Posted by Richard Schissler on Tue, May 31, 2011 @ 11:32 AM
Sony Corp., the Japanese maker of PlayStation 3 video game machines and Bravia flat-panel TVs, reports its fiscal fourth and annual quarter results Thursday. Ahead of the results it has announced it will post a full-year loss after earlier forecasting an annual profit.
WHAT TO WATCH FOR: Sony has been under pressure from plunging sales of flat-panel TVs and other gadgets, and is likely to remain in the red in its TV business for the seventh year straight.
But it faces a new kind of challenge to its reputation after acknowledging a massive security breach affecting more than 100 million online accounts. Tokyo-based Sony was forced to close down its online gaming services last month.
It began restoring its PlayStation Network service in the United States and Europe May 15, mainly for online gaming, chat and music streaming services.
WHY IT MATTERS: As a prized brand, Sony's ability to spring back from the production disruptions set off by the March 11 earthquake and tsunami in Japan is symbolic of the nation's overall recovery.
Sony has lost much of the luster that it gained from pioneering whole sectors such as its Walkman portable music player in the 1980s that catapulted Sony into a global household name.
Nowadays it is struggling against flashier and more efficient rivals, including South Korea's Samsung Electronics Co., from which Sony purchases liquid-crystal displays, a key component in flat-panel TVs.
Sony has also taken a beating in music players and other portable devices to Apple's iPod, iPhone and iPad. Adding to its woes is the strong yen that threatens all major Japanese exporters by eroding their overseas earnings.
Sony, which also has a sprawling entertainment businesses in music, video games and movies, has repeatedly banked on content download services for network-linking TVs and game consoles. But the recent leak of user information is throwing even those ambitions into doubt.
WHAT'S EXPECTED: Sony said Monday it expects a net loss of 260 billion yen ($3.2 billion) for the year ended March 2011, largely due to writing off 360 billion yen ($4.4 billion) related to a tax credit booked in a previous quarter.
LAST YEAR'S QUARTER: Sony posted a net loss of 56.6 billion yen ($608 million) for January-March 2010, smaller than the 165 billion yen loss racked up the same quarter the previous year. It booked a 40.8 billion yen ($439 million) loss the fiscal year ended March 2010, smaller than the previous year's 98.9 billion yen loss — Sony's first annual red ink in 14 years.
WesTec Services, A Houston IT provider that offers a wide range of services including: Network Installation/Service, Telephone Systems/Service, Video Surveillance/Access Control and Office Equipment
CALL TODAY at (713) 682-4000
Posted by Richard Schissler on Fri, May 27, 2011 @ 11:54 AM
Create a Policy for 
Safeguarding Computers and
Other IT Equipment
Posted by JohnStorts May 26, 2011 3:27:33 PM
Protecting business desktops, laptops, tablets and other IT equipment from misuse starts at the end-user level. It's important that the business defines boundaries for appropriate use and communicates those boundaries clearly and concisely to all employees. Creating policies is the first step in setting those boundaries and enforcing them.
Toolkit Cafe contributed the IT Computer Equipment Security Policy template to assist others in the creation of policies that protect both the organization and the employee. The template, part of its comprehensive IT Governance and Compliance Toolkit, can be fully customized to reflect pertinent policy details, including content owners and revision history. Initially, it provides five common policy items that you can revise to meet your business environment. These items outline the official stance on:
- Reasonable and limited use of company equipment for personal reasons, unless prohibited by the nature of the work
- The rights of the company to monitor use of equipment, including email and Internet access, without notice or consent
- Accessing a co-worker's computer without authorization
- Conducting or soliciting outside business using company equipment
- Proper disposal of equipment, including removal of any files or licensed software, by authorized personnel
In addition, the template includes spaces for indicating who employees should address questions to within the IT department and what the consequences are for non-compliance.
Don't wait to put a security policy in place until after a breach, theft or obvious violation occurs. Craft a strong policy now and make sure all employees are aware of it to proactively avoid problems. Unless conversion rates have changed in some fundamental way, an ounce of prevention is still worth a pound of cure.
