IRS uses the SenSage log data storage & analysis product: http://sensage.com/content/customers
Having used this product I'm sure the IRS will have all they need to track his electronic footprints outside the normal bounds and scope of his work. Unfortunately we'll never know.
this would be great target for terrorists, especially if it's your society's major delivery network. a few well-placed ticking bombs would bring you down. it ain't 1929 no more.
SenSage built a column-oriented DB in 2001 and has had much success with the approach for their fast-input, fast-query, high-density, multi-TB databases. Stonebreaker was on their technical advisory board. Interesting that he now centers his own startup on the same principles. See http://en.wikipedia.org/wiki/Column-oriented_DBMS.
They also describe a Hewlett-Packard/SenSage software package to monitor in real time and also archive network events on SCADA networks -- allowing for real time alerts of ongoing crimes, or at least an archive of all activity related to external or insider bad activity. Historical analysis at all network levels (physical, computer, server process levels) is very important -- without it you can't find the perps or track how they compromised your network.
See prior posts about SenSage -- it employs a write-once read-many storage device (EMC Centera) and a commercial but open-source-based log archival/analysis engine (SenSage).
See other comment posted above this one for description of SenSage.
EMC ships their Centera with a very good software package from SenSage built specifically for log storage/analysis and compliance. While SenSage isn't free, it's a good open-source-based software product. It's incorporated into products from EMC, IBM, HP, etc.
You'll never roll-your-own for cheaper than SenSage/EMC-Centera.
SenSage is a commercial log storage product/archiver design for Linux clusters and built on open source software (backend: C++/Perl; GUI-client: Java; CLI: Perl; Agents: Perl). Not only can you store gigabytes of log data every day, you can run queries over billions of rows in a minute -- your roll-your-own won't allow that. Any PCI compliance solution must not only store log info but also let you analyze it -- analysis also will lead to better operational monitoring, and better security (if you're worried about being hacked from outside, worry much more about an inside job! -- only archival/analysis will give you proof of past wrongdoing for inside jobs). And when it comes to figuring how best to satisfy specific compliance issues (beyond just storing the log data), they've done all the hard work for you for HIPAA, PCI, SOX, etc. Tracking down and complying with your particular regulations would take a long time on your own.
Added benefit: the back end archives log data to a huge write-once read-many EMC Centera device. You can keep your log data around for ten+ years.
Example of SenSage solution employing EMC Centera (a call-data-record system that stores info about every phone call made in large telcos or every web site visit/network connection by ISP customers): http://www.sensage.com/English/Products/CDR_Wareho use.html
SenSage is such a good DB for log archival, it's been incorporated into offerings by EMC, IBM, HP. See, for example the "HP Compliance Log Warehouse appliance" ( http://compliancehome.com/news/FISMA/10902.html ) -- it's HP's version of SenSage.
Companies sending out corporation-wide e-mails with sensitive information often "stamp" the content with a unique ID for each copy they send to each individual employee. They compare any leaks with the original text sent to each employee and then identify the leaker. This could be bad news.
For an example, let's say there is one CEO and 4 grunts in a company.
An example e-mail template:
Dear Employees,
You'll remember {0=[],1=[that]} at last Tuesday's lunch outing a few of you didn't have cash on hand to pay for your {0=[chicken & waffles],1=[waffles & chicken]} lunch. I floated loans that are still not repaid. Forget you all, you pay for your own lunch from now on.
The CEO
There are four employees, the CEO sends employee #0 with the e-mail template '00', the next '01',... so on till '11'.
If the CEO finds someone anonymously leaks a complained on a web site about how stingy he is, citing the full e-mail, he knows which of the four leaked the e-mail.
When the employee exercises a stock option they are paying the company for the share. If the company back-dates an option to lower the strike price for an employee, the employee pays less for it.
Scenario:
No back-dating:
company stock price 2006/07: $25
company stock price 2006/09 (stock grant date): $30, stock strike price set at $30
employee exercises/sells 1 share on 2010/09, current price $50: employee pays company $30, employee sells $50, $20 profit
Back-dating:
company stock price 2006/07: $25
company stock price 2006/09 (stock grant date, but back-dated to 2006/07): $30, stock strike price set at $25
employee exercises/sells 1 share on 2010/09, current price $50: employee pays company $25, employee sells $50, $25 profit
The employee makes a bigger profit, the company loses. This is the worst side-effect of back-dating stock options. You're cheating the other shareholders.
