Threat Level: green Handler on Duty: John Bambenek

SANS ISC: InfoSec Handlers Diary Blog - How do I recover from.....? InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

How do I recover from.....?

Published: 2009-08-30
Last Updated: 2009-08-31 10:06:23 UTC
by Tony Carothers (Version: 5)
0 comment(s)

One of our readers, Scott F., yesterday submitted to the ISC that he had been notified in early July that one of his hosted web servers had been taken offline.  Yesterday the hosting service notified Scott that a rogue Trojan 'worm' had been discovered on the system.  Scott is now taking action to recover his system and application from the source files with a fresh install.

Which brings me to the subject of today's diary: "How do I recover from....?"  The question is intentionally vague to prompt everyone to fill in the blanks.  Recover from a system hack, a natural disaster, catastrophic equipment failure, theft etc., etc., the answers to these questions are also very broad, however to enact an effective recovery, the answers need to be as focused as they can possibly be.  Some of the crucial items to consider

 Where is my source code being stored offline?

Where is my data being stored?  Do I have an off-site contingency?

What is my recovery procedure going to be in case of 'x', where 'x' is a given failure?

How can I exercise these plans?

 These are only a few of the questions that address the recovery process.  For any pointed questions, please give us a shout.

 tcarothers at isc dot sans dot org

 

0 comment(s)
Diary Archives