Chapter 12
Understanding the Role of Prevention
In This Chapter
Reducing risk in your facilities
Keeping your technology safe
Preventing people from gumming up the works
Beefing up your security
Bringing prevention home for your employees
Throughout a disaster recovery planning project, and perpetually thereafter, the DR planning team needs to continually watch for opportunities that can help prevent disasters or lessen their impact on the organization.
“An ounce of prevention is worth a pound of cure,” the old saying goes. Although he was a prolific inventor, Benjamin Franklin couldn’t have envisioned the Internet when he first penned that phrase. In disaster recovery planning, prevention is key — but it’s often overlooked.
You have many places to look for prevention opportunities:
Facilities
Processes
Technology
Personnel
Security
Resilient architecture
The opportunities you find may not necessarily be huge, but smaller things often reduce risk in some way.
This chapter focuses on reducing risk where you find it to minimize the effects of disasters. In some cases, you can even prevent disasters. I’m talking about the man-made kind of disasters, of course — I don’t want you to start thinking that I have a formula for preventing hurricanes, earthquakes, volcanoes, or floods. Perhaps a more accurate title for this chapter would be “Understanding the Role of Risk Reduction,” but I still like the term prevention better because this chapter talks about preventing the effects of disasters.
Here are some disaster prevention rules of thumb:
You can’t prevent natural disasters, but you can take measures to reduce their effects.
You can prevent some man-made disasters, and you can also take measures to reduce their effects.
As long as you understand these principles, you’re on the right track.
Preventing Facilities-Related Disasters
Today’s most modern and secure Internet Data Centers (IDCs) are practically fortresses in their own right. Internet Data Centers are commercial server hosting facilities that house customers’ Internet-reachable servers. The data center operators have a good reason for the security they use: They’re reducing many types of risks that, left unchecked, could precipitate man-made disasters. And many of the features of these hardened data centers also help to reduce risks associated with natural disasters, as well.
These facilities are expensive to build because both their construction methods and the special equipment they use aren’t cheap. You can often justify these costs by the very high availability and stability that these facilities provide.
Organizations don’t need to be Fortune 20 companies to be able to afford such facilities. You don’t need to build one; instead, you can rent as much or as little space as you need. Indeed, hundreds of such facilities exist throughout the world. You can rent as much as hundreds of square feet, or as little as 1U of rack space (a unit, or U, of rack space is 1.75 inches in height). Either way, applications running on equipment in such a facility have the potential for extremely high availability because of the supporting facilities, such as Uninterruptible Power Supplies (UPSs), generators, and so on.
The facility-related areas in which you can reduce risk are
Site selection
Fire prevention
HVAC (Heating, Ventilation, and Air Conditioning) redundancy
Power system redundancy
Protection from civil unrest and war
Avoidance of industrial hazards
I discuss all the areas in the preceding list and the secondary effects of facilities-related disasters in the following sections.
Site selection
A building’s destiny is heavily governed by its location. A building’s location, relative to a number of natural hazards, plays a major role in whether the building and its contents and occupants may be subjected to the effects of natural events.
Here are some of the natural events that good site selection can mitigate:
Hurricanes: To reduce the effects of hurricanes, locate sites away from coastlines and on high ground in hurricane-prone areas. If your organization fears the damaging and disrupting effects of hurricanes, don’t locate data processing facilities near hurricane-prone areas. You may need to locate such facilities hundreds of miles away from office locations. Figure 12-1 shows Atlantic hurricanes from the 2005 hurricane season, which included Hurricane Katrina. Use maps covering several decades of hurricanes to assess hurricane risks if your organization is located in the southeastern United States.
Tornadoes: Although you can’t absolutely avoid tornadoes, organizations can choose to locate offices and data processing facilities away from the highest-risk areas. You can at least figure out the risks of being located in tornado-prone areas and how you can minimize damage and loss of human life. Figure 12-2 shows those high-risk areas within the continental United States.
|
Figure 12-1: The 2005 U.S. hurricane season chart. |
|
Source: Wikimedia
|
Figure 12-2: A United States tornado risk map. |
|
Source: U.S. National Oceanic and Atmospheric Administration (NOAA)
Floods: Usually associated with heavy rainfall and spring runoff, but also connected to catastrophes such as levee and dam failures and natural events such as hurricanes. Floods cause significant damage around the world each year. In the U.S., you can get Flood Insurance Rate Maps (FIRMs) that show the statistical likelihood of flooding in specific areas. The U.S. Federal Emergency Management Agency (FEMA) publishes these maps, and the insurance industry uses them to set rates for flood insurance. Figure 12-3 shows a FIRM for a small part of New Orleans, Louisiana.
