bill’s blog

I work in IT and one of my job functions is to warehouse the image files of a corporate creative department. Translated… that means I buy a lot of storage. One of the things that storage admins are looking at is the failure rate of the disc drives that make up their SAN environments. The higher the failure rate of a particular drive the better your chances of having a catastrophic loss… Or in other words you’re restoring from tape if you loss a lot of drives at one time!

MTBF (or mean time before failure) is a standard measurement (in hours) we use to calculate the life of a disk drive before it fails. The other measurement we use is AFR (or the annualized failure rate), which is expressed as a percent based on the MTBF verse the amount of time that device is powered on and running. A couple of things to note… MTBF is not necessarily a devices useful life. And AFR is not meant to be applied to a single drive but rather it is the expected failure rate of any given drive within a particular production run (population).

So what does this all mean?

Well most vendors spec consumer-geared disk drives at about 300000 MTBF. That being said the key word in MRBF is M (or mean). So what we’re looking at is about half of the drive for a given population with fail in the first 300000 hours of use.

Translated again… and I got help on this one

If you had 600,000 drives with 300,000 hour MTBFs, you’d expect to see one drive failure per hour. In a year you’d expect to see 8,760 (the number of hours in a year) drive failures or a 1.46% Annual Failure Rate (AFR) (Harris, 2007).

Realizing that this is what a manufacturer quotes as the expected life, one has to ask how does that hold up in reality. Well Google did a bit of research on this and found that their failure rate was much different from that of the manufacturers. Why? Because there is no clear definition between what a manufacturer considers a failure and the real world’s expectation on these devise are.

In reality many factors will determine whether a drive should remain in production. Call is an IT admins intuition… Call is that odd clicking sound… calls it taking forever to save a file… Often time we (IT professionals) will replace a drive before it is completely unusable (or the point where we can no longer retrieve data from the device). Did the drive fail? Technically no… Practically yes! If we can’t rely on the drive to reliably save and retrieve data that it has fails for our purpose… guess some manufactures don’t see it the same way!

Resources:

Harris, R., (2007, February, 19th), Google’s Disk Failure Experience, retrieved on June 3rd 2010 from http://storagemojo.com/2007/02/19/googles-disk-failure-experience/

Bandwidth theft is a topic that we hear about all the time but one that we rarely associated with theft. Anyone that lives in a big city knows… They can get free Internet anywhere! The key word here is FREE. Just because you can get onto the Internet doesn’t mean it free for you to use. Someone is paying for the access and unless explicitly informed that it is free most times it’s not and you are stealing from that individual.

WOW… that’s a heavy way to start the day but it’s true just because some fool leaves the keys in the car doesn’t mean it yours for the taking. Let’s take a look at this scenario for a second… must people are NOT computer savvy! That’s why we have the jobs we have. Consumer marketed wireless devices are made so that the user can just plug and play. That’s unfortunate. My question is why can’t manufacturers devise some kind of wizard that walks you through setting up a secure wireless network. Cisco’s Linksys line does… with its Secure Easy Setup utility but the wizard doesn’t run on all platforms (noticeably lacking is MacOS. Linux and BeOS). That’s understandable. They consist of a small percentage of the marketplace (combined they don’t even come close to Microsoft’s domination). And some may say that it’s not our responsibility to provide secure networks by default. True! BUT why not get the ISPs on the hook for the dime on this. Think of all that lost revenue!

Regardless… There are other forms of bandwidth theft. This includes individuals that set up hosting services on another individual’s data line without their permission. Those of us in IT do it all the time. “Oh, I need to learn how to implement Apache (insert your favorite service application).” We spend weeks setting it up… we upload our content… but fail to tear it down when the learning is done. Instead we invite our friends and family to visit the site. “Hey look at what I did!” Next thing you know the company is footing the bill for both the hosting environment and the line that it’s attached to! Now some may say what’s the big deal? We’ll very often the site/host goes untouched after the initial setup. Patches aren’t applied nor is virus definitions updated. Pretty benign until the box is compromised! Then depending on the breach it could be used to bring a network to its knees. The box could be used as a jumping point to other boxes on the protected network OR turned into an object in a botnet! It could be used to stored illegal data such as pirated mpegs or mp3.

Peer-2-Peer applications… Let’s face it, these can be used for legitimate purposes but ultimately they are not (think about Napster). They are used by individuals to share files with users that do not have the legal right to use said files. Aside from the copyright issues that are being violated, this activity could cause potential problems for the owners of the network line that are allowing these things to happen (think accessory to the crime). Additionally, the applications can demand a huge amount of bandwidth to support the traffic. Peer-2-Peer clients effectively turn your machine into a file server. On top of that you are allowing ANYONE access to the box. Now there’s a big problem! Any open port is a door by which a cracker can have access to a machine.

SO… where does that leave us? 1st and foremost in a corporate environment, strong Internet/Appropriate usage polices are a must! Enforcement of the policy needs to happen. No one will adhere to the policy if they know there aren’t any consequences! Unfortunately people need to be sacrificed to prove the company means business. In a home network, secure your wireless networks! Don’t leave them open for the world to have at it. Remember… it’s not just your network line that is exposed… it’s your entire network. Next, monitor your network! Check the system logs of your access point. Set up the firewall (something is better than nothing). Set up email alerts. Set up a syslog server. In it’s basic form if a syslog server can alert you to certain events in now becomes an Intrusion Detection System (both host based as well as network based). WHY? Because you are grabbing the logs from all devices (think computer as well as firewalls and access points). It may not be real-time alerting but at least you’ll know when someone tried to do something not quite right. Tools like Splunk are more than syslog servers. They can provide statistical data that can be used to baseline your network. It can be “programmed” to alert you when it sees certain conditions. It can track failed login attempts. Depending on what you’re logging on your host it can look for file access records. It can notify you of port scans based on the logs from your firewall. One thing to keep in mind with Splunk is that it is not a true IDS but it can certainly provide some of the functionality.