されています。メッセージの構成は変わりませんが、コールトゥアクションのリンク先として、ディレクトリパスを変えながらさまざまな URL が乗っ取られ、悪用されています。このスパム攻撃は、ディレクトリの第 1 階層を次々と変えることでスパムコンテンツを秘匿していましたが、最終的には一定期間で使われたディレクトリの数は限られています。
図 4. スパマーが利用している複数のコンテンツディレクトリ名の変遷
このスパマーは、同時に複数のディレクトリパスでスパムを拡散するのではなく、あるひとつの特定のディレクトリパスをしばらく使ってから次のディレクトリパスに移るという特徴があります。
次に変化が見られたのは 1 月 7 日、ホリデーシーズンが終わってショッピング熱も収まってきた頃です。スパマーは、大手小売業者からの配達不能通知をやめて、今度は大手電力会社を詐称する手口に切り替えました。
図 5.詐称する相手が小売業者から電力会社に変わったスパム攻撃
スパマーはまたしても、電子メールの件名で同じミスを犯します。件名では小売業者を騙りながら、メッセージ本文には電力会社からの通知を載せてしまったのです。
図 6. スパムメールの件名が誤っていたことから同一のスパム攻撃であることが再び発覚
お粗末な失敗ですが、今回も件名はすぐに修正されました。
図 7. 修正後のスパムメールの件名
スパムコンテンツとして、このスパマーが電力会社を選んだのはなぜでしょうか。クリスマスシーズンで電気料金が相当かさんでしまったかもしれないという消費者の不安を煽って、スパムメッセージから誘導されるクリック数を増やそうとしたのかもしれません。スパムメッセージにはかなり大きな請求額が記載されているため、受信したユーザーは関心を持たざるをえません。そうなればスパムとしてはもう成功したも同然です。
小売業者に偽装したスパムは 1 月 12 日に急増していますが、これは電力会社に偽装したスパムに移行してからしばらく経ってからのことです。このときのメッセージは、全体的にそれまでの攻撃と同じ構成を維持しながら、クリスマスシーズンに関する言及はなくなっていました。
図 8.クリスマス後の配達不能通知スパム
上記の例から明らかなように、スパマーは常にスパムフィルタの検出をすり抜けようと試みています。また、信憑性を持たせるためにスパムの文面が正規のコンテンツであるという偽装も忘れません。今回の場合は、リンクをクリックすると .zip ファイルがダウンロードされ、そこに Trojan.Fakeavlockというマルウェアが含まれています。
日常生活でオンラインへの依存度が高くなるほど、スパマーがスパムメッセージでクリックを誘う手口も多様化します。今回と同様のスパム戦略も続くでしょう。残念ながら、Web を利用するときにはスパムに対する厳重な警戒を今後も続けなければならないということです。こうした攻撃から保護するために、以下の基本的なセキュリティ対策(ベストプラクティス)に従うことをお勧めします。
シマンテックでは、最新の脅威に関する最新の情報をお届けできるよう、常時スパムの監視を続けています。
* 日本語版セキュリティレスポンスブログの RSS フィードを購読するには、http://www.symantec.com/connect/ja/item-feeds/blog/2261/feed/all/jaにアクセスしてください。
One unfortunate difference between SMP 7.1 and 7.5 is that in 7.1, when you run a report, the SMP records a number of "Altiris.Reporting....." entries in its logs; two of which were high useful:
Source: Altiris.Reporting.DataSource.ResourceDataSource.Run
Description: ResourceDataSource returned N rows in 'Table' table
N equates to the number of rows that you report displayed, making it easy to locate the write log records, because immediately below this line will be the actual reports SQL that was used:
Source: Altiris.Reporting.DataSource.ResourceDataSource.Run
Description: ResourceDataSource is running query:
<Reports SQL starts here>
SplashData has compiled a list of the 25 worst passwords of 2013. This list is from files containing stolen passwords posted online during the previous year.
This year's list is heavily influenced by the large number of Adobe user passwords posted online following the company's 2013 security breach.
"Seeing passwords like 'adobe123' and 'photoshop' on this list offers a good reminder not to base your password on the name of the website or application you are accessing," says Morgan Slain, CEO of SplashData.
