[ISN] The best-laid plans for protecting your data in a power failure

InfoSec News isn at c4i.org
Thu Jul 29 02:52:17 EDT 2004


Advice by Douglas Schweitzer 
JULY 22, 2004 

The old saw "hope for the best, but expect the worst" is easily
applied to disaster planning.

Case in point, on Aug. 14, 2003, at about 4:20 p.m. EST, the power
went out across much of the Northeastern U.S., affecting an estimated
50 million people. Since the outage occurred on a weekday afternoon,
businesses were in the midst of conducting their routine activities
and transactions, with most using computers.

For those of us using an uninterruptible power supply (UPS), an
orderly shutdown of our computers was immediately set in motion,
minimizing the chance of data loss or hardware failure resulting from
the sudden loss of power. The right UPS can save you money when the
power goes out or when voltage spikes and dips occur. Even though the
Northeast's hurricane season's official start was June 1, it's not too
late to ensure that workstations and servers are protected from both
power and subsequent data losses.

Use a UPS

We're all aware of the dangers posed to our computer systems by worms,
Trojan horses and viruses. That's why most of us rely on some sort of
firewall and/or antivirus software to protect our servers and
workstations. Are we as knowledgeable about the menaces that can be
inflicted by power disturbances? Those in the know can protect their
workstations from electrical disturbances by installing a UPS. An
efficient UPS will keep your computer up and running long enough after
a power outage so that you can save data and shut down your computer
properly. Most UPSs even feature sophisticated software that enables
automated data backups and system shutdowns during power failures that
happen when you're not present. In addition to preventing data loss, a
UPS prevents power anomalies (voltage spikes, power sags or surges,
and electrical line noise) from reaching your system. In fact, a UPS
will do the same for most any hardware device.

The indispensability of a UPS is underscored when we take note that
power disturbances are a leading cause of hardware damage, data
corruption and loss, and system freezes. You must determine your
backup needs before choosing a UPS. When a sudden power outage and
subsequent data loss would be more of an inconvenience than a major
problem, then either standby or line-interactive UPSs are adequate. If
your power supply suffers frequent fluctuations, then a
line-interactive UPS (which runs constantly) is best suited to the
task. The higher cost of these units is acceptable because they offer
the highest degree of protection when any shutdown time is

Finally, remember that unlike its other lifetime components, the least
reliable aspect of a UPS is the battery. Batteries will need to be
replaced anywhere from every two to every five years. A major cause
for the disparity in UPS prices arises from the size of their battery
component. Clearly, the bigger the battery, the longer backup
operating time the UPS will provide.

Safeguarding your data

While a well-designed UPS can safeguard workstations, servers and
other hardware from power anomalies, the data stored on those machines
represents the true value of your information assets. To protect your
data, the U.S. Department of Agriculture offers the following
guidelines for users to safeguard and protect data:

Maintain physical possession of the equipment (laptops, cell phones
and handheld devices), which will stop the wrong people from gaining
access to the data.

Have a password on the equipment to keep unauthorized personnel out.

Have a backup of the data in case of accidental deletion.

Have a password on screen savers. Also institute a time-out so that
after a minimum of 15 minutes of inactivity, the screen saver will
come on and lock the workstation with a password. Alternatively, lock
the workstation by simultaneously pressing Ctrl-Alt-Delete and
selecting "lock workstation" to secure the unattended workstation.

Label diskettes and CD-ROMs with adequate information to identify it
for later use.

When the user has finished with the information, delete it from the
diskette, CD-ROM or hard drive.

When sensitive information is no longer needed, ensure that the
diskette, tape or CD-ROM is destroyed.

Protect keyboards and screens from view by the general public and
others to safeguard password entries and data.

Encrypt sensitive data on desktops, laptops and servers. One or more
files can be stored in a WinZip file; thereafter, add a password to
encrypt the .zip file.

More information about the ISN mailing list