|
Figure 12-3: A Flood Insurance Rate Map for a small portion of New Orleans. |
|
Source: U.S. Federal Emergency Management Agency (FEMA)
Earthquakes: Many regions of the world experience frequent earthquakes, usually spaced years or decades apart, and earthquakes are difficult to predict. Larger earthquakes cause significant damage to buildings, infrastructure, and communications and can result in major loss of life. Areas prone to earthquakes have strict building codes to reduce injuries and potential damage to buildings. The Global Seismic Hazard Map, which illustrates relative risk of damage from earthquakes, is shown in Figure 12-4.
Tsunamis: Great ocean waves that strike coastlines around the world, tsunamis are usually caused by undersea earthquakes that involve a significant displacement of the ocean floor. You usually get only a few hours’ warning (if you get any at all), which gives you too little time for even emergency salvage. The December 26, 2004 tsunami in the Indian Ocean that resulted in over an estimated 200,000 deaths and 1.6 million displaced persons has resulted in a resurgence of interest, awareness, the development of warning systems, and an effort to identify high risk areas around the world.
Volcanic eruptions: A volcanic eruption is often — but not always — preceded by some warning. An erupting volcano emits molten lava and clouds of ash that damage property, claim lives, and can cause widespread disruption over vast areas. The 1980 eruption of Mount St. Helens in the United States created an ash fall that plunged many cities, even those located hundreds of miles away, into total darkness and paralyzed transportation, public services, and emergency services for days. Figure 12-5 shows the Mount St. Helens volcanic eruption in 1980.
|
Figure 12-4: The Global Seismic Hazard Map shows relative risks from earthquakes around the world. |
|
Source: Global Seismic Hazard Assessment Program, United Nations
|
Figure 12-5: The 1980 Mount St. Helens volcano eruption. |
|
Source: U.S. Geological Survey (USGS)
The most significant volcanoes in the world (classified as such because of their history of large, destructive eruptions and proximity to populated regions) are
• Avachinsky-Koryaksky: Kamchatka, Russia
• Colima: Jalisco, Mexico
• Galeras: Nariño, Colombia
• Mauna Loa: Hawaii, USA
• Mount Etna: Sicily, Italy
• Mount Merapi: Central Java, Indonesia
• Mount Nyiragongo: Democratic Republic of the Congo
• Mount Rainier: Washington, USA
• Mount Unzen: Nagasaki Prefecture, Japan
• Sakurajima: Kagoshima Prefecture, Japan
• Santa Maria and Santiaguito: Guatemala
• Santorini: Cyclades, Greece
• Taal Volcano: Luzon, Philippines
• Teide: Canary Islands, Spain
• Ulawun: New Britain, Papua New Guinea
• Vesuvius: Naples, Italy
If your organization is located near any of these volcanoes, you need to do additional risk analysis to ensure that your DR plans adequately address the risks associated with the nearby volcano.
Wildfires: In many locales, wildfires are a significant problem and result in evacuations, road closures, airport closures, and (occasionally) property damage.
Landslides and avalanches: The sudden downhill movement of rock, earth, snow, or ice can strike without warning, damaging buildings and transportation systems, and claiming lives. Although you can’t really prevent landslides and avalanches, an organization can take care to not locate its premises in a potential landslide or avalanche path. However, a landslide or avalanche that occurs even a great distance away from business facilities can disrupt transportation and communications systems.
Preventing fires
When fire suppression systems and fire fighting crews fail to extinguish a fire in a business location (or simply take too long to extinguish the fire), a disaster results if critical business functions are affected. Preventing fires gives you perhaps the most notable means of actually preventing a disaster.
Fire damage
Fires destroy and damage buildings and their contents, and claim thousands of lives each year throughout the world. Fires cause damage in several ways:
Injuries and death: People who are trapped in burning buildings are often injured or killed by flames, smoke, or the collapse of the building itself.
Direct destruction: Fire itself damages or destroys flammable materials, including business records, furniture, and equipment.
Smoke damage: The smoke from a fire can significantly damage the contents of a building, even areas the fire doesn’t reach. Smoke inhalation is a major cause of death in fires.
