Building Sentry Systems

From: Hal Flynn (flynn_at_securityfocus.com)
Date: 09/09/03

  • Next message: Benedikt Stockebrand: "Re: Building Sentry Systems"
    Date: Tue, 9 Sep 2003 07:17:09 -0600 (MDT)
    To: focus-sun@securityfocus.com
    
    

    Hi folks,

    So, while on holidays in Phoenix, I drove up to Las Vegas to see a friend
    that had relocated there sometime ago. If you've never driven the road
    between Phoenix and Las Vegas, it's full of twists, turns, and nothing.

    Given the opportunity to collect my thoughts in such an environment, I
    started contemplating something another friend and I had discussed around
    a year ago. One of the biggest limitations I've been able to identify in
    storage systems is the ability to ensure the integrity of files.

    A couple years ago when I took the Veritas Cluster Server course, I
    learned that one of the by-products of using cluster technology is the
    occurrence of split-brain, where two systems begin functioning on the same
    cabinet of drives, thus accessing the same disks while carrying out
    potentially different operations.

    You probably see where I'm going with this, but what I started thinking
    about is creating a self-contained system that functions independent of
    the cluster, and has access to all drives in the cabinet. The system
    stores integrity information locally, and acts as an audit host to monitor
    the integrity of files within the storage cabinet.

    Is anybody familiar with any research in this area? Has anybody
    experimented with anything like this? I don't have access to any large
    cabinets to tinker with these days, so I don't have the ability to play
    with this on my own. I'd be interested in hearing about other similar
    research and experimentation.

    Cheers,

    Hal Flynn
    Symantec Corp.
    http://www.securityfocus.com/unix


  • Next message: Benedikt Stockebrand: "Re: Building Sentry Systems"