The product might work something like Zenprise for
Microsoft Exchange. The Zenprise product does the following:
discovers the layout of a Microsoft Exchange deployment
(including Domain Controllers, DNS servers, Exchange (e-mail)
servers, Active Directory, etc.)
starts a rule-based system that embodies the
Microsoft Knowledge Base Articles for Exchange (a lot
like Prolog rules) to actively monitor all the
known configuration and real-time-failure
conditions that can happen in an Exchange deployment
will gather real-time data from the environment,
including metrics on mailflow, machine conditions,
mail database conditions, mail server conditions,
other service conditions
alerts users whenever a problem has happened or
is about to happen based on information gathered
from the environment and the rule conditions
presents steps-to-resolution for those problems
This is very different from a Nagios system -- Nagios
only gathers static sets of telemetry and presents a
monitoring view of these -- Nagios doesn't interpret any
of the information to come up with specific root causes
for the problem or resolution plans for the problem.
Nagios might show, via a graph: your disk space remaining
on drive M: has consistently been
growing on the Exchange mail server for the past 2 hours
and is reaching 95% capacity.
Nagios cannot say: your disk space remaining on drive M: has
consistently been growing because mailstore MS1 has been
growing because userX has been sending a flood of e-mails
because their client has been infected with virusY, which
is something a tool like Zenprise might be able to tell you.
You can lock down your servers, your network, etc. But as you imply,
insiders are the big threat.
To avoid insider abuse at hospitals, doctors' offices, etc.,
you need to let insiders you're watching everything they do.
This isn't "big brother", it's common sense. You can't necessarily
lock everyone out of everything, but if they know you're looking they'll
more likely play by the rules.
An article about the Michigan health system (they use the P2 Sentinel product from Cerner and SenSage) was informative,
a useful case study. They monitor insiders, and everybody's happier.
No shilling here. I like the iRiver device and the Napster service, and Microsoft
happens to make it possible.
And I like Linux too. I worked three years developing a Linux-based software
product at SenSage and appreciated
Linux for what it provided. In like vein I appreciate Microsoft's DRM.
I've been using Microsoft DRM with the Napster subscription
service for over a year now on an iRiver H10 hard-drive device.
You can't beat the convenience and the price -- the cost of
a single CD per month for lots of great music.
It's such a good model I even bought four more iRiver
devices for others.
To clarify some points in the original comment:
you can download files multiple times (unlike
Apple iTunes where you download a file only once
and need to copy to other devices)
it's easy to transfer to multiple mobile devices with
Windows Media Player
there is a limit on how many total times a file can be
downloaded, but when I had to wipe a
hard drive and re-install the OS on
a particular machine a quick call to Napster got me
past that issue -- they'll work with you
The pricing and model beats iTunes. Many, many services
will end up using Microsoft DRM. When people wake up and
look beyond the fatuous Apple image to practical realities,
Microsoft DRM will come out the winner.
Maybe the writer speaks Spanish, Portuguese, or some other
Latin-based language. In such languages, the word that naturally
would be translated into English as "concurrence" really means
"competition".
Take a look at concorrencia,
choose the link "concorrencia" from there, and you'll see this definition: espécie de luta pela vida que é baseada nos fenómenos de selecção natural e que defende a ideia de que esta é efectuada através da escolha do mais apto e não do mais forte. This means: a fight for life based on the phenomenon of
natural selection implied by survival of the fittest.
Maybe that explains the choice of words. (The other definition means,
I think, "claims of rights to an object by multiple people" -- same idea.)
Insiders can be real threats, the BIGGEST threats. An insider can
steal much more than a hacker ever can. And many insiders think
they can get away with it. Just look at the porn-billing iBill incident
made public last week.
The best policy is to log everything that happens in an enterprise,
to a level required to reconstruct past bad behavior. You can't keep your
insiders away from information they need to do their jobs. Trust, but
also verify! There are products out there like Sensage (http://www.sensage.com/ )
that can collect, centralize, and make available years of log data for an IT
organization. While this might not prevent the theft in the first place, a company
can crack down on and prosecute current/former misbehaving insiders. Sensage
will do very well, as will many other companies in this space (including recent
Slashdot heavy banner-advertiser Splunk (http://www.splunk.com/ ) ).
I look forward to seeing how well these products do. It's time one of them
went public so we can gauge interest.
