Displaying articles for: 02-07-2010 - 02-13-2010
HP just opened the large 360,000 sq. ft. Wynyard data center. This Green Data Center project was underway at EDS before the HP purchase. It uses the continuously blowing cool North Sea air and a unique multilevel low pressure airflow design to minimize the cost of cooling.
"The air runs through a massive bank of modular filters to remove dust and other contaminants before it circulates in a massive cavity, called a plenum, below its data center halls.
The air is forced up though the floor and runs over the front of server racks before being exhausted. The system keeps the hall at a constant 24C (75.2F). When it is cold outside, some of the exhausted heat is recirculated with the outside air to maintain the right temperature."
"Running at a full load, HP has calculated that the Wynyard facility has a 1.2 PUE, meaning that for every 1.2 watt of electricity used to power IT equipment, 1 watt is used for cooling and other facility needs. That makes it HP's most efficient data center"
PUE is being used by the EPA in the US to determine Energy Star ratings for data centers. Various cloud vendors are using PUE for comparison as well and HP's appears to shape up pretty well in that comparison.
Energy efficiency is not everything when it comes to data centers though like all modern data centers security is critical:
"Security is tight. Access cards and biometric details are needed to access halls. Server cabinets are locked, and the keys are only released if the particular engineer has permission encoded on an access card. The entry system to the data halls prevents two people from entering at the same time. The data center also has a high perimeter fence, reinforced walls and constant security."
I was catching up on my reading the other day and I came across an article on using Swarm Intelligence techniques to identify computer malware, describing research from Wake Forest University and the Pacific Northwest National Laboratory (PNNL). In my predictions for 2010 I listed security as one of the areas where significantly different techniques are going to be required. This article reinforced that perspective.
The article talks about using a detection approach that had different kinds of assessments moving around the corporate network looking for anomalies. Once an unusual situation is found they leave a trail (like an ant) back from the central security site. Other assessment techniques can follow the trail and look at the issue from other perspectives and develop a better understanding of the issue. This new approach to security minimizes false positives, since the report of unusual events are more thoroughly analyzed before a treat signal is raised.
"The system comprises a hierarchy of agents that run in specially designed swarm software deployed on all the hosts in a protected network. At the bottom of the hierarchy, the ants are simple programs that look for a particular statistic as they travel from host to host. Each ant has a memory of what it finds to be normal across the previous five hosts it visits.
One level up, a sentinel agent runs on each host. On the basis of information it collects from the ants, the sentinel forms an idea of the host's normal state. When an ant finds something unusual, it reports this to the host sentinel. For example, if the ant reported 8,000 connections per minute, the sentinel might see this as an anomaly. In that case, it would reward the ant by raising its pheromone value. The ant stores this information. As it moves on to other hosts, its high pheromone value attracts other ants and communicates the information about the host that raised its pheromone value. This encourages the other ants to investigate that host as well.
If these additional ants find other anomalies, they would also be rewarded, which would attract ants from other hosts. A certain threshold of messages triggers a threat signal.
Sergeant ants haven't yet been implemented in the prototype system, but they will sit between the computing ecosystem and human analysts. When a threat signal is triggered, the sergeants will report it to a human for further action. The sergeants also let humans specify what types of behavior the system allows. For example, a system administrator could tell the sergeant not to allow peer-to-peer file sharing, and the sergeant would create agents to disable this on all the hosts."
Although it is still a prototype:
"The researchers created four digital ants of the 64 types then eventually want. To test their effectiveness, they set up a bank of computers and released three worms into the ant-infested Linux-based computers. The four digital ants in the computers had never seen the viruses before, yet identified the virus by only monitoring."
Physorg.com had a post on how touch sensing capabilities can be applied to many types of surfaces. Being able to add a thin layer of touch sensitive material to a table or other space could make an interaction environment much more aware. Adding this to the projected multi-touch environment mentioned in a previous post would enable an immersive environment that could be interacted with in multiple dimensions.
It will likely be a while until we see this in our daily lives, but these technologies can definitely transform mundane objects into powerful interface devices.
A recent event in the U.S. demonstrates a blatant and amateur attempt at social engineering. This case involves an independent and conservative investigative report, or depending on your perspective, an activist, James O'Keefe and three other associates. O'Keefe is known for successfully infiltrating political organizations like ACORN, posing in various undercover roles to expose information, wrongdoings, and the like, using classic social engineering tactics.
The latest event involving the district office of U.S. Senator Mary Landrieu of Louisiana has been widely covered in the media, including articles CNN and FoxNews, and many others. A brief quotation from the article at CNN illustrates the social engineering tactics that were used:
The two men were "each dressed in blue denim pants, a blue work shirt, a light green fluorescent vest, a tool belt and a construction-style hard hat when they entered the Hale Boggs Federal Building," the release noted.
After they entered the building, the two men told a staffer in Landrieu's office they were telephone repairmen, according to the release and Rayes' affidavit. They asked for -- and were granted -- access to the reception desk's phone system.
O'Keefe, who had been waiting in the office before the pair arrived, recorded their actions with a cell phone, said the affidavit by Rayes.
Flanagan and Basel later requested access to a telephone closet, claiming they needed to perform work on the main phone system, the release and affidavit stated.
According to Rayes' affidavit, the two men went to a U.S. General Services Administration office on another floor and requested access to the main phone system. A GSA employee then asked for their credentials, and the two men said they left them in their vehicle, the affidavit said.
Whatever the aims of O'Keefe and his associates, they are currently being charged with entering (a federal) office under "false pretenses for the purpose of committing a felony."
However, this story sounds like it might have come straight from Kevin Mitnick's book "The Art of Deception". The one difference is that these men appear to be amateurs in the field of social engineering. Why? They got caught. And, to me, the reason seems to be that they did not "do their homework" to prepare for unforeseen circumstances (i.e. being asked to show credentials).
The lesson to be learned from this (for those in IT and security) is that the senator's office appears to have done an adequate job in training its staff and employees with proper procedures and security awareness to spot and avert social engineering attacks. The staff involved did not fall blindly for the ruse posed by the workmen's overalls and hardhats that appeared to make them look like telephone service personnel. Rather, they were sent to the proper office (General Services Administration) and once there, they were asked to show proper credentials.
The result? BUSTED !!!
Even if the two men posing as telephone repairmen had obtained false credentials, I would hope that the GSA employee would have checked to insure that "maintenance had been scheduled", or called their telephone service providers to verify the employment and activities of the two men.
And to borrow the subtitle of Kevin Mitnick's book again, that is how you "Control the Human Element of Security".