Solved

What are the security risks associated with hard copies and backups.

Posted on 2004-08-05
3
204 Views
Last Modified: 2013-12-04
I am putting together a security paper for my company.   This question encompasses many different areas as one can imagine.  

1)  more and more features  have the potential to create more security holes and fewer people managing the security actually understand all the complexity that is involved.  

2)  Dozens of services running on just as many ports can create a security nightmares
 
3) many applications by default are coming 'out of the box' secure by default.  Even Windows is installing with security policies inplemented expecially on the Domain Controllers

4)  Security issues with hard copies and backups    
0
Comment
Question by:plate55
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 11741682
1) fully understanding the products you impliment is key, testing is where you can find most of the inital bugs, or undesirable behaviour. Products used must come with complete documentation, or during testing phase be satisfactorially documented by testers.
2) All unnecessary ports and services should be turned off or blocked.
3) ...
4) Back-ups should either be encrypted during transmission over the network and stored off site by a trusted party, most companies are happy to guide you through their process's of their storage proceedures and transport precautions.

Let's have an example http://www.connected.com/
A product like Connected TLM offers several advantages over many backup solutions, backup files are compressed before being sent over the network, as well as being encrypted before traversing the network, backup's are broken up into 5-10 meg chunks, also encrypted. Duplicate files are not backed up. The files are recoverable, as long as you can setup the same username, and password for the account that backed them up, there is no problem. So if you had a 500 meg backup job of a few dozen files, that 500 meg's of data would actually be stored in 50-100 compressed/encrypted archives, that what you can search faster, because you do not have to decompress 500 meg's to restore 1 or 2 files, instead you uncompress 5 or 10 megs instead, speeding up the process. Also Delta's of backed up files are saved, and you can actually keep multiple versions of files, without having to back up each file version entirely... just the changed parts. Also back to the no duplicate storage... say the company sent everyone the same power-point presentation, instead of each and every person getting the PPT saved, the first person to back-up the PPT would send it to the server, then the next person who went to back up their PC, would get a "Flag" that said they also had the same PPT, and the next, and the next... the PPT would only be backed up once, however the back up would be aware of the others that may need that same file. If anyone changed the file slightly, and when to back it up, just the Delta of the canges would be backed up. The no dup's allows you to back up one PC, and then everyone in the company could probaly do a "complete" back up of their own machines, without using very much space at all.
-rich
0
 
LVL 31

Accepted Solution

by:
rid earned 500 total points
ID: 11746443
Different organisations have different problems.

"1)  more and more features  have the potential to create more security holes and fewer people managing the security actually understand all the complexity that is involved."  

Many of the security holes are well known and based on well known weaknesses in programs used almost everywhere, like Outlook (Express), Internet Explorer, IIS etc. One way to counter the threats is to avoit these products and use e.g. Pegasus, Mozilla and Apache instead; it will not make you "safe", but you'll have a lot less to worry about, probably. A good antivirus software is key, obviously.

"2)  Dozens of services running on just as many ports can create a security nightmares"

Yes, indeed. The remedy is of course to have a good firewall protecting the network AND to keep after the workstations/users, educating them about the risks and performance losses associated with having a lot of things running on a computer. The last part is probably the hardest...  Any network admin will probably benefit from looking through info at sites like www.grc.com, www.spywareinfo.com, www.answersthatwork.com . A policy in writing for some kind of user guidance is a good idea too.

"4)  Security issues with hard copies and backups "

Depends on the organisation, I'd say. What is the worst case scenario: Someone unauthorized getting hold of the data or the data just vanishing into thin air? Both?

I believe there are a number of "best practice" rules that can be applied in most cases, but I don't believe in generalization as a work method. Each case, each organisation should have it's own security philosophy that all involved understand. Without the understanding nothing much is accomplished, as people tend to take shortcuts around obstacles they don't understand. And you can't implement CIA-grade security in all workplaces either...
/RID
0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 11751800
Agreed, and it's what I was getting at... generalization leaves you open to many other vectors, each issue or program needs to have a detailed approach and documented histroy. Best practices would help put some of your questions in perspective.
Here are some great guides: http://www.sans.org/rr/catindex.php?cat_id=8
-rich
0

Featured Post

Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This is a guide to the following problem (not exclusive but here) on Windows: Users need our support and we supporters often use global administrative accounts to do this. Using these accounts safely is a real challenge. Any admin who takes se…
Users of Windows 10 Professional can disable automatic reboots using the policy editor. This tool is not included in the Windows home edition. But don't worry! Follow the instructions below to install (a Win7) policy editor on your Windows 10 Home e…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question