The next big thing…
BYOC – Bring your own computer.
Working is hard work, and people want to be able to communicate to friends and family and strangers immediately these days, and everyone is connected to everything. Nobody wants to work during working hours.
That is where I am old school, I am sorry.
The problem is people have no clue as to what they are doing to themselves, so how do you expect them to be responsible to your business security issues? It is like giving everyone a crack pipe and saying, “Just do a little so you will work faster.”
That has never worked.
Not the crack pipe thing, the ‘Bring your own computer to work thing’.
The companies that have had significant breaches are also the same companies that have leveraged security against ease of use. “It is too hard to log into three different systems when I am on the road, why not open everything up and let me just use my phone to connect?”
How many times have IT guys heard that?
If you are an IT guy and you are in charge of a company asset such as data or network infrastructure, do not do this for the sake of your career. Let the company go down in flames without you. There are plenty of CFO’s and CIO’s and Executives that are perfectly willing to throw you under the bus when something goes wrong, and inevitably it will.
Send everyone a binding e-mail defining the person responsible for the stupid idea, and that you are against such moronic behavior. Ensure that it is made public, carbon copy and reply to ‘ALL’, and print out hard copies to display all over the facility. Let the CIO go down in flames, it will look good on your resume when you become the next CIO (That is the job after the one where the company spiraled down the toilet due to lawsuits for breach of security and malfeasance).
If you are a business owner, and you have stumbled across this discussion, remember this: “Can you dictate how much your employees actually produce in a given amount of time, or how often they get distracted?”
No. You can try, but No.
So what would be the bright idea behind letting people have even more distractions? Buy a firewall and watch how many people are checking their personal e-mail, and doing personal messaging on your existing equipment right now. You won’t be surprised you will be pissed.
Shut it down and I will almost guarantee productivity will go up 50%.
Here’s an idea.
• Lock down the company equipment to just do work related tasks.
• Create a break room network for people on break to log into their personal e-mail, blog sites and Facebook accounts, a designated place where wireless is allowed.
• Now you can see who is spending their time surfing or texting.
• If a security breach happens, and the network is set up properly, then only the devices in the break rooms will be vulnerable. Only personal information from the employees will leak out.
• Access to company data by employees and the less scrupulous can be strictly limited.
• There will be no need for people to have wireless devices roaming through your data infrastructure and bringing with them the plagues of the apocalypse for your business.
I know it seems like the dark ages, but business owners need to be aware of this and listen to their inner frightened child. Since they don’t always listen to responsible people, it falls to the computer tech, the IT guy to be the voice of reason.
God save us every one.
Marloe Group is an IT Management Company and Consultant to small and medium sized businesses that focuses on Internet Security Issues. Our target audience is CEO's and Office Managers that have to manage a plethora of different technologies and stay on top of threats and possible business interruptions.
Monday, February 13, 2012
Friday, January 14, 2011
Maintaining User Rights
Normal workdays include users passing through some kind of security checkpoint to be able to get at your data, if you don’t already have something in place you need to get one. Microsoft Servers come with Active Directory, and although Microsoft is trying their hardest to make it difficult and cumbersome to manage, it still is the best solution out there for managing user access to data.
Issues arise however over time as employees come and go and rights are assigned and data folders change or move. To keep track of this I suggest you keep a spreadsheet that tracks groups and users. We offer such a spreadsheet, but you must keep it encrypted or in a secure location as it does contain important data.
A subset of managing users is the user group. Always use groups instead of adding rights directly to users. Managing a group and then just adding and removing users prevents some of the major vulnerabilities such as one user with rights to the wrong folder.
Another reason to use groups is the audit. Instead of having to go through every user and determining what folders they have access to or purchasing a software application to do that, you can just list the groups and the users in the groups and verify them in there.
There are four types of Groups:
1. System Generated
2. Departmental
3. User
4. Application
What I do is name the groups in this format:
1. DPT – Accounting
2. GRP – Machine Shop
3. APP – Quickbooks
Using this format it is quite easy to find the groups when you are in a hurry. Need to add a user? When adding a user you can browse APP and you get all the application groups to choose from. Or DPT and get all the departments in the system.
Just a quick way that may be helpful...
Issues arise however over time as employees come and go and rights are assigned and data folders change or move. To keep track of this I suggest you keep a spreadsheet that tracks groups and users. We offer such a spreadsheet, but you must keep it encrypted or in a secure location as it does contain important data.
