Embed Size (px)
Citation preview
Ensuring Continuing Operations
and Disaster Recovery
By: Alyssa GatrellMike Harker
Amy Shumway
What are the Threats?
Natural disasters Power failures Hardware failures Theft of assets and data Hacking Virus infections Departure of key personnel or
disgruntled employees
What is Ensuring Continuing Operations?
Preventative measures to ensure that a system is not disrupted by potential threats. Uninterruptible power sources Storage measures Measures to protect from departure of key
personnel Measures to protect from disgruntled former
employees Physical security measures Virus protection Firewalls Encryption
What is a Virus?
A piece of self-replicating code
Kinds of Viruses
Boot Sector Viruses Macro Viruses
Identifying the Threat
Floppy disk brought in PC’s taken home or on business
(laptops) Increased use of e-mail Increased use of the Internet
Minimizing the Virus Threat
Regular backups of data Check all incoming software Write-protect floppy disks
whenever possible
Anti-Virus Tools
Floppies “Sheep-dip”
PC’s On-access scanners On-demand scanners Behavior blockers Heuristic analysis
Functions of a Firewall
Controller Filter Monitor Security guard Screener
How Firewalls Work Firewalls are like gatehouses in a
medieval castle that provide perimeter defenses to determine who or what will be allowed to enter
Castle
Gatehouses
Commons/Market Area
Inner Mote and Wall
Illustration taken from Disaster Recovery Journal Winter 1999
Outer wall
Types of Firewalls
Dual-Home Gateway Screened-Host Gateway Screened Subnet Dual-Homed Routers
Dual-Home Gateway
Internet Private Network
Bastion Host
Screened-Host Gateway
Internet Private Network
Bastion Host
Router
Screened SubnetInternet
Private Network
Router
RouterSub-network
Dual-Homed RoutersInternet
Private Network
Outside Router
Inside Router
Other Thoughts on Firewalls
Internal firewalls are as important as external firewalls
Not the answer to total protection Firewalls come in degrees of
protection and complexity. Companies should measure risk
with costs of implementation and maintenance
Encryption
Alters information into an unintelligible format to prevent unauthorized access
Can only be decrypted with specified digital key
Prevents against data theft as it is passed from one person to another
What is Disaster Recovery?
Measures taken before a disaster that can lead to a successful reimplementation of systems Backup regimen Redundant hardware Recovery facilities Backup phone lines
Process for Determining Backup Needs
Step 1: Location identification Step 2: Establish criticality of data Step 3: Select backup medium
Factors Quantity of data Speed of backing up Ease of recovery
Possible Mediums
Removable disks Second hard drive / PC Magnetic tape cartridges Optical disks Online services Storage area network (SAN)
Implementation Procedures
Scheduling intervals and time of day Verification Media stocks and rotation
Two sets Extra media
Source documentation Storage
Away from destructive force Off-site location
All Measures Should be Tested
Backup restoration Firewall penetration testing Intermittent checks of backup
power