SplashData's list of frequently used passwords shows that many people continue to put themselves at risk by using weak, easily guessable passwords. Some other passwords in the Top Ten include "qwerty,""abc123,""111111," and "iloveyou."
"Another interesting aspect of this year's list is that more short numerical passwords showed up even though websites are starting to enforce stronger password policies," Slain said. For example, new to this year's list are simple and easily guessable passwords like "1234" at #16, "12345" at #20, and "000000" at #25.
Source : Splashdata
Reference:
Article : How to test your passwords
Symantec announces the availability of Symantec NetBackup appliance software version 2.6 based on Symantec NetBackup 7.6 release. This release addresses virtual machine sprawl, lowers the barriers to defined data centers, and empowers IT on a vision to believer backup as a service model.
If Goldilocks had stumbled upon the NetBackup 5230 - 14 TB configuration appliance in her journey, her assessment of it would be “just right”. It is just right as it addresses our customer’s capacity needs between 4TB (too small) and 28TB (too big) in a small form factor (2 rack units).
A third area the NetBackup Appliance 2.6 Release focuses on is improved supportability. Refer to the two previous blogs; NetBackup Appliance 2.6 Release Overview and NetBackup 5230 – 14TB configuration. In this release*, there are three (3) new features which enable greater supportability: customers having greater control over their system, better visibility of how the system is operating, and expedited troubleshooting and support. Combined, these features enable the NetBackup appliance to deliver greater operational efficiency, reduce risk, and improve SLAs. More importantly, it saves valuable administration time by automating many routine tasks, and streamlining common procedures.
Symantec has added several new and enhanced features to delivery faster and more efficient NetBackup appliance administration and customer support:
- Appliance Diagnostics Center: New tools and wizards to troubleshoot problems and optimize the customer’s appliance, including:
These Wizards can be accessed from the following icon in the NetBackup Appliance Web Console:
A separate Wizard helps you perform each task. Some Wizards also guide you through system optimization and tuning. The Automated health checks and log collection enables faster case resolution through standardized data collection and pro-active appliance health checks.
- Enhanced help system: Provides faster and more efficient search capabilities. Symantec Help Center (SymHelp) is a browser-based, help delivery system with advanced search, autosuggest, and filtering capabilities. SymHelps offers additional advantages over traditional help systems:
- Appliance checkpoint and rollback: Allows one user directed checkpoint, as well as appliance automated pre- and post-upgrade checkpoints, to revert to a previous configuration. The factory reset capability has been enhanced with the option of retaining storage configuration and backup data. The ability to roll back to a later state is defined by a checkpoint. All of these methods to restore the appliance to a previous point in time are available in a management area called Appliance Restore. The four (4) types of checkpoints are:
Only one of each checkpoint type can exist on the appliance at a time. At most, there can be four checkpoints on your appliance: a pre-upgrade checkpoint, a post-upgrade checkpoint, a user-directed checkpoint, and a factory checkpoint.
Symantec NetBackup is focused on saving customers time and money. And nowhere is that more visible than with the improved supportability features in NetBackup Applinace Release 2.6.
For additional NetBackup Appliance information with NetBackup Software Release 7.6 refer to Symantec NetBackup 52xx Appliance Release Notes - Release 2.6.
Notes:
* NetBackup 7.6 is the version of NetBackup software that the NetBackup Appliance 2.6 release installs. Information about the new features, enhancements, and fixes found in NetBackup 7.6 can be found in the NetBackup 7.6 Release Notes document on the Symantec Support website: http://www.symantec.com/docs/DOC6138
Pharmacy Board of Australia issuing formal warning on records held for ransom based on 10 reported incidents.
Attention aux mises à jour JAVA pour les administrateurs Altiris, problème remonté par Xavier (Merci à lui ;)
Attention aux mises à jour Java, cela fait 2 client chez qui j’ai remarqué le même problème que j’ai reproduis sur ma Sandbox :
Avec des versions supérieures à 7u21 il devient impossible d’effectuer une modification ou un import de package.
