Thursday, December 10, 2015

Toys for Tots: Effects of the VTech Hack

Before all of you parents go running out to your closest toy store (if you haven’t already) to get your child one of the latest tech toys from VTech, there are a couple things that you may want to be aware of.  First and foremost is the fact that in November VTech was hacked and was found to be storing the personal data of roughly 5.2 million people, mostly adults but children too. The second is that some of the information that was accessed contained a significant amount of chat logs and pictures that are part of VTech’s Kid Connect service, which allows parents to text or chat with their children using the VTech tablet via a smartphone app.  So many might be thinking, “Chat logs and pictures? What’s the big deal?”  Well, I can think of many mischievous ways in which our cyber connected world can use this data. 
What immediately comes to mind is the hack that has highest rate of success: social engineering. Social engineering is “is a non-technical method of intrusion hackers use that relies heavily on human interaction and often involves tricking people into breaking normal security procedures” (social engineering definition). Having a wealth of information about the potential target increases the chances of success exponentially because you already have plenty of conversation starters to craft that “trust relationship” by creating small talk.  The other thing that comes to mind is identity theft.  Not in the near future, but later down the road.  If the hackers that gleaned that information wanted, they could potentially have more than enough identities to defraud for years to come.  All it would take is patience and just holding onto the children’s information for a few years until they come of age and then you cleverly start down the list of potential targets who will have long since forgotten, and perhaps never even knew that a significant amount of their personal data had been compromised many years back.

Well, I suppose that perhaps maybe it’s not that big of a deal though when in today’s day and age it’s the social norm for personal lives of people to be on display for the world to see on Facebook, Twitter, or Instagram.  So is it really any wonder that we have all of the cybercrime that we do?  I don’t think so.  If anything, I’m surprised that there isn’t more of it.  I say that we’ve created a Cyber-Cedar Point for hackers where our lives are the main amusement of the park.  It’s not a matter of if the hackers will take a spin, it’s a matter of when the line dwindles down enough for them to get on board.  I honestly wonder sometimes if it’s a lack of security awareness or if it’s really that people just don’t care. 

Thursday, December 3, 2015

The Case Against Unified Storage

Unified storage, a “single” storage solution that handles both file-level and block-based storage, has become more common in data sheets in recent years as manufacturers compete to complete every checkbox on the speeds and feeds charts. I see the advantage behind the reduced device count and simplified management interface; however, I believe that unified storage only serves to place ink in a checkbox.

Most storage solutions that offer “unified storage” are the same block-based storage with a software component bolted on to present a volume on the network using NFS or CIFS/SMB. With this scenario, it is not uncommon to get a block-based storage array with a NAS head-unit that provides the NAS features; while this typically brings integration of the two within the management interface, they are still two separate devices—with the NAS head-unit leveraging a block-based volume on the array.

Now the integrated management of the block-based and file-level components is pretty awesome. Who does not dream of that mystical Single Pane of Glass? The downside is the limited NAS features typically offered with a unified storage solution. Your corporate environment is most likely heavy with Windows devices. What serves CIFS/SMB shares to Windows clients better than a Windows Server? Storage manufacturers are forced to lag behind on features and fault resolution as they attempt to play catch-up as Microsoft releases new features into the Windows File Services. Alternatively, some storage manufacturers offer their NAS head-units as Windows Storage Server devices - is this still “unified”?

Windows Server integrates much better with your backup solution than a unified storage solution. In fact, to protect your file-level data a unified storage solution requires Network Data Management Protocol (NDMP). NDMP is a networking protocol, as such errors can occur. Troubleshooting faults in NDMP is a nightmare. Many backup vendors have built proprietary versions of NDMP that mask the original error message. Scouring online discussions turns up frequent posts of sysadmins trying to resolve an error only to end with, “had to reboot the server to resolve the issue.” Maybe I am a little conservative on this front, but I need to trust my backup solution and be able to easily verify the restorability of my data.

A final thought before I ramble on about this all day …

Virtualization is a given nowadays; there are no valid excuses to not be virtualized. What if we virtualized our file servers to increase availability and reduce maintenance? Why would we not deploy file servers, be it Windows or Linux based, as virtual machines that leverage block-based storage? Now, for the crazy bit, what if we clustered these virtual machines to create always online network shares for our users?

Many dedicated NAS solutions include numerous features that are unique and provide much sought after capabilities, but unified storage solutions only over promise and under deliver with their “jack of all trades” design.

-Ryan M. 

Ryan M. has over six years of experience architecting and implementing SMB and enterprise data center solutions. Currently a Solutions Architect at Great Lakes Computer, Ryan is focused on using modern virtualization and storage technologies to reduce OpEx, increase business continuity, and improve performance for customers.