Complete Exercise 14.1 from Ch. 14, “Physical Security and Disaster Recovery,” of Network Defense and Countermeasures: Principles and Practices. Ensure your document is 2 to 3 pages.

The reading for this exercise is as follows, I don’t think you necessarily need it but I copied and paste it just in case you need an idea of what info is needed on the 2-3 page disaster recover plan document. It would probably help to mention which RAID arrays you would use for the fictitious business you will use.

Ch. 14 Readings on disaster recovery:

Disaster Recovery
Before we can discuss disaster recovery, we have to define what a disaster is. A disaster is any event that significantly disrupts your organization’s operations. A hard drive crash on a critical server is a disaster. Other examples include fire, earthquake, your telecom provider being down, a labor strike that affects shipping to and from your business, and a hacker deleting critical files. Just keep in mind that any event that can significantly disrupt your organization’s operations is a disaster.Disaster Recovery PlanYou should have a disaster recovery plan (DRP) in place to guide the return of the business to normal operations. This must include a number of items. You must address personnel issues, which means being able to find temporary personnel if needed, and being able to contact the personnel you have employed. It also includes having specific people assigned to specific tasks. If a disaster occurs, who in your organization is tasked with the following? Locating alternative facilities Getting equipment to those facilities Installing and configuring software Setting up the network at the new facility Contacting staff, vendors, and customersThese are just a few issues that a disaster recovery plan must address; your organization may have more issues that would need to be addressed during a disaster.Business Continuity PlanA business continuity plan (BCP) is similar to a disaster recovery plan but with a different focus. The DRP is designed to get the organization back to full functionality as quickly as possible. A business continuity plan is designed to get minimal business functions back up and running at least at some level so you can conduct some type of business. An example would be a retail store whose credit card processing system is down. Disaster recovery is concerned with getting the system back up and running at full functionality, essentially like the disaster never happened. Business continuity is concerned with simply offering a temporary solution, such as processing credit cards manually.To successfully formulate a business continuity plan one must consider which systems are most critical for your business and have an alternative plan in case those systems go down. The alternative plan need not be perfect, just functional.Determining Impact on BusinessBefore you can create a realistic DRP or BCP you have to do a business impact analysis (BIA) of what damage to your organization a given disaster might cause. Consider a web server crash. If your organization is an e-commerce business, then a web server crash is a very serious disaster. However, if your business is an accounting firm and the website is just a way for new customers to find you, then a web server crash is less critical. You can still do business and earn revenue while the web server is down. You should make a spreadsheet of various likely or plausible disasters and do a basic business impact analysis for each.An issue to consider in your BIA includes the maximum tolerable downtime (MTD). How long can a given system be down before the effect is catastrophic and the business is unlikely to recover? Another item to consider is the mean time to repair (MTTR). How long is it likely to take to repair a given system if it is down? You must also consider the mean time between failures (MTBF). In other words, how frequently does this particular service or device fail? These factors help you to determine the business impact of a given disaster.All of this data will lead you to a recovery time objective (RTO). That is the time by which you intend to have a service back up and running, should there be a failure. This should always be less than the MTD. For example, if the MTD for your e-commerce server is 48 hours, your RTO might be set at 32 hours, providing a significant margin of error.Another important concept is recovery point objective (RPO). This is how much data you can tolerate losing. Imagine you do a back up every 10 minutes. If the server you are backing up fails seconds before the next backup, you will have lost 9 minutes and about 55 to 59 seconds of work/data. That will all have to be redone manually. Is this tolerable? That depends on your organization.Testing Disaster RecoveryOnce you have both a DRP and a BCP, you need to periodically test those plans to ensure they will actually work as expected. There are five types of tests, discussed in order from the least intrusive, easiest to conduct, to the most difficult but most informative type of test.Document Review/ChecklistThis type of testing is usually