WesTec Services, A Houston IT provider that offers a wide range of services including: Network Installation/Service, Telephone Systems/Service, Video Surveillance/Access Control and Office Equipment
CALL TODAY at (713) 682-4000
Posted by Richard Schissler on Fri, May 20, 2011 @ 02:13 PM
Source: Rackmount Solutions (online newsletter)
Mitigate the Effects of Disasters
The recent earthquake, tsunami and ensuing nuclear crisis in Japan serve as dramatic examples of the types of events that can destroy an organization's resources. Other disasters across the United States and around the world, from tornadoes to wildfires to ice storms, highlight the fact that major disasters can strike anywhere, anytime.
However, even disasters that seem minor in comparison, such as building fires, water leaks, power outages and hardware failures, can cause untold amounts of damage to a data center. Protecting hardware is an important addition to any disaster recovery plan and is essential for a quick return to normal operations.
Plan for the worst
Business continuity planning, also known as disaster recovery (DR) planning, goes a long way toward ensuring that a data center can weather the storms that come its way. Many organizations have developed backup and failover systems that are designed to allow the businesses to continue running if a primary server location is disabled. But often, DR plans are either incomplete or not updated regularly.
According to research conducted by security firm Semantic, half of small and midsized businesses do not have a disaster recovery plan.
Source: SmallBusinessNewz
As you develop or review your DR plan, consider obtaining input from a third party that can provide an objective assessment of your organization's vulnerability. As Processor notes, qualified professionals can provide a business impact analysis (BIA) that can reveal not only the potential costs of a data center outage, but also the best ways to protect your data and infrastructure.
Implement physical protection
Physical security for your servers is crucial during any disaster. Your plan should include physical protection against damage as well as theft during the chaos of a disaster.
Create redundancies for power and cooling
In your continuity plan, include backup provisions for:
- emergency lights
- electricity
- cooling systems
- power surge protectors
Test backup batteries, generators and uninterruptable power supply (UPS) systems regularly.
Set up monitoring and alerts
Your server room should include monitoring systems that will alert you to:
- water leaks
- smoke
- dust
- seismic activity
- temperature changes
- humidity changes
Many monitoring systems include a variety of sensor types, including wireless sensors, and can be controlled through a central facilities dashboard. These systems enable personnel to respond to alerts instantly and avoid problems before servers are seriously damaged.
If possible, do not locate the server room in a basement, which is more likely to flood than a room on a higher level. Your server room also should not have windows that could break or leak during a disaster.
Ensure physical security
Verify that your server room is completely secured and adequately protected from theft at all times. Keep all equipment in secure areas and strategic locations.
- Locate server rooms in a secure part of the building.
- Install and regularly check door locks.
- Check and update access codes to your electronic security system regularly, especially if you've had any personnel turnover.
- Keep an updated inventory of all server room equipment.
- Use enclosed server racks, which provide an additional deterrent to thieves and also protect against physical damage from jarring, dust and debris.
At the same time, it is crucial to have a plan for allowing authorized personnel to access the data center in the event of a security system failure during a disaster.
"Once you have created a DR plan, you should rigorously and thoroughly test it, then adjust it as directed by the testing process."
A DR plan is always a work in progress
Developing your DR plan and installing physical protective measures are only the first steps toward actually surviving a disaster. Once you have created a DR plan, you should rigorously and thoroughly test it, then adjust it as directed by the testing process.
And even after you feel your DR plan is solid, never take it for granted. Actively use it by continuing to test and review it at regular intervals. Given the rapid changes in technology and business practices, Processor recommends a thorough test and revision of your DR plan each quarter.
Finally, because people are the real key to business continuity, make sure your DR plan considers human elements. For example, make sure that you have appropriate and adequate evacuation and communication plans in place for disasters. Be sure that if a disaster strikes, every person in your organization knows his or her role in the DR plan.
WesTec Services, A Houston IT provider that offers a wide range of services including: Network Installation/Service, Telephone Systems/Service, Video Surveillance/Access Control and Office Equipment
CALL TODAY at (713) 682-4000
Posted by Richard Schissler on Thu, May 19, 2011 @ 08:39 AM
Shel Israel CEO, SI Associates May 17, 2011
You’re at a professional networking event. Adult beverage in hand, you are chatting with a few colleagues, you know pretty well. You are conversing in a public venue—just like you do in social media. At some point a stranger joins you.
