Disaster planning should be a key part of your security strategy. The old saying "Hope for the best, and prepare for the worst" certainly applies to network security. Murphy's law predicts that if you don't have a way to recover from a network or security disaster, you'll soon need one. If you're prepared, you can recover quickly and may even be able to learn something useful from the experience. Here are some suggestions to help you prepare for the worst:
A little planning now will go a long way toward helping you through this situation. The key is having a good backup of all critical software. Each of the points discussed in the preceding list is covered in more detail in the following sections. Make a Baseline Backup Before You Go OnlineYou should make a permanent "baseline" backup of your computer before you connect with the Internet for the first time, so you know it doesn't have any virus infections. This backup should be kept permanently. You can use it as a starting point for recovery if your system is compromised.
To learn more about making backups, p. 1142. Make Frequent Backups When You're OnlineI hate to sound like a broken record on this point, but you should have a backup plan and stick to it. Make backups at some sensible interval and always after a session of extensive or significant changes (for example, after installing new software or adding users). In a business setting, you might want to have your backup program schedule a backup every day automatically. (You do have to remember to change the backup media, even if the backups are automatic, however!) In a business setting, backup media should be rotated off-site to prevent against loss due to theft or fire. Write and Test Server Restore ProceduresI can tell you from personal experience that the only feeling more sickening than losing your system is finding out that the backups you've been diligently making are unreadable. Whatever your backup scheme is, be sure it works! This step is really difficult to take, but I really urge you to try to completely rebuild a system after an imaginary break-in or disk failure. Use a sacrificial computer, of course, not your main computer, and allow yourself a whole day for this exercise. Go through all the steps: Reformat hard disks, reinstall Windows or use the Automated System Recovery feature, reinstall tape software (if necessary), and restore the most recent backups. You will find this a very enlightening experience, well worth the cost in time and effort. Finding the problem with your system before you need the backups is much better than finding it afterward! Also, be sure to document the whole restoration process so that you can repeat it later. After a disaster, you'll be under considerable stress, so you might forget a step or make a mistake. Having a clear, written, tested procedure goes a long way toward making the recovery process easier and more likely to succeed. Write and Maintain DocumentationIt's in your own best interest to maintain a log of all software installed on your computers, along with software settings, hardware types and settings, configuration choices, network number information, and so on. (Do you vaguely remember some sort of ordeal with a DMA conflict when you installed the tape software last year? How did you resolve that problem, anyway?) In businesses, this information is often part of the "oral tradition," but a written record is an important insurance policy against loss due to memory lapses or personnel changes. Record all installation and configuration details. TIP Windows has no utilities to print out the configuration settings for software and network systems. I use Alt+PrntScrn to record the configurations for each program and network component and then paste the images into WordPad or Microsoft Word. Then, print out a copy of this documentation, so you'll be able to refer to it if your computer crashes. Make a library of CD-ROMs, repair disks, startup disks, utility disks, backup CDs, ZIP disks, tapes, manuals, and notebooks that record your configurations and observations. Keep them together in one place and locked up if possible. Prepare an Incident PlanA system crash or intrusion is a highly stressful event. A written plan of action made now will help you keep a clear head when things go wrong. The actual event probably won't go as you imagined, but at least you'll have some good first steps to follow while you get your wits about you. If you know a break-in has been successful, you must take immediate action. First, disconnect your network from the Internet. Then find out what happened. Unless you have an exact understanding of what happened and can fix the problem, you should clean out your system entirely. This means that you should reformat your hard drive, install Windows and all applications from CDs or pristine disks, and make a clean start. Then you can look at recent backups to see whether you have any you know aren't compromised, restore them, and then go on. But most off all, have a plan. The following are some steps to include in your incident plan:
|