This newsletter is intended for people and companies interested in disaster recovery and is only sent to people who subscribe. Back issues are archived on our Web site (http://www.binomial.com). Sometimes, the emailed newsletter is truncated by your server because of its length. This current issue is now available at http://www.binomial.com.

Each month, we search through over thousands of articles to find information on disaster recovery planning, business continuity planning, and more.

ANYONE CAN CONTRIBUTE, JUST SEND SNIPPETS TO: letter@binomial.com

In this Issue:

• EDITORIAL
  
• HOW TO HANDLE A SECURITY CRISIS
  
• INGENUITY
  
• TEN ACTIONS TO TAKE TO PROTECT YOUR SYSTEMS
  
• INSIDERS ARE THE MAIN THREAT TO CORPORATE NETWORKS
  
• STEPS TO PREVENT CYBERSABOTAGE
  
• TO PREVENT YOUR MAIL LIST BEING ABUSED
  
• BOOKS
  
• IF IT CAN GO WRONG . . .
  
• WHERE TO SEE US SPEAK
  
• NEXT BCP SEMINAR WILL BE IN
  
• LINKS TO DRP SITES OF INTEREST
  
• EVENTS
  

EDITORIAL

We have not issued a newsletter for some time because, as with many people in the disaster recovery planning business, we know too much about the vulnerabilties in our society. There are so many things that we couldn't write about because, in our opinion, it might have given ideas to the wrong people. Hopefully, some of that risk is now passed and we can all return to the normal aspects of the security businesss.

There are some amazing photographs of Ground Zero at http://cryptome.org/wtc-fk/wtc-freshkills-full.htm

HOW TO HANDLE A SECURITY CRISIS

The key to handling an attack is simple: Don't panic. It's very likely that by the time you discover the intrusion, most of the damage already has been done. In fact, it probably has been going on for weeks or months. The chance that you've discovered a break-in that happened just an hour ago is slim.

With that in mind, take a deep breath and begin developing a carefully thought-out strategy for dealing with the break-in. You need to avoid tipping off the intruder by announcing the break-in or by performing any other activity that would seem abnormal to someone who may have been watching your site's operations for many weeks. Hint: Performing a system backup usually is a good idea at this point and (hopefully!) will appear to be a normal activity to the intruder.

This also is a good time to remind yourself that some studies have shown that 60 percent of security incidents involve an insider. Be very careful with whom you discuss the incident until you're sure you have all the facts.

Here's a plan that may assist you in your time of crisis:

• Step 1: Don't panic.
• Step 2: Decide on an appropriate level of response.
• Step 3: Hoard all available tracking information.
• Step 4: Assess your degree of exposure.
• Step 5: If necessary and appropriate, disconnect compromised machines from the network.
• Step 6: Devise a recovery plan.
• Step 7: Communicate the recovery plan to users and management
• Step 8: Implement the recovery plan.
• Step 9: Report the incident to authorities, if appropriate.

This article was written by Trent R. Hein, CTO, XOR Inc. www.xor.com. The full article may be read in VARBusiness Nov. 6,2000

INGENUITY

An analyst got locked out of the server room at his company. He left his card key in the room and had no way of opening the door because no one else had access. But then he remembered that there are motion detectors inside the rooms that open the doors so people inside don't need to use their key cards to get out. So he went to his desk, got a balloon left over from someone's birthday party and went back to the locked door. He got down on the floor and stuff the deflated balloon under the crack at the bottom of the door. He then blew the balloon up and let it go. It took off and flew all around the room tripping the motion detector and unlocking the door. So much for security.

TEN ACTIONS TO TAKE TO PROTECT YOUR SYSTEMS

• Management must be involved
• Disaster plan must be in writing
• Back up data daily and move one copy offsite
• Practice system outage recovery.
• Understand who the users of the IT system are and where they are located.
• IT and business documents, including manuals for operations and training, must be in writing
• Personnel must also have back-ups
• Review contracts for outsourced support and services
• IT recovery needs to be consistent with business recovery
• Obtain expert support as needed

This article was written by Joy Russell. The full article may be read in VARBusiness Sept 26

INSIDERS ARE THE MAIN THREAT TO CORPORATE NETWORKS

In a recent survey on cybercrime that was conducted by the FBI and the San Francisco-based Computer Security Institute, 81% of corporate respondents said the most likely source of attack was from within a company. In addition, the U.S. Treasury Department said insiders committed 60% of the computer intrusions reported by banks and other financial institutions in the first four months of this year.

