CSCE 201 Introduction to Information Security Fall 2015

Protection of Personal Computers l Security Policy – Formal – Informal l Security Mechanisms

Protection of Computing Resources l Threats: – – – l Errors of users Natural/man-made/machine

Physical Security Protection needs outside the computer system l Direct threats l – Stealing,

Natural Disasters l Computer systems – Same vulnerability as homes, cars, etc. – Additional

How to Measure Impact? l Economic impact: – How much does it cost to

Replace Damaged Hardware Most computer systems are standard l Ready available supply quick replace

Replace Data and In-House Software l Harder to replace if there is no backup

Natural Disasters Flood, fire, storms, earthquakes, volcanic eruptions, etc. l Coping with natural disasters:

Flood l Time to respond: Depending on the type of flood there may be

Fire Time to respond: requires quick respons l Losses: hardware, software, data, productivity, etc.

Power Problems l Power Loss – Criticality of the system – Estimated time of

Human Vandals and Theft l Physical control of computing systems – No access –

Data and Software Protection l Most computing systems (hardware) are easily replaceable l Data

Backup Plan Backup: copy of all or part of a file to assist in

Offsite Backup is useless if it is destroyed in the crisis! l Keep backup

Personal Computer Users l Generally do not make backups l Even minor crises have

Personal Computer Backup At home: visit the vendor’s site of your laptop OS, e.

Decide What to Back Up l All information on this computer ? ? ?

Decide Where to Store Your Backup Files l Backup Type, Destination, and Name page:

Set a Schedule—and Stick to It Repeat the above steps once each week and

Next Class l Data Recovery CSCE 201 - Farkas 22

Slides: 22

Download presentation

CSCE 201 Introduction to Information Security Fall 2015 Computer Recovery

Protection of Personal Computers l Security Policy – Formal – Informal l Security Mechanisms – Identification and Authentication – Access Control – Applications and updates – Physical security – Network-level security CSCE 201 - Farkas 2

Protection of Computing Resources l Threats: – – – l Errors of users Natural/man-made/machine disasters Dishonest insider Disgruntled insider Outsiders Etc. Protection against threats – Technical protections – Non-technical protections l Prevent, deter, detect, tolerate, recover CSCE 201 - Farkas 3

Physical Security Protection needs outside the computer system l Direct threats l – Stealing, vandalism, espionage, etc. – Typical protection: guards, locks, fences, etc. l Indirect threats – Natural disaster, electric surge, fire, etc. – Protection: based on type of threat, e. g. , power surge protection, location of computing facility, etc. CSCE 201 - Farkas 4

Natural Disasters l Computer systems – Same vulnerability as homes, cars, etc. – Additional sensitivity: operating environment, e. g. , temperature, humidity, etc. l Vulnerable component: – Hardware devices – Data and software l Goal: reduce the impact of a disaster CSCE 201 - Farkas 5

How to Measure Impact? l Economic impact: – How much does it cost to recover to a pre- attack state? – Cost: replacing hardware/software/data, irreplaceable components, loss of productivity, long term losses, etc. l Personal computer: – Replace hardware – Replace data and applications CSCE 201 - Farkas 6

Replace Damaged Hardware Most computer systems are standard l Ready available supply quick replace l Easily measurable cost of new purchases l Cost balance: – Insurance – Leasing or renting computers and/or facilities CSCE 201 - Farkas 7

Replace Data and In-House Software l Harder to replace if there is no backup l Some data may be lost forever l Application code may not be recoverable or may take a long time to recover l Need backup! CSCE 201 - Farkas 8

Natural Disasters Flood, fire, storms, earthquakes, volcanic eruptions, etc. l Coping with natural disasters: l 1. Developing contingency plans 2. Insuring assets 3. Backups at physically separated safe locations CSCE 201 - Farkas 9

Flood l Time to respond: Depending on the type of flood there may be enough time for orderly shut down and saving the equipment l Losses: hardware, software, data, productivity, etc. l Recovery support: store backup in secure locations CSCE 201 - Farkas 10

Fire Time to respond: requires quick respons l Losses: hardware, software, data, productivity, etc. l – Secondary damage from fire extinguisher (water). New methods: carbon dioxide or gas-based extinguisher l Recovery support: – Fire safety planning of facilities, e. g. , fire resistant doors and walls, control of spreading of smoke and fire – Safety of humans – fire drills – Store backup in secure locations CSCE 201 - Farkas 11

Power Problems l Power Loss – Criticality of the system – Estimated time of loss – Protection: uninterruptible power supply l Power fluctuation – Drops, spikes, surges – Weather conditions (lightning) – Effects all hardware via electric lines, phone and cable connections – Protection: surge protectors, unplug devices CSCE 201 - Farkas 12

Human Vandals and Theft l Physical control of computing systems – No access – Supervised access – Theft protection devices – Self-destroying hardware and application – Etc. CSCE 201 - Farkas 13

Data and Software Protection l Most computing systems (hardware) are easily replaceable l Data and locally developed programs cannot be quickly retrieved from another source l NEED BACKUP CSCE 201 - Farkas 14

Backup Plan Backup: copy of all or part of a file to assist in reestablishing a lost file l Types of backup: l – Complete backup l l Everything on the system is copied Often automated and done at regular intervals – Revolving backup l l Last several backups are kept Avoid problem with corrupted media – Selective backup l l Only files that have changed since the last backup are copied Full backup + selective backup complete record of change CSCE 201 - Farkas 15

Offsite Backup is useless if it is destroyed in the crisis! l Keep backup version separate from actual system l Backup location types: – Networked storage – Cold sites: facility that can accommodate computing centers (need to place hardware and load backups) – Hot sites: computing facility with installed and ready-to-run computing system (need to load backups) l CSCE 201 - Farkas 16

Personal Computer Users l Generally do not make backups l Even minor crises have devastating effects l Need to use available support to create backup – Set intervals for regular backup – Perform backup – Store copies in secure location CSCE 201 - Farkas 17

Personal Computer Backup At home: visit the vendor’s site of your laptop OS, e. g. , for MS Windows: https: //www. microsoft. com/en-us/ and search for instructions for system backup perform a backup of your computer

Decide What to Back Up l All information on this computer ? ? ? – Think twice! – Size of the backup l My documents and settings – Better choice – Limit the amount of data on the backup l Other options – Everyone's documents and settings – Let me choose what to back up -- Items to Back Up CSCE 201 - Farkas 19

Decide Where to Store Your Backup Files l Backup Type, Destination, and Name page: – specify a backup location By default, Backup proposes saving everything to your floppy drive l Best bet is to click Browse and choose any of the following locations l – – Your computer's hard disk Zip drive or other removable media Shared network drive External hard disk drive CSCE 201 - Farkas 20

Set a Schedule—and Stick to It Repeat the above steps once each week and perform regular backups or l Set up an automatic backup schedule for Windows l – Final page of the Backup Wizard – Don't click Finish. Instead, click the Advanced – Click Next to open the When to Back Up page – Choose Later, and then click Set Schedule to open the Schedule Job CSCE 201 - Farkas 21

Next Class l Data Recovery CSCE 201 - Farkas 22