http://www.computerworld.com/securitytopics/security/story/0,,94661,00.html Advice by Douglas Schweitzer JULY 22, 2004 COMPUTERWORLD The old saw "hope for the best, but expect the worst" is easily applied to disaster planning. Case in point, on Aug. 14, 2003, at about 4:20 p.m. EST, the power went out across much of the Northeastern U.S., affecting an estimated 50 million people. Since the outage occurred on a weekday afternoon, businesses were in the midst of conducting their routine activities and transactions, with most using computers. For those of us using an uninterruptible power supply (UPS), an orderly shutdown of our computers was immediately set in motion, minimizing the chance of data loss or hardware failure resulting from the sudden loss of power. The right UPS can save you money when the power goes out or when voltage spikes and dips occur. Even though the Northeast's hurricane season's official start was June 1, it's not too late to ensure that workstations and servers are protected from both power and subsequent data losses. Use a UPS We're all aware of the dangers posed to our computer systems by worms, Trojan horses and viruses. That's why most of us rely on some sort of firewall and/or antivirus software to protect our servers and workstations. Are we as knowledgeable about the menaces that can be inflicted by power disturbances? Those in the know can protect their workstations from electrical disturbances by installing a UPS. An efficient UPS will keep your computer up and running long enough after a power outage so that you can save data and shut down your computer properly. Most UPSs even feature sophisticated software that enables automated data backups and system shutdowns during power failures that happen when you're not present. In addition to preventing data loss, a UPS prevents power anomalies (voltage spikes, power sags or surges, and electrical line noise) from reaching your system. In fact, a UPS will do the same for most any hardware device. The indispensability of a UPS is underscored when we take note that power disturbances are a leading cause of hardware damage, data corruption and loss, and system freezes. You must determine your backup needs before choosing a UPS. When a sudden power outage and subsequent data loss would be more of an inconvenience than a major problem, then either standby or line-interactive UPSs are adequate. If your power supply suffers frequent fluctuations, then a line-interactive UPS (which runs constantly) is best suited to the task. The higher cost of these units is acceptable because they offer the highest degree of protection when any shutdown time is detrimental. Finally, remember that unlike its other lifetime components, the least reliable aspect of a UPS is the battery. Batteries will need to be replaced anywhere from every two to every five years. A major cause for the disparity in UPS prices arises from the size of their battery component. Clearly, the bigger the battery, the longer backup operating time the UPS will provide. Safeguarding your data While a well-designed UPS can safeguard workstations, servers and other hardware from power anomalies, the data stored on those machines represents the true value of your information assets. To protect your data, the U.S. Department of Agriculture offers the following guidelines for users to safeguard and protect data: Maintain physical possession of the equipment (laptops, cell phones and handheld devices), which will stop the wrong people from gaining access to the data. Have a password on the equipment to keep unauthorized personnel out. Have a backup of the data in case of accidental deletion. Have a password on screen savers. Also institute a time-out so that after a minimum of 15 minutes of inactivity, the screen saver will come on and lock the workstation with a password. Alternatively, lock the workstation by simultaneously pressing Ctrl-Alt-Delete and selecting "lock workstation" to secure the unattended workstation. Label diskettes and CD-ROMs with adequate information to identify it for later use. When the user has finished with the information, delete it from the diskette, CD-ROM or hard drive. When sensitive information is no longer needed, ensure that the diskette, tape or CD-ROM is destroyed. Protect keyboards and screens from view by the general public and others to safeguard password entries and data. Encrypt sensitive data on desktops, laptops and servers. One or more files can be stored in a WinZip file; thereafter, add a password to encrypt the .zip file. _________________________________________ Help InfoSec News with a donation: http://www.c4i.org/donation.html
This archive was generated by hypermail 2.1.3 : Thu Jul 29 2004 - 02:11:01 PDT