Water damage: Water is the most common agent for extinguishing a fire in business locations. Usually used in heavy volumes, the water used to fight a fire is almost as damaging to business equipment and records as a flood.
Extinguishment operations: To reach a fire in a building, fire fighters often have to cut through roofs, ceilings, walls, and floors.
Also, when a building experiences a fire, the local fire marshal or other local official often closes the entire building until the fire marshal can complete a damage assessment and forensic investigation. If you can’t enter a building, not being able to access business assets can lead to a disaster!
Fire prevention
Many locales have building codes that require fire detection and suppression equipment. Fire marshals and other inspectors regularly examine work locations to make sure you have these systems in place and working, and that you’re not performing unsafe practices, such as blocking emergency exits and exit corridors, or accumulating flammable materials (such as empty boxes).
Often, inspections include tests of fire detection and alarm systems to make sure they’ll properly function if a fire occurs.
Many organizations purchase a fire insurance policy, which compensates the organization if a fire damages its building and equipment. Often, the fire insurance company conducts its own inspections to make sure your facility has a reasonably low risk of fire. A fire insurance company also notes the distance between the nearest fire station and the business location. Disaster recovery planners should also make note of the closest fire station in their risk assessments so they can know and mitigate fire-related risks appropriately.
In areas that commonly experience wildfires, fire marshals require residents and businesses to clear flammable materials from around the outside of their structures, to reduce the likelihood of property damage from wildfires.
Fire detection
Because fires can cause such heavy damage to a business and its assets, you can best reduce the effects of a fire by detecting it as early as possible. Detecting a fire in its earliest stages can more effectively suppress it and disrupt your business less, well before an actual fire erupts and escalates into a more serious event.
Several types of smoke and fire detectors are available:
Infrared smoke detectors
Ionization smoke detectors
Aspiration smoke detectors
Heat detectors
I discuss fire detection apparatus more fully in Chapter 6.
Fire alarms
Alarm systems consist of loud bells, sirens, alarms, and annunciators that alert personnel when a smoke or fire detector somewhere in the building detects a fire. Because fire can spread quickly under certain conditions, the primary purpose of fire alarms is to alert people that they need to evacuate the building immediately. Fire alarms do little to protect business equipment and property — but the most important things in the building are the people!
Fire alarms often connect electrically to local fire departments so rescue personnel are quickly alerted when your alarm system detects a fire. Although this connection usually saves only a few minutes, those minutes can make a huge difference in the amount of property damage your organization suffers, as well as injuries to personnel.
Fire suppression
Many buildings have automatic fire suppression in the form of water sprinklers in work areas. Rooms containing IT equipment often use more sophisticated inert gas fire-suppression systems because water can easily damage computers. Often, these suppression systems connect directly to alarm systems, so fire suppression can begin immediately and automatically.
Most businesses also have hand-held fire extinguishers that office workers can use to fight small fires before fire crews arrive. Using these extinguishers can prevent a small fire from growing and threatening an entire facility.
HVAC failures
Although heating and air conditioning primarily provide only human comfort in most parts of the world, air conditioning is a necessity for the survival and health of IT equipment. In data processing facilities that house large collections of IT equipment, the failure of a central air conditioning system can cause permanent damage to IT equipment in minutes.
When air conditioning (A/C) failure occurs in facilities that have no backup A/C system, IT personnel have barely enough time to power everything down before damage occurs. Often, personnel don’t have time for an orderly shutdown of systems. If the systems support critical and time-sensitive business processes, you need one or more backup A/C systems. Larger facilities that have vast numbers of IT systems usually rely on a larger number of smaller (but still quite large) A/C systems, which provides more flexibility for scheduled maintenance.
You can prevent IT equipment failures related to too-high temperatures (which can lead to a disaster) through good capacity planning and design. You always want enough HVAC capacity to meet your cooling needs — no matter what.
Chapter 6 covers HVAC concerns in more detail.
Power-related failures
IT equipment is gluttonous when it comes to electric power. IT equipment wants its power steady and clean, and that equipment is intolerant of bumps, spikes, brownouts, and other mishaps that occur in power systems. Spikes, surges, and other unwanted noise in incoming power often can damage IT equipment. Fixing that damage can require costly and time-consuming repairs and equipment replacement. Businesses that rely on IT systems to support critical, time-sensitive business processes can’t tolerate these events.
