Chapter 14. Physical Security and Disaster Recovery

Disaster recovery is another area that many IT professionals find to be less exciting than technological security; however, it is a key part of network security.

Both the ISC2 CISSP exam and the CompTIA Security+ exam strongly emphasize physical security and disaster recovery. This should be an indication of how important these topics are.

The server room is obviously a key item to secure, but it is not the only item. If routers or switches are distributed in the building, they must be in locations that are not easily accessible by unauthorized personnel. Locked closets make a good location for these items. Locking down workstations so they are secured to the desk is also a common practice. This makes theft of those computers significantly more difficult.

Essentially any device that is itself valuable or contains data that is valuable must be physically secured. Equipping mobile business phones with the ability to remotely wipe them is also becoming common practice. That way if they become stolen or lost, the administrator can remotely wipe all data on the phone.

A man trap is an often-used security mechanism in high-security environments. A man trap consists of two doors with a short hallway between them. The second door cannot open until the first door is closed. This prevents tailgating, which is the process of an unauthorized person following an authorized person through a secure door. This can be further enhanced by having each door use a different authentication method. Perhaps the first door requires a key and the second requires a passcode. This two-factor authentication system would be difficult for an intruder to circumvent.

Other methods of securing building access include the external areas of a building. For example, a parking lot can be designed so that a person must make turns every 50 feet or so to exit. This prevents a thief or intruder from “speeding away” and makes it more likely that someone will be able to note their license plate, or that even police might arrive before they escape.

Fences are also important. Having some level of fencing is essential. High-security environments might use a tall fence, even topped with concertina wire. This might not be appropriate for many organizations, but even a decorative hedge row provides some level of barrier to slow down intruders.

Lighting is also important. Intruders usually prefer to enter in the dark to reduce the chance of being noticed or even caught. A well-lighted external building impedes intruders’ intentions to enter surreptitiously. Furthermore, internal lighting can also be helpful. You probably notice that many retail stores leave the store lights on after closing. This allows passing police officers to easily see whether someone is in the building.

Placing cameras in or around your facility requires a little bit of thought. First and foremost the cameras must be placed so that they have an unobstructed view of the areas you want to monitor. At a minimum all entrances and exits should have camera monitoring. You might also want cameras in main internal hallways, just outside critical areas (that is, server rooms), and possibly around the perimeter of your building. The cameras also need to be placed so that they are not easily disabled by an intruder. This usually means placing them at a height that is difficult for someone to reach.

You should also consider the type of cameras you are placing. If you don’t have adequate external lighting, then night vision capable cameras are important. You might want cameras that transmit their signal to a remote location for storage. If you choose to transmit the camera feed, make sure the signal is secure so that someone cannot easily tap into the signal.

Class A— Ordinary combustibles such as wood or paper.

Class B— Flammable liquids such as grease, oil, or gasoline.

Class C— Electrical Equipment

Class D— Flammable Metals

Fire suppression systems are common in larger office buildings. These systems are divided into two categories: Wet pipe and dry pipe.

Wet Pipe

Always contains water

Most popular and reliable

165° fuse melts

Can freeze in winter

Pipe breaks can cause floods

Dry Pipe

No water in pipe

Preferred for computer installations

Water held back by clapper

Air Blows out of pipe, water flows

Having a plan to address fires is important. Depending on budget and security needs your plan can be as simple as well-placed smoke alarms and a fire extinguisher or as complex as a series of fire suppression systems with an alarm system that automatically notifies the fire department.

Locating alternative facilities?

Getting equipment to those facilities?

Installing and configuring software?

Setting up the network at the new facility?

Contacting staff, vendors, and customers?

These are just a few questions that a disaster recovery plan must address; your organization may have more issues that would need addressed during a disaster.

To successfully formulate a business continuity plan one must consider which systems are most critical for your business and have an alternative plan in case those systems go down. The alternative plan need not be perfect, just functional.

An issue to consider in your BIA includes the maximum tolerable downtime (MTD). How long can a given system be down before the effect is catastrophic and the business is unlikely to recover? Another item to consider is the mean time to repair (MTTR). How long is it likely to take to repair a given system if it is down? These factors help you to determine the business impact of a given disaster.

Full— All changes

Differential— All changes since last full backup

Incremental— All changes since last backup of any type

Consider a scenario where you do a full backup at 2 a.m. each morning. However, you are concerned about the possibility of a server crash before the next full backup. So you want to do a backup every two hours. The type of backup you choose will determine the efficiency of doing those frequent backups and the time needed to restore. Let’s consider each type of backup in a crash scenario and what would happen if the system crashes at 10:05 a.m.

