security+ all-in-one edition chapter 16 – disaster recovery and business continuity brian e....

Security+All-In-One Edition

Chapter 16 – Disaster Recovery and Business Continuity

Brian E. Brzezicki

Business continuityOne major security concern is availability.

Often overlooked is the damage that can be caused by disaster which would stop you from performing some business function

Some Types of Disasters (475)Natural• Fire• Hurricane• Earthquake• Tornado

Man Made• Hacking• Political riot• Gas leak• Key staff resigning

Disaster Recovery Plan (476)Disaster Recovery Planning deals with

trying to prepare for a disaster in order to minimize the effects and as such the loss.

• Spells out the required actions and resources necessary to restore mission critical processes.

• Ideally make the recovery process as transparent to users as possible

• One of the most important steps in DRP Planning is the BIA (in a few slides)

BIA* (477)A BIA helps identify mission critical functions

(examples?) and the effect a disaster would have on those functions.– Determine for each function the MTD/category of each

• Critical – 1-4 hours• Urgent – 24 hours• Important – 72 hours• Normal – 7 days• Non-essential – 30 days

• Once BIA has been done, contingency planning can be done

Contingency plan• Who is responsible for each business function

• What individuals are needed

• What is the priority

• Responsibility checklist

• Emergency contacts

• Warning system

• Procedures

(more)

Contingency Plan (n/b)

• Documentation– System configuration– Diagrams– Vendor and supplier lists – why?– Backup plan

• Alternative sites (next slide)

Alternate sites (484)

Types of sites are provided by a “service bureau”• Hot site –

– fully configured ready for operation in a few hours– Expensive– Can be used for DRP testing

• Warm site– Only partially configured– Cannot really be used for DRP testing– Less

• Cold site– Just basic environment (space, AC, power etc)– No equipment– Cheap– Cannot be used for DRP testing

Alternate sites (n/b)

Rather than having a “subscription service” the company may own it’s own redundant sites

• Mirror sites

• Multiple data processing sites

Backups

Backups (481)Backups are a critical component in not only

DRP but also “normal operation”.

Backup types (481))First thing we need to talk about is the “archive

bit” – what is it?

Type of backups (next slides)

• Full

• Incremental

• Differential

Full (481)

• All data everyday!

• Clear archive bit after backups

Incremental (481)

• Only files that changed since last full or last incr

• Reset the archive bit

Differential (481)

• Only files changed since last full or diff

• DO NOT reset the archive bit

Backup TypesOrder the backup types by time needed to

backup.

Explain the Restore process for each type

Order the backup types by ease needed to restore.

Backup storage

• Should be at Secure off-site location– Bank vault– Other organization location– Secure storage company

• Additional set On site for quick access– Why?

Backups concerns

• Ensure all necessary data is backed up• Ensure documentation exists on backup and

restore process• Verify backups• Do test restores • Ensure all necessary team members are trained

and up to date on this. (rotate responsibilities to keep everyone fresh)

• Backups are the IT persons biggest “risk” It used to keep me up at night.

Questions (n/b)

• If I do a full backup every day, and I lose my data on Wednesday morning. What tapes would I need to restore, what is the restoration order?

• If I do a full backup on Sunday and incremental mon-sat, and my system is lost on Wednesday morning, what tapes do I need to restore, what is the restoration order? (problems with this?)

• If I do a full backup on Sunday and diffs on mon-sat, system lost on Wednesday morning, what tapes do I need to restore, what is the restoration order.

• Can I mix incremental and differential backups? Why or why not?

One other type of backup (481)There is a new type of backup, called a “delta”

or “continuous backup or transactional backup” This is a very exciting idea.

How it works.

• For each file make sure you get a full copy when the file is created

• Anytime a file changes, copy ONLY the changes that occurred. Do this in real time if possible

Continuous Backups (481)

Advantages:• Much less backup time/cost• Point in time recovery!!!• Real Time!• No scheduled backups

Disadvantages• Usually require online server to handle

changes

Redundancy and Fault Tolerance, Single Points of

Failure

Single Points of Failure (n/b)

When planning for a disaster its IMPERATIVE you determine what places are single points of failure for your business process.. Implement the solutions to make these high availability, using redundancy and fault tolerant technology.

Redundancy and Fault ToleranceBoth of these terms are essential to DRP

Redundancy (Webster's) - serving as a duplicate for preventing failure of an entire system (as a spacecraft) upon failure of a single component

Fault Tolerant (Webster's) - relating to or being a computer or program with a self-contained backup system that allows continued operation when major components fail

RAID

RAID

Kills Bugs… dead!

RAID 0 - 485Raid 0 – striping (see

visual)• Fast access• No redundancy• Actually increases

probability of failure

RAID 1 - 485

Raid 1 – mirroring (see visual)– Identical copies of

data – Expensive– Faster than a single

disk for reading– Can lose a disk– What is disk

duplexing

Normal RAID 1 - 845

RAID 1 - Disk Duplexing (n/b)

Parity

What is parity?

Parity

If I have an even number of 1s set the 4th bit to 1, if odd, set to 0

Disk1 Disk2 Disk3 Disk4 (P)0 1 1 1

If I lose a disk… I can determine the lost information!

Parity

If I have an even number of 1s set the 4th bit to 1, if odd, set to 0

Disk1 XXXX Disk3 Disk4 (P)0 ? 1 1

What does disk 2’s data HAVE to be, in order for the parity bit to be 1?

RAID 485

• RAID 5 – Striped sets with parity (see visual)– What is parity?– At least 3 disks– Capacity of one disk “lost” / more disks less waste– Fast reads– Writes can be slower, especially small writes– Can lose single disk– If disk lost you are in “critical mode”

• Another disk, total failure• Slow operation while in critical mode

RAID 3 (similar to 5, easier to explain)

RAID 5 (485)

Clustering!

Clustering

Clustering (n/b)What is clustering?

If you like Clustering.. You’ll love virtualization! Unforutnately we don’t have time to go over it but Virtualization is the future and is incredibly powerful and useful. (and makes administrators life… MUCH easier)

On your own, check out VMware vSphere or Xen. It’s well worth the time.

Spare Parts (486)When preparing your DRP, you should always

consider the possibility that some equipment will be destroyed (maybe even RAID etc).

You should understand the MTTR and how long replacement equipment or fixes will take, and if necessary stockpile spare parts! Especially if you have legacy equipment.

Legacy Equipment

Legacy Equipment

1982

Chapter 16 - ReviewQ. What is a Hot Site

Q. What is a warm site.

Q. What is a cold Site.

Q. What is the difference between a Hot Site and a Mirror Site

Chapter 16 - ReviewQ. What is a Full Backup

Q. What is an incremental Backup

Q. What is a differential Backup?

Q. What is a continuous Backup?

Chapter 16 - ReviewQ. What is RAID0

Q. What is RAID1

Q. What is RAID5

Q. If I have 4 disks each 30G in a RAID 5, how much usable storage do I have?