mailing list archives
Re: [PEN-TEST] Disaster Recovery
From: Robert Cohen <cohen () SYRRES COM>
Date: Wed, 15 Nov 2000 12:05:43 -0500
I agree that the world of mainframes made disaster recovery much simpler and
easier to control. With the distributed information processing environment
there is much more responsibility levied on supervisors and managers.
Corporate Policy must address that each end user save data to their
applicable server(s) in order to be adequately backed up. What data gets
backed up is a risk management effort. Bottom line, in today's world
everyone from the end user up to executive management must now be involved.
Admittedly, this paradigm does make things exciting.
Bob Cohen, CBCP
14520 Avion Parkway suite 200
Chantilly, VA 20151
cohen () syrres com
From: Penetration Testers [mailto:PEN-TEST () SECURITYFOCUS COM]On Behalf
Of Rietveld, Peter
Sent: Tuesday, November 14, 2000 6:37 PM
To: PEN-TEST () SECURITYFOCUS COM
Subject: Re: [PEN-TEST] Disaster Recovery
I agree, it appears that we just don't have enough disasters. I noticed how
a major european bank recently moved their critical systems to the top floor
of the building. It is near a major airport, not too far from where an El Al
jumbo crashed a few years ago. The previous location was bomb proof, now a
single mortar shell will do the trick. I guess the end of the cold war meant
the end to traditional disaster preparations, which were often related to
the threat of terrorism or the possibility of actual war. And when I think
of it, this it not so very strange thinking, why blow up a building if
crashing a few routers has the same effect. I think the threats actually
In the good old days of mainframes it was also a lot easier than it is now,
how do you protect a networked data infrastructure? All that valuable data
that is sitting on PC's which aren't backed up anyway? The answer is
probably that it is too complicated a task, so we just will not think about
it. There just are no simple answers to this problem. Although some managers
consider off site data storage a sort of solution. It is easier just to
concentrate on problems we can solve.
Since it is off the hot topic lists, a list serve will not generate enough
attention. I have never seen one, allthough it is the line of my work to
monitor all the security related lists. If anyone finds one, let me know.
Does anyone know of a list serve that specializes in discussions related
Disaster Recovery of mainframe/client-server systems. Seems like when we
think of IT security, disaster recovery is just not the current hot topic.
However, with the rapid deployment of national computer applications that
integrate with multiple data centers, extranets, ISP's, VPN's, etc..how
you plan for disaster recovery?? To me, this is just as big of a computer
security risk, as someone breaking into your computer systems. Has it
to complex? Are we just playing down the issue? In the old days with
mainframe computers it was pretty straight forward..however
In my current job, I am a firewall administrator and also head up a team
the deployment of intrusion detection and penetration security tools. I
still baffled that no one in IT seems to care much about disaster
Maybe, I am just not hanging out with the right types of IT folks.
I have worked for a number of companies and disaster recovery, just does
seem to be an important issue when you think about computer security.
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.
Share information about yourself, create your own public profile at