Biles’ Hierarchy of Disaster Recovery Needs

by Simon Biles

Having failed to keep up with my New Year’s resolution of being more organised (the observant of you might have noticed the absence of a February column), it’s nice to be able to move into a new season – spring is with us and in the UK at least, that seems to mean a return to below freezing nights and having to defrost my car each morning. Roll on global warming I say! It never ceases to amaze me how quickly the UK grinds to a halt when we have a little inclement weather, you’d think that we’d be used to it by now – but over December I had the absolute pleasure of being stuck in Edinburgh because there was the wrong amount of snow on the runwayor something like that. Luckily, we had contingency plans in place and, after 48 hours we were back at home in Oxfordshire. We were certainly fortunate – we passed hundreds of people in the airport who weren’t going anywhere and had no other option but to wait it out. In vast contrast, in the Middle East over the last few months, not only has the weather been hot, but so has the political climate, and I have been amazed by the speed with which the ruling governments have acted to cut off the internet.The tenuous link? Business Continuity Planning and Disaster Recovery Planning. It doesn’t take long if you watch the IT News before you come across a good example of bad BCP/DRP – my favourite this month was Vodafone but this is just a retelling of an old story. The fact that a major organisation (a) had a single point of failure in the first place and (b) couldn’t fail it over to another, backup site immediately is more than a little embarrassing. Vodafone are in quite a privileged position though, whilst their outage is clearly damaging to their image, in real terms, their clients are tied into long term contracts, it was one day out of service out of a year, and their clients’ capability to demonstrate their own BC/DR plans (e.g. use a landline) mean that they are unlikely to lose much business from the mistake. For a smaller outfit however, the loss of even one component (like your laptop or examination machine) could cripple you for days and potentially lose you significant business. I, personally, suffered a hard disk failure on my MacBook Pro (under Apple Care, but not a quick fix – two weeks) and although I had full backups of everything to within 24 hours, I had to go and source a temporary machine to restore them to in order to carry on working. In fact, in light of the fact that I _didn’t_ have a BCP/DRP, I bought a second, smaller & cheaper, laptop that I could bring into play should the main one fail again.

Before I go on, I should clarify that there is a difference between BCP and DRP – one (BCP) tends to be used for aspects of failure, such as a hard-disk failing, the other (DRP) is in the case of catastrophic events, such as your building burning down. In my experience most people don’t have adequate of either, however there is a lot of common material between the two, and I’m going to continue this article from more of a DRP perspective.

In a lot of businesses, the “cloud” is a great solution, all of your data is “out there” and all you need is a “dumb” terminal to get to it – however for those of us that operate in the security or forensics space this is an impossible thing – although I know a few freelancers that make use of the professional Google Tools for their e-mail – although that, sadly isn’t a guaranteed solution either.

So as a minimum what should you be doing to manage your DR plans? I’d like to propose a model (I’ve not seen it done before, but I hesitate to call anything new in this day and age! [ I was infuriated the other day to see that someone had trademarked the word “automagically” – something that I’ve been using for decades (and will continue to do, citing prior art if anyone complains !) ] ) based on Maslow’s Hierarchy of Needs:


Get The Latest DFIR News

Join the Forensic Focus newsletter for the best DFIR articles in your inbox every month.


Unsubscribe any time. We respect your privacy - read our privacy policy.

 

 

Biles’ Hierarchy of DR Needs

Fundamentally, of course, there is actually a layer underneath the bottom one here, which is the most critical of all – the fundamental wellbeing of staff. If there has been a significant event which has resulted in a site becoming unavailable then there is a risk of trauma to staff – potentially physical, but also emotional – even more so if you generally work from home! Also in recent cases where BCP/DR plans have had to be enacted through terrorist action, there can be a lot gained by providing a mechanism for communication between staff and their nearest and dearest so that they can be reassured that there are no issues. I was lucky on July 7th, not only was I not on the tube in London at the time, but I had called my wife from the station saying that I was OK before the mobile phone network became overloaded – knowing that she wasn’t worrying and that she knew I was walking to work meant that when I got in the office I could get on with what needed to be done (and so could she).

The above pyramid, though, does quickly illustrate what you need – but bear in mind how easy some of these are to comply with. You can get through nearly all of the first three with a laptop, a mobile-phone and the local pub with a Wi-Fi point – in fact, if you have Skype, you can even skip the mobile phone. Clearly, though, these features change as soon as you are operating your business from an unstable Middle Eastern state – if that is the case then you need to consider Inmarsat phones and data links, petrol generators and a stash of local currency – but each plan is dependent on scenario.

Please bear in mind the potential size of an incident – there were reported issues for companies in the aftermath of the Buncefield fire where their DR site was just as badly damaged as their main site, being almost equidistant on opposite sides of the event!

Click here to discuss this article.