One of two things happens next:
Option A: The stranger intrudes on your conversation with people you know. He puts a business card in front of your eyes. He starts talking about what he sells and why you should buy from him. He keeps talking, as one at a time, you and your friends retreat from your small social circle and regroup elsewhere in the room
Option B: The stranger joins your circle, with a smile and nod, but doesn’t speak. She listens to what the three of you say for a while. When she finally joins the conversation, she adds an interesting or useful tidbit to the topic the three of you had been discussing.
So many companies, new to social media, come in not listening but talking—talking about themselves and talking about why you should buy from this intruder. Everyone knows that the conversational intruder will do poorly in real life? So why do so many companies behave precisely this way online?
Want to read more about social media in small business? Check these out:
In real life we are rarely successful at being strictly business. We walk into an important meeting and start by asking about family or friends or how the team you both root for could have possibly lost that game.
Why so many business people try to mask their humanity online is beyond me. Why they intrude into existing conversations rather than join them is puzzlement. Why they try to qualify you as a prospect or get you to register somewhere seems to me less effective than starting the conversation about how pleasant it is outside now that winter is gone.
Both these stories are designed to make a point. The best way to win in social media is to behave there in precisely the same way you have succeeded in your business.
If you are a small business professional, chances are you have acquired the skills you need in social media, over the counter in a retail establishment or in professional gathering you have attended. You need to be a good listener. You need to read a situation before joining in. You should show a little of your human side. You should also use a professional but informal style.
I would vastly prefer to see your face than your business logo. I would rather talk to an individual referring to herself as I, then a faceless, nameless we.
This becomes particularly important in small business. Chances are strong that whatever you sell, there is a franchise, big box or chain offering similar goods or services at a lower price.
WesTec Services, A Houston IT provider that offers a wide range of services including: Network Installation/Service, Telephone Systems/Service, Video Surveillance/Access Control and Office Equipment
CALL TODAY at (713) 682-4000
Posted by Richard Schissler on Mon, May 09, 2011 @ 12:09 PM
by Paul Mah 2011-4-28 3:15:26 
Seattle police are currently investigating a group of criminals whose modus operandi was to cruise around in a vehicle to map out surrounding wireless networks for a subsequent break-in. Also known as "wardriving," hackers essentially made use of laptops armed with long-range antennas to search for unsecured or poorly-protected wireless networks that they could exploit. Once network access was obtained, the hackers could potentially siphon off credit card account information, redirect funds via the use of fake payrolls or even access identity information for the purpose of fraud.
The vehicle, a black Mercedes with heavily tinted windows was impounded last year after its owner tried to use stolen gift cards at a local wine bar. When the police searched the car, they found a passenger-seat laptop mount designed to allow the driver to operate the computer, while a laptop that draws its power from the car was also found together with a range-boosting antenna. The group was believed to have been doing this for five years.
While unsecured wireless networks are obviously at risk, businesses using WEP (Wired Equivalent Privacy) for security are also equally vulnerable. This is because WEP has well-known flaws that allow it to be trivially defeated. To illustrate just how vulnerable the anarchic algorithm is, a 104-bit WEP key could be cracked in as little as two minutes under the right circumstances – four years ago. Moreover, the tools to defeat WEP are widely available, and are easily exploited by criminals with only modest computer skills.
Modern Wi-Fi access points (AP) typically come with the more secure WPA protocol (Wi-Fi Protected Access), though WEP is often supported for the sake of backwards compatibility. As such, SMBs that misconfigure the security setting could open themselves to risk, as with businesses that opt for WEP in order to continue using older, WEP-only wireless hardware.
The risks could be particularly acute to SMBs. As reported by Network World, Detective Chris Hansen, a fraud investigator with the Seattle Police Department wrote in his affidavit that:
A number of area small and medium-sized businesses have been targeted in these network intrusions, which have also involved a pattern of financial and personal identifying information (such as credit card information).
As larger businesses tighten up their security with the use of WPA and more sophisticated Wi-Fi hardware, it is clear that SMBs that neglect to do so will place themselves at great risk. And security by obscurity doesn't work as long as the APs are switched on; instead, they are standing out, waiting to be hacked.