Subscription content is the future. If you like to explore music, Napster (or similar Microsoft DRM subscription services) are the way to go. I like downloading tons of music every month for about the cost of 1 CD. Goodbye $.99 per track, there's a better, cheaper alternative.
You need to check out products from SenSage Inc. They specialize in collecting log data from all levels of the network and consolidating it in a central log repository, queryable by SQL. This is the best technology for recording legal audit trails of electronic networks, and is a big deal for forensics, compliance,...
... you still need recourse. You can't expect that all IT solutions will be 100% secure -- some engineer/administrator along the way will make a mistake. And worse, there's still the human element: even if you plug all the holes, those on the inside can still steal or misuse information stored on the very secure platforms.
So what's the backup, that recourse? Log all events on your network: TCP/IP connections, transfer statistics, event logs, syslogs, web server logs, mail logs, DB logs, etc. Make sure you store those events in a central location and constantly analyze that information, in real-time, and historically. When you uncover a new possible exploit, build a rule to catch future occurrences, but even more important, look at the past to see who has used that exploit and prosecute their ass.
Inevitably, this log centralization/aggregation costs money (how many GB/TB a day will a big corporation generate daily in logs?). A good solution: SenSage has a sophisticated log aggregator with compressed storage, blazing query speed, great real-time/historical analysis, and customers the likes of Yahoo, Goldman Sachs, Lehman Brothers, Rockwell, Lockheed Martin, Fannie Mae, Australian DoD, US Census, etc.
Looking at logging output in an enterprise environment can be very difficult. To make this really useful you need to aggregate information in a central repository, from all different servers/apps running on many machines. For true heavy duty log analysis you need to resort to tools such as SenSage's log storage/analysis tool.
Any other tool will choke on the volume of information you'll be chugging through in an enterprise environment, unless you pay for a multi-million-dollar Oracle deployment.
A Linux-based product used by Blue Cross/Blue Shield, Yahoo, Lehman Brothers, etc. For true enterprise security you need something like this.
I know a company that provides a comprehensive screen-sharing solution for local and remote cooperation during business conferences. All participants can use their own laptop and its screen real-estate to do their own private thing, but can drag applications, video, etc., to a central shared (typically large plasma) screen. Everyone's mouse/cursor can co-exist on the shared screen, manipulate the shared application windows, etc. Very nice, useful, not a toy. Born from a Stanford project.
Business gets a $2 trillion (number pulled from nether regions) boost in profits by applying stress. $.3 trillion is a small price to pay, and it's not even business' burden to foot the bill.
Get real. Stress motivates, and it's an integral part of business strategy.
I love this article on two Italian pizza makers commissioned to demonstrate regional Italian cooking in North Korea. What a screwed up system. http://www.atimes.com/atimes/Korea/DK21Dg03.html
My company sells product to large enterprises,
and most of them run one of the RedHat
expensive-support options. We've seen few
instances of other commercial or custom
distributions.
For a list of the 2.6 features that have
and have not been back-ported into 2.4 for
the current RH Enterprise Linux release,
look here.
Slashdot Mirror
IRS uses the SenSage log data storage & analysis product: http://sensage.com/content/customers
Having used this product I'm sure the IRS will have all they need to track his electronic footprints outside the normal bounds and scope of his work. Unfortunately we'll never know.
this would be great target for terrorists, especially if it's your society's major delivery network. a few well-placed ticking bombs would bring you down. it ain't 1929 no more.
SenSage built a column-oriented DB in 2001 and has had much success with the approach for their fast-input, fast-query, high-density, multi-TB databases. Stonebreaker was on their technical advisory board. Interesting that he now centers his own startup on the same principles. See http://en.wikipedia.org/wiki/Column-oriented_DBMS.
See the article http://www.computerwire.com/industries/research/?p id=9681B83E-A348-42A5-9DA5-BEF13EE1A835 -- they maintain SCADA systems that may originally have been on a separate physical network have slowly bled connectivity to corporate networks and are now open to those who compromise those networks.
They also describe a Hewlett-Packard/SenSage software package to monitor in real time and also archive network events on SCADA networks -- allowing for real time alerts of ongoing crimes, or at least an archive of all activity related to external or insider bad activity. Historical analysis at all network levels (physical, computer, server process levels) is very important -- without it you can't find the perps or track how they compromised your network.
See prior posts about SenSage -- it employs a write-once read-many storage device (EMC Centera) and a commercial but open-source-based log archival/analysis engine (SenSage).
