Chapter 12: Disaster Recovery and Incident Response Flashcards
Business Continuity
The act of hardening your business, essentially. Making it easier to recover from disaster
Business Continuity Planning (BCP)
Implementing policies, controls, and procedures to plan for recovery from failure
Critical Business Functions (CBFs)
Identifying which aspects of your business are most important to restore ASAP
Business Impact Analysis (BIA)
Business impact analysis (BIA) is a systematic process to determine and evaluate the potential effects of an interruption to critical business operations as a result of a disaster, accident or emergency.
Risk Assessment
How likely is an attack or failure to occur?
What are the most common reasons you’ll have to restore information from a backup?
- Accidental deletion
- Application errors
- Natural Disasters
- physical attacks
- Server failure
- Virus infection
- Workstation failure
Working Copies (Shadow Copies)
Partial or full backups stored for the purpose of immediate recovery. They’re updated pretty frequently
Journaled File System (JFS)
A log file of all changes and transactions that occur within a set period of time, so you can recover after a crash
Onsite Storage
Your means of backup storage are right there in your building. These systems are in a protected environment rated for fire, moisture, and pressure <b>resistance</b>
Offsite Storage
Your means of backup are located elsewhere. This can range from your backup being at a remote office, or a high-security, nuclear-hardened facility. See the Mormon Church’s Granite Mountain Records Vault.
Disaster Recovery Plan
Your plan to recover after a disaster, such as system failure, network failure, natural disaster, etc. It’s primarily focused on reestablishing services and minimizing losses.
Database System Backup Plans
Keep your databases backed up. This could be a SAN kind of deal, or even on magnetic tapes (which are becoming less and less prevalent).
-You should decide based on the needs of the company what information gets backed up, which changes get backed up, and how often/under what conditions data gets written
User Files Backup Plans
You will have to backup a humongous amount of user files, which can seem daunting at first, but the nice thing is that once these files are created, they probably won’t be modified super often. This means that when a new backup is made, you only have to backup new files and newly modified files.
Applications Backup Plans
Keep one single up to date backup for each application the company needs, and if it needs to be restored system-wide, you can deploy it to every computer right from the backup media.
Hierarchal Storage Management (HSM)
Continuous online backup. It appears as an infinite disk to your system
Creating a backup in SUSE Enterprise
- Log in as root, start YaST
- Choose System and System Backup
- Click Profile Management and choose Add, then enter a name for the new profile
- Click OK
- Enter a backup name (with the path you want), and make sure that the archive type is set to a tar variety
- At the File Selection window, leave all the default options
- Leave the Search Constraints at default
- At the main YaST System Backup dialog box, click Start Backup.
Grandfather, Father, and Son backup plan
When you do full backups, you keep the previous two. So the son is the most recent one, and when a new backup is created it becomes the father, then the grandfather. Each monthly backup replaces the monthly backup from the previous year, which is stored at an offsite facility. Common practice keeps backups for seven eyars.
Full Archival backup plan
All backups are kept forever. This pretty mcuh eliminates the potential for data loss.
Backup Server backup plan
You have a large server with a lot of disk space that does nothing but store backup data. Time to crack out the Dell Storage Array!
Backout vs. Backup
A backout is undoing a change that was made that fucked somethign up.
Alternative Site
When you have a backup site so if your power is out for a long period of time, you can operate from another site.
Hot Site
A location that con provide operations very soon after failure. It would contain everything you need; servers, networks, telecommunications, etc. They’re expensive, and only should be used for short-term situations.
Warm Site
Like a less functional hot site. The customer will have to do more work for things to be operational.
Cold Site
A facility that’s not immediately ready to use. You have this site sitting here for your usage, but after data failure you’ll have to get people to bring their own architecture in, set up systems, and THEN get going. this can take months.
Incident Response Policies
When incidents occur, how exactly will you respond?
Computer Security Incident Response Team (CSIRT)
You throw a team together after an incident occurs to try and get the situation rectified as soon as possible.
The steps of incident Response
- Identify the incident
- What happened? Do you need to escalate the problem? - Investigating the Incident
- Where did this come from? What tools may have been used to cause this incident? - Repairing the Damage
- Begin to rectify the problems - Document and report the response
- Keep full and comprehensive documents of the steps you took to remediate. Report your findings and solutions to whoever needs to see them - Adjusting procedures
- How will you stop this from happening again?
Act in Order of Volitality (OOV)
Deal with the biggest problems first
Forensics steps
- OOV
- Capture a system image
- document network traffic and logs
- capture video
- record time offset
- take hashes
- Capture screenshots
- talk to witnisses
- track man hours and expenses
Tabletop exercises
Simulations of disasters. There are five levels of testing: -Document review -Walkthrough 0Simulation 0Parallel Test 0Cutover Test
Code Escrow
The storage and conditions of source code release that may be given to you by a vendor.
Three types of penetration testing
Black Box
-The tester has no knowledge of your system
White Box
-The tester knows a lot about your system. This is to simulate an insider attack
Gray Box
-The middle ground between the two
