You arrive at work in the morning, you start up your computer and just before you get to pour your first cup of coffee, you get a phone call that the network is down due to malicious activity. As you investigate further, you find that all network data is gone. Your network personnel reveal that the last backup of the network files was done just before the Y2K all-night party, and was used after the Love Bug virus. Or you find out that the one set of backups available is corrupted and unusable. No matter how much you prepare, unless you ensure that a routine backup process saves your important data and files, you may have more than just physical damage from a disaster to deal with.
Disasters from natural events, viruses, denial of service attacks or other malicious activity impact, to various degrees, the operation of a business, from an individual workstation to the entire enterprise network. When disasters strike, regardless of origin, the primary focus is restoring information technology (IT) resources to their full functionality to maintain or restore business operations. The longer the delay, the more likely that a business will never fully recover. It all boils down to prior planning, because you simply have no time to do so as the impact of such disasters spread throughout your business or organization.
Daily or weekly backups of network systems, including essential data for the function of your business, is a vital component of disaster recovery and the continuation of business functions following a disaster or disruptive event. The replacement of equipment and other resources of your organization’s network is part of the cost for disaster planning, but restoring your data to the replacement equipment is central to your company’s full recovery from the disaster. Keeping your backup files, especially of the most sensitive data, and an inventory of your company’s information and data files at a separate location will ensure that the disaster does not impact on your backup files as well. It is important to ensure that everyone in your network is backing up their data and turning in the media for safe storage on a periodic basis.
Of course, more transparent requirements (for the majority of users) on system administration personnel will ensure that backups are made. However, you must also provide the resources or at least available time for system administrators to conduct this activity on a daily or weekly basis. Simply putting it as another item on their things to do list is not an adequate solution. Preplanning of resources for restoring and/or continuing operations, selection and establishment of alternate sites, backing up of information, and restoration of backup data are all major components for disaster recovery planning. Security involvement in the planning is a vital component as well.
Why is all this important to security functions? From an administrative viewpoint, backing up all systems on a regular schedule and storing in a safe alternate location is a valuable practice for disaster recovery. However, transmitting backup files over the same network, especially transmitting them over the Internet, without additional safeguards can expose your backup data to interception by a sniffing program or redirection to another location that prevents the availability of your backup files when you need them the most, following a disaster. If a malicious hacker, competitor or other entity is planning an attack and finds that backup files are available when transmitted over the Internet at periodic times, then a more severe attack is possible. They may include intercepting or blocking the data from reaching its intended designation, in order to achieve a higher level of impact for the attack against your network and prevent you from fully recovering. Disaster recovery plans require protection from alteration and deletion attempts as well.
Sophisticated attacks that target recovery planning and operations look for fixed, automatic schedules for the backing up of data.
Some ways to reduce any security problems for your organization when recovering from a disaster and attempting to maintain normal functions include:
Performing system backups using local backup devices instead of transmitting data over the network, if possible.
Encrypting the data, if resourcing is available.
Limiting the number of persons with access to backup or recovery files and functions.
Never backing up security files or databases across the network.
Assigning responsibility for backing up data to separate individuals. This would reduce the possibility of a single operator compromising any backup and recovery data files. While a server operator may initiate the system backup, restoration should be restricted to only system administrators or personnel authorized with superuser accounts.
Always maintain well-documented activity logs and audit trails for the backup data.
Protecting system data before it is too late will not completely eliminate any disaster, but will mitigate their impact when attempts to restore the data are made. Whenever possible, backing up to a portable medium on a regular basis further protects the data and is more convenient for restoring.
It is recommended that you use two sets of backup data: one set for local availability in the short term, and a set that is not older than a week for off-site storage. Use a system of rotating these sets to ensure that the off-site copy is not too old and that the local set is complete enough for limited restoration from small-scale attacks such as viruses against individual systems. Another option is to have all backups centralized and done by the system administrators for the network. This depends on the network configuration and capabilities of your enterprise to maintain a complete backup set. Of course, a complete set of backup data should be stored separately from the enterprise network location, for restoration at an alternate site if a disaster strikes your main location.
Automated options are available that are more time-efficient, and safer from errors as well. Manual backup operations are potentially risk-prone procedures due to possible human error. Loss or mislabeling of backup data, loading incorrect tapes or other potential errors such as not testing the data for any corruption, are risks when backup procedures are done manually. Another option to consider is outsourcing this procedure to a backup service to relieve your staff from this task. The backup service stores the backup data at their facility, which is helpful if your facility is damaged. However, storage of proprietary or sensitive data by a third party or transmission of the backup data without encryption over the network would cause additional concerns.
Of course, consideration of backing up your network data should include the same for your network hardware as part of contingency planning. Protection and backup of your physical equipment represents a focal point for all your protection planning. Whether you use a hot, warm or cold site as an alternate location during emergencies, ensuring that all your backup data is compatible with the equipment designated for backup operations during or following a disaster is an element of contingency planning. If your backup data was saved under a Windows NT network configuration, you may have problems restoring the data if your alternate sites or the service you outsource to uses a Macintosh environment that lacks the necessary interfaces to read the data. This is a basic consideration, but one that is best verified prior to any emergencies rather than following one.
The first line of defense for contingency planning is your on-site backup data and restoration procedures. This first step will determine the point that you then switch to off-site measures. Disaster prevention and containment of any major damage to the network, especially expressed in terms of time and costs, are initially handled by on-site measures for backup. Just as protection of the enterprise depends on defenses in depth for handling network incidents, contingency planning and recovery operations depend on the depth of backup measures and the schedules developed for handling problems as they progress.
As the saying goes, you "hope for the best and plan for the worst" in determining various contingencies for disaster recovery planning. A critical element for contingency planning is adequate data to restore your operations from. Duplication of data is a prerequisite for any type of recovery, and off-site storage of that data is essential.
While it is essential to back up your information and essential data for recovery from disasters, this is often ignored in contingency planning. Many audits within corporations identify this as the number one audit failure. It sounds like common sense to back up your data, yet this is often overlooked. Not only must data get backed up for reconstruction and restoration of your network files, but management must provide both tangible and intangible support for contingency planning. Without a firm commitment from your organizational management, vital information for contingency planning does not get backed up consistently and effectively to help your company fully recover from an unforeseen disaster. Without ensuring saving of data and support from management, your efforts in contingency planning may simply be a waste of time.
So, as you prepare to depart for the day, are you sure it is okay to go outside without backing up your data?