Penetration Testing mailing list archives
Disaster Recovery
From: "A Barnett" <abarnett () ndirect co uk>
Date: Fri, 14 Sep 2001 01:03:29 +0100
All, This is aimed at being a discussion thread rather than any type of comment. Following the recent disasters in the US I was struck by a simple but worrying thought with respect to the IT infrastructures. Assuming that most if not all of the companies ( and government) involved had half decent disaster recovery plans then they will have back up offices ready equipped. OK this is normal and correct procedure but how well are these centres kept up to date with respect to the latest security patches. Example - Your disaster plan says we need X workstations and Y servers with Z telephone / comms connections running A, B and C software. This means you can be up and running in the nominal 24 hours or whatever but who actually has the responsibility to keep these systems up to date. My point being has anybody actually checked these systems for lets say Code Red problems ? How much risk are companies going to expose themselves to and if there is an additional risk over and above what the sysadmins who is going to carry the can ? Thoughts or experiences would be appreciated to help refine my own plans. Tony Barnett ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- Disaster Recovery A Barnett (Sep 14)
- <Possible follow-ups>
- Re: Disaster Recovery Jim Miller (Sep 17)