You can almost entirely eliminate disasters caused by power-related anomalies through proper prevention techniques. You can prevent these three types of unwanted events:
Noise (spikes, surges, and so on): You can prevent these potentially damaging effects by using Uninterruptible Power Supplies (UPSs), which clean incoming electric power and feed very clean, noise-free power to IT equipment.
Short-term outages: You can prevent power failures that last only a few minutes by using UPSs that usually contain banks of batteries. With this battery backup, UPSs can generate electricity even when utility power has failed. Usually, UPS systems can generate power for a portion of an hour; but you can find some UPS systems equipped with larger numbers of batteries, which permit the UPS to generate power for up to several hours.
Long-term outages: You need an electric generator for facilities that need to continue processing even when utility power has been down for more than an hour. The amount of fuel you store on-site, plus any deliveries you can get, determine the amount of time that electric generators can provide electricity. Most facilities store no more than seven days worth of fuel. In most parts of the world, you very rarely experience an outage of seven days or more.
UPS systems and electric generators work together to provide continuous electric power to processing facilities. Neither can do the job alone:
UPS systems: Generally can’t deliver power for more than a portion of an hour. You need a generator to provide long-term electricity.
Generator: Requires a few minutes for startup and stabilization before it can begin delivering electric power. You need a UPS to fill the gap.
I cover power supply protection more fully in Chapter 6.
Protection from civil unrest and war
Protests, strikes, and general mayhem sometimes get out of hand. Civil and political events can incite large numbers of people to take to the streets and damage everything in their path. Notable riots in recent history include
1992 Los Angeles riots: Thousands of people protested the jury’s verdict in a high-profile criminal case and went on a rampage that resulted in 53 deaths, widespread looting, and the burning of dozens of businesses and cars over a period of four days.
2005 civil unrest in France: The deaths of two teenagers sparked a three-month period of civil unrest that resulted in the burning of many public buildings and almost 10,000 cars. Over 2,900 suspects were arrested.
These two events, and dozens of others, have disrupted businesses, some to the point of failure. But, in addition to large-scale civil protest, small groups and even individuals can wreak havoc in many ways, including by using vehicles as weapons. You can take some measures to help reduce the risks associated with mob violence:
Put up barricades and fencing. Prevent unwanted people from approaching buildings and personnel.
Use shatter-proof windows or no windows at all. Well, this measure won’t make for very attractive buildings, but it’s hard to throw a stone or a brick through a solid wall.
Locate away from large cities. Not that civil disturbances don’t happen in smaller communities, but some organizations consider this measure because it seems such violence occurs less often in smaller communities.
Keep a low profile. Keeping a low profile means different things to different companies. Maybe you don’t put up big signs or place advertisements that could incite strong emotional outbursts. Maybe you locate yourself away from other businesses.
All bets are off when it comes to war. In warfare, fighting factions have weapons that can inflict damage from great distances, so measures such as fencing and stronger windows don’t help you much. If your business is in a war zone, try to locate it in an area that’s not on someone’s list of targets. And keep your passports nearby and your other options open.
Avoiding industrial hazards
You can control a lot of things about your organization — where it’s located, for instance. Some of the hazards that can turn into disasters have a lot to do with where a business is located. In the section “Site selection,” earlier in this chapter, I discuss floods, tornadoes, hurricanes, volcanoes, and other hazards. In this section, I discuss man-made hazards:
Nearby facilities with hazardous materials: If your organization is close to a facility such as a chemical facility, oil refinery, munitions depot, nuclear power plant, mine, or heavy manufacturing facility (this is by no means a complete list!), you may need to evacuate your business if something goes amiss in a nearby facility.
Hazardous materials in motion: Nearby railroads and petrochemical pipelines may also have their mishaps, resulting in damage to and evacuation of your business location. Figure 12-6 shows a train derailment that included a fire and a chlorine gas leak.
I certainly don’t include a comprehensive set of examples in the preceding list. But maybe the examples I do have can help you become more aware of the risks associated with nearby industrial activities.
|
Figure 12-6: This train derailment disrupted nearby businesses. |
|
Source: Wikimedia Commons
Preventing secondary effects of facilities disasters
I feel the need to slip in some recommendations about backup tapes:
Don’t store backup tapes in even the most secure processing facility.
Use the services of a secure off-site media storage provider.
