Backup and Disaster Recovery – do you have have a plan?

What would you do if your CEO calls you at 8:00pm on a saturday night telling you he or she cant send a critical email to the board. he summons you to office as an emergency. You enter the server room and you observe the server rack and there is no sign of life on that server in question; say the UPS malfunctioned and fried the mail server. You feel that cold sweat trickle down your back when reality hits you. Why reach that point?

Backup and recovery methods are essential to data protection and security. Any loss of data due to file corruption, virus, security or human error is a loss of time and money. Furthermore, loss of data can severely impact the success of a project, department or college or government ministry. An effective server backup and recovery plan is crucial. It can mean the difference between recovering in minutes rather than days or even after several weeks.

FACT: on average, over 40% of companies without a Disaster Recovery Plan go out of business after a major data loss. According to figures from a study conducted by the Strategic Research Corporation. They provided the top five leading causes of business continuity and disaster recovery incidents as being;

  • Hardware Failures (servers, switches, disk drives, etc) 44%.
  • Human Error (mistakes in configurations, wrong commands issued, etc) 32%
  • Software Errors (operating systems, driver incompatibility, etc) 14%
  • Viruses and Security Breach (unprotected systems are always at risk) 7%
  • Natural Disasters 3%

The human element is among the weakest links in a Backup and Disaster Recovery Policy others include threat of virus infection, hacking, server side scripting or malicious take-downs. Disaster with respect to systems and networks is a broad subject that due to numerous factors can render a service unavailable. Among the key factors to consider is security. Performing security checks or hardening or penetrative testing etc are ongoing processes that needs modification and updates. Furthermore securing any server or network is not a one off project.

This plan be be a 4 page document or a very detailed 100 page document depending on the scope. Key features of this document include;

  • Planning for  a disaster; sounds weird but yes, you need to analyze your most likely threats such as Flooding if you stay in Bwaise. have a team that is responsible for managing this recovery; team should include a variety of departments and remember senior management must be in the loop of situations. this team will help come up with both core and non-core business processes that are at risk of being affected. collect as much relevant information as you can e.g. which vendor equipment is in use, do you have a secure offsite backup location, potential risks and alot more.
  • Emergency response; what criteria do you use to aknowledge you have a disaster at hand. do you have alerts incase of a server? this determines how fast you respond.
  • Recovery Procedures; document how best you would recovery if you experience a disaster.
  • You need to test the plan, train your staff and remember to maintain the plan by routine reviews and updates as your environment changes.

No server or system or database is guaranteed 100% disaster proof or hack proof however following minimum security recommendations makes it harder to compromise any installation. The website of EC Council the institution that teaches and certifies Certified Ethical Hacking (CEH) got hacked, The US Department of Defense was hacked and they didn’t know for nearly 4 months, Microsoft reports an estimated 300,000 attempted attacks every day. In the event of a compromised system, what is important is; identification of the root cause, restoration of services as soon as possible, incident management and documentation so that there is no re-occurrence (learn from mistakes). Intervention methods include; user training on Information Security Awareness.

The key to a successful Disaster Recovery Plan is planning. A formal review of a Disaster Recovery Plan should be conducted yearly, and a quarterly Disaster Recovery Readiness Assessment Audit should be conducted as well to ensure that objectives and scope are being achieved.

If procedures are followed, it helps ensure services are restored as soon as possible in the event of service disruption due to a disaster. It is worthy of note that other processes are key to ensuring this document objectives are achieved example Database Management Policy, Application Code Management Policy, Change Management Processes Guidelines, Redundancy Backup Server Guidelines. Thus it is a collective effort to ensure business continuity.

This writeup is brief doesnt cover everything it should however give you a feel of what you can go through or when disaster strikes. Do you have a plan or policy in place? Its not too late, l can help you draft up one at a small fee, you will thank me later.

The day I became a Hacker – Searching my head why I did it …(no excuses found)

I one day found myself in one of those posh upscale places in Uganda, Those places you enter and you forget you are in this dusty + floods infested Kampala. (I will have to literally kill you for me to disclose this place). Furthermore it is on one of those days l feel holier than the Pope. I had 3 devices, yes 3; to connect to the Internet. I ask this tall beautiful waitress with a weird weave (I loathe weaves but that is for another day)  for access to their “Internet”, she hands me a paper with login credentials typed.

It hit me hard, there was a big problem; the credentials only allow single sign on and yet l had two other geeky things that were Internet hungry, l could see from the look on their digital faces that they needed updates and other things that they know that they gobble from the Internet.
I again politely asked the waitress for another rap, she disarms me with a smile that made me forget she had slammed a no on me.

I pull out all the sweet words l could only falling short of telling her l’m taking her out for Valentine’s in the middle of the year. She still says no citing something to do with management policy et cetera.

Well; l coiled my small tail and said thank you for the life saving access to the Internet, l will buy social bundles for the rest. As her footsteps faded in the background, l had an eureka moment. That moment l smiled and realized l could surprise them too.

So l log in to the WiFi, dig around with my ICT jargons and find out the default gateway blah blah and l run an admin log in attempt on the web GUI. I think my other two devices had been praying too because the default admin credentials got me signed in. I could see every other device connected.
Gentlemen and Ladies; it is simple, too many bulls in the kraal is receipt for annoyingly slow Internet and quarrels with my laptop, the kind of mix l don’t want. I did the only logical thing l had to do to save a life.

KICK OUT EVERYONE ELSE AND ONLY PERMITTED MY 3 DEVICES TO ACCESS THE INTERNET

Well the next few minutes saw my former good friend pacing around, calling the manager, hahaha calling l don’t wana know who as l sheepishly smiled and sipped on my dawa tea.

Soon word spread around that “the Internet is spoilt”. I felt sorry but but…. I sat there for close to 2 hours till l got a rude reminder that my bed was at home missing me. I undid the whitelist l had created, signed out and left.

I will go back again another day and wreak havoc …..

Tip: Always change default configurations for your ALL devices else someone like me will hack you

This is the cheapest and simplest hack in the book, it is as a result of poor practices by network administrators

Is this the part I pen a conclusion?

Being able to compose a tweet is said to be something smart because you don’t have a lot of “space” to  type all your so called humble thoughts. I beg to say that is being mean with words, what would some of us with a look of words do? Reason my twitter account forgot about me.

Either way, l’m still in celebration mode; it took me decades of planning on creating a blog, then l entered the procrastination phase and now l have run out of excuses – l just had to pull a NIKE on it.

I promise to whip out different topics all bundled up not as a reflection of how cracked up I’m but rather as a way of letting some words of wisdom transfer to you.

This might be short but hey why complain? Write your own J

I’m very happy my first post on my newly baked blog is about hacking (pun intended)