The growing problem of insider threats is no secret to most IT managers.

Corporate network users in many companies have become a large cyberthreat to sensitive business data because of weak passwords, inconsistent policy enforcement and lackadaisical user-access management. In addition, dormant user accounts and accounts belonging to users who are no longer employed by a company are "the classic problem for cybersabotage,".

Full story available at www.computerworld.com Nov 26.

STEPS TO PREVENT CYBERSABOTAGE

• Establish a system for granting access rights to vital company information
• Define "need to know"
• User IDs. Identify dormant and unused accounts and remove them. Reconcile account usage with reality.
• Reset passwords regularly.
• Develop an internet usage policy.
• Develop a system for quick communication between IT, HR and other departments. Terminate access privileges as soon as a person leaves.
• Insist on firewalls and anti-virus protection.
• Update your nondisclosure policies regularly. Review your nondisclosure agreements to ensure that everyone has recently signed one. Bring these to the attention of everyone (including business partners) annually.

TO PREVENT YOUR MAIL LIST BEING ABUSED

Here is an interesting way to stop hackers automatically using entries in your email program:

Put a single, double, or triple character prefix before all entries to your email address book. It can be all the same, or numerically consecutive, (just so it is easily identifiable to you). When you email anyone, remove the prefix first before sending. If you forget, an error mssg will be returned to you and you can fix the mistake and resend the message. If an email worm does ever get in, it will fail to forward itself to anyone in your address book (and be unable to figure out why).

BOOKS

On our website at www.binomial.com we now have a bookstore that carries all the materials that you need in business and disaster recovery planning. There are as many as 900 books and software items at this site which will aid you in all aspects of developing your BIAs, TRAs, and Continuity and Recovery Plans. There is also help on maintaining your plans, training and testing. We even have a complete collection of videos available for you.

IF IT CAN GO WRONG . . .

ROYAL WEB CHAT FREEZES SCREENS

AMSTERDAM, Netherlands The Dutch crown prince and his Argentinian fiancee had to abandon an online chat after receiving three billion hits in the first minute. The surprising level of interest in next week's royal wedding plans froze computer screens worldwide. Officials accused hackers of sabotaging a network that was not prepared to hear from half the population of the planet. The network operator expected "tens of thousands" of callers to log onto the live Internet chat with Prince Willem-Alexander and Maxima Zorreguieta. The Dutch government had selected 100 people to chat online with the royal couple about their February 2 wedding while others were permitted to log on and watch the exchange.

But screens across the Netherlands froze within a minute. Three billion calls were received.

WHERE TO SEE US SPEAK

NEXT BCP SEMINAR WILL BE IN WASHINGTON(D.C.), FOLLOWED BY SAN FRANCISCO, LAS VEGAS, . . .

We have scheduled several new seminars:

Business & Disaster Continuity Planning will be in

1. Washington (April 22-24) .
2. San Francisco (June 17-19) .
3. Las Vegas (Oct 21-23) .

Come and learn how to be ready for all disasters.

Attendees at all of our seminars learn all about dr, receive a full, registered version of our world-renown software system, Phoenix 2000C and each develop a disaster recovery plan for their own company. All attendees can also attend any future seminar for a small fee. The schedule and seminar content can be seen at www.binomial.com. Still a few seats left.

LINKS TO DRP SITES OF INTEREST

You will find links to DRP sites of interest at: Links

Over 800 links are now listed here.

Interesting links may be found at: www.fema.gov/fema/whatsnew.html

Also check www.colorado.edu/hazards/sites/sites.html

Also check www.colorado.edu/hazards/dr/currentdr.html

EVENTS

BINOMIAL Business/Disaster Recovery Planning Seminars: www.binomial.com

Business Continuity & Disaster Recovery Planning: New York (Feb 5,6), Chicago (Feb 12,13), San Francisco (Feb 19,20)

Storage Networking Industry Association & the University of California, San Diego (Feb 15)

Disaster Recovery Journal Conference, San Diego, (March 9-13)

Business Continuity & Contingency Planning Congress, Chicago, (March 18-19)

Business Continuity Management Conference: New Orleans (April 15-17) (6th Annual CPM 2002) www.contingencyplanningexpo.com/index.cfm

Disaster Recovery Journal Conference, Orlando, (Sept 8-11)

We have moved most of the events information to Events to save space in your email.

letter@binomial.com
www.binomial.com
BINOMIAL (800) 361-8398(V) (928) 441-4170(F)