Even the most secure processing facility is vulnerable to incidents that can destroy both servers and backup media — fires, floods, accidental discharge of fire retardant, hazardous material spills (think about that large UPS battery room), earthquakes, and don’t forget malicious people who can do serious damage with a degausser (a device used to erase backup tapes) or a big hammer. As long as you store backup media close to the systems they back up, you reduce your ability to recover applications in another location.
Preventing Technology-Related Disasters
As long as you have IT systems — and other electrical and mechanical apparatus — that support business processes, you may have disasters caused by their breakdown. You need to design, build, and maintain the systems that support your processes to help keep those systems from failing.
These two principles can help you understand this concept:
Failures happen, and you can’t absolutely prevent them.
Don’t allow failures to cause a full-scale disaster.
Dealing with system failures
Anyone who’s been in IT for any length of time has seen many kinds of IT failures that cause applications to fail. Here are some examples:
Hard drive failure: For one reason or another, hard drives just stop working. Long ago, you had to worry about head crashes, but you don’t hear about those kinds of failures any more. Hard drives still do fail sometimes, however.
Power supply failure: Power supplies generate a lot of heat, and this heat can stress components to the breaking point.
Circuit board failure: Motherboards, controllers, and network adaptors all have a finite life span.
Cabling failure: Although it happens less often than in decades past, cabling still occasionally goes bad.
Operating system and software bugs: These days, operating system, database, server, and application software is unbelievably complex. Sometimes, an organization has the bad luck to present a unique and deadly combination of circumstances that the software didn’t anticipate, causing that software to malfunction. The worst kind of failure occurs when you don’t know of the failure right away and some form of damage slowly spreads through your data.
Data corruption: Sometimes, you simply can’t access or create data, usually because of a failure elsewhere (in hardware or software).
Systems don’t run forever. The following sections discuss ways to keep the failures from the preceding list (and others) from turning into full-scale disasters.
Minimizing hardware and software failures
Software and hardware failures aren’t wholly preventable, but you should do all that’s reasonable to prevent failures while still preparing for them. The following list contains many measures you can take to prepare for hardware and software failures when they do happen:
Perform regular data backups. Copying data from main hard drives to other hard drives or backup tape is the best insurance in cases of hard drive or related failure.
Perform regular data restores. Just because you can perform data backups doesn’t mean you can get that data back! Test your organization’s ability to restore data at least once per month to make sure that backups are working and that you can actually recover data from backup tapes.
Keep spare systems. In some cases, you might more easily recover an application or database onto a different system than diagnose or repair a problem on a primary server. You might be able to use development servers, test servers, and servers for less-critical applications as spare systems.
Keep spare parts. Having spare disk drives, memory, motherboards, and power supplies gives you more choices when you experience a hardware failure.
Have service manuals. You never know who may need to open up one of your servers or storage systems. The usual experts may not be around when you need them.
Pros and cons of a monoculture
In computer terms, a monoculture is an environment whose systems are all of the same operating system and hardware type. Having a network and server monoculture has certain advantages and disadvantages. Table 12-1 outlines monoculture pros and cons.
| Pros | Cons |
|---|---|
| Lower support costs | Dependent on a single supplier |
| Lower training costs | A software bug or malfunction affects |
| all systems | |
| Ability to cannibalize other | Security vulnerability affects all systems |
| systems for spare parts |
A monoculture isn’t altogether bad, and you don’t necessarily need to avoid it. It has many obvious advantages. But monocultures do have certain risks that you need to analyze and deal with.
Years ago, some New York-based investment banks that were concerned about monocultures built interesting application architectures. One such organization built an active/active cluster by using two different types of transaction servers that recorded the purchase and sale of investment securities — these servers handled tens or hundreds of thousands of transactions per day. The cluster consisted of two sets of servers:
IBM running the AIX OS with a DB2 database
Sun running the Solaris OS with an Oracle database
The organization was so concerned about the risk of a software bug taking down their entire cluster that they built their cluster with entirely different hardware and software. Thus, the organization got peace of mind, knowing if a bug or malfunction occurred in one server’s hardware, software, or database, that bug or malfunction appearing in the other system would be extremely unlikely.
Building a resilient architecture
The suggestions listed in the section “Minimizing hardware and software failures,” earlier in this chapter, may work for processes that have an RTO (Recovery Time Objective) of a day or more. But many business processes can’t be without their supporting IT systems for more than a few minutes. In these cases, you need a resilient architecture — one that can continue supporting applications on almost a non-stop basis, one that’s impervious to failure, even a disaster that renders an entire processing center unusable for hours or days at a time.