A subset of managing users is the user group. Always use groups instead of adding rights directly to users. Managing a group and then just adding and removing users prevents some of the major vulnerabilities such as one user with rights to the wrong folder.
Another reason to use groups is the audit. Instead of having to go through every user and determining what folders they have access to or purchasing a software application to do that, you can just list the groups and the users in the groups and verify them in there.
There are four types of Groups:
1. System Generated
2. Departmental
3. User
4. Application
What I do is name the groups in this format:
1. DPT – Accounting
2. GRP – Machine Shop
3. APP – Quickbooks
Using this format it is quite easy to find the groups when you are in a hurry. Need to add a user? When adding a user you can browse APP and you get all the application groups to choose from. Or DPT and get all the departments in the system.
Just a quick way that may be helpful...
Sunday, January 9, 2011
A revolution is needed.
This is where our technology is leading us, because there are two few men to lead the technology.
Men no longer have to be men, they can be Neanderthals. They can speak without fearing repercussions, they can act with impunity on the internet.
Look at the men out there, teaching their children that being an asshole is humorous. They drive loud, make sure everyone is watching them, they flaunt and tease and bully. Just like wild animals. This is what our current technology is reducing civilization to. If men can’t get noticed, they get louder, become even more obnoxious, and they are willing to give up all that is sacred to get it, to get that 5 minutes of fame.
My father taught me about integrity a long time ago. He had his weaknesses, but we all do, and what is more he overcame that, he overcame all his issues, to make me who I am. That is what a father does. A man does that, he does that for his children.
He overcomes his weaknesses.
Not with drugs, but with a strong sense of character.
A man stands up for the oppressed, he does not fight because he thinks he is oppressed. Men fight now for anything, they react with anger and violence without using their brain at all, and the result is more battered women and children, more shots fired and more irrational speak on the airwaves.
Real men are righteous.
Men understand love and life, and the fragility of children in their care. They understand that it is precious, and they are not so willing to throw it away.
A man stands up for something he believes in, but he does not fight for something he knows nothing about. Men know that a weapon does not make you a bigger man, it makes you a bigger threat. A man should never get to the point where he has to commit murder.
A man listens but he does not blindly follow. He can see the difference between someone who is speaking for themselves and someone who is doing right. A man does good. He knows the difference between right and wrong, and just being loud does not make you right.
A man has respect. Respect for his enemy, his boss, his coach, his rival. At sporting events a man buys a ticket not to demand a win but to see a game between extraordinary players. A man can accept the results of fair play. A man coaches a team to win through instruction, not blind obedience. Having men follow you into battle does not ensure a victory, a victory is ensured when the men follow you into battle because they have been taught how to win. A man handles a win with poise and grace, and handles a loss with dignity.
A man admits he was wrong, accepts responsibility and changes his life, he becomes better, a better man. A real man follows the laws of God, a Christian man follows the commandments of Christ too. A man does not just say he believes in Christ, he has to be able to show it in his actions; clothe the naked, feed the sick, love thy neighbor. Nowhere in his teachings did he say teach men to fish so they can go feed themselves.
Men no longer have to be men, they can be Neanderthals. They can speak without fearing repercussions, they can act with impunity on the internet.
Look at the men out there, teaching their children that being an asshole is humorous. They drive loud, make sure everyone is watching them, they flaunt and tease and bully. Just like wild animals. This is what our current technology is reducing civilization to. If men can’t get noticed, they get louder, become even more obnoxious, and they are willing to give up all that is sacred to get it, to get that 5 minutes of fame.
My father taught me about integrity a long time ago. He had his weaknesses, but we all do, and what is more he overcame that, he overcame all his issues, to make me who I am. That is what a father does. A man does that, he does that for his children.
He overcomes his weaknesses.
Not with drugs, but with a strong sense of character.
A man stands up for the oppressed, he does not fight because he thinks he is oppressed. Men fight now for anything, they react with anger and violence without using their brain at all, and the result is more battered women and children, more shots fired and more irrational speak on the airwaves.
Real men are righteous.
Men understand love and life, and the fragility of children in their care. They understand that it is precious, and they are not so willing to throw it away.
A man stands up for something he believes in, but he does not fight for something he knows nothing about. Men know that a weapon does not make you a bigger man, it makes you a bigger threat. A man should never get to the point where he has to commit murder.
A man listens but he does not blindly follow. He can see the difference between someone who is speaking for themselves and someone who is doing right. A man does good. He knows the difference between right and wrong, and just being loud does not make you right.
