Filtering log data: Looking for the needle in the haystack

Where there are logs, there is usually an overwhelming amount of log data. This makes it hard for an organization to spot security problems. How do you find the one packet among millions that indicates someone is sending proprietary information out of the enterprise?

Let’s illustrate how it is possible to drill down and find that single suspect packet through a series of screenshots. As an example interface, we’ll use NetIQ’s Security Manager v 6.0 to demonstrate the filtering process. You can read more with my tip published on SearchSecurity.com.

A new kind of data center testing facility

I let you in on one of my big passions – I have a certain fondness for visiting data centers. Maybe it is the feeling of power coursing through all those racks of servers, or getting access into the inner sanctum of IT after passing through a series of security checkpoints. Or it could be just seeing how all this gear has been wired up.  I always was big on looking at the backs of equipment and checking the cables whenever I got a demo from some vendor.

So when the folks at Schneider Electric and its American Power Conversion subsidiary asked me if I wanted to come to their open house of a new kind of data center, they were talking to the right guy, and I jumped at the chance.

The place is an oddity for several reasons. First, it is built like an actual working data center but with one key difference: there is literally nothing inside it. Instead, the mostly empty building has lots of HVAC equipment, electrical power, and plenty of monitoring and modeling tools. The idea is to have “a facility dedicated to practical solutions, not a not of hype,” says Aaron Davis, the chief Marketing Officer for the subsidiary.

Schneider built its data center, which it calls its Electric Technology Center, to serve as a test bed for its customers, to show IT managers what they need to do to reconfigure their own data centers as they have evolved from mainframe-centric to house more distributed systems. It is a great idea and overdue. As IT shops outgrow their data center infrastructures, they want to be able to figure out the power and cooling issues and how companies can retool their data centers appropriately.

If you run a data center, chances are you have some pretty old equipment that you’d like to replace but literally don’t have the energy to do it. Your raised floors are probably filled with outdated cabling that is so thick you have lost much of the airflow capacity and cooling ducts. Your air conditioning is on overload because it was never designed to cool racks of gear, and the temperature varies greatly from one aisle to another as a result. Your backup generators and power conditioning equipment is probably not matched to the gear it is backing up, and you have no idea of what should be upgraded first.

Wouldn’t it be great to model what you need to do, before you actually have to bring servers down and remodel? That is the essence of the idea behind what Schneider is trying to do with its new testing facility, located outside of St. Louis. Think of it as one big (more than 100,000 square feet) big playroom where you can bring in gear and move it around and test various situations before you have to deploy it in your own shop.

Some companies are fortunate and able to rebuild or relocate their entire data center, something that I got to witness first-hand when the data center at the end of my block was rebuilt to new specs. (See the article here on my night at Rejis when they moved their facility just a few feet.)

But not everyone can just take a former parking lot and erect a new building to serve modern needs. Some IT shops have to do a fair amount of retrofitting, and that’s where the St. Louis test bed comes in handy. Firms can build racks and lay them out on the floor, and try out different scenarios to measure airflow, power consumption, and temperature gradients for their gear. There are also two huge temperature controlled testing rooms that can rapidly heat or cool down and be used to see what happens to particular gear.

I am glad that the company picked St. Louis to build their facility, because being the data center groupie that I am I hope to visit often and get to see what they are doing with their customers. Plus, it is a really neat looking building that also serves as a showroom for some of the company’s product lines. Schneider bought APC earlier this year, and has merged them with their MGE division, which sells electric power control equipment. While most of us know APC from their battery backup boxes (or we should), they also make large-scale rack power and cooling gear that are designed for data center use.

Their push has been to isolate airflow just around the immediate vicinity of the racks, so you are cooling the smallest air volumes and reducing the amount of power for these cooling needs. This has lots of appeal, particularly these days when everyone is going green and when oil prices continue to reach new highs. At the launch event last week, representatives from the US Department of Energy and thegreengrid.org spoke about how they are working together to reduce energy usage of data centers. “This is real low-hanging fruit,” said Douglas Kaempf, who runs the Industrial Technologies Program at DOE. The Schneider facility has 7 MW of power supplied by the local utility, which is enough to power a reasonable suburb.