Read Simon’s previous columns

Simon Biles is one of the founders of Thinking Security Ltd., an Information Security and Risk Management consultancy firm based near Oxford in the UK. He has worked on security projects for commercial, charity and government organizations for over 10 years. Simon is studying Forensic Computing at Cranfield University, although very slowly because of work commitments! He posts on the forum as Azrael and you can read an interview with him here.

Leave a Comment

Latest Videos

In this episode of the Forensic Focus podcast, Desi and Si discuss different online programming courses and what they think about the popular platform, Udemy. They also talk about Flipper, Dev boards, and Raspberry Pi, and delve into the fascinating phenomenon of running the classic game Doom on unlikely devices.

Throughout the episode, Desi and Si share their digital forensics expertise, referencing some of the cases they have been working on and highlighting particular methodologies and technologies that have an impact on cybersecurity.

Show Notes:

100 Days of Code: The Complete Python Pro Bootcamp for 2023 - https://www.udemy.com/course/100-days-of-code/

Domestika - https://www.domestika.org/en

MIT OpenCourseWare - https://www.youtube.com/@mitocw 

MasterClass - https://www.masterclass.com/

Raspberry Pi 400 Complete Kit - https://core-electronics.com.au/raspberry-pi-400-kit.html

Flipper Discord - https://discord.com/invite/flipper

Flipper Zero - https://flipperzero.one/

This Programmer Figured Out How to Play Doom on a Pregnancy Test - https://www.popularmechanics.com/science/a33957256/this-programmer-figured-out-how-to-play-doom-on-a-pregnancy-test/

Here’s a dude playing Doom Eternal on his fridge - https://www.polygon.com/2020/10/13/21514933/doom-eternal-refrigerator-door-samsung-smart-refrigerator-xbox-game-pass-richard-mallard

Doom hacker gets Doom running in Doom - https://www.pcgamer.com/doom-hacker-gets-doom-running-in-doom/

Doom Running On A Calculator Powered By Old Potatoes - https://kotaku.com/doom-running-on-a-calculator-powered-by-old-potatoes-1845374069

GoldenEra - https://www.imdb.com/title/tt11753760/

Racing the Beam - https://en.wikipedia.org/wiki/Racing_the_Beam

High Score (TV series) - https://en.wikipedia.org/wiki/High_Score_(TV_series)

Microcontroller Courses (Udemy) - https://www.udemy.com/topic/microcontroller/

The story of Final Fantasy XIV’s renegade do-good modders - https://www.pcgamesn.com/final-fantasy-xiv/ffxiv-modders-renegade-do-gooders

Logical fallacies - https://yourlogicalfallacyis.com/

In this episode of the Forensic Focus podcast, Desi and Si discuss different online programming courses and what they think about the popular platform, Udemy. They also talk about Flipper, Dev boards, and Raspberry Pi, and delve into the fascinating phenomenon of running the classic game Doom on unlikely devices.

Throughout the episode, Desi and Si share their digital forensics expertise, referencing some of the cases they have been working on and highlighting particular methodologies and technologies that have an impact on cybersecurity.

Show Notes:

100 Days of Code: The Complete Python Pro Bootcamp for 2023 - https://www.udemy.com/course/100-days-of-code/

Domestika - https://www.domestika.org/en

MIT OpenCourseWare - https://www.youtube.com/@mitocw

MasterClass - https://www.masterclass.com/

Raspberry Pi 400 Complete Kit - https://core-electronics.com.au/raspberry-pi-400-kit.html

Flipper Discord - https://discord.com/invite/flipper

Flipper Zero - https://flipperzero.one/

This Programmer Figured Out How to Play Doom on a Pregnancy Test - https://www.popularmechanics.com/science/a33957256/this-programmer-figured-out-how-to-play-doom-on-a-pregnancy-test/

Here’s a dude playing Doom Eternal on his fridge - https://www.polygon.com/2020/10/13/21514933/doom-eternal-refrigerator-door-samsung-smart-refrigerator-xbox-game-pass-richard-mallard

Doom hacker gets Doom running in Doom - https://www.pcgamer.com/doom-hacker-gets-doom-running-in-doom/

Doom Running On A Calculator Powered By Old Potatoes - https://kotaku.com/doom-running-on-a-calculator-powered-by-old-potatoes-1845374069

GoldenEra - https://www.imdb.com/title/tt11753760/

Racing the Beam - https://en.wikipedia.org/wiki/Racing_the_Beam

High Score (TV series) - https://en.wikipedia.org/wiki/High_Score_(TV_series)

Microcontroller Courses (Udemy) - https://www.udemy.com/topic/microcontroller/

The story of Final Fantasy XIV’s renegade do-good modders - https://www.pcgamesn.com/final-fantasy-xiv/ffxiv-modders-renegade-do-gooders

Logical fallacies - https://yourlogicalfallacyis.com/

YouTube Video UCQajlJPesqmyWJDN52AZI4Q_5f72B6DD5wk

Programming Languages, Flipper And Gaming

Forensic Focus 24th May 2023 11:43 am

In this episode of the Forensic Focus podcast, Si and Desi talk to Mackenzie Jackson, Developer Advocate at Git Guardian. 

