Make a Backup First

  • Comments posted to this topic are about the item Make a Backup First

  • Why would taking a backup potentially cause problems? If there's an existing backup plan in place then taking a manual full backup shouldn't be an issue, and if there IS no backup plan, you'll have to take a backup in order to test stuff out before setting one up...I'm struggling to see when it would be a *bad* idea to take a backup as first task on a server.

  • Backups use CPU resources, potentially because of compression, and require space, so I/O. You don't just run a backup without checking. It might not cause an issue, but it might, so you investigate first, and get a plan in place that performs regular backups.

  • "While listening to a Brent Ozar, PLF webinar recently, I heard this interview question: what is the first thing you do on a new server you've never worked with? The answer is ensure it's being backed up."

    No kidding? I never thought of that...:ermm:

    "Technology is a weird thing. It brings you great gifts with one hand, and it stabs you in the back with the other. ...:-D"

  • I guess I have a question about this. The first thing is to insure that it is being backed up. Is part of that insurance proof that the backup that is being cerated using the backup plan is usable, available, and secure? Or is just knowing there is a plan in place enough?

    You might think this is totally stupid, but there have been times when a backup plan was in place and the output of the process was unusable. It is nice to be able to prove the backup by a valid restore or recovery process, and should be required as part of a business disaster recovery and resumption plan.

    I am probably being too picky. But it caused me to think as I read this.

    M.

    Not all gray hairs are Dinosaurs!

  • Miles,

    Not being picky. If there is a backup, you should restore it elsewhere to make sure it's readable.

  • Miles Neale (8/22/2012)


    I guess I have a question about this. The first thing is to insure that it is being backed up. Is part of that insurance proof that the backup that is being cerated using the backup plan is usable, available, and secure? Or is just knowing there is a plan in place enough?

    You might think this is totally stupid, but there have been times when a backup plan was in place and the output of the process was unusable. It is nice to be able to prove the backup by a valid restore or recovery process, and should be required as part of a business disaster recovery and resumption plan.

    I am probably being too picky. But it caused me to think as I read this.

    Perfectly sound advice! Case in point: At my current workplace, we have backups of all files on our servers running every night after hours. When I started working here, the backup process was explained to me, and I reasoned that it was sound enough, so I left it as it was.

    A few months ago, the OS drive on one of the servers got corrupted for one reason or another, and so we had to restore the files from backup to get ourselves running again. Ok, no problem, a bit time-consuming, but easy. So, I just need to point the restore process at the backups and... Wait, where are the backups?! :crazy:

    After much searching and asking around, it seems that the company just knew that backups were being taken; where they were being taken at, and how to restore them, were both completely unknown to anyone in the office. Eventually, we just decided to format the OS disk (losing some data in the process, but it was deemed acceptable) and reinstalling.

    At that point, I was able to see locations in the drive listing that weren't available before. It turns out that the previous network admin that worked here had created the backup plans, then hidden the folder with them and blocked access from all accounts in the building, even the admin account, for some indeterminate reason. Whatever the case was, I started the restore from the backups and we had everything back in order, though it took quite a few more hours than it should've had I known where to restore from in the first place.

    - 😀

  • The first thing I learned when I got into I.T. (called data processing) was that having backups was the most important concept. Backups were done by copying punched cards to reel-to-reel tapes that were stored offsite.

    Once the backup is in place, be sure to restore from it to test it out. There's nothing worse than having a backup plan and schedule to find out there's a problem when you need to restore. Having no backup is better than having one that you assume is working and it is not. Maybe the two are equally bad. :unsure:

  • OCTom (8/22/2012)


    Once the backup is in place, be sure to restore from it to test it out. There's nothing worse than having a backup plan and schedule to find out there's a problem when you need to restore. Having no backup is better than having one that you assume is working and it is not. Maybe the two are equally bad. :unsure:

    Exactly, bad disk spots or database corruption can occur at any time and out of nowhere, so just testing your restore process once or twice is not good enough. Test it frequently and automate the restore process if you can. Particularly, if you are responsible for hundreds, if not thousands, of database backups..:-D

    "Technology is a weird thing. It brings you great gifts with one hand, and it stabs you in the back with the other. ...:-D"

  • One of the lessons from this hack is how tough it is to control accross multiple accounts. The Amazon and Apple means of authentication were not all that bad in themselves, but each leaked different information, and this different information could be combined.