The methods for building a resilient architecture are
Server clustering: By using special clustering software, you can apply an active/active configuration to two servers in which both are performing the full application load in a sharing basis. Or you can apply an active/passive configuration in which one server processes application transactions and the other is ready to take over at a moment’s notice. You can store servers in a cluster in the same room, the same city, or thousands of miles apart.
Data replication and mirroring: Copying transaction data from one storage system to another. If one storage system fails, the other has an up-to-date copy of all recent transactions.
Clustering and replication can work closely together to create an application architecture that can continue running — despite the failure of a minor hardware component or the complete destruction of a processing center.
Chapter 7 explores clustering in a lot more detail. Chapter 8 takes up the subject of data replication and mirroring.
Preventing People-Related Disasters
An organization can have a brilliant application architecture, resilient business processes, and superbly engineered server clusters, and disaster can still occur. If the people who operate the IT systems and perform business processes aren’t familiar with what they’re doing, a simple mistake can trigger system failure, causing a disaster.
You can take several measures to prevent disasters caused by human error:
Accurate documentation: Procedures for routine and not-so-routine actions, at every layer in the stack, from the wiring plant to application instructions. Periodically review such documentation to make sure it’s up to date.
Configuration standards: Also known as server build standards and database configuration standards. Documented configuration settings that all systems in an enterprise use. Consistency makes actions more routine and outcomes more predictable.
Training: General training in the skills associated with each job description, plus specific training on the architecture, development, and operations of your systems and applications.
Pre-employment screening: Make sure that the workers you hire have the skills required to competently perform their duties.
Change management: This formal management process says that nothing gets changed in the environment until each change has been formally reviewed and approved.
Configuration management: The tools and procedures that keep an accurate record of the configuration for each system in the enterprise. In larger organizations, this level of recordkeeping can be very time consuming; you can find enterprise-level tools available to handle this task automatically.
More than just innocent mistakes can cause a disaster. An employee’s ill intent can also be disastrous. These measures can help to reduce those risks:
Pre-employment background checks: Prior to hiring someone, an organization should verify that candidate’s employment history, education, and credentials.
Pre-employment criminal background: An organization should verify that the candidate doesn’t have a criminal record that would disqualify him or her from employment. Each organization needs to develop its own criteria for filtering job candidates.
Periodic background checks after hire: Check to make sure an employee’s criminal record stays clean after you hire him or her. This routine check is especially important for employees who have been working in an organization for several years. Who knows — maybe that extended vacation was spent in jail!
Formal employment agreements: An organization should have employment agreements, contracts that formally outline what the organization expects of the employee, as well as the consequences for not meeting those expectations. Such agreements can serve as useful deterrents, making an employee think twice about carrying out some malicious action that could harm the organization.
Audit logging: When employees know that the organization monitors their activities, they’re less likely to do something they wouldn’t want to be caught doing. But you should trust your employees — logging exists to provide a history of events on systems that you can use as a troubleshooting aid.
None of the measures in the preceding list actually prevents an employee from carrying out a malicious action, but these measures can help the organization do a better job of selecting candidates and observing them after hire.
Preventing Security Issues and Incidents
The absence or failure of a security control can lead to some man-made disasters. Indeed, many security incidents can seriously harm an organization in the same way a prolonged outage caused by a natural disaster can. The types of security incidents that can become disasters include
Computer break-ins: Hackers and other cyber-criminals can use some means to gain access to a system so they can
• Steal data: Most often, cyber thieves go after the money — credit card numbers, bank account numbers, and other personal information that they can use to steal money from citizens or perpetrate identity theft.
• Alter, damage, or corrupt data: Hackers also love to alter or corrupt data — a far more serious action because the organization may not immediately recognize it.
• Embarrass the organization: A hacker may want to embarrass an organization by defacing its public Web site. Figure 12-7 shows an example of such a defacement.
Malware: This inclusive term means viruses, worms, Trojan horses, and so on. The specific purpose of malware is to disrupt, disable, or destroy systems, including those running critical applications.
Denial of Service: Both Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks have a specific purpose — to render a server or group of servers unusable by the intended users. You can defend against a DoS or DDoS, but it can cost you.