A man has respect. Respect for his enemy, his boss, his coach, his rival. At sporting events a man buys a ticket not to demand a win but to see a game between extraordinary players. A man can accept the results of fair play. A man coaches a team to win through instruction, not blind obedience. Having men follow you into battle does not ensure a victory, a victory is ensured when the men follow you into battle because they have been taught how to win. A man handles a win with poise and grace, and handles a loss with dignity.
A man admits he was wrong, accepts responsibility and changes his life, he becomes better, a better man. A real man follows the laws of God, a Christian man follows the commandments of Christ too. A man does not just say he believes in Christ, he has to be able to show it in his actions; clothe the naked, feed the sick, love thy neighbor. Nowhere in his teachings did he say teach men to fish so they can go feed themselves.
A man knows that a patriot is one who understands democracy, that compromise is not failure, that no man is more ‘equal’ than any other. Tyranny is when one man will not accept any other views than his own.
The revolution has started alright. The time of the Neanderthal is over.
The internet in its current state cannot sustain itself under its own weight, there will be more blood. The right to express yourself should not be extended to the internet, because there are no real men on the internet.
The revolution has started alright. The time of the Neanderthal is over.
The internet in its current state cannot sustain itself under its own weight, there will be more blood. The right to express yourself should not be extended to the internet, because there are no real men on the internet.
Wednesday, December 15, 2010
A sounding alarm
The founding fathers did not like to be monitored and detained by police everywhere they went. So they were driven to kill, to fight and kill for the right to be free. That is a pretty big step. That is a very strong principle to defend, to make a basic right, to make it the foundation of a government.
And yet we find ourselves in that same predicament again.
You drive at night past midnight and you can expect to be detained. You can expect a judge to have your blood drawn out of you against your will right there. How much more of an invasion could there be?
At a stop light there are police officers monitoring you from miles away on camera, while you pick your nose. When you want to fly on an airplane you are searched, your bags searched and they may forcibly take your water. When you are on the phone, your conversation is being recorded, because you were talking to grandma and mentioned a funny photobomb.
What do you think is going on electronically? Do you honestly think you can go to web sites without someone tracking you?
There is more known about you than 30 years of surveillance in and around your home, your job. The problem is, it is not just the good guys that have that data. It is available to everyone. You can be tagged right now so that disparate systems can link your movements together on the internet and track you, cookies are put on your machine so they know where you went, what page you looked at, even what item on that page was of interest to you.
Why are the paranoid people in the world OK with this?
Sure finding a bad guy is important, but how many good people are on this same list, waiting for a slip up, a missed mortgage payment, a traffic ticket, or just a jealous boyfriend to come back and destroy them. The only reason we keep this information is revenge. Not justice.
The people with all the information have all the power. Power tends to corrupt.
Men died to prevent what the government is now doing to every single person in America.
Patriot Act
HR 3167
EC. 204. CLARIFICATION OF INTELLIGENCE EXCEPTIONS FROM LIMITATIONS ON INTERCEPTION AND DISCLOSURE OF WIRE, ORAL, AND ELECTRONIC COMMUNICATIONS.
Section 2511(2)(f) of title 18, United States Code, is amended—
(1) by striking ‘‘this chapter or chapter 121’’ and inserting ‘this chapter or chapter 121 or 206 of this title’’; and
(2) by striking ‘‘wire and oral’’ and inserting ‘‘wire, oral, and electronic’’.
With this single change it will include every electronic transmission you make. Now that the government can track you, they are entering backdoors to every form of cryptography forcing companies to compromise their own security to allow government access.
The government now has absolute power.
And yet we find ourselves in that same predicament again.
You drive at night past midnight and you can expect to be detained. You can expect a judge to have your blood drawn out of you against your will right there. How much more of an invasion could there be?
At a stop light there are police officers monitoring you from miles away on camera, while you pick your nose. When you want to fly on an airplane you are searched, your bags searched and they may forcibly take your water. When you are on the phone, your conversation is being recorded, because you were talking to grandma and mentioned a funny photobomb.
What do you think is going on electronically? Do you honestly think you can go to web sites without someone tracking you?
There is more known about you than 30 years of surveillance in and around your home, your job. The problem is, it is not just the good guys that have that data. It is available to everyone. You can be tagged right now so that disparate systems can link your movements together on the internet and track you, cookies are put on your machine so they know where you went, what page you looked at, even what item on that page was of interest to you.
Why are the paranoid people in the world OK with this?