See other comment posted above this one for description of SenSage.
EMC ships their Centera with a very good software package from SenSage built specifically for log storage/analysis and compliance. While SenSage isn't free, it's a good open-source-based software product. It's incorporated into products from EMC, IBM, HP, etc.
You'll never roll-your-own for cheaper than SenSage/EMC-Centera.
SenSage is a commercial log storage product/archiver design for Linux clusters and built on open source software (backend: C++/Perl; GUI-client: Java; CLI: Perl; Agents: Perl). Not only can you store gigabytes of log data every day, you can run queries over billions of rows in a minute -- your roll-your-own won't allow that. Any PCI compliance solution must not only store log info but also let you analyze it -- analysis also will lead to better operational monitoring, and better security (if you're worried about being hacked from outside, worry much more about an inside job! -- only archival/analysis will give you proof of past wrongdoing for inside jobs). And when it comes to figuring how best to satisfy specific compliance issues (beyond just storing the log data), they've done all the hard work for you for HIPAA, PCI, SOX, etc. Tracking down and complying with your particular regulations would take a long time on your own.
Added benefit: the back end archives log data to a huge write-once read-many EMC Centera device. You can keep your log data around for ten+ years.
SenSage is such a good DB for log archival, it's been incorporated into offerings by EMC, IBM, HP. See, for example the "HP Compliance Log Warehouse appliance" ( http://compliancehome.com/news/FISMA/10902.html ) -- it's HP's version of SenSage.
Companies sending out corporation-wide e-mails with sensitive information often
"stamp" the content with a unique ID for each copy they send to each individual
employee. They compare any leaks with the original text sent to each employee
and then identify the leaker. This could be bad news.
For an example, let's say there is one CEO and 4 grunts in a company.
An example e-mail template:
There are four employees, the CEO sends employee #0 with the e-mail template '00', ... so on till '11'.
the next '01',
If the CEO finds someone anonymously leaks a complained on a web site
about how stingy he is, citing the full e-mail, he knows which of the
four leaked the e-mail.
When the employee exercises a stock option they are paying the company for the share. If the company back-dates an option to lower the strike price for an employee, the employee pays less for it.
Scenario:
The employee makes a bigger profit, the company loses. This is the worst
side-effect of back-dating stock options. You're cheating the other shareholders.
The product might work something like Zenprise for Microsoft Exchange. The Zenprise product does the following:
This is very different from a Nagios system -- Nagios only gathers static sets of telemetry and presents a monitoring view of these -- Nagios doesn't interpret any of the information to come up with specific root causes for the problem or resolution plans for the problem.
Nagios might show, via a graph: your disk space remaining on drive M: has consistently been growing on the Exchange mail server for the past 2 hours and is reaching 95% capacity. Nagios cannot say: your disk space remaining on drive M: has consistently been growing because mailstore MS1 has been growing because userX has been sending a flood of e-mails because their client has been infected with virusY, which is something a tool like Zenprise might be able to tell you.
Here's a basic explanation of how products like Zenprise might do this.
You can lock down your servers, your network, etc. But as you imply, insiders are the big threat.
To avoid insider abuse at hospitals, doctors' offices, etc., you need to let insiders you're watching everything they do. This isn't "big brother", it's common sense. You can't necessarily lock everyone out of everything, but if they know you're looking they'll more likely play by the rules.
An article about the Michigan health system (they use the P2 Sentinel product from Cerner and SenSage) was informative, a useful case study. They monitor insiders, and everybody's happier.
No shilling here. I like the iRiver device and the Napster service, and Microsoft happens to make it possible.
And I like Linux too. I worked three years developing a Linux-based software product at SenSage and appreciated Linux for what it provided. In like vein I appreciate Microsoft's DRM.
I've been using Microsoft DRM with the Napster subscription service for over a year now on an iRiver H10 hard-drive device. You can't beat the convenience and the price -- the cost of a single CD per month for lots of great music.
It's such a good model I even bought four more iRiver devices for others.
To clarify some points in the original comment:
The pricing and model beats iTunes. Many, many services will end up using Microsoft DRM. When people wake up and look beyond the fatuous Apple image to practical realities, Microsoft DRM will come out the winner.
Maybe the writer speaks Spanish, Portuguese, or some other Latin-based language. In such languages, the word that naturally would be translated into English as "concurrence" really means "competition".
