Security+ All-In-One Edition Chapter 16 – Disaster Recovery and Business Continuity Brian E. Brzezicki

Business continuity One major security concern is availability. Often overlooked is the damage that can be caused by disaster which would stop you from performing some business function

Some Types of Disasters (475) Natural Fire Hurricane Earthquake Tornado Man Made Hacking Political riot Gas leak Key staff resigning

Disaster Recovery Plan (476) Disaster Recovery Planning deals with trying to prepare for a disaster in order to minimize the effects and as such the loss. Spells out the required actions and resources necessary to restore mission critical processes. Ideally make the recovery process as transparent to users as possible One of the most important steps in DRP Planning is the BIA (in a few slides)

BIA* (477) A BIA helps identify mission critical functions (examples?) and the effect a disaster would have on those functions. –Determine for each function the MTD/category of each Critical – 1-4 hours Urgent – 24 hours Important – 72 hours Normal – 7 days Non-essential – 30 days Once BIA has been done, contingency planning can be done

Contingency plan Who is responsible for each business function What individuals are needed What is the priority Responsibility checklist Emergency contacts Warning system Procedures (more)

Contingency Plan (n/b) Documentation –System configuration –Diagrams –Vendor and supplier lists – why? –Backup plan Alternative sites (next slide)

Alternate sites (484) Types of sites are provided by a “service bureau” Hot site – –fully configured ready for operation in a few hours –Expensive –Can be used for DRP testing Warm site –Only partially configured –Cannot really be used for DRP testing –Less Cold site –Just basic environment (space, AC, power etc) –No equipment –Cheap –Cannot be used for DRP testing

Alternate sites (n/b) Rather than having a “subscription service” the company may own it’s own redundant sites Mirror sites Multiple data processing sites

Backups

Backups (481) Backups are a critical component in not only DRP but also “normal operation”.

Backup types (481)) First thing we need to talk about is the “archive bit” – what is it? Type of backups (next slides) Full Incremental Differential

Full (481) All data everyday! Clear archive bit after backups

Incremental (481) Only files that changed since last full or last incr Reset the archive bit

Differential (481) Only files changed since last full or diff DO NOT reset the archive bit

Backup Types Order the backup types by time needed to backup. Explain the Restore process for each type Order the backup types by ease needed to restore.

Backup storage Should be at Secure off-site location –Bank vault –Other organization location –Secure storage company Additional set On site for quick access –Why?

Backups concerns Ensure all necessary data is backed up Ensure documentation exists on backup and restore process Verify backups Do test restores Ensure all necessary team members are trained and up to date on this. (rotate responsibilities to keep everyone fresh) Backups are the IT persons biggest “risk” It used to keep me up at night.

Questions (n/b) If I do a full backup every day, and I lose my data on Wednesday morning. What tapes would I need to restore, what is the restoration order? If I do a full backup on Sunday and incremental mon-sat, and my system is lost on Wednesday morning, what tapes do I need to restore, what is the restoration order? (problems with this?) If I do a full backup on Sunday and diffs on mon- sat, system lost on Wednesday morning, what tapes do I need to restore, what is the restoration order. Can I mix incremental and differential backups? Why or why not?

One other type of backup (481) There is a new type of backup, called a “delta” or “continuous backup or transactional backup” This is a very exciting idea. How it works. For each file make sure you get a full copy when the file is created Anytime a file changes, copy ONLY the changes that occurred. Do this in real time if possible

Continuous Backups (481) Advantages: Much less backup time/cost Point in time recovery!!! Real Time! No scheduled backups Disadvantages Usually require online server to handle changes

Redundancy and Fault Tolerance, Single Points of Failure

Single Points of Failure (n/b) When planning for a disaster its IMPERATIVE you determine what places are single points of failure for your business process.. Implement the solutions to make these high availability, using redundancy and fault tolerant technology.

Redundancy and Fault Tolerance Both of these terms are essential to DRP Redundancy (Webster's) - serving as a duplicate for preventing failure of an entire system (as a spacecraft) upon failure of a single component Fault Tolerant (Webster's) - relating to or being a computer or program with a self-contained backup system that allows continued operation when major components fail

RAID

Kills Bugs… dead!

RAID Raid 0 – striping (see visual) Fast access No redundancy Actually increases probability of failure

RAID Raid 1 – mirroring (see visual) –Identical copies of data –Expensive –Faster than a single disk for reading –Can lose a disk –What is disk duplexing

Normal RAID

RAID 1 - Disk Duplexing (n/b)

Parity What is parity?

Parity If I have an even number of 1s set the 4 th bit to 1, if odd, set to 0 Disk1Disk2Disk3Disk4 (P) If I lose a disk… I can determine the lost information!

Parity If I have an even number of 1s set the 4 th bit to 1, if odd, set to 0 Disk1XXXXDisk3Disk4 (P) 0 ? 11 What does disk 2’s data HAVE to be, in order for the parity bit to be 1?

RAID 485 RAID 5 – Striped sets with parity (see visual) –What is parity? –At least 3 disks –Capacity of one disk “lost” / more disks less waste –Fast reads –Writes can be slower, especially small writes –Can lose single disk –If disk lost you are in “critical mode” Another disk, total failure Slow operation while in critical mode

RAID 3 (similar to 5, easier to explain)

RAID 5 (485)

Clustering!

Clustering

Clustering (n/b) What is clustering? If you like Clustering.. You’ll love virtualization! Unforutnately we don’t have time to go over it but Virtualization is the future and is incredibly powerful and useful. (and makes administrators life… MUCH easier) On your own, check out VMware vSphere or Xen. It’s well worth the time.

Spare Parts (486) When preparing your DRP, you should always consider the possibility that some equipment will be destroyed (maybe even RAID etc). You should understand the MTTR and how long replacement equipment or fixes will take, and if necessary stockpile spare parts! Especially if you have legacy equipment.

Legacy Equipment

1982

Chapter 16 - Review Q. What is a Hot Site Q. What is a warm site. Q. What is a cold Site. Q. What is the difference between a Hot Site and a Mirror Site

Chapter 16 - Review Q. What is a Full Backup Q. What is an incremental Backup Q. What is a differential Backup? Q. What is a continuous Backup?

Chapter 16 - Review Q. What is RAID0 Q. What is RAID1 Q. What is RAID5 Q. If I have 4 disks each 30G in a RAID 5, how much usable storage do I have?