August 29, 2005 9:12 AM PDT

Safeguarding IT against the next Katrina

IT managers nationwide should take a cue from Hurricane Katrina's destructive power and develop disaster-recovery plans to safeguard their computer systems against catastrophe, security experts advise.

"For people in New Orleans and Mississippi, it's too late to begin disaster recovery plans. But this hurricane will probably rattle others up and get them thinking about their own disaster recovery," said Johannes Ullrich, chief research officer for security training and research company Sans Institute.

To make the best use of disaster-recovery plans, businesses not only need to take time to develop the plans but also test them before a catastrophe, said Ullrich, whose company re-released a list of preparation tips to consider when faced with a hurricane.

Companies should conduct a full system backup four days before the expected arrival of a storm and have the data shipped off-site and out of harm's way. Subsequent, incremental backups should also be sent off-site, Sans advised. And, if possible, a final full system backup should be conducted just before the storm's arrival, with the data retained locally.

Main phone numbers for the affected offices can be redirected to an off-site voice mailbox once electric power to the facilities is turned off. This step is designed to keep customers and employees informed of the company's status with voice mail messages.

Sans advised devising an alternate arrangement for handling companywide help-desk issues and removing necessary equipment from datacenters. For critical systems in the path of an approaching storm, companies should consider encasing the equipment in plastic, Sans said.

And for satellite offices in the storm's path, Sans suggested dispensing loaner laptops to key personnel and maintaining loaner laptops that house complete content images, or ghost images, of the desktops and laptops in that particular office.

While Hurricane Katrina is expected to cause extensive damage to the Louisiana coastal region, it is not expected to affect the infrastructure that keeps the Internet up and running, Ullrich said.

"There is nothing real big in that area, so we don't expect to see any effects outside of there," Ullrich said.

2 comments

Join the conversation!
Add your comment
Haven't learned yet?
If IT managers have not learned yet they will never learn. If the September 11 event and the tsunami event were not enough to teach them then they will never learn.
Posted by shadowself (202 comments )
Reply Link Flag
Haven't learned yet?
If IT managers have not learned yet they will never learn. If the September 11 event and the tsunami event were not enough to teach them then they will never learn.
Posted by shadowself (202 comments )
Reply Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.