 
| Subject: | |
| From: | |
| Reply To: | |
| Date: | Wed, 23 Apr 2003 06:27:55 -0700 |
| Content-Type: | text/plain |
| Parts/Attachments: |
|
|
Hi John and All :)
Well, being in the InfoSec industry now... (Yep I be working again!) I can
say that John probably got it right... the ISP probably didn't properly test
their disaster recovery plan adequately (sp) and this is unfortunately the norm
and not the exception... far too many companies develop a disaster recovery plan
and never test it fully....Have you done anything more than a table review of
yours?
Remember Disaster Recovery Planning is just one component... you also need
to do Business Continuity Planning as well... and if at all possible conduct an
actual full blown test.... Try actually walking into the data center on a
weekend, after properly scheduling everything and informing everyone... and turn
off everything by turning off the electricity at the circuit panel! And see
what happens...
Art "Do you know where your data goes when the lights go out? hehe" Bahrs, CISSP
Security Compliance
Corporate Security
The Regence Group
[log in to unmask]
[log in to unmask]
[log in to unmask]
P.S. be aware we (The Regence Group) block email from most IP's that start with
4. to cut down on spam....
----- Original Message -----
From: "J Dunlop" <[log in to unmask]>
To: <[log in to unmask]>
Sent: Wednesday, April 23, 2003 2:48 AM
Subject: Re: [HP3000-L] Hack attack
> Jeff,
>
> Yes, you are right to criticise the ISP. Obviously they have learned
> from their mistakes. That will teach me to use a cheap ISP! However, I
> have reason to believe that they will be more security conscious in
> the future and I do keep a couple of backups of my site elsewhere. I'm
> not sure how their backups were trashed but it maybe that they were
> online or they might never have tested their recovery procedures. I
> think the security breach may be related to the fact that they support
> PHP which I am discovering is an extremely powerful language.
>
> Thank you for your suggested ISP but I prefer to use ISPs in this
> country (UK) as it makes it easier to contact them if needed.
>
> Cheers,
>
> John Dunlop
>
> E-mail : [log in to unmask] "If at first you don't succeed..
> Web : http://www.hp3000links.com Don't take up sky-diving !"
> "All your HP e3000 resources on the Net"
> (Mirror: http://www.users.totalise.co.uk/~jdunlop/index.html)
>
>
> Jeff, you wrote:
>
> > So... your ISP didn't know how to secure their systems from intruders. And
> > how exactly did the crackers get to the backups? Not only were they not
> > offsite, they were online?!? Sheesh.
> >
> > If you were in the US I'd bother suggesting an ISP that seems to know what
> > they're doing. "But I won't... I won't... the hell I won't." :)
> >
> > http://www.speakeasy.net/refer/175157
> >
> > --
> > Jeff Woods <[log in to unmask]>
>
> --
>
> * To join/leave the list, search archives, change list settings, *
> * etc., please visit http://raven.utc.edu/archives/hp3000-l.html *
>
* To join/leave the list, search archives, change list settings, *
* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *
|
|
|
