Relax. The discovery of a keylogger (keystroke recording tool) on hundreds of models of HP laptops does not appear to be the privacy nightmare that we originally imagined. Discovered by security researcher Michael Myng, the keylogging code is embedded in the Synaptics touchpad drivers of about 460 models of HP and Compaq laptops dating back to 2012. Synaptics reports that the technology is not intended to be a keylogger but instead a debugging tool. It was left in the touchpad drivers to help developers track down and fix problems with the touchpad.

By default, the keylogger is disabled. However, it is potentially exploitable and can be switched on by anyone with administrative privileges and who has local or remote access to the laptop. It is enabled by editing the Windows registry, and it now can be erased simply by updating your Windows application. HP also has issued a software patch. Download the patch at https://support.hp.com/us-en/document/c05827409.

In addition to “Keylogger Found on HP Laptops,” read the articles below in the Availability Digest.

Cloud Resiliency – Reliable and resilient application architectures are fundamental to today’s data centers. Reliable means that the failure of a system component is rare. Resilient means that if a component does fail, it can be restored to service; or its services can be transferred to another operational component quickly. In today’s data centers, reliability and resiliency are achieved by incorporating redundant servers whose databases are kept synchronized via data replication. In this way, the backup server is immediately ready to take over processing should the production server fail. However, the emergence of cloud computing has dramatically changed the way we think about application resiliency.

Fire Takes Down Atlanta Airport – Hartsfield-Jackson Atlanta International Airport is the busiest airport in the world. On December 17, 2017, the airport lost all power, including its backup power source, due to a fire. The airport remained out of service for eleven hours, and flights all over the world had to be canceled. The fire began in an underground tunnel that carries seven power lines from two sources to the airport. The fire destroyed the power lines, plunging the airport into darkness. Apparently, a piece of equipment known as a ‘switchgear’ caught fire. The switchgear regulates the flow of power to the airport and was located in the tunnel housing Georgia Power’s cables. When the switchgear caught fire, it took out not only the main power source but also its backup.

Swapping Data Replication Engines with Zero Downtime – A mission-critical application often runs in redundant systems to ensure it is always available to its users. Such a system may be configured as an active/passive pair, in which one system runs the production workload while the other system is standing by, ready to take over application processing in the event that the production system fails. Alternatively, the system can be configured as an active/active architecture, in which both systems are processing transactions. A data replication engine is used to keep the databases of the two systems synchronized. Sometimes, companies may decide to change data replication engines or to upgrade to a new version of the existing data replication engine. With mission-critical applications, it is necessary to do so without taking the applications down – a zero downtime migration (ZDM). Furthermore, it is imperative that a backup copy of the database is always available, ready to take over if the production database fails. The backup database must be kept synchronized with the production database while the data replication engine is being migrated. In this article, we describe how a data replication engine can be changed without taking down either applications or the backup database.

@availabilitydig – The Twitter Feed of Outages - Our article highlights some of our numerous tweets that were favorited and retweeted in recent days.

For those who missed the Availability Digest in Tandemworld’s December 2017 issue, visit http://availabilitydigest.com/digests/v12_i11/1211_digest.pdf to read “The End of Custom of Software,” “California Fires Destroy HP Archives,” “$280 Million in Cryptocurrency Lost Due to Bug,” and “Fire Extinguishers Can Cause Data Center Outages.”

The Availability Digest offers one-day and multi-day seminars on High Availability: Concepts and Practices. Seminars are given both onsite and online and are tailored to an organization’s specific needs. Popular seminars are devoted to achieving fast failover, the impact of redundancy on availability, basic availability concepts, and eliminating planned downtime.

In addition, the Digest provides a variety of technical writing, consulting, marketing, and seminar services. Individuals too busy to write articles themselves often hire us to ghostwrite. We also create white papers, case studies, technical manuals and specifications, RFPs, presentation slides, web content, press releases, advertisements, and so on.

Published monthly, the Digest is free and lives at www.availabilitydigest.com. Please visit our Continuous Availability Forum on LinkedIn. Follow us as well on Twitter @availabilitydig.
 

 In May 1976, Tandem Computers shipped the first T/16 system to Citibank. Over the last 42 years, literally thousands more NonStop servers have shipped to customers that value the fundamentals: Performance, Security, Fault Tolerance, Reliability and Scalability for Mission Critical Applications.

Move Backup/Restore and Data Archival out of the Silo!

As NonStop direct-attached backup/restore and data archival subsystems age, customers must determine what direction to take for replacement. Many customers are still using NonStop VTS, but that’s now an end-of life product. Of course VTS could be replaced with a VTL and some form of dedup device on the back-end. However, data deduplication, by its very design, has several fundamental issues which must be considered prior to new deployments:

·       Backup windows increase, especially with dedup VTL appliances, due to front end data processing

·       As the cost of disk drive storage decreases, the case for target side deduplication of data (as opposed to source side deduplication) becomes less significant. And the cost to store a terabyte of data continues to spiral downward…..

