Resiliency (Disaster Recovery)

In today’s global business environment, security must be the top priority in managing Information Technology. For most organisations, security is mandated by law, and conformance to those mandates is investigated regularly in the form of audits. Failure to pass security audits can have financial and management changing impacts upon an organisation.

Business continuity is the activity performed by an organization to ensure that critical business functions will be available to customers, suppliers, regulators, and other entities that must have access to those functions. These activities include many daily chores such as project management, system backups, change control, and help desk. Business continuity is not something implemented at the time of a disaster; Business Continuity refers to those activities performed daily to maintain service, consistency, and recoverability.

Disaster recovery is the process, policies and procedures that are related to preparing for recovery or continuation of technology infrastructure which are vital to an organization after a natural or human-induced disaster. Disaster recovery focuses on the IT or technology systems that support business functions, as opposed to business continuity, which involves planning for keeping all aspects of a business functioning in the midst of disruptive events.

Disaster recovery as a concept developed in the mid- to late 1970s as computer center managers began to recognize the dependence of their organizations on their computer systems. At that time most systems were batch-oriented mainframes which in many cases could be down for a number of days before significant damage would be done to the organization.

Disaster recovery planning is a subset of a larger process known as business continuity planning and includes planning for resumption of applications, data, hardware, electronic communications (such as networking) and other IT infrastructure. A business continuity plan (BCP) includes planning for non-IT related aspects such as key personnel, facilities, crisis communication and reputation protection, and should refer to the disaster recovery plan (DRP) for IT related infrastructure recovery / continuity.

Disaster recovery planning includes strategies like backup management, high availability, data recovery and emergency management. The main concept that should be taken into consideration when securing WAN networks is ensuring high availability and this document stresses on this fundamental process. There are other business continuity strategies that should be analyzed but this should be a part of different process.

Mitigation

Introduce Redundancy in your network

Layer 3 Redundancy

–        Routing Protocols or IP SLA route tracking in case of redundant paths

–        Load Balancing across multiple paths

–        First Hop Redundancy Protocols (GLBP, HSRP, VRRP)

First Hop Redundancy Protocols (FHRPs) provide resiliency and redundancy for devices that are acting as default gateways. This situation and these protocols are commonplace in environments where a pair of Layer 3 devices provides default gateway functionality for a network segment or set of VLANs that contain servers or workstations.

The Gateway Load-Balancing Protocol (GLBP), Hot Standby Router Protocol (HSRP), and Virtual Router Redundancy Protocol (VRRP) are all FHRPs. By default, these protocols communicate using unauthenticated communications. This kind of communication can allow an attacker to pose as an FHRP-speaking device to assume the default gateway role on the network. This takeover would allow an attacker to perform a man-in-the-middle attack and intercept all user traffic that exits the network.