Social engineering: A variety of activities in which outsiders — often posing as employees, tech support, law enforcement, or Microsoft — contact various employees in order to obtain company secrets. Social engineers can use their new-found knowledge to commit further criminal acts, such as computer break-ins.
Damage by former employees: Often, those who do the most harm to an organization are its former employees, now outsiders, who are familiar with people, technology, architectures, and weaknesses. Now and then, you see news stories about former employees who cause damage to their former employers’ property, including computer systems and data.
|
Figure 12-7: A defaced Web site — yes, it can even happen to Microsoft. |
|
Source: Neohapsis
Hacking: Not just for kids anymore
The stereotypical hacker is a lonely teenage boy who’s intelligent, curious, bored, and likes computers. Without the responsibilities of adulthood, teen hackers have way too much time on their hands, and they use their computers, their brains, and their spare time to figure out how to manipulate computers, including how to break into them.
The recreational teen hacker is giving way to a new breed of hackers — professionals who hack for pay. Organized crime discovered that the Internet is a safer and easier place to prey on people and businesses, and they’re highly successful at it. In 2005, the U.S. Treasury Department reported that proceeds from cyber-crime had surpassed the proceeds from drug trafficking, starting in 2004.
When a corporate profit motive spurs an activity (even if the corporation is organized crime), the people involved in the activity are going to be more determined than before, now that cash is involved. Hence, organizations that have highly valued information and assets need to take added precautions to protect those assets (and their reputations).
So, although computer-savvy teenage boys still like to break into computers, they now have a career path that lets them earn a living doing what they love.
You can use several measures to reduce security risks:
Anti-virus software: Used to detect and block all sorts of malware, including viruses, worms, and Trojan horses. Every server and workstation running any Windows operating system should have anti-virus software that blocks malware in real-time, updates its signature files (a database of known viruses and other malware) daily, and performs a whole-disk scan weekly.
Security patches: One of the chief ways that hackers break into systems and networks is through well-known vulnerabilities. Most often, you can find security patches available for these vulnerabilities, but many organizations don’t apply these patches quickly enough.
Firewalls: These devices block access to an organization’s network through the Internet and any directly connected partners. Firewalls are configured by network administrators with rules that permit specific types of connections to specific systems while blocking all other attempts at communication.
Application firewalls: These firewalls examine the contents of communication to application servers (including Web servers) and block any communications identified as malicious in nature. Hackers who want to break into an organization’s networks or servers often attack that organization’s Web sites.
Vulnerability scanners: Security people in an organization use these devices to identify vulnerabilities in its systems, applications, or network devices that a hacker could use to break in. When the devices discover vulnerabilities, security people notify operations personnel about the problems.
Intrusion detection system (IDS): Network- and server-based systems that monitor network traffic and generate alerts that they send to operations personnel when an attempted break-in or intrusion appears to be in progress.
Intrusion prevention system (IPS): The newer and better IDSs also function as intrusion prevention systems by actually blocking suspected malicious communications before they can cause harm.
Video surveillance: You can use cameras and video recording equipment to detect intruders and prove their presence in a court of law. And visible video cameras provide a deterrent effect by discouraging illegal activity.
You can use many other means, beyond those in the preceding list, to improve the security in an organization’s applications, servers, and networks so they don’t fall prey to the wide variety of attacks that frequently occur.
Prevention Begins at Home
In a regional disaster, employees often aren’t available to help the disaster recovery team because they’re attending to a more important concern — their families. After that earthquake, hurricane, flood, or other occurrence, most employees with families attend to those needs before even considering showing up at work to be on the disaster recovery team. Until they can take care of their families, employees aren’t coming to work, no matter how bad things are there.
Prevention at home can help. If you inform employees about the measures they can take to be better prepared for a disaster, you can help make sure employees’ families are better taken care of in a disaster. If his or her family is secure, an employee is more likely to make him- or herself available to assist in disaster recovery operations.
Employers have a key role in prevention. While they conduct their Business Impact Analysis (BIA) and risk analyses, DR team members can probably get disaster response and prevention information, such as preparation tips, from local civil authorities. Such information can help business DR planning efforts, and those same sources frequently have family disaster prevention information. Obtain those family prevention flyers or booklets in large quantities and make them available to employees to increase the likelihood that they’ll take steps to make their families more prepared for disasters.
The DR project can go one step further and actually assist key recovery personnel with information and even supplies for their families. The better prepared personnel are to take care of themselves and their families, the more likely they are to be available to assist in recovery operations.