What Is Not In The Helpguides

Basic 101 for Data Protection

A few topics come up frequently that are forgotten, or their impact is underrated. Here are a few questions that you should ask yourself alongside the usual infrastructure related planning:

  • What is your company’s definition of a disaster situation?
  • How fast is fast, when someone says they want a restore fast, what does that really mean in numbers?
  • Is an emergency manual available in an offline form and who can access it?
  • Is an offline copy of all important passwords and digital certificates available, and who has access to it?
  • Is access to datacentres available without electronic key cards?
  • Is access to all resources, information and locations part of vacation or other leave planning?
  • Do you have a cyber security insurance, and does it provide an incident response manager? 
Root & Physical Access
  1. If an attacker has physical access, they can still take disks out and throw them in the trash.
  2. An appliance is just perceived security. You can still physically destroy it.
  3. If you do not restrict physical access it can be just as devastating.
  4. Remember. If the administrator has root access, they can still delete things. 
  5. Never give anyone root access unless it is essential.
  6. For hardened repositories, store the root password in your accountants safe, not onsite where others may find it.
  7. Always limit physical and root access
Immutability Thoughts
  1. Immutability is not how long you want to protect the data; it is how long you wish to keep it un-writable.
  2. Immutability is only part of a solution, do not rely on it alone.
  3. Sometimes an immutability policy needs to be discussed within the business, if a decision takes 40 days to implement a change to then agree to do a restore then an immutability policy of 20 days is not long enough. Company politics can affect your retention policy too.
  4. Do not make everything immutable, a blanket policy is inefficient.
  5. At the end of your immutability period there is still a period before deletion occurs, size this into your planning
Compromised!

In case of a ransomware attack or any form of intrusion, your assets may be sealed by government agencies for investigation purposes, Ypu may not have access to start your recovery from/to them. A Recovery site is not just for downtime. Do you own a dedicated recovery site/cluster and separated location for backups ?

Server Names…. Names…. Names!

Remember the days we laughed at the server stack named after the TV Characters! Actually, today this is much better than the “Normal” names we face today. Domain Controller is One (DC1) is now classed as a big round target by any attacker. Chose a convention only relevant to your team or organisation. 

Sizing Thoughts.
  1. when your sizing proxies and repositories consider that they will be doing writes, reads and administrative actions at the same time.
  2. If you know your available bandwidth make sure you also know how much is free and not in use by other production process sending data.
  3. What works in a lab is not real life!
  4. Document everything and version control your planning, it will help.
Reality Check
  1. Nothing is invulnerable, you can only make it harder to get there.
  2. There is no such thing as “Risk Free” just “Reduced Risk”
  3. Even Appliances have root passwords, and usually the people who produce them have override passwords too, all their support team will have access to that password.
  4. Data protection is a part of your business strategy not just Disaster Recovery or your last resort. Do not treat it badly or rely on it alone.