done by an individual. The BCP and/or DRP are simply reviewed to see if everything is covered. They are compared to check lists, perhaps check lists from various standards (like PCI or HIPAA).Walkthrough/TabletopThis is a team effort. A team sits in a conference room and goes through the BCP and/or DRP and discusses scenarios. For example, “What if there was a fire in the server room?” Then the plans are consulted to see if that is covered adequately and appropriately.SimulationThe purpose of this type of test is to simulate some sort of disaster. A team or an individual might conduct this type of test. It involves moving around in the organization and asking specific individuals “what if” scenarios. For example, you might ask the database administrator “What is the plan should our financial data server crash now?” The purpose of this is to see if everyone knows what to do if a disaster occurs.ParallelThis test is about seeing if all backup systems come online. That would include restoring backup media, turning on backup power systems, initializing secondary communication systems, etc.Cut-off/Full InterruptionThis is the ultimate test. You actually shut down real systems and see if the BCP/DRP works. From one perspective, if you don’t ever do this level of testing, then you don’t really know if your plans will work. However, if this goes wrong, then you have just caused a disaster.To avoid generating a disaster, there are some steps you can take. The first is to not even consider this test until you have successfully completed the previous tests. In fact, all of these tests should be done in order. First do a document/check list. If and only if that is successful, then move to a tabletop. Then if that works move to a simulation.Secondly, you should schedule this type of test during downtime for the company. At a time when, if things go wrong, it will cause the least impact on the business. For example, if this is a bank, then don’t do this test Monday morning. Perhaps Saturday afternoon would be best. This would give you a chance to fix anything that goes wrong.Disaster Recovery Related StandardsYou need not create your BCP or DRP in a vacuum. There are numerous standards you can, and should, consult. In this section we briefly discuss a few of these standards.ISO/IEC StandardsThere are several ISO standards that can help guide you in formulating aBCP or DRP. ISO/IEC 27035: Information Security Incident Management. This standard provides a structured and planned approach to: detect, report, and assess information security incidents; respond to and manage information security incidents; detect, assess, and manage information security vulnerabilities; and continuously improve information security and incident management as a result of managing information security incidents and vulnerabilities ISO/IEC 27001: Requirements for Information Security Management Systems. Section 14 addresses business continuity management. ISO/IEC 27002: Information technology – Security techniques – Code of practice for information security controls.NIST StandardsNIST SP 800-61 Rev. 2, Computer Security Incident Handling Guide, is a standard for how to establish incident response plans and policies.According to this standard, an incident response capability should include the following actions: Creating an incident response policy and plan Developing procedures for performing incident handling and reporting Setting guidelines for communicating with outside parties regarding incidents Selecting a team structure and staffing model Establishing relationships and lines of communication between the incident response team and other groups, both internal (e.g., legal department) and external (e.g., law enforcement agencies) Determining what services the incident response team should provide Staffing and training the incident response team.NIST SP 800-34 Rev. 1, Contingency Planning Guide for Information Technology Systems, is specifically about how to handle incidents, including disasters, for IT systems. The standard includes a seven-step process for BCP and DRP projects:1. Develop the contingency planning policy statement.2. Conduct the business impact analysis (BIA).3. Identify preventative controls.4. Create contingency strategies.5. Develop an information system contingency plan.6. Ensure plan testing, training, and exercises.7. Ensure plan maintenance.Ensuring Fault ToleranceAt some point all equipment fails, so being fault tolerant is important. At the most basic level fault tolerance for a server means having a backup. If the server fails, did you back up the data so you can restore it? Although database administrators might use a number of different types of data backups, from a security point of view the three-primary backup types are: Full: All changes Differential: All changes since last full backup Incremental: All changes since last backup of any typeConsider a scenario where you do a full backup at 2 a.m. each morning. However, you are concerned about the possibility of a server crash before the next full backup. So, you want to do a backup every two hours. The