Full: In this scenario you do a full backup at 4 a.m., 6 a.m., ...10 a.m., and then the system crashes. You just have to restore the last full backup, which was done at 10 a.m. This makes restoration much simpler. However, running a full backup every 2 hours is very time consuming and resource intensive and will have a significant negative impact on your server’s performance.

Differential: In this scenario you do a differential backup at 4 a.m., 6 a.m., ...10 a.m., and then the system crashes. You need to restore the last full backup done at 2 a.m., and the most recent differential backup done at 10 a.m.. This is just a little more complicated than the full backup strategy. However, those differential backups are going to get larger each time you do them, and thus more time consuming and resource intensive. Although they won’t have the same impact as doing full backups, they will still slow down your network.

Incremental: In this scenario you do an incremental backup at 4 a.m., 6 a.m., ...10 a.m., and then the system crashes. You need to restore the last full backup done at 2 a.m., and then each incremental backup done since then, and they must be restored in order. This is a much more complex restore, but each incremental backup is small and does not take much time nor consume many resources.

There is no “best” backup strategy. Which one you select will depend on your organization’s needs. Whatever backup strategy you choose, you must periodically test it. The only effective way to test your backup strategy is to actually restore the backup data to a test machine.

The other fundamental aspect of fault tolerance is RAID, or redundant array of independent disks. RAID allows your servers to have more than one hard drive, so that if the main hard drive fails, the system keeps functioning. The primary RAID levels are described here:

RAID 0 (striped disks) distributes data across multiple disks in a way that gives improved speed at any given instant. This offers NO fault tolerance.

RAID 1 mirrors the contents of the disks, making a form of 1:1 ratio real-time backup. This is also called mirroring.

RAID 3 or 4 (striped disks with dedicated parity) combines three or more disks in a way that protects data against loss of any one disk. Fault tolerance is achieved by adding an extra disk to the array and dedicating it to storing parity information. The storage capacity of the array is reduced by one disk.

RAID 5 (striped disks with distributed parity) combines three or more disks in a way that protects data against the loss of any one disk. It is similar to RAID 3 but the parity is not stored on one dedicated drive; instead parity information is interspersed across the drive array. The storage capacity of the array is a function of the number of drives minus the space needed to store parity.

RAID 6 (striped disks with dual parity) combines four or more disks in a way that protects data against loss of any two disks.

RAID 1+0 (or 10) is a mirrored data set (RAID 1) that is then striped (RAID 0), hence the “1+0” name. A RAID 1+0 array requires a minimum of four drives: two mirrored drives to hold half of the striped data, plus another two mirrored for the other half of the data.

My personal opinion is that a server without at least RAID level 1 is gross negligence on the part of the network administrator. Using RAID 5 with servers is actually very popular.

Although RAID and backup strategies are the fundamental issues of fault tolerance, any backup system provides additional fault tolerance. This can include uninterruptable power supplies, backup generators, or redundant Internet connections.

A. By conducting another backup

B. By using software to recover deleted files

C. By actually restoring the backup

D. By using testing software

2. This method is primarily run when time and tape space permits and is used for the system archive or baselined tape sets:

A. Full backup method

B. Incremental backup method

C. Differential backup method

D. Tape backup method

3. Business Continuity Plan development depends most on:

A. Directives of Senior Management

B. Business Impact Analysis (BIA)

C. Scope and Plan Initiation

D. Skills of BCP committee

4. Which of the following focuses on sustaining an organization’s business functions during and after a disruption?

A. Business continuity plan

B. Business recovery plan

C. Continuity of operations plan

D. Disaster recovery plan

5. Which RAID level uses mirroring?

A. 1

B. 2

C. 4

D. 5

6. What is a man trap?

A. A trusted security domain

B. A logical access control mechanism

C. A double-door facility used for physical access control

D. A fire suppression device

7. ______ is the plan for recovering from an IT disaster and having the IT infrastructure back in operation.

A. BIA

B. DRP

C. RTO

D. RPO

8. RAID ____ combines three or more disks in a way that protects data against loss of any one disk. Fault tolerance is achieved by adding an extra disk to the array and dedicating it to storing parity information. The storage capacity of the array is reduced by one disk.

A. 1

B. 3

C. 5

D. 6

9. Which RAID level offers dual parity?

A. 3

B. 4

C. 5

D. 6

10. Which of the following determines the actual damage to the business if a given disaster occurs to a given system?

A. DRP

B. BIA

C. BCP

D. ROI

This is an urgent care clinic.

4 doctors 10 nurses, 2 nurse practitioners.

They are open 7 days a week, 18 hours per day.

The primary issue is treating patients.