Security+: Disaster Recovery Security
The Security+ certification exam is one of the most important certifications anyone in the technology industry can obtain. The Security+ certification validates that you have established the core knowledge and baseline skills to perform security functions in a professional technology environment.
The Security+ certification exam covers many aspects of security like risk management, risk mitigation, threat management, intrusion detection, access management, cryptography, PKI, and disaster recovery. Disaster recovery can be a very important part of security many times when security breaches happen backups are needed for recovery. Disaster recovery has become an even more important part of security with the recent popularity of ransomware.
Disaster Recovery is one of the most important things any network admin can plan for in the information technology industry. Companies that do not plan for disaster recovery usually never recover from a disaster. Unplanned disasters can result in a loss of business and data that can cripple any company.
Any Security+ certified administrator will tell you to write a disaster recovery plan. Your disaster recovery plan should be available in multiple locations outlining in detail the plan in the case of a disaster. This plan will include all information you will need to recover your business it the case of a disaster. These documents contain locations of software, contact information, network documentation and much more. Many of these plans, if written properly, are 100 or more pages in length and need to be updated yearly as servers and software get updated or decommissioned.
Do you have Backups?
One of the main aspects of disaster recovery that is vital is backups. There are hundreds of backup solutions available for your organization. You will need to determine what backup solution is best for your company based on cost and the needs of your environment.
There are two kinds of backups
A full backup of your system backs everything up every night, seven nights a week.
An incremental backup will perform a full back up once a week and perform incremental backups the rest of the week only backing up what has changed since the last incremental backup. When dealing with large data backups in the terabyte range generally you will usually end up doing an incremental backup solution.
How are you backing up data?
When dealing with your backups, you must think how you will be backing up your data. All three are of the following solutions are great solutions in their own right.
Will you be using a:
- Cloud Service
- Tape Drive System
- Physical Disk
Backing up to a cloud service will be slower and cost bandwidth which you may be paying for by the megabyte or gigabyte. However, the great part about this is your data is backed up offsite to a secure data center and are easily accessible if needed for a disaster.
A tape drive system is great and reliable but backing up is very slow on a tape system, and backups are generally done locally which is not a great idea in the case of fire or natural disaster. Tape can be great as a solution when it comes to long-term storage as tapes can be kept for long periods of time in storage without risk of damage. Tape can be used if a copy of the nightly tapes is taken offsite after backups have been completed for the day.
The physical disk is much faster than tape, but again you run into the issue of backups being stored locally. If you back up to a portable hard disk, you can do the same as you would with the tapes and take a copy of the disk offsite after backups have been completed.
Do you have a remote site?
No matter what type of backup solution you get always think about some kind of remote or offsite backup solution in the case of fire or natural disaster. You will need to decide how often you backup offsite and what data you will backup offsite every night. You may want to backup data that changes every night like databases offsite nightly but things like print servers that might not have daily changes monthly offsite.
When it comes to users continuing to operate in the backup plan you need to think of a backup site. A backup site is where your data center will be recreated, and where you will operate from, for the length of the disaster.
What kind of remote site do I need?
There are three different types of backup sites
- Cold Site
- Warm Site
- Hot Site
A cold site is basically an empty space with everything you need to restore services needing to be purchased and procured. The delay going from a cold backup site to full operation can be substantial with hardware needing to be purchased, delivered and setup.
A warm site is already stocked with hardware representing your existing data center that has been taken offline. To restore service, the latest backup from your offsite backup system needs to be restored completely to the existing hardware on the warm site, and business can begin again with very little downtime.
A hot site is a virtual mirror image of your current data center using redundancy. Larger organizations may have redundancy setup to prevent downtime in the event of disasters. Redundancy is having an exact replica of all of your systems set up in another location. In the case of redundancy data is replicated to the second site in real time and in the case of a server or data center being taken offline the device at the redundant site will pick up right where the device in the first site left off with little to no downtime.
Hot Sites use load balancers to stay operating the case of a disaster. Hot Sites can use hardware or software load balancers to keep systems going in the case of disasters. This works by assigning each device its own private Internet Protocol Address (IP Address) that allows it to communicate to the other devices in the cluster of devices. Then by assigning one clustered public IP Address for all of them, this allows for one device to go offline, and the other device or devices will pick up with no downtime. What clustering can work with two or more devices is a single location or multiple locations allowing for little to no outage in the case of a disaster situation.
A hot backup site is the most expensive approach to disaster recovery much more expensive than cold sites and much more expensive to maintain. No matter what kind of site you decide to go with cold, warm, or hot will depend on company budget, operational needs, and security.
Where do I get a remote site?
There are three main ways to get a backup site location
- Hiring companies specializing in disaster recovery
- Using locations owned by your organization
- Using another organization’s resources
The best solution I think is hiring a company specializing in disaster recovery. Working with a disaster recovery company is the best as most of these places often give you access to professionals skilled technology staff with 24/7 support. These professionals can guide your staff through the process of creating, testing, and implementing a disaster recovery plan before after and during a disaster. The downside to this will be the cost but will provide you with the least amount of downtime next to a ready implemented hot site.
The next solution is to use other locations owned by your organization. As this is a great cost saving for your company as they already own the location. The downfall to this is you need a person on your staff to handle something like a disaster. Preferably someone who is Security+ certified and knows how to handle a situation like business continuity and disaster recovery.
The last solution would be to have a mutual agreement with another organization’s resources. In these types of situations, two companies agree to share the other’s data center facilities in the event of a disaster. These agreements sometimes allow you to share staff in the event you don’t have IT staff or anyone Security+ certified capable of handling the situation.
When it comes to disaster recovery, there will be a few factors that will affect your decision on what system to implement. The first will always be the cost as anything with disaster recovery is always costly and expensive. The next consideration is operational downtime. How long can the company afford to be down? For some companies they can’t be down more than a few minutes others may be in a situation where they can be down for a week or two, and they can keep operating. This decision will come down to the company itself and their needs for operation.
No matter what company you are working with no matter what the operational downtime requirements always have a disaster recovery plan in place before a disaster happens this will be a huge help in the case of any kind of disaster. When it comes to user operation, you can almost never be over prepared for disaster recovery.