Ironically, the Schneider facility is located in between two massive data centers of Mastercard and Citibank, just the other side of the Missouri River from where one of the worst floods happened about 15 years ago. Don’t worry – all three are on high ground and have plenty of backup resources too.

If you are looking at a data center remodel, keep this place in mind. The daily rental fee starts at $5,000, depending on customer needs.

Webcast — Logging and auditing, a guide to gaining security intelligence

In this webcast for SearchSecurity.com, I talk about some of the issues involving logs and audit tools and techniques. It is part of a series that includes this story in Information Security magazine, and this illustrated tip for the Web site on NetIQ’s filtering features.

If you really care about WHOIS, read this now

ICANN, the people that govern the underlying workings of the Internet, are looking for comments on how to change WHOIS, the registry of who owns what domain name that is mostly broken for various reasons I won’t get into here. But do read Doc Searls’ excellent post on the topic, and if you have some strong opinions, send your comments to this email box by tomorrow, as that is the deadline for when the particular working group begins to sift through them and maybe make some decisions.

Symantec Endpoint Protection Reviewer’s Guide

I wrote this reviewer’s guide for Symantec’s newest endpoint security software.

Channel chat podcast: Wade Wyant, ITS

Wade Wyant, director of technical services for ITS, a Michigan-based VAR and integrator, talks about how he has become a specialist in selling the various software tools from the Altiris division of Symantec for enterprise configuration and desktop management, in this Channel Chat podcast for eWeek/Ziff’s ITLink site.

Emailing your Mercedes, thanks to the New York Times

It isn’t too often that you get to sit in a $100,000 car. But it is even better when you call up your local Mercedes dealer and tell them that you are the reporter that they are expecting from the New York Times who is writing an article about the car.

 

Yes, I am lucky that I get to do the occasional freelanced articles for the Grey Lady. It is a kick, I have to admit. Today’s piece is about new car technologies, such as one that I will tell you about that got me behind the wheel of a very nice car. Sadly, I didn’t get to even take it on the road. But still, it was fun to actually spend some time in one nice ride.

You can read my article in the New York Times here.

You have heard about Lexus’ automatic parallel parking feature. Well, I didn’t get that assignment – someone else who has better connections got to write about that. (And the short answer is if you have to parallel park your Lexus rather than leave it with a valet something is probably wrong with that picture, but you need a lot of room for the automated system to work.) But how about a car GPS system where you can email your directions directly? It is a nifty idea, and I got to see it firsthand.

 

There are some kinks in the system, though. It works only with Yahoo and Google mapping services, and not identically with both, depending on whether or not you are navigating to a particular address or just put in a point of interest. You can’t send other emails to the car’s GPS system – it only will accept directions from either mapping site. I guess that means it is only a matter of time before some spammer figures out how to get around this.

 

So what makes for such a pricey car besides the fancy GPS? How about a sunroof that is aerodynamically fitted into the car’s roof, so when it retracts, there is no wind sound? (I can’t actually say that I observed this first-hand, because as I said we never left the lot.) Or a sun shade that rolls up to cover the rear window, blocking out a lot of light to keep your car cool? Or a seat cooling system to go along with the seat warming system? Or an infrared display to show you what is ahead on the road when you are driving at night? Still, these are just options that add maybe $15,000 or so to the price of the car.

 

Roy, the salesman that had been delegated to show me around the car, couldn’t have been nicer, at least as car salesman go. He told me that one of the reasons why he likes selling Merc’s is that he gets to spend time making sure that the owner knows his or her way around the zillions of systems that come with the car. He will even make house calls and make sure that you can set up the integrated garage opener so you can get the car in and out of your garage. And of course there is the requisite integrated iPod and Bluetooth cellphone attachments. (Car ads in Germany right now are all about these features. Of course, there people drive Mercs instead of Buicks.)

 

The funny thing about Roy is that he works for the city sewer district, “doing shift work” as he put it. Selling nice cars is a big switch from his day job.