(Un client était en 7u45 et l’autre en dernière version 7u51)
Respected forum members,
This is my first ever thread. I have tried to make it as informative as possible.This blog is inspired by Curtis Preston's blog .http://searchdatabackup.techtarget.com/tip/Tape-backup-best-practices-How-to-improve-tape-storage-performance but not copy/paste job.I have used only headings from that article.
Tape is not going to go away as much as I like to throw it out.So to get best out of Tape drives in Netbackup based environment with Disk staging,please have your Architect hat ON and procced furthur.
Understand the limits of your tape drive
LTO-4 tape drive's maximum native (uncompressed) transfer rate is 120 MBps. LTO-4 Drives we used had about 128MB of SRAM as cache. More data you are able to send to the drive cache more faster your drive is going to perform.
Below table gives you speed and capacity numbers for each LTO drive type and media.My goal was to achive 240MBps in my environment on LTO-4.This is not as easy task, you will have to take Curtis Preston's points as well as look at symantec's tuning guide.
Know the source: data size and pipe and compression rates
Most of the Database transaction and Archive logs tend generate too small files, which can negatively affect the RPO/RTO as modern tape drives work at the same speed as the data size until it hits maximum sealing on 240 MBps.So make sure you involve your DBA when designing the backup infrastructure and backup policy standards.
Some data compresses .I got 2.2 TB on single LTO-4 media,I have seen best compression in SAP followed by Oracle Database backups then SQL,NDMP.
Know the data path
What type of network you have for your media server a 10 Gb network ?
We have moved to 10G network backup network to aviod saturating NIC on the media server.
Move had positive impact in the way reduced backup failures as well as reduction in the data fragmentation in the disk(DSSU) thus allowing upto 160MBps of writing speed even for uncompressed data Also tape drives did achieve compression over 2 TB per tape.These numbers are way more than manufacturer's numbers.
Internal to the server, giving dedicated fiber paths to your tape drive
Best practice is always to separate the Disk and Tape functions on HBA cards, but we understand the benefits of having both running on one HBA card.
The rule of thumb is to separate, but with today’s technology, you can theoretically have a disk port and a tape port on the same HBA since they both require initiators. For example, a SAN Client HBA can only do SAN Client as the entire card is either initiator mode or target mode.
While an advantage is saving money and simplicity by pushing both processes down the same card, there are disadvantages in doing so.
Disadvantages:
HBA Reset
If an HBA card needs to be reset for any reason (there can be many), it will affect both disk and tape operations with slowness or complete failure. Separating tape and disk to their own zone will avoid one affecting the other for a larger scale outage.
Performance
An 8 Gb/s HBA can hit theoretically speeds of 1063 MB/s. That is suitable for High Performance Tape Drives and Disk Drives. What happens most of the time is that bandwidth is maxed out with just disk reads and tape writes. This can have serious performance degradation as most architecture designs need to take into consideration the real world saturation levels.
Another thing to think about is analyzing the capacity so that you can properly zone the right amount of FC tape drives per HBA to meet your backup window you are trying to meet. It is recommended not to configure more than 4-6 LTO-4 tape drives per 8Gb HBA port and as well as distribute the tapes across all available tape-zoned HBA ports.
Avoiding hot spots in DSSU volume by having volume spread across multiple disk helps to achieve better performance.Choosing latest X86 servers over legacy servers has it's advantage.My test servers was Del R 710 with 24 core and 71GB memory with two duel port FC card with one 10G port.
Having more memory at your disposal helps,latest DDR-3 memory helps faster data transfer between CPU and memory.
Know the backup application
Need to know litle insight into backup application performence tuning,here we use Netbackup. What you see below is my reserch in optimizing buffer management task in Netbackup.
Most of the tuning guides will talk about doing trial and error method to arrive at buffer numbers for NUMBER_DATA_BUFFERS in backup environement.
After reading below lines you will notice that you can keep any value from 32-2048 and still achive zero or near zero wait number.
Keeping the SIZE_DATA_BUFFER as 512kb I tried to put more NUMBER_DATA_BUFFERS_DISK. tried 32Kb first Wait counters were near zero,more data you push in to the buffer it should be better thruput.