Sure finding a bad guy is important, but how many good people are on this same list, waiting for a slip up, a missed mortgage payment, a traffic ticket, or just a jealous boyfriend to come back and destroy them. The only reason we keep this information is revenge. Not justice.
The people with all the information have all the power. Power tends to corrupt.
Men died to prevent what the government is now doing to every single person in America.
Patriot Act
HR 3167
EC. 204. CLARIFICATION OF INTELLIGENCE EXCEPTIONS FROM LIMITATIONS ON INTERCEPTION AND DISCLOSURE OF WIRE, ORAL, AND ELECTRONIC COMMUNICATIONS.
Section 2511(2)(f) of title 18, United States Code, is amended—
(1) by striking ‘‘this chapter or chapter 121’’ and inserting ‘this chapter or chapter 121 or 206 of this title’’; and
(2) by striking ‘‘wire and oral’’ and inserting ‘‘wire, oral, and electronic’’.
With this single change it will include every electronic transmission you make. Now that the government can track you, they are entering backdoors to every form of cryptography forcing companies to compromise their own security to allow government access.
The government now has absolute power.
Tuesday, November 23, 2010
Blunderbuss
The Internet has millions of pieces of technical information, and even top secret information slipping though the backbone at any minute. Some of it is encrypted, some is not. The Top Secret encrypted electronic data may be at a level of risk that we did not foresee.
The recent suspicions of China re-routing internet traffic through their networks is really much more significant than one can imagine, primarily because any miscreant that wants to hack your data no longer has to get access to it by local means.
In other words you at one time had to put a grub of some kind on the network to start directing data to you, if you were a bad guy. Now you can just redirect network traffic through your portal, and then record everything that comes through for 10 months. Then re-assemble the data and analyze it, decrypting it at your leisure.
What does this mean for the average bear?
If a rogue state wanted to gain a secret clearance and read secret data, all they have to do is direct a copy to their network and record it. As data transmits between offices, sometimes whole documents are shared and whole documents become at risk.
Formulas, equations, sophisticated cryptography primers, all are sent back and forth between offices, often encrypted, but the problem exists as you can no longer expect your packets to be routed strait to your other office. They may go through China, and it is not a difficult task now to mirror the data off a single port on a switch somewhere, completely without detection.
It used to sound like a really lame idea, but with computers now, it is easier to reassemble billions of particles of data, then decrypt it without the risk of a trail leading right to your house.
The recent suspicions of China re-routing internet traffic through their networks is really much more significant than one can imagine, primarily because any miscreant that wants to hack your data no longer has to get access to it by local means.
In other words you at one time had to put a grub of some kind on the network to start directing data to you, if you were a bad guy. Now you can just redirect network traffic through your portal, and then record everything that comes through for 10 months. Then re-assemble the data and analyze it, decrypting it at your leisure.
What does this mean for the average bear?
If a rogue state wanted to gain a secret clearance and read secret data, all they have to do is direct a copy to their network and record it. As data transmits between offices, sometimes whole documents are shared and whole documents become at risk.
Formulas, equations, sophisticated cryptography primers, all are sent back and forth between offices, often encrypted, but the problem exists as you can no longer expect your packets to be routed strait to your other office. They may go through China, and it is not a difficult task now to mirror the data off a single port on a switch somewhere, completely without detection.
It used to sound like a really lame idea, but with computers now, it is easier to reassemble billions of particles of data, then decrypt it without the risk of a trail leading right to your house.
Thursday, November 18, 2010
Port 80 Love Fest.
In an effort to subdue the tyrants, the hackers and miscreants that rule the internet right now, manufacturers of firewalls and filtering products are releasing their next generation products, or have been for the last six months. After seeing these new capabilities, the daunting task of grasping the incredible amount of change in a single year becomes obvious.
Not only hackers but software writers (the good guys), have come to a universal conclusion. They like port 80.
Everything on the internet is running on port 80 now. Well maybe not everything but just about EVERYTHING. So you can’t tell Facebook traffic from Farmville or a botnet from twitter traffic like you used to, they are not using the ports that used to be specific to them.
Sadly the black hat industry is just too big now, and the rest of the world is caught inside this war between the good guys and the bad guys that may never end. The world has to make their products work somehow, so they work on the only port available, port 80. All the other ports have been blocked by firewalls, and as you probably know already, it takes an act of congress for a company to get their network Nazis to open up any new ports on the firewall.
So to resolve the problem it is a port 80 love fest.
What does this mean for the average bear?