    With people posting all sorts of things (unfortunately as with Facebook and other accounts tied to Facebook) with their own names, it's not hard to extract a lot of information... where you live, where you shop, names of your pets and children, your car, your hobbies and habits, your extended family members ... enough could be put together from 'innocent' references to create a pretty good social hack.

    ...

    -- FORTRAN manual for Xerox Computers --

  • jay-h (8/22/2012)


    One of the lessons from this hack is how tough it is to control accross multiple accounts. The Amazon and Apple means of authentication were not all that bad in themselves, but each leaked different information, and this different information could be combined.

    With people posting all sorts of things (unfortunately as with Facebook and other accounts tied to Facebook) with their own names, it's not hard to extract a lot of information... where you live, where you shop, names of your pets and children, your car, your hobbies and habits, your extended family members ... enough could be put together from 'innocent' references to create a pretty good social hack.

    And this is why most security questions are utterly useless. I should not only be able to provide the answers, you should let me pick my own questions too. "Where were you born?" isn't secure at all and easily picked up from publicly available information.

  • Scott D. Jacobson (8/22/2012)


    And this is why most security questions are utterly useless. I should not only be able to provide the answers, you should let me pick my own questions too. "Where were you born?" isn't secure at all and easily picked up from publicly available information.

    A creative answer to a insecure question can be more secure then we realize. The question "Where were you born?" could be answered:

    1. Third floor

    2. Near Mom

    3. xTown

    4. NH0sP1T@l

    5. b0St0nm@ss

    6. t@xiC@bb

    Just takes a little creativity and a good memory, and a handy password safe.

    :-):-)

    Not all gray hairs are Dinosaurs!

  • Miles Neale (8/22/2012)

    Just takes a little creativity and a good memory, and a handy password safe.

    :-):-)

    The problem there is that these questions are usually intended to allow you to get back in when you've forgotten your main password, so making the answer a password in itself is a bit counter-productive. I can certainly see value in giving the name of the hospital or street you were born in rather than the town, though--true, that information is likely available to anyone who digs deep enough, but it would require a lot more work on their behalf.

  • Yes the question should be something obscure, but something that you can always remember even under pressure. Questions like 'what is your favorite movie' are pretty stupid because you would need to figure out what was your favorite when you created the question. Also is it '23 N. Wilson St' or '23 North Wilson Street' or.... Abbreviations cans really mess you up especially if you have a limited number of times to get it right.

    ...

    -- FORTRAN manual for Xerox Computers --

  • paul.knibbs (8/23/2012)


    Miles Neale (8/22/2012)

    Just takes a little creativity and a good memory, and a handy password safe.

    :-):-)

    The problem there is that these questions are usually intended to allow you to get back in when you've forgotten your main password, so making the answer a password in itself is a bit counterproductive. I can certainly see value in giving the name of the hospital or street you were born in rather than the town, though--true, that information is likely available to anyone who digs deep enough, but it would require a lot more work on their behalf.

    Thanks Paul, and I understand your point. However the use of security questions is not limited to the second path to getting into a system or other secured resource. In certain two-phase security strategies there are at least two vehicles a user must provide before access is granted. One is usually the userid and password pair. The second can be a variety of things from a fob to some biometric factor. These include cadence, eye-scan, fingerprint etc. But some systems are not able to afford such technology.

    The use of a collection of security questions and answers will often be used as the second identifying factor in application or system security. In this strategy the users is allowed to select 5 or 6 questions from a list of questions and give appropriate answers. In some strategies the user can create 5 or 6 different unique questions them selves. When the user later tries to login to the system they are required to answer two of three randomly selected questions or they are not allowed to enter the system. When this approach is given as an option the user can better protect themselves by not giving an obvious answer and using something more like the password strategy offered earlier.

    Not all gray hairs are Dinosaurs!

Viewing 15 posts - 1 through 15 (of 15 total)

You must be logged in to reply to this topic. Login to reply