Mackenzie discusses the problem of hard-coded and leaked credentials in Git repositories, the task of scanning Git repositories for leaked credentials, and how that’s helped by the setup of GitHub and Git. 

He also looks at some public and private cases of security breaches through Git repositories and recommends tools you can use to combat attackers on Git. 

Show Notes:

Toyota Suffered a Data Breach by Accidentally Exposing A Secret Key Publicly On GitHub (GitGuardian) - https://blog.gitguardian.com/toyota-accidently-exposed-a-secret-key-publicly-on-github-for-five-years/

GitHub.com rotates its exposed private SSH key (Bleeping Computer) - https://www.bleepingcomputer.com/news/security/githubcom-rotates-its-exposed-private-ssh-key/

Conpago - https://www.conpago.com.au/

Source Code as a Vulnerability - A Deep Dive into the Real Security Threats From the Twitch Leak (GitGuardian) - https://blog.gitguardian.com/security-threats-from-the-twitch-leak/

Teenagers Leveraging Insider Threats: Lapsus$ Hacker Group (Forbes) - https://www.forbes.com/sites/emilsayegh/2023/03/15/teenagers-leveraging-insider-threats-lapsus-hacker-group

Lapsus$: Oxford teen accused of being multi-millionaire cyber-criminal (BBC) - https://www.bbc.co.uk/news/technology-60864283

Dynamic Secrets (HashiCorp) - https://developer.hashicorp.com/vault/tutorials/getting-started/getting-started-dynamic-secrets

Crappy code, crappy Copilot. GitHub Copilot is writing vulnerable code and it could be your fault (GitGuardian) - https://blog.gitguardian.com/crappy-code-crappy-copilot/

trufflesecurity/trufflehog (GitHub) - https://github.com/trufflesecurity/trufflehog

gitleaks/gitleaks (GitHub) - https://github.com/gitleaks/gitleaks

Git (Wikipedia) - https://en.wikipedia.org/wiki/Git

awslabs/git-secrets (GitHub) - https://github.com/awslabs/git-secrets

In this episode of the Forensic Focus podcast, Si and Desi talk to Mackenzie Jackson, Developer Advocate at Git Guardian.

Mackenzie discusses the problem of hard-coded and leaked credentials in Git repositories, the task of scanning Git repositories for leaked credentials, and how that’s helped by the setup of GitHub and Git.

He also looks at some public and private cases of security breaches through Git repositories and recommends tools you can use to combat attackers on Git.

Show Notes:

Toyota Suffered a Data Breach by Accidentally Exposing A Secret Key Publicly On GitHub (GitGuardian) - https://blog.gitguardian.com/toyota-accidently-exposed-a-secret-key-publicly-on-github-for-five-years/

GitHub.com rotates its exposed private SSH key (Bleeping Computer) - https://www.bleepingcomputer.com/news/security/githubcom-rotates-its-exposed-private-ssh-key/

Conpago - https://www.conpago.com.au/

Source Code as a Vulnerability - A Deep Dive into the Real Security Threats From the Twitch Leak (GitGuardian) - https://blog.gitguardian.com/security-threats-from-the-twitch-leak/

Teenagers Leveraging Insider Threats: Lapsus$ Hacker Group (Forbes) - https://www.forbes.com/sites/emilsayegh/2023/03/15/teenagers-leveraging-insider-threats-lapsus-hacker-group

Lapsus$: Oxford teen accused of being multi-millionaire cyber-criminal (BBC) - https://www.bbc.co.uk/news/technology-60864283

Dynamic Secrets (HashiCorp) - https://developer.hashicorp.com/vault/tutorials/getting-started/getting-started-dynamic-secrets

Crappy code, crappy Copilot. GitHub Copilot is writing vulnerable code and it could be your fault (GitGuardian) - https://blog.gitguardian.com/crappy-code-crappy-copilot/

trufflesecurity/trufflehog (GitHub) - https://github.com/trufflesecurity/trufflehog

gitleaks/gitleaks (GitHub) - https://github.com/gitleaks/gitleaks

Git (Wikipedia) - https://en.wikipedia.org/wiki/Git

awslabs/git-secrets (GitHub) - https://github.com/awslabs/git-secrets

YouTube Video UCQajlJPesqmyWJDN52AZI4Q_BX15Z_xF8mA

Preventing Data Leaks With Git Guardian

Forensic Focus 3rd May 2023 11:07 am

This error message is only visible to WordPress admins

Important: No API Key Entered.

Many features are not available without adding an API Key. Please go to the YouTube Feed settings page to add an API key after following these instructions.

Latest Articles

Share to...