Your old firewall works less well every second, possibly even if you just purchased a new one recently. The technology has changed so much that hackers will have an upper hand for a solid year before the public can get prepared, and that is assuming that the public will attempt to get prepared.
This new generation of filtering will not be able to stop the new progression of attacks, but it will be able to see each one much easier. These new technologies will be able to adapt faster hopefully to deal with new issues and new tactics.
Hackers are delivering their new line of malware across port 80 with ease, and the only way to resolve this issue is to start identifying all the different applications running on the internet. Ha Ha you say that is crazy talk?
Nope, that is what must be done. Then you can start allowing and blocking specific applications and even restricting services to a specific account. For example, you don’t want Facebook open all over your network, so you only allow people access to the company Facebook account.
Sadly, no one can play Farmville anymore.
The technology has been out there for a select few, but it will have to become available for everyone if we are to stem the tide. But a sad indication is lurking in the shadows…
No one is yet going after the bad guys, and indication that we are somehow tolerating the crimes. We are just building new products to fight off their new attacks. Doesn’t this sound like an old Star Trek episode or something?
Not only hackers but software writers (the good guys), have come to a universal conclusion. They like port 80.
Everything on the internet is running on port 80 now. Well maybe not everything but just about EVERYTHING. So you can’t tell Facebook traffic from Farmville or a botnet from twitter traffic like you used to, they are not using the ports that used to be specific to them.
Sadly the black hat industry is just too big now, and the rest of the world is caught inside this war between the good guys and the bad guys that may never end. The world has to make their products work somehow, so they work on the only port available, port 80. All the other ports have been blocked by firewalls, and as you probably know already, it takes an act of congress for a company to get their network Nazis to open up any new ports on the firewall.
So to resolve the problem it is a port 80 love fest.
What does this mean for the average bear?
Your old firewall works less well every second, possibly even if you just purchased a new one recently. The technology has changed so much that hackers will have an upper hand for a solid year before the public can get prepared, and that is assuming that the public will attempt to get prepared.
This new generation of filtering will not be able to stop the new progression of attacks, but it will be able to see each one much easier. These new technologies will be able to adapt faster hopefully to deal with new issues and new tactics.
Hackers are delivering their new line of malware across port 80 with ease, and the only way to resolve this issue is to start identifying all the different applications running on the internet. Ha Ha you say that is crazy talk?
Nope, that is what must be done. Then you can start allowing and blocking specific applications and even restricting services to a specific account. For example, you don’t want Facebook open all over your network, so you only allow people access to the company Facebook account.
Sadly, no one can play Farmville anymore.
The technology has been out there for a select few, but it will have to become available for everyone if we are to stem the tide. But a sad indication is lurking in the shadows…
No one is yet going after the bad guys, and indication that we are somehow tolerating the crimes. We are just building new products to fight off their new attacks. Doesn’t this sound like an old Star Trek episode or something?
Wednesday, November 3, 2010
Rule no.5
Ghost Fleet Status
When I was in the Marines we had a radio the size of a refrigerator and it was mounted on the back of a jeep. The power supply was just as big, and that was mounted underneath the radio. When you popped open the transmitter door, immediately your eyes fell onto this one giant tube the size of a basketball. For those of you who don’t remember President Ford and Billy Beer, a tube is what we now call a chip. This was before Steve Martin suggested everyone get small. They used to be made of glass, and they were pressurized, so they popped when you dropped them. Radios used to be full of them.
This jeep radio thing was awesome. You could take it to a parking lot like at the grocery store, set up the antennae and crank up the radio, wait a few seconds and hear yourself talk. The signal went around the world. It would also light up all the florescent lights in the store and in the parking lot when you keyed the mic.
One day, when prepping for a deployment through the air, I noticed the jeep was being prepared to be dropped out of an airplane. I told an officer that was with me, “Sir… I don’t think this is going to make it.”
“What do you mean?”
“This tube is going to shatter upon impact... It's too big to withstand an air drop isn’t it?”
“Awe hell no, we do it all the time.”
Hours later, the plane flew over, and out popped the jeep. It was huge, and you could see it from anywhere in America I think. The first thing I noticed was the tremendous speed. I thought that maybe over the years, since it had a governor on the engine, and it had to carry 800 pounds of radio, it had never gotten the opportunity to go very fast. Although every driver that had gotten behind that black plastic wheel, had their foot to the floor all day long, it was not very agile, and I felt that maybe this was more than just an air deployment for that jeep.
