Disaster Recovery

After the events surrounding September 11th, 2001, many companies became aware that disaster recovery planning is of critical importance. Events such as natural disasters and terrorist activity can bypass even the most rigorous physical security measures, and common hardware failures and even accidental deletions may require some form of recovery capability.

Backup and Recovery Planning

Fundamental to any disaster recovery plan is the need to provide for regular backups of key information, including user file and email storage, database stores, event logs, and security principal details such as user logons , passwords, and group membership assignments. Without a regular backup process, loss of data through accidents or directed attack could severely impair business processes.

graphics/tip_icon.gif

Any backup and recovery plan must include regular testing of the restoration process to ensure that backup media and procedures are adequate to restore lost functionality.


The form of backup in use may also affect what may be recovered following a disaster. Disaster recovery planning should include identification of the type and regularity of the backup process to be used. The following sections cover the different types of backups you can employ .

Full Backup

This is a complete backup of all data and is the most time-intensive and resource- intensive form of backup, requiring the largest amount of data storage. Restoration from a complete backup will be faster than other methods in the event of a total loss of data. A full backup copies all selected files and resets the archive bit. This method allows you to restore using just one tape. In case of theft, this poses the most risk because all data is on one tape.

Differential Backup

A differential backup includes all data that has changed since the last full backup, regardless of if or when the last differential backup was made because it doesn't reset the archive bit. This form of backup is incomplete for full recovery without a valid full backup. For example, if the server dies on Thursday, two tapes will be neededthe full from Friday and the differential from Wednesday. Differential backups require a variable amount of storage, depending on the regularity of normal backups and the number of changes that occur during the period between full backups. Theft of a differential tape is more risky than an incremental tape because larger chunks of sequential data may be stored on the tape the further away it is from the last full backup.

Incremental Backup

An incremental backup includes all data that has changed since the last incremental backup, and it resets the archive bit. An incremental backup is incomplete for full recovery without a valid full backup and all incremental backups since the last full backup. For example, if the server dies on Thursday, four tapes will be neededthe full from Friday and the incremental tapes from Monday, Tuesday, and Wednesday. Incremental backups require the smallest amount of data storage and require the least amount of backup time, but they can take the most time during restoration. If an incremental tape is stolen, it might not be of value to the offender, but it still represents risk to the company.

Copy Backup

A copy backup is very similar to a full backup in that it copies all selected files. However, it doesn't reset the archive bit. From a security perspective, the loss of a tape with a copy backup is the same as losing a tape with a full backup.

Choosing a Backup Strategy

When choosing a backup strategy, a company should look at the following factors:

  • How often it needs to restore files As a matter of convenience, if files are restored regularly, a full backup may be decided upon because it can be done with one tape.

  • How fast the data needs to be restored If large amounts of data are backed up, the incremental backup method may work best.

  • How long the data needs to be kept before being overwritten If used in a development arena where data is constantly changing, a differential backup method may be the best choice.

After the backups are complete, they must be clearly marked or labeled so they can be properly safeguarded. In addition to these backup strategies, companies employ tape rotation and retention policies. The various methods of tape rotation include the grandfather, Tower of Hanoi, and 10-tape rotation schemes.

One final note in this area: In some instances, it may be more beneficial to copy or image a hard drive for backup purposes. For example, in a development office, where there may be large amounts of data that changes constantly, instead of spending money on a complex backup system to back up all the developers' data, it may be less expensive and more efficient to buy another hard drive for each developer and have him back up his data that way. If the drive is imaged , it ensures that if a machine has a hard drive failure, a swift way of getting it back up and running again is available.

Restoration Procedures

Disaster recovery planning should include detailed restoration procedures. This planning should explain any needed configuration details that may be required to restore access and network function. These may include items that can either be general or very specific.

The policy for restoring a server hardware failure, for example, is as follows :

  1. Upon discovery, the on-duty IT manager must be notified. If not on the premises, she should be paged or reached on her cell phone.

  2. The IT manager assesses the damage to determine whether the machine can survive on the UPS. If so, for how long? If not, what data must be protected before the machine shuts down.

  3. Because all equipment is under warranty, no cases should be opened without the consent of the proper vendor.

  4. The IT manager will assign a technician to contact the vendor for instructions and a date when a replacement part can be expected.

  5. A determination will be made by the IT manager as to whether the company can survive without the machine until the replacement part is received.

  6. If the machine is a vital part of the business, the IT manager must then notify the head of the department affected by the situation and give him an assessment of how and when it will be remedied.

  7. The IT manager will then find another machine with similar hardware to replace the damaged server.

  8. The damaged machine will be shut down properly if possible, unplugged from the network, and placed in the vendor-assigned work area.

  9. The replacement machine will be configured by an assigned technician to ensure it meets the specifications listed in the IT department's server-configuration manual.

  10. The most recent backup will be checked out of the tape library by the IT manager. The data will then be restored by the assigned technician.

  11. When the technician has determined that the machine is ready to be placed online, the IT manager will evaluate it to be sure it meets the specifications.

  12. The replacement server is put in place by the IT manager. Connectivity must be verified and then the appropriate department head can be notified that the situation has been remedied.