But Netbackup wait counters will not agree with you ealily.
Disk staging is the key component enterprise backup standards.Since the migration to new LTO-4 drives lack of performance was evident as we used to see similar numbers as older LTO-2 drives
As the new generation of LTO-4 drives provides good 128 MB of drive buffer, increasing the rate/size of data sent to drive should result in optimal performance.
This was done by increasing the backup application buffer to higher number
where the disk reader and tape writer interact
but,when this setup is tested it created serious lag for medium and large files where either disk reader or Tape writer spent long time to fill or empty the buffer. Symantec’s recommendation on tuning is to adjust the number of data buffers so that, fill up wait counter and empty wait counter’s number becomes zero or closer to zero.
But practically it was found to be difficult to set/tune to a number as number of data buffers to achieve the near zero wait count numbers.
I wanted set say 1024 buffers that would mean i am trying to push about 512MB of data to shared memory (SIZE_DATA_BUFFER*NUMBER_DATA_BUFFERS_DISK*MPX) But I was getting serious lag in performence as wait counter numbers were astronomical!!
We tried to create a memory cache for data that might be needed before hand.The read ahead algorithm detects that a file is being read sequentially by looking at the current block being requested for reading and comparing it to the last block that was requested to be read. If they are adjacent, then the file system can initiate a read for the next few blocks as it reads the current block.
This results in large and few I/O reads from diskstaging storage, since the next block required by the application disk reader process is already cached in the server’s memory,data transfer rate is at the speed(DDR-3) at which memory can work.
This results in having higher buffer numbers like anywhere from 512 to 2048 , instead of 64 buffers what Symantec recommends in netbackup tuning guide and still be able to achieve zero and near zero wait times to fill or to empty the application buffers.
Below Picture shows the evidence of zero wait time to fill the buffer.
Above one is for disk reader process and below one tape writer process in Netbackup.
Above picture was feat to my eyes as , I got zero or near zero wait times for the duplications or de staging to tape media from staging disk.
Below is the hi level architecture diagram i could come up with. Note that i am only dipicting destaging or duplication from disk to Tape media.
Read prefetch cache is the layer which does the magic of eiminating all the delay.
Other considerations,
Memory based IO is quicker than Disk based IO, by pre fetching the data to the memory using Volume manager’s read ahead logic wait counters can be brought down to zero or near zero numbers for any data type. Solution also helps to get few but larger data from the storage rather than many small data thus helping reducing number of IOPS on the storage too.
Here is result of my experiment
Small data(<1MB) No wait times from 32 to 2048 buffers and performance same as incoming data size
Medium sized data(1MB-100MB) ) No wait times from 32 to 2048 buffers and performance same as incoming data size
Large data (>240MB) No wait times from 32 to 2048 buffers and performance went over 300MBps for LTO-4 drive!!
Tape drives are becoming faster with advancement of the technology.
If we one need to take advantage of the faster drives data needs to be fed to the drive at speed at which drive expects to provide optimal performance. Since backup application alone cannot scale up, data prefetch and memory based IO become necessary.
How did I enable read prefetch?
The VxFS file system uses a parameter read_pref_io in conjunction with the read_nstream parameter to determine how much data to read ahead(prefetch). The default readahead is 64KB. This parameter was set to 16/32 MB during the experiment.
The parameter read_nstream reflects the desired number of parallel read requests of size read_pref_io to have outstanding at one time. The file system uses the product of read_nstream multiplied by read_pref_io to determine its read ahead size. The default value for read_nstream is 1.This was set to same as number of coloumns of the striped disk i.e value of 10.
discovered_direct_iosz: When an application is performing large IOps to data files, e.g., a backup image, if the IO request is larger than discovered_direct_iosz, the IO is handled as a discovered direct IO. A discovered direct IO is unbuffered, i.e., it bypasses the buffer cache, in a similar way to synchronous IO.This will reduce performance because the buffer cache is intended to improve IO performance. This value was set larger then 10GB(bigger than total data pushed via shared memory) , so that all the backup images do not use direct I/O while reading medium/large images.
