Tuesday, November 30, 2010

One VERY Impressive Piece of Malware - Stuxnet

You may have heard about Stuxnet, but like me didn't get into the details until now.   If so, you'll be impressed.  



It's hard to believe its development will stay secret forever, so someone will eventually take credit and maybe even write a book.  Whatever the case, and whom ever created and managed it, Stuxnet was one amazing malware campaign with it's zero-day exploits, subtle damage approach and peer to peer upgrade channel.

Don't worry if you're a technophobe, the article below reads like a Hollywood script and brings to mind how Churchill subtlety used Ultra (or didn't use it) to further the allied objectives.  The story even has a climax, with discovery day cleanup already prepared - very impressive.  Here's the link :



And the more technical Wiki version :

Wiki on Stuxnet

It makes one wonder what unknown code may be running on other computers...

Be prepared.

Rod Coleman, General Manager - Sierra Computer Group

Monday, November 22, 2010

IT Design



By Rod Coleman - General Manager, Sierra Computer Group


This is a post from Slashdot this morning :


DiniZuli writes"I've been employed by a small NGO to remake their entire IT-infrastructure from scratch. It's a small company with 20 employees. I would like to ask the /.-crowd what worked out best for you and why? I came up with a small list: Are there any must have books on building the IT infrastructure? New desktops: should it be laptops (with dockingstations), regular desktop machines or thin clients? A special brand? Servers: We need a server for authentication and user management. We also need an internal media server (we have thousands of big image and video files, and the archive grows bigger every year). Finally we would like to have our web server in house. Which hardware is good? Which setup, software and OS'es have worked the best for you? Since we are remaking everything, this list is not exhaustive, so feel free to comment on anything important not on the list."

Rather than get into the flaming fray at Slashdot, I'll comment here and provide an example of how to set up IT for a small business.  And more importantly - how NOT to.

The biggest problem with the above approach is that his questions were all about hardware.   Hardware is the last thing to worry about.  And the least expensive.  If you do the design right, the hardware questions answers themselves.

(BTW, if you know what the MOST expensive part of a computer system is, post a comment.  I'll provide the answer there.)

The questions our Slashdot guy SHOULD have been asking the stake-holders :

1. What is the nature of your business?

2. How do you manage the client relationship?

3. In what ways is YOUR business different from typical?

4. What transactions are time or process critical and therefore have disproportionate importance?

These questions would have lead to others that would have allowed him to clearly define the needs of the business.  These needs are then the key to finding the right architecture, software and services.  They will provide definition, or exceptions to the following standard requirements, yielding even more good questions :

Web access - You can't even start the business plan without doing some web research.  Your pipe to the world has become the most critical business tool of the 21st century.  Make sure you have the bandwidth and reliability you need.

Email - Phones are becoming less critical while social texting is emergent, but email will remain the workhorse of business communications.  I know of businesses that ONLY use email to communicate, not that I'd recommend it.  Define your email needs carefully.  Do you need the security of having email on premises or can you use a cloud solution?  How will you plan to defend yourself against malware?

Phone System - Phones remain the universal instant gratification of business, so mobile is key.  Make sure smart CELL phones are at the heart of your design.

Vertical Applications - This is often the most important and specialized component of an IT systems.  Make sure it reflects the actual business process and transaction flow.  Once you understand these needs, this critical piece of software can be selected.  If you do a good job with this selection, the hardware will simply follow from these software requirements.

Customer Relationship Management - This is often part of the vertical application.  If not, make sure it's near the top of your check list.

Accounting Software - The boring stuff often gets ignored, but is critical to collecting the right metrics for later process management.  Choose wisely.

Other Support Applications - More boring stuff, but some more important than others.  Look for disproportionality when allocating your research time.

Security Review - Just make sure it's completed BEFORE you turn up the servers.

Backup and Recovery - Same here.  Risk of data loss is highest during startup, migrations or transitions. Be prepared.

Website - It's the new Yellow Pages.  SEO metrics will tell you if you made it into the book or not.

Blog - The fact that you're reading this post shows how useful this tool can be.

Reader - A news and blog reader will allow you to stay current with your customer's changes.

Social Media - This may or may not be important now, but make sure the questions is asked.  Cultural interaction is becoming more terse as texting demonstrates.  Be ready to engage with the media your customer is using.

Once you've discussed these topics (and others they bring up), you'll have your needs defined.  These needs will drive the software selection.  The software will drive the hardware selection.  This is just a quick overview.  Watch for more detail on each topic.

Once you define needs, software and hardware, you only need an effective IT team to roll it out.

Let us know if we can help.