Slides copyright 2010 by Paladin Group, LLC used with permission by UMBC Training Centers, LLC
Security+ Chapter 8 – Preparing for and Preventing Disasters Brian E. Brzezicki
Disaster Recovery (372) Disaster Recovery is a part of Business Continuity Planning that attempts to ensure that a business can continue to operate in the event of a disaster. DR planning is mainly concerned with Availability however in DR planning and organization should also ensure that confidentiality and integrity is not violated in the event of a disaster.
Disaster Types (372) Disaster can be of many types including Natural disasters Fires Physical Attacks Hacking Attacks Personnel loss Hardware loss Unexpected data destruction
Disaster Recovery (373) Any disaster recovery plan should include controls that allow for BOTH Redundancy Backups These are NOT the same thing, and both are necessary.
Basic Steps for DR planning (373) Identify critical business functions Identify resources that are necessary for the critical functions Identify threats to assets Identify preventative controls Identify recovery controls Develop a disaster plan Test the plan
Redundancy One important concern in DR planning is to determine resources that are a single point of failure which could halt your critical business functions. Storage resources Important Servers Network Connections
Storage Redundancy
RAID Raid 0 – striping (see visual) Fast access No redundancy Actually increases probability of failure
RAID Raid 1 – mirroring (see visual) – Identical copies of data – Expensive – Faster than a single disk for reading – Can lose a disk – What is disk duplexing
Normal RAID
RAID 1 - Disk Duplexing (n/b)
RAID RAID 5 – Striped sets with parity – At least 3 disks – Capacity of one disk “lost” / more disks less waste – Fast reads – Writes can be slower, especially small writes – Can lose single disk – If disk lost you are in “critical mode” Another disk, total failure Slow operation while in critical mode
RAID 5 (377)
Server Redundancy
Servers are a critical component in information systems. If the important are unavailable for any reason, even for a short time that could be a disaster and cause significant loss or damages. A goal of server availability is often stated as 5 nines. Which is % availability. When designing important systems you need to understand your desired availability and engineer your systems to provide that level of service.
SAN
Clustering (Active/Passive)
Clustering (Active/Active)
Spare Parts (379) When preparing your DRP, you should always consider the possibility that some equipment will be destroyed (maybe even RAID etc). You should understand the Mean Time To Replacement (MTTR) and how long replacement equipment or fixes will take, and if necessary stockpile spare parts! Especially if you have legacy equipment.
Legacy Equipment
Site Redundancy
Alternate sites (383) Types of sites are provided by a “service bureau” Hot site – fully configured ready for operation in a few hours – Fully stocked with common hardware and software – Can be used for DRP testing – Expensive Warm site – Only partially configured with some hardware and software, expected that you will bring much of your own equipment – Cannot really be used for DRP testing – Less Expensive Cold site – Just basic environment (space, AC, power etc) – No equipment – Cannot be used for DRP testing – Cheapest option
Alternate Site An important concept to understand is that after the disaster has been handled, you will eventually want to return processing to the original site (or an permanent replacement). When moving services back, you should always move the least critical services first.
Alternate sites (n/b) Rather than having a “subscription service” the company may own it’s own redundant sites Mirror sites Multiple data processing sites
Power Protection
Power systems are critical to any operation. It is important you understand some of the different types of power equipment. Line Conditioners UPS Generators
Data Backups
Backups (387) Backups are a critical component in not only DRP but also “normal operation”. You need to understand the traditional type of backups discussed on the next few slides Full Backups Incremental Backup Differential Backup
Backup types First thing we need to talk about is the “archive bit” – what is it? Type of backups (next slides) Full Incremental Differential
Full (387) All data everyday! Clear archive bit after backups
Incremental (389) Only files that changed since last full or last incr Reset the archive bit
Differential (388) Only files changed since last full or diff DO NOT reset the archive bit
Restores Understand the process for restoring Full Backups Incremental backups Differential backups
Testing Backups (391) Data created by an organization is critical to it’s success. A simple hard drive crash can be a catastrophic disaster of it’s own if proper backup measures are not religiously practiced. Just because you perform backups is not enough you also need to ensure Tests restores are regularly performed to ensure the backups are working correctly Job rotation occurs so that more than one staff member can restore a system in an emergency All important data is backed up Backup and restore procedures are documented Backups are stored both onsite and offsite if possible Backups are archived for long term storage
Protecting Backups (392) Leakage of the backups can result in loss of confidentiality, thus you should take care to ensure that backups are protected onsite and offsite and that the people who perform backups are not using that privilege to access information they are not allowed to normally access. Dual control, auditing and encryption are a few controls you can implement to protect confidentiality in backups.
Environmental Controls
Fire Suppression (393) It is important that you have a basic understanding of fire suppression as even computer systems are vulnerable to fires. To put out a fire, you must remove either Heat Oxygen Fuel Disrupt the chemical process of combustion
Fire Suppression (393) There are different fire suppression types based on class of fires which will be discussed in the next few slides A B C D
Fire Suppression (394) A – Common Combustibles Use for: Wood, paper, laminates Uses water, foam or dry powder as suppression agent B – Liquid Use for: gas or oil fires Use: Gas (CO2), foam, dry powders
Fire Suppression (394) C – Electrical Use on: electrical equipment and wires Uses: Gas, CO2, dry powder D – Combustible materials Use on: combustible chemicals (sodium, potassium) Uses: dry powder
Halon and CO2 CO2 can be used to extinguish a fire. Halon removes the oxygen which is required for combustion. However CO2 will also suffocate people so should not be used except for the most specific situations and special steps must be taken to protect human life in the event of a CO2 release. Halon was also used to extinguish fires by interrupting combustion. It is not deadly to humans but depletes the ozone layer and was banned by the Montreal protocol
HVAC A basic understanding of some HVAC concepts are required especially when building data centers. HVAC systems should immediately be shutdown in the case of a fire HVAC systems should provide positive pressure pushing contaminants out of a room Humidity must be properly balanced. Too little humidity causes static electricity discharge, too much causes electronic equipment to rust.
Plenum (n/b) The space between the ceiling and the floor above is called the plenum. Cables are run through this area and any cables run need to be plenum cable which uses a special insulator that gives off less toxic fumes when burning compared to normal cabling.
Electrical Shielding Not related to disaster recovery, but important electrical equipment needs to be shielded both to stop RFI interference – Commonly caused by fluorescent lights EMI – Commonly caused by motors
TEMPEST (397) It is also possible for confidentiality violations due to emanations of electrical equipment. TEMPEST is a government program to protect against this. Some methods that TEMPEST employs are Faraday Cages White Noise Generators