You will have to save these settings in (/etc/vx/tunefstab),I would encorage some one to try tunning MAXIO parameter in Veritas foundation suite and report the gains.
Avoid direct to tape
There is no way one can send data over 1Gbps LAN to saturate even a LTO-3 Tape drive,if you do the calculation max a 1Gbps network can send is 128 MBps which way less than 160 MBps what LTO-3 needs.
If you are buying latest generation tape drives and still on a decade old LAN,what is point in buying a new drive or media?
Fox example 1.8 TB of SAP DB backup takes 8 hours to write a disk using 1Gbps network but it just take 2:05 hours to transfer it to tape.Directly sending the same data to tape takes over 16 hours to complete.We effectively saved 6 hours of duty cycle for drive and cpu time for server.
Tape is going to be around for a while,Unless disk based backup solution becomes norm.
Disclaimer : HBA insight is by Ken Thomson of Symantec.
You need to think global in the 21st century. But sometimes it’s vital to keep a local perspective too. Take internet security. Many threats have a worldwide character but, in every country, consumers and businesses also face specific dangers every time they go online with their laptops, tablets, smartphones or desktops.
As fans of Formula 1 eagerly await the new season, big changes are coming that will have a major impact on the sport. It’s something that Lotus F1 Team readily acknowledges will be a huge challenge. But they will be ready to take on whatever comes their way, they insist, just as their long-term partner Symantec is also embracing transformation throughout its business.
In fact, Lotus F1 Team sees itself and Symantec as being on something of a parallel journey, as they manage their rapidly altering business landscapes – very different, it might seem, yet driven by a common purpose: to be the best at what they do.
It is Symantec’s ability to achieve that goal, time and again, that has made Lotus F1 Team such a committed consumer and champion of its solutions. But first, back to those big changes in Formula 1. “For next season, the amount of fuel that can be used in a race is limited to 100kg, so none of the cars will have enough to finish the race,” Michael Taylor IT/IS Director explains. Also, the 2.4 litre V8 engine configuration used between 2006 and 2013 will be replaced with a new formula, specifying a 1.6 litre turbocharged V6 engine that incorporates an energy recovery system into its build. “The teams will have to use their energy recovery systems [ERS] to get them round. All we have learned in the last five to six seasons is going to be largely irrelevant.” Survival will be about being the fittest, not least when it comes to the technology that is employed – which is where, for Lotus F1 Team, Symantec scores so highly.
But it isn’t just his team that says so. Research conducted by The Alchemy Solutions Group found that Lotus F1 Team achieved substantial business value when deploying archiving, high availability, data and messaging security, and IT compliance solutions from Symantec. The aggregate value added up to more than $2.6 million in cost savings associated with IT operational efficiencies, productivity gains and green energy. Moreover, cost savings were attained in the areas of tape media associated with backup and recovery, and email storage space.
Taylor sets great value on how Symantec’s technology helps Lotus F1 Team not only stay secure wherever it accesses data on the world circuit – café, plane, hotel etc. – but also to inform the decisions at the trackside that can mean ensuring a podium place... or not. “We are dealing with data that is highly complex, from multiple sources, all in real time, and for two cars.” It has made him all the more determined to strengthen the bond with Symantec technology to ensure that all of the data required is always with the people who need it, when they need it. “The team that does best in analytics next year will do best overall. That is certain,” he says. Performance of the data will be a key factor in deciding the performance of the cars.
Never has data needed to be more preciously guarded either. “We need to know that our data is secure at all times, travelling as we do to maybe 20 countries around the world, often remote areas, with our people taking a subset of the data with them. We have to protect that data and our devices.” And not only while on the F1 global circuit. “How do we make sure that the trusted insiders within our organisation don’t take that data with them when they go to another team at the end of a season? That’s where Symantec comes in. The solutions we use give us those levels of protection and assurance.”
That protection of its intellectual property (IP) through Symantec’s technology also extends to Lotus F1 Team rivals, too. “In the run-up to the start of a new season especially, we need to make sure none of our competitors knows what we are doing, because that is when we are putting together the final design for next year’s car. Our relationship with Symantec is all about availability and security – and what is going to help us win races. On that basis, Symantec is critical to our business.”
