Ten Practical Security Steps
Backups
1. Good backups, periodically tested, with reasonable media rotation
and offsite storage.
Backups are frequently not discussed when security lists are made.
At most large organizations backups are totally routine and taken for
granted. As organizations get smaller the importance of backups is
more likely to be neglected. Even at large organizations the
importance of testing backups is sometimes neglected. Machines that
should be backed up may be missed, such as a desktop systems with
valuable, unique data.
Testing backups may be the hardest and most neglected part, especially
testing a full system recovery. The only safe way to do this is to
a test system. I my experience this does not work with Windows unless
an identical system is available. I hope this has changed with Windows
but I'd be somewhat surprised if it has. Small to medium size businesses are
very unlikely to have duplicates of any their production servers lying
around unused and availble for testing. With Unix and Unix
like systems you only need two things, hardware on which the same OS
version as being tested can be installed and enough disk space to
handle a full restore. You install a minimum OS and do a full restore
over it. Normally any hardware differences will be detected. You
will be prompted if you want to delete X video card and add Y video
card, or whatever components may be different. Normally when this
boot finishes, pretty much everything will work normally.
I strongly urge even partial restores be done to a test machine. For
this all that is needed is a system that will handle the backup medium
and format. I recommend a test machine because on the live machine it
is just too easy to restore to the live location, which is the natural
thing for a system operator to when performing a restore. I'd suggest
copying the files to be restored to a test machine before any one
starts working on them and do a complete comparison of all restored
files.
How much testing is enough? I don't know. I know what the bare minimum
is. Every new backup system needs at least one test that leaves those
responsible that they are confident they can back any system they are
responsible for with not more than one day's data from the time that the
problem. This might best be done before a system is placed in a production
environment; then all that is at stake is the system install and
configuration. Some time after that at least one partial including important
data should be done. Ideally partial restore tests should be done on a
periodicy basis, perhaps 3 to 6 months.
Backups need to cover more than a few days so that older versions of
files can be recovered and so there is a resonable chance of
recovering from problems, especially intruder caused damage, that goes
undetected for a significant time. This means a rotation system. I always
used 3 daily rotations. When we used tape I kept weeklies for about 3
months, and monthlies for a couple years. If backup is to removable
hard disks, this can get pretty expensive. A month of weeklies and
year of mothlies will take 16 sets of backup media with the dailies.
Some people will cut way back on the monthlies, but this means little
or no protection for any kind of accidental or deliberate corruption
that is not dected in timely manner. Without weeklies serious damage
or loss of a file that is not realized or reported in a timely manner
may have no solution. If backups are to backup servers, network
storage or cloud storage, a lot of storage is needed to hold a
significant number of rotations, but at least these large systems
are much more efficient with their use of space than any removable
devices. They also tend to be modular so disk space can be added
as needed. If cloud storage is not an important part of your backup
plan, then any business environment needs an offsite storage
service.
With good backups that are adequately protected, there few situations
from which recovery is not possible though the costs may be substantial.
With good backups, the costs in other security failures are greatly
reduced. Sooner or later, hardware failure will cause irretrievable
data loss. As this is normally immediately apparent, there should be
at most one day's data lost but repair and restore could easily take
two days if you need parts that are not locally available.
Recovering from a malicious intrusion will likely be much
more difficult. It's rare that these are discovered in a timely
manner. Identifying the extent of the damage is likely to be
difficult. Even if you have backup rotations prior to the earliest
intrusion, you cannot perform a normal restore.c
Top of Page -
Site Map
Copyright © 2000 - 2014 by George Shaffer. This material may be
distributed only subject to the terms and conditions set forth in
http://GeodSoft.com/terms.htm
(or http://GeodSoft.com/cgi-bin/terms.pl).
These terms are subject to change. Distribution is subject to
the current terms, or at the choice of the distributor, those
in an earlier, digitally signed electronic copy of
http://GeodSoft.com/terms.htm (or cgi-bin/terms.pl) from the
time of the distribution. Distribution of substantively modified
versions of GeodSoft content is prohibited without the explicit written
permission of George Shaffer. Distribution of the work or derivatives
of the work, in whole or in part, for commercial purposes is prohibited
unless prior written permission is obtained from George Shaffer.
Distribution in accordance with these terms, for unrestricted and
uncompensated public access, non profit, or internal company use is
allowed.
|