 

Now, you should understand that my first car was purchased when I was 30 and was a Subaru. At the time, I had a hard time getting insurance because most insurance companies want to see some kind of car ownership record and figured that you must be a bad risk if you have never owned a car until then. Didn’t matter that I had a driver’s license since 17. Now I own a Toyota, so I am definitely not Mercedes material. While I was in the car, I kept thinking about Albert Brooks talking about “Mercedes leather” in one of his movies.

 

Still, I have a fascination with cars just like any other red-blooded American. Indeed, when I was working at CMP’s electronics group, the first Web site we delivered was about car electronics (called AutomotiveDesignLine.com). The guy I hired to run the site is still there, Rick DeMeis, and he couldn’t be nicer for a car nut. Plus, he gets to actually drive the press loaners rather than have to beg some local dealer to just sit in the car. Thanks to Rick, I got my lede for the Times article, about Pedro’s South of the Border.

 

Well, it was fun while it lasted. Now back to my regular gig, reviewing the latest network security appliance that only costs about $20,000. Maybe it will have to be integrated into the next Mercedes if they have problems with their email feature. At least I have the right person to call and maybe then I will actually get to drive it.

 

How World of Warcraft is training the next leadership generation

In Bob Sutton’s current post, he talks about people who are in charge of large groups of World of Warcraft teams (called guilds) are learning solid organizational and management skills. It is an intriguing notion.  As the better guilds grow quickly, their leaders have to learn to adapt, delegate, and find new roles and new middle-management structures. Well worth clicking and thinking about.

Choosing a toll-free number

When was the last time your had a business with a toll-free number? Was it back in the mid-1990s, when the “new” area codes 888, 866 and 877 started showing up?

My step-daughter recently asked me “what the deal was with the 877 area code?” She grew up in an era when long distance was always free on her cell phone. It got me thinking about how things have changed with Ma Bell (even saying that will date me, I am sure).

I had an 800 number back in the day when I thought it was important for people to easily call me. This was when I had 128 kbps ISDN “broadband” Internet, and had to pay something like two cents a minute for each call to my ISP (that cut down on my surfing time, to be sure). Most of the time I got wrong numbers, which I paid I think regular long-distance charges for. I think my business phone bill was around $300 a month, including the ISDN access.

Fast forward to today, where my personal phone bill is around $200 a month and the thought of having a “dial-up ISP” and ISDN puts you back in the cretaceous period. Of course that includes several cellular lines, DSL, and unlimited wireline long distance. But there are still some situations where you might want to have a toll-free number for your business, or even personal needs. So what do you do?

The easiest and cheapest way to get a toll-free number is if you already are a Vonage VOIP customer (there are still a few of us diehards around). It costs an extra $5 a month with a $10 activation fee, and you have your choice of 877 and 866 numbers with 100 minute in-bound calls. The number is tied to your existing Vonage line, of course, and it takes seconds to sign up via their Web site. Clearly, these guys get how to do self-service features.

If you aren’t a Vonage customer and don’t expect a lot of calls, you can get a toll-free number from Ureach.com for $10 a month that includes 30 minutes of inbound calls on one of their messaging plans. After that, the price is 7 cents per minute, which can add up. A better deal is a plan from OfficeDepot.com, where the same $10 a month gets you 200 minutes, and then 4.9 cents per minute after that.

And PhonePeople.com is just one of a number of Web sites that allow you to type in your name or some catchy seven-letter phrase and see if you can match it to a particular toll-free number. They offer all the various toll-free prefixes too — for vanity numbers it’s $35, for true 800 numbers it’s $29, and for transfers to their service it’s $5.  Random toll-free numbers have no fee at all.

There are a number of differentiating features on all of these plans: some will send your voice mail calls to email-based notifications and voice attachments, some will allow you to have multiple “extensions” on your line for different users, some can forward to different numbers or have a “follow-me” type of service, and some will have toll-free fax tied into the voice line too.

Speaking of Ma Bell, I tried to get information from AT&T’s various Web sites about toll-free numbers, but wasn’t able to find anything even after I entered my login information as one of their customers. That is shameful, and just goes to show you how far we have with toll-free calling.

Going to NYC Interop next Thursday?

I’ll be there, moderating a panel on mobile Wimax in the afternoon. If I get enough interest and commitments, I will put together a lunch meeting. Email me if you are interested.