Security Protection – Harry Waldron (WP) Rotating Header Image

July 6th, 2012:

Disaster Recovery – Five key tips for a successful plan

We are still recovering in our region one week later from the recent Derecho event. 

Five great DR tips are shared in this related article to facilitate future planning:

Disaster Recovery – Five key tips for a successful plan http://washingtontechnology.com/articles/2012/07/02/recovery-tips-for-storms.aspx

QUOTE: A five-point plan for strategic disaster recovery can help you capture everything that you need to consider quickly and efficiently.

1. Communications – An effective disaster recovery plan is one that is understood and does not require a team of experts to interpret.

2. Business Process – A proficient disaster recovery plan anticipates different levels of risks inside and outside the enterprise and the inter-dependencies between people, technology, and external conditions beyond normal operational control.

3. Technology Risks – Remember that the restoring data only works if your original backup is actually validated and constantly checked for errors.

4. People Relocation – Be prepared to enable your staff to physically relocate quickly and efficiently to an alternate facility to ramp up operations in times of emergency, and account for external conditions such as weather, transportation, and power outages.

5. Keep It Simple – Finally, remember that if your plan is longer than several pages, it is likely to be misinterpreted by someone, hence, making your data center vulnerable to information

Disaster Recovery – Derecho on June 29, 2012 was wakeup call

On June 29, 2012, one of the top storms of a lifetime roared through our area and even a week later there are numerous power outages.  Our power company noted that the 90 high power transmission lines are not something that is easily fixed with a bucket truck. The article below notes that this “storm of the century” is a wake up call to brush the dust off our DR and Contingency planning manuals and always be prepared for the worse.     

Storms of June 29th 2012 in Mid Atlantic region of the USA https://isc.sans.edu/diary.html?storyid=13600
http://en.wikipedia.org/wiki/June_2012_North_American_derecho

QUOTE: On June 29th 2012 a severe windstorm reffered to as a derecho tore through the Midwest and MidAtlantic regions of the US. Over 1,750,000 homes and businesses were left without electricity. Datacenters supporting Amazon’s AWS, Netflix and other large organizations were taken offline, and there were several deaths reported. I work for a company with a NOC and primary data-center in the path of the storm. A number of events took place. With day time temperatures near 108F and the windstorm coming through the battery on the backup generator powering the data-center cracked and was not able to start the generator.

So on to old lessons learned – geographic redundancy is desirable, document everything in simple accessible procedures, some physical servers may be desirable, such as DHCP, and AD. Keys services such as RADIUS must be available from multiple locations. Securely documenting addresses and passwords in an offline reachable manner is essential as well as documenting system startup procedures. Some new to me lessons learned are a little more esoteric. Complacency is a huge risk to an organization. Our company is undergoing a reorganization that is creating a lot of complacent and lackadaisical attitudes. It is hard to fight that.

Apple OS X – New MaControl variant in wild

Apple Mac users should be careful with these new targeted and sophisticated attacks

New OS X trojan backdoor MaControl variant reported https://isc.sans.edu/diary.html?storyid=13612
http://www.kaspersky.com/about/news/virus/2012/New_Mac_OS_X_Backdoor_Being_Used_for_an_Advanced_Persistent_Threat_Campaign
http://www.securelist.com/en/blog/208193616/New_MacOS_X_backdoor_variant_used_in_APT_attacks

QUOTE: Kaspersky has reported that a new previously undetected variant of the MaControl backdoor is being used in the wild. The malware arrived as an email attachment, and if installed connect to a C&C server. More information on the malware, its behaviour, and the attack campaign is available from Kaspersky, who discovered this variant.