Also, a restoration plan should include contingency planning to recover systems and data even in the event of administration personnel loss or lack of availability. This plan should include procedures on what to do if a disgruntled employee changes an administrative password before leaving. Statistics show that more damage to a network comes from inside than outside. Therefore, any key root-level account passwords and critical procedures should be properly documented so another equally trained individual can manage the restoration process.

Secure Recovery

Recovery planning documentation and backup media obviously contain many details that could be exploited by an attacker seeking access to an organization's network or data. As a result, planning documentation, backup scheduling, and backup media must include protections against unauthorized access or potential damage. The data should be protected by at least a password and possibly encryption. Once the backups are complete, they must be clearly marked or labeled so they can be properly safeguarded. Imagine having to perform a restore for an organization that stores its backup tapes in a plastic bin in the server room. The rotation is supposed to be on a two-week basis. When you go to get the needed tape, you discover that the tapes are not marked, nor are they in any particular order. How much time will be spent just trying to find the proper tape? Also, is it a good practice to keep backup tapes in the same room with the servers? What happens if there is a fire? How backup media is handled is just as important as how it is marked. You certainly don't want to store CDs in a place where they can easily be scratched or store tapes in an area that reaches 110 degrees during the day.

Both documentation and media should be stored in an offsite location, protected from unauthorized access as well as fire, flood, and other forms of environmental hazard . It is also common in military environments to have removable storage media that is locked in a proper safe or container at the end of the day.

During the process of recovery, attackers may also attempt to obtain details through packet sniffing of traffic between silo backup servers and deployed network servers. Therefore, planning should include protections against network exploit during the actual restoration.

In Chapter 6, "Infrastructure Security," we covered the proper way to handle removable media when either the data should be overwritten or is no longer useful or pertinent to the company. Here's a quick review of the choices that apply to all removable media units:

  • Declassification A formal process of assessing the risk involved in discarding particular information.

  • Sanitization The process of removing the contents from the media as fully as possible, making it extremely difficult to restore.

  • Degaussing This method uses an electrical device to reduce the magnetic flux density of the storage media to zero.

  • Overwriting This method is applicable to magnetic storage devices.

  • Destruction The process of physically destroying the media and the information stored on it.

Disaster Recovery Plan

A detailed disaster recovery plan should be created to provide structure to the process of backup, data security, and recovery. Disaster recovery planning may involve many aspects, including the following:

  • Impact and risk assessment It is important to determine the magnitude and criticality of service and data failure so you can figure out what forms of recovery planning and preparations must be implemented. In addition, you need to establish the order of recovery in the event of a catastrophic failure.

  • Disaster recovery plan A detailed disaster recovery plan should be created, including details for contingency planning in the event that catastrophic events preclude the use of previous network resources.

  • Disaster recovery policies These policies detail responsibilities and procedures to follow during disaster recovery events, including how to contact key employees , vendors , customers, and the press. They should also include instructions for situations in which it may be necessary to bypass the normal chain of command to minimize damage or the effects of a disaster.

  • Service-level agreements (SLAs) Contracts with Internet Service Providers (ISPs), utilities, facilities managers, and other types of suppliers that detail minimum levels of support that must be provided in the event of failure or disaster.

Business Continuity Planning

Beyond backup and restoration of data, disaster recovery planning must also include a detailed analysis of underlying business practices and support requirements needed to ensure that business continuity can be maintained in the event of failure. Business continuity planning should include an analysis of any required services, such as network access and utility agreements, along with planning for automatic failover of critical services to redundant offsite systems.

Some considerations that may be included in continuity planning include the following:

  • Network connectivity In the event that a disaster is widespread or targeted at an ISP or key routing hardware point, an organization's continuity plan should include options for alternate network access, including dedicated administrative connections that may be required for recovery to occur.

  • Facilities Continuity planning should include considerations for recovery in the event that existing hardware and facilities are rendered inaccessible or unrecoverable. Hardware configuration details, network requirements, and utilities agreements for alternate sites (that is, warm and cold sites) should be included in this area.

  • Clustering To provide load-balancing to avoid loss of functionality through directed attacks meant to prevent valid access, continuity planning may include the use of clustering solutions that allow multiple nodes to perform support while transparently acting as a single host to the user. High-availability clustering may also be used to ensure that automatic failover will occur in the event that hardware failure renders the primary node unable to provide normal service.

  • Fault tolerance Cross-site replication between hot and cold backup servers may be included for high-availability solutions requiring high levels of fault tolerance. Individual servers may also be configured to allow for the continued function of key services even in the case of hardware failure. Common fault-tolerant solutions include Redundant Arrays of Inexpensive Disks (RAID) solutions, which maintain duplicated data across multiple disks so that the loss of one disk will not cause the loss of data. Many of these solutions may also support hot-swapping of failed drives so that replacement hardware may be installed without ever taking the server offline.



Security+ Exam Cram 2 (Exam SYO-101)
Security+ Certification Exam Cram 2 (Exam Cram SYO-101)
ISBN: 0789729105
EAN: 2147483647
Year: 2005
Pages: 162

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net