WesTec Services, A Houston IT provider that offers a wide range of services including: Network Installation/Service, Telephone Systems/Service, Video Surveillance/Access Control and Office Equipment
CALL TODAY at (713) 682-4000
Posted by Richard Schissler on Fri, May 06, 2011 @ 01:49 PM
By: Paul Mah
The FBI and Financial Services Information Sharing and Analysis Center (FS-ISAC) issued an alert earlier this week warning SMBs in the U.S. to be vigilant for unauthorized wire transfers to China economic and trade companies that are located near the Russian border. The reason for the warning: The FBI has identified 20 incidents in which the online banking credentials of small- and mid-sized businesses in the United States were compromised and used to initiate illicit wire transfers to the tune of $20 million.
Many of the companies that have received the money are registered in port cities such as Raohe, Fuyuan, Jixi City, Xunke, Tongjiang and Dongning. Each transfer ranges from $50,000 to $985,000, and as you can imagine, the money was swiftly made off with. The report (pdf) observed:
When the transfers went through successfully, the money was immediately withdrawn from or transferred out of the recipients' accounts.
Actual losses from successful transfers so far have been pegged at $11 million, though it should be noted that this took place over a mere span of two months — March 2011 to April 2011. Clearly, this is a highly sophisticated racket run by hackers who are in it for the big time. So why target SMBs instead of the enterprise? I personally believe these hackers are attracted to small- and mid-sized businesses due to the ease of hitting these comparatively "softer" targets for a still-lucrative payoff.
According to the report, the attack vector appears to be via the use of phishing emails or when victims are tricked into visiting a malicious website. A Trojan is surreptitiously installed onto the workstation of the staffer with the authority to initiate fund transfers, where it quietly harvests the online corporate banking credentials of the user's account.
As reported on Computerworld, Avivah Litan, an analyst at Gartner, is not impressed by SMBs succumbing to phishing attacks and unpatched vulnerabilities. Litan highlighted the dismal state of SMB security:
These attacks are using the same techniques that have been used for a couple of years against business bank accounts and more recently against enterprise systems and security companies.
For now, businesses keen to protect their corporate accounts from being taken over might want to refer to this fairly comprehensive guide put together by the FBI, IC3 and FS-ISAC titled, "Fraud Advisory for Business: Corporate Account Take Over."
WesTec Services, A Houston IT provider that offers a wide range of services including: Network Installation/Service, Telephone Systems/Service, Video Surveillance/Access Control and Office Equipment
CALL TODAY at (713) 682-4000
Posted by Richard Schissler on Mon, May 02, 2011 @ 11:28 AM
Tip #1: Minimize the amount of data you protect
You can reduce the amount of data you back up while ensuring 100 percent recovery by using technologies that filter out unchanged and deleted data.
While tools that utilize VMware CBT (Changed Block Tracking) eliminate the backup of some unnecessary data, CBT does not prevent the backup and restore of deleted data. The Windows operating system uses the unused free space that is allocated, but not used, for data to store deleted files. That deleted data is never removed until it is overwritten to make space for new data. VMs that host applications with frequently changing data can have gigabytes of deleted data. Unfortunately, those files are seen as changed data blocks, and backup tools using only CBT will back up that deleted data. That stretches backup times, lengthens restore times, and overloads your network.
Our tip is to select a tool that does not back up deleted data. That way, you can back up often and with greater granularity. You’ll also save substantially on storage space, backup time, bandwidth and recovery time, enabling you to have better recovery point objectives (RPOs) and shorter recovery time objectives (RTOs).
Tip #2: Maximize backup speed and throughput
Many backup administrators manage data protection for their virtual systems as if they were protecting physical systems; this can seriously reduce the efficiency of virtual asset data protection. For example, administrators often put multiple VMs on a server that would have previously hosted only one physical application. This creates increased contention for network resources—particularly when backups and restores are being performed.
Virtualized systems are different and need different techniques for optimal protection. We recommend you use a tool that allows simultaneous backup and restore to avoid bottlenecks. In addition, use a tool that provides flexible backup methods (proxy, direct-to-target, LAN-free) to fit your environment and minimize workload impact.
To further increase network and system efficiency, choose a tool that eliminates the need for a backup server by sending backup images directly to target storage. This approach reduces network load by eliminating intermediate steps.