Take a look at concorrencia, choose the link "concorrencia" from there, and you'll see this definition: espécie de luta pela vida que é baseada nos fenómenos de selecção natural e que defende a ideia de que esta é efectuada através da escolha do mais apto e não do mais forte. This means: a fight for life based on the phenomenon of natural selection implied by survival of the fittest.
Maybe that explains the choice of words. (The other definition means, I think, "claims of rights to an object by multiple people" -- same idea.)
Insiders can be real threats, the BIGGEST threats. An insider can steal much more than a hacker ever can. And many insiders think they can get away with it. Just look at the porn-billing iBill incident made public last week.
The best policy is to log everything that happens in an enterprise, to a level required to reconstruct past bad behavior. You can't keep your insiders away from information they need to do their jobs. Trust, but also verify! There are products out there like Sensage (http://www.sensage.com/ ) that can collect, centralize, and make available years of log data for an IT organization. While this might not prevent the theft in the first place, a company can crack down on and prosecute current/former misbehaving insiders. Sensage will do very well, as will many other companies in this space (including recent Slashdot heavy banner-advertiser Splunk (http://www.splunk.com/ ) ).
I look forward to seeing how well these products do. It's time one of them went public so we can gauge interest.
Subscription content is the future. If you like to explore music, Napster (or similar Microsoft DRM subscription services) are the way to go. I like downloading tons of music every month for about the cost of 1 CD. Goodbye $.99 per track, there's a better, cheaper alternative.
You need to check out products from SenSage Inc. They specialize in collecting log data from all levels of the network and consolidating it in a central log repository, queryable by SQL. This is the best technology for recording legal audit trails of electronic networks, and is a big deal for forensics, compliance, ...
Sensage... you still need recourse. You can't expect that all IT solutions will be 100% secure -- some engineer/administrator along the way will make a mistake. And worse, there's still the human element: even if you plug all the holes, those on the inside can still steal or misuse information stored on the very secure platforms.
So what's the backup, that recourse? Log all events on your network: TCP/IP connections, transfer statistics, event logs, syslogs, web server logs, mail logs, DB logs, etc. Make sure you store those events in a central location and constantly analyze that information, in real-time, and historically. When you uncover a new possible exploit, build a rule to catch future occurrences, but even more important, look at the past to see who has used that exploit and prosecute their ass.Inevitably, this log centralization/aggregation costs money (how many GB/TB a day will a big corporation generate daily in logs?). A good solution: SenSage has a sophisticated log aggregator with compressed storage, blazing query speed, great real-time/historical analysis, and customers the likes of Yahoo, Goldman Sachs, Lehman Brothers, Rockwell, Lockheed Martin, Fannie Mae, Australian DoD, US Census, etc.
Looking at logging output in an enterprise environment can be very difficult. To make this really useful you need to aggregate information in a central repository, from all different servers/apps running on many machines. For true heavy duty log analysis you need to resort to tools such as SenSage's log storage/analysis tool.
Any other tool will choke on the volume of information you'll be chugging through in an enterprise environment, unless you pay for a multi-million-dollar Oracle deployment.
A Linux-based product used by Blue Cross/Blue Shield, Yahoo, Lehman Brothers, etc. For true enterprise security you need something like this.
I know a company that provides a comprehensive
screen-sharing solution for local and remote
cooperation during business conferences.
All participants can use their own laptop and
its screen real-estate to do their own private
thing, but can drag applications, video, etc.,
to a central shared (typically large plasma)
screen. Everyone's mouse/cursor can co-exist
on the shared screen, manipulate the shared
application windows, etc. Very nice, useful,
not a toy. Born from a Stanford project.
Check out: http://www.tidebreak.com/
Very useful.
Business gets a $2 trillion (number pulled from nether regions) boost in profits by applying stress. $.3 trillion is a small price to pay, and it's not even business' burden to foot the bill.
Get real. Stress motivates, and it's an integral part of business strategy.
I love this article on two Italian pizza makers commissioned to demonstrate regional Italian cooking in North Korea. What a screwed up system. http://www.atimes.com/atimes/Korea/DK21Dg03.html
I agree with the poster -- Joe Frank is some of the best radio I've ever heard.
In Brazil the mascot will look like a perverted psychopath with a thing for fish.
My company sells product to large enterprises, and most of them run one of the RedHat expensive-support options. We've seen few instances of other commercial or custom distributions.
For a list of the 2.6 features that have and have not been back-ported into 2.4 for the current RH Enterprise Linux release, look here.