RE: Upptime report tools?

["Warren Brunson" <Warren.Brunson () IdenTrust com>]

So ... I just confirmed that Jon was being very generous when he said
that "5-nines" means "less than an hour of downtime per server, per
year." It's actually 5 minutes and 16 seconds of downtime -- *per year*.
If you have 50 minutes of downtime in 12 months, you are at 4-nines; and
if you are down a full hour per year, you are at 3-nines.

Which is why good SLAs don't specify server uptime, only system uptime.
This allows for activities like patching.

Several companies I know won't patch a server immediately after the
patch release, unless it's a red-flag issue. They will test the patch in
a testing or staging environment first, to make sure the patch doesn't
break something else (usually custom code). In these companies, a server
being up for 90 days or more (meaning unpatched) would not necessarily
be cause for alarm.

Warren Brunson
Sr. Security Analyst
IdenTrust, Inc.


-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On Behalf Of Prodigi Child
Sent: Friday, October 17, 2008 10:03 AM
To: Jon.Kibler () aset com; security-basics () securityfocus com
Subject: RE: Upptime report tools?

Good question - Seeing a server up for more than 90 days may indicate
that it does not have the most recent security patches. In fact, seeing
a server up for more than X days after the 2nd Tuesday of the month
(Patch Tuesday) may indicate that, depending on what patches were
released by MS that month.
I've never really though of that but that would be a great way of
gathering info for potential exploits without running a vulnerability
scan on a server... good idea!

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On Behalf Of Jon Kibler
Sent: Thursday, October 16, 2008 9:27 PM
To: security-basics () securityfocus com
Subject: Re: Upptime report tools?

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Mattias Hemmingtsson wrote:
> Hello !
>
> Om looking fo a tool to monitor my servers uptime.
<SNIP>

Okay, I am going to venture onto my soap box again...

For years, the big buzz has been striving for 5-9s of availability. Too
often, management has taken this to mean that all servers must be up
99.999% of the time. That is less than an hour of down time per server
per year.

Okay, security quiz time: If you see a server that has been up for over
90 days, what does that probably tell you about the security of that
system? (Note: I am not looking for a "diss Microsoft" answer!)

Please reply on-list with your answer.

Jon K.
- --
Jon R. Kibler
Chief Technical Officer
Advanced Systems Engineering Technology, Inc.
Charleston, SC  USA
o: 843-849-8214
c: 843-224-2494
s: 843-564-4224
http://www.linkedin.com/in/jonrkibler

My PGP Fingerprint is:
BAA2 1F2C 5543 5D25 4636 A392 515C 5045 CF39 4253


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkj39/AACgkQUVxQRc85QlOnCQCgidAIH9khb43uNhRTOEMRJt92
CtIAoKGZjSchFBi+KGpI53FsBwl8iZmV
=Av1R
-----END PGP SIGNATURE-----




==================================================
Filtered by: TRUSTEM.COM's Email Filtering Service
http://www.trustem.com/ No Spam. No Viruses. Just Good Clean Email.