·       Plus NonStop backup/restore and data archival as  silo environments are still maintained

How can NonStop backup/restore and data archival move beyond the silo paradigm? Data storage needs to be viewed in an “enterprise wide” context. Today, with the advent of Cloud based storage, there is really no reason that NonStop need be singled out as requiring direct attached, unique storage architecture. Performance, Security, Fault Tolerance, Reliability and Scalability are all easily achieved with the appropriate application of Cloud-based storage solutions.

Enter Tributary Systems’ Cloud Object Storage Solution

A great answer to “eliminating the silo” is Tributary System’s Cloud Object Storage Solution. Employing advanced COS technology coupled with Tributary’s proven Storage Director® as the “front end”; NonStop customers can transparently take advantage of IBM’s Cloud Object Storage® (COS), without any changes to their NonStop applications.

Storage Director, is a policy-based, tiered, and virtualized software product especially designed for backup which can be seamlessly integrated with any media, including tapes, disk drives, virtual environments and NonStop or other proprietary environments, plus open systems. Storage Director can group data into different pools and apply different protection policies at different times across any storage medium simultaneously.

Tributary Systems has gained a massive strategic edge as it has entered into a synergistic partnership with IBM to revolutionize enterprise cloud data backup/restore, archive and DR. Combining the capabilities of Storage Director while endorsing long-term archival to Object Storage is where the data backup and retention market is evolving. Storage Director has the capability to backup all NonStop mission-critical servers using a single solution. In addition to Storage Director’s AES 256-bit encryption, data is also erasure-coded in the storage tier for maximum security.

Thus, Tributary’s IP, when combined with the leading Cloud Object Storage solution imparts exclusive cutting-edge data storage and management capabilities that can be well extended beyond public cloud models—into hybrid and on-premise environments—and as mentioned, also offers double-layered security for NonStop clients.

Finally, the Storage Director and IBM Cloud Object Storage solution can be implemented with a monthly fixed cost model, unlike all public cloud providers such as AWS, who charge customers for accessing their data through additional fees for “puts and gets.” Employing a cloud backup solution where costs vary widely from month to month, based on access to their own data, is challenging for most enterprise customers.

Is your system secure? Is your platform hardened against attacks? These might seem like straightforward questions but in reality hardening your platform is a complex endeavour. Truly hardening a system involves a multi-layered approach and it is not always easy to tell how secure a system is, even after measures have been established. How do you regularly verify if a security policy is being met or whether one of its rules has been broken through drift and decay? How do you know which system changes have been made, when they were made, and by whom? The importance of having a compliant baseline and being able to monitor and correct anomalies in the baseline to ensure compliance cannot be overstated.  

Introducing Protect-X® 3.1, a highly automated, browser-based security hardening solution for HPE NonStop, NonStop X, Safeguard, OSS and UNIX platforms, developed by  CSP. It features agentless design so there is nothing to install.

Protect-X® uses the rules and recommendations available through CSP-Wiki®, which contains industry-standard hardening policies, and uses them to show how secure your platform really is. Access to CSP-Wiki® is free for NonStop end-users but, although this security knowledge is extremely useful, the challenge of implementing it remains.

With Protect-X®, you can easily compare your systems’ settings against industry-standard hardening policies, gaining a quick, visual overview of compliance vulnerabilities. The Protect-X® interface makes it easy to view current system details and adjust settings as necessary to bring them in compliance with standards, on either a one-time or scheduled basis. Any changes can be subject to Protect-X®’s change management function, allowing responsibility for security activities to be distributed among many users while retaining overall control. All changes, whether just proposed or implemented, are captured in the system audit log.

The Protect-X® interface features an at-a-glance Dashboard that call attention to key metrics and gives quick access to related functions.

Protect-X® allows authorized users to:

·        Create custom versions of hardening policies and check how well a system complies with them

·        Produce informative reports and share them with external parties

·        Verify current users’ access to critical resources and identify possible vulnerabilities posed by that access

·        Manage and monitor changes to file permissions, users, groups, aliases, and Safeguard global settings for monitored systems, enforcing changes once or on a customized schedule

With Protect-X® 3.1 CSP gives you the power to decide how rules and recommendations are implemented on your specific platform. We have provided seamless implementation of security hardening policies, with complete customization, as well as powerful management functions to help you ensure that your platform is hardened against attacks.

For more information on Protect-X® please visit www.cspsecurity.com

For complimentary access to CSP-Wiki®, an extensive repository of NonStop security rules and best practices, please visit wiki.cspsecurity.com

Regards,

The CSP Team