The jeep fell like a rock. It was balanced very well, the weight of the engine and the weight of the radio made it fall flat, but the parachute on the back pulled the rear higher, high enough so that it looked like it was screaming down the highway. Looking back now, maybe it was.
The parachute apparatus failed to deploy. It was like a long tail trembling in the wind behind the jeep, and seeing it my first thought was, they do this all the time? The jeep landed and created what we in the business call negative Earth. It was definitely a suicide. The officer that was with me turned and looked right at me, “I guess you were right about that tube.”
Those radios were decommissioned eventually. When we decommissioned an old radio, we pretty much made it as new as possible before retiring it into the Ghost Fleet. The Ghost fleet is awesome, because it is this magical place where time absolutely stands still. Old tanks planes and ships go to these places where they are used for parts or just to stand by in the event we need them.
In IT we have to do the same thing. We have to decommission our old equipment, and some of it gets recycled and some gets retired to the Ghost Fleet. Either way, there are rules that you have to follow.
Otherwise, if not, if you fail to follow common business procedures, and you have done like some people do – run it into the ground, then you have to rebuild it, fix it or otherwise make it work. The point is you have to be able to get the data that you are by law required to produce, from whatever means you used to produce it before. If you ran that server into the ground and it died, you will be trying to fix a seven year old machine just to put it in a closet somewhere.
That is not money well spent.
When I was in the Marines we had a radio the size of a refrigerator and it was mounted on the back of a jeep. The power supply was just as big, and that was mounted underneath the radio. When you popped open the transmitter door, immediately your eyes fell onto this one giant tube the size of a basketball. For those of you who don’t remember President Ford and Billy Beer, a tube is what we now call a chip. This was before Steve Martin suggested everyone get small. They used to be made of glass, and they were pressurized, so they popped when you dropped them. Radios used to be full of them.
This jeep radio thing was awesome. You could take it to a parking lot like at the grocery store, set up the antennae and crank up the radio, wait a few seconds and hear yourself talk. The signal went around the world. It would also light up all the florescent lights in the store and in the parking lot when you keyed the mic.
One day, when prepping for a deployment through the air, I noticed the jeep was being prepared to be dropped out of an airplane. I told an officer that was with me, “Sir… I don’t think this is going to make it.”
“What do you mean?”
“This tube is going to shatter upon impact... It's too big to withstand an air drop isn’t it?”
“Awe hell no, we do it all the time.”
Hours later, the plane flew over, and out popped the jeep. It was huge, and you could see it from anywhere in America I think. The first thing I noticed was the tremendous speed. I thought that maybe over the years, since it had a governor on the engine, and it had to carry 800 pounds of radio, it had never gotten the opportunity to go very fast. Although every driver that had gotten behind that black plastic wheel, had their foot to the floor all day long, it was not very agile, and I felt that maybe this was more than just an air deployment for that jeep.
The jeep fell like a rock. It was balanced very well, the weight of the engine and the weight of the radio made it fall flat, but the parachute on the back pulled the rear higher, high enough so that it looked like it was screaming down the highway. Looking back now, maybe it was.
The parachute apparatus failed to deploy. It was like a long tail trembling in the wind behind the jeep, and seeing it my first thought was, they do this all the time? The jeep landed and created what we in the business call negative Earth. It was definitely a suicide. The officer that was with me turned and looked right at me, “I guess you were right about that tube.”
Those radios were decommissioned eventually. When we decommissioned an old radio, we pretty much made it as new as possible before retiring it into the Ghost Fleet. The Ghost fleet is awesome, because it is this magical place where time absolutely stands still. Old tanks planes and ships go to these places where they are used for parts or just to stand by in the event we need them.
In IT we have to do the same thing. We have to decommission our old equipment, and some of it gets recycled and some gets retired to the Ghost Fleet. Either way, there are rules that you have to follow.
- Servers when decommissioned must go into the Ghost Fleet for at least 30 Days. That way if the new server is unstable we can go right back to the old one and keep on working.
- What dictates the server Ghost Fleet status is also tapes. If you have a tape drive in that machine, and your company policy dictates you retain the tapes for three years, that means your server will be in Ghost Fleet status for three years.
- It has to be working.
Otherwise, if not, if you fail to follow common business procedures, and you have done like some people do – run it into the ground, then you have to rebuild it, fix it or otherwise make it work. The point is you have to be able to get the data that you are by law required to produce, from whatever means you used to produce it before. If you ran that server into the ground and it died, you will be trying to fix a seven year old machine just to put it in a closet somewhere.
That is not money well spent.
Subscribe to:
Posts (Atom)