Tip #3: Keep your recovery options flexible
While agent-based systems have their benefits, they aren’t always most efficient or cost effective for small organizations. When you back up virtual systems with agent-based systems, you typically have to pre-stage your VMs to restore an entire VM. This means you have to spawn a new VM via clone or template, size the memory and disks correctly, name it correctly, and create the appropriate number of virtual disks. Once this is up and running, you must then install an agent, connect to the target, and restore the VM. One alternative to an agent-based system is bare-metal restore routines. However, these are challenging to implement at best, and you may have to maintain duplicate hardware with this option as well.
Fortunately, virtualization brings many simpler and more powerful recovery options. Use a tool that allows you to simply click on a VM to restore it, with no need for pre-staging. Find one that allows you to easily restore files at the file level and to restore application objects. Set up your disaster recovery scheme so you can fail over to a VM on a remote server (either on campus or offsite) with a single click of a button, and ensure the replication is automatically reversed so that once the source site comes back up, you can simply synchronize the changes and failback to source.
What about physical boxes? Almost every virtual environment has some servers that just can’t be virtualized yet. Consider companion tools that work with your virtual data protection tool to offer continuous protection for physical servers. Using continuous protection, you can image physical systems into VMs, which can be then restored to a VM
Five Tips for Effective Backup and Recovery in Virtual Environments 6
or a physical server. This approach gives you the flexibility to get your systems restored and your business back on line fast.
What about long term tape-based retention? Most organizations already have investments in agent-based software and tape systems. All you need is a single agent with visibility to an archive repository to sweep the archives off to tape. Consider a tool that offers sweep-to-tape integration that can be used with a traditional backup tool. Then if you ever need to recover an old archive, you can simply restore it to the repository, import the manifest, and start restoring files or VMs as you please.
Tip #4: Minimize performance drains
As mentioned earlier, many backup administrators manage data protection for virtual machines as if they were managing separate individual physical systems. Another example of this is deploying backup agents on each VM and running backup jobs in defined backup windows in order to avoid hurting the performance of business operations on the system. Often backups are run during off-peak hours, usually at night.
Unfortunately, this approach has a significant impact on the virtual machine host and VMs. The host system must take on the extra processing load and absorb latency increases due to I/O contention during the entire backup window, slowing all VMs on the host until all scheduled backups are complete. Adding to this impact is increased network traffic and latency due to the increased volume of data traveling to the backup server.
Our tip is to use dynamic resource management to free unneeded resources; when resources are taken only when needed, limited or scarce resources can be shared among processes. You can also reduce performance impact by simplifying your backup infrastructure with a flexible tool that can adapt to your network layout (LAN, WAN, or storage network), shifting the load of data protection operations away from the networks critical to business performance. For even greater benefits, choose a tool that provides flexible backup methods (proxy, direct-to-target, LAN-free).
Reducing the impact of backups on your network, servers and applications will enable you to save on hardware and infrastructure costs. It will also help your current infrastructure perform better so you have room for growth without spending more money. In other words, with the right tools, you can do even more with less.
Tip #5: Protect to fit your needs and SLAs
You have different SLAs and infrastructure for different applications and data. Your data protection solution needs to adapt to fit your needs—not the other way around. Your data protection tool shouldn’t force you to conduct your data protection operations in a way that interferes with your production systems and networks. You should back up only as often as you need to meet your SLAs, in order to minimize effort and load on your production systems and networks.
Therefore, choose a flexible tool that offers a choice of networks and a method to be used for data protection: LAN, WAN, server-less. We recommend an image-based data protection tool because images are very portable, allowing you to recover when, where and how you need to for the greatest efficiency. We also advise choosing a tool with flexible licensing to provide the best fit for your environment while costing as little as possible.
Most of all, choose an architecture that fits the SLAs for your organization. The correct architecture for your business depends on the hardware and setup you have today;
there is no one-size-fits-all. Understanding the options here is arguably the most important part of the equation when designing a virtualized disaster recovery system. Regardless of which image-based tool you are using, you need to configure it correctly, which includes, among other things, choosing the correct source method and understanding data flow and proper positioning of targets.
Finally, choose a tool that offers a variety of architectural options for deployment: network-based, direct-to-target, iSCSI, fiber and both ESX and ESXi backups. This will ensure you can set up your backup regime in a way that makes sense for your environment.
WesTec Services, A Houston IT provider that offers a wide range of services including: Network Installation/Service, Telephone Systems/Service, Video Surveillance/Access Control and Office Equipment
CALL TODAY at (713) 682-4000