type of backup you choose will determine the efficiency of doing those frequent backups and the time needed to restore. Let’s consider each type of backup in a crash scenario and what would happen if the system crashes at 10:05 a.m. Full: In this scenario you do a full backup at 4 a.m., 6 a.m., …10 a.m., and then the system crashes. You just have to restore the last full backup, which was done at 10 a.m. This makes restoration much simpler. However, running a full backup every 2 hours is very time consuming and resource intensive and will have a significant negative impact on your server’s performance. Differential: In this scenario you do a differential backup at 4 a.m., 6 a.m., …10 a.m., and then the system crashes. You need to restore the last full backup done at 2 a.m., and the most recent differential backup done at 10 a.m. This is just a little more complicated than the full backup strategy. However, those differential backups are going to get larger each time you do them, and thus more time consuming and resource intensive. Although they won’t have the same impact as doing full backups, they will still slow down your network. Incremental: In this scenario you do an incremental backup at 4 a.m., 6 a.m., …10 a.m., and then the system crashes. You need to restore the last full backup done at 2 a.m., and then each incremental backup done since then, and they must be restored in order. This is a much more complex restore, but each incremental backup is small and does not take much time nor consume many resources.There is no “best” backup strategy. Which one you select will depend on your organization’s needs. Whatever backup strategy you choose, you must periodically test it. The only effective way to test your backup strategy is to actually restore the backup data to a test machine.The other fundamental aspect of fault tolerance is RAID, or redundant array of independent disks. RAID allows your servers to have more than one hard drive, so that if the main hard drive fails, the system keeps functioning. The primary RAID levels are described here: RAID 0 (striped disks) distributes data across multiple disks in a way that gives improved speed at any given instant. This offers NO fault tolerance. RAID 1 mirrors the contents of the disks, making a form of 1:1 ratio real-time backup. This is also called mirroring. RAID 3 or 4 (striped disks with dedicated parity) combines three or more disks in a way that protects data against loss of any one disk. Fault tolerance is achieved by adding an extra disk to the array and dedicating it to storing parity information. The storage capacity of the array is reduced by one disk. RAID 5 (striped disks with distributed parity) combines three or more disks in a way that protects data against the loss of any one disk. It is similar to RAID 3 but the parity is not stored on one dedicated drive; instead parity information is interspersed across the drive array. The storage capacity of the array is a function of the number of drives minus the space needed to store parity. RAID 6 (striped disks with dual parity) combines four or more disks in a way that protects data against loss of any two disks. RAID 1+0 (or 10) is a mirrored data set (RAID 1) that is then striped (RAID 0), hence the “1+0” name. A RAID 1+0 array requires a minimum of four drives: two mirrored drives to hold half of the striped data, plus another two mirrored for the other half of the data.My personal opinion is that a server without at least RAID level 1 is gross negligence on the part of the network administrator. Using RAID 5 with servers is actually very popular.Some students struggle with how a parity bit can be used to recover lost data. This depends on a very simple mathematical operation, the exclusive OR (XOR). Let’s assume you have a single byte (8 bits) stored on drive 1, and another byte stored on drive 2:Drive 1 = 10101010Drive 2 = 00001111You XOR the two values together, and store the resulting bits:Drive 1 = 10101010Drive 2 = 00001111XOR = 10100101The value 10100101 gets stored as parity bits. Now at some later time, drive 2 fails and the data is lost. All you need to do is XOR the parity bits with the remaining drive, and you will get back the original bits:Parity bits 10100101Drive 1 10101010Result is 00001111So you get back the missing data. This is how the parity bits in RAID 3, 4, 5, and 6 work.Although RAID and backup strategies are the fundamental issues of fault tolerance, any backup system provides additional fault tolerance. This can include uninterruptable power supplies, backup generators, and redundant Internet connections.SummaryPhysical security and disaster recovery are two very critical topics in IT security. They don’t often seem as exciting to security practitioners who like to focus on more technical issues, but they are critical. This chapter reviewed the basics of physical security. You were also introduced to disaster recovery planning and business continuity planning. It should also be noted that if you take any of the major security certifications (CISSP, GSEC, Security+, etc.), these will figure prominently.