Response and Recovery, Bring on the Pain

Blog Post Pain

One would think that being hurt and home you could write a blog post, think again. In fact, thinking is the issue here. Ever hurt so bad you just can’t focus. Exactly what happens when you herniate a disc in your back and it is pinching a nerve. Spent a week watching Discovery Go being entertained by Fast N’ Load. There was something about watching the cars rebuilt and Richard Railings WOOO that kept my mind off the pain.

Now the meds have work, and though I am hobbling around with a cane, my mind seems at bit clearer. At least as clear as my mind will get. Which is a good thing since classes have started all over again. However, having to write ethics and incident response essays along with content for the blog I do for someone else, pushes my personal page back. Well, must put priority items first and this is my place to have fun, and to learn side items, so if I must be late it will be here.

Response and Recovery

In the Incident Response and Disaster Recovery course I started using VMware Workstation Pro 14 and another round with Security Onion for me. Major difference this time is I am taking a normal number of classes, cutting 6 months out of a 2-year degree has been some ride. So, I’ll be doing some optional assignments really learning these items well. I will include many things from class in my posts, plus a few other projects I will be doing around the house.

Raspberry Pi

I was wanting to get a good grasp of Linux command line, when I asked my instructor for suggestions as which distro I should get and use? Upon learning I have put together a Raspberry Pi, he thought I should make use of that, and shared a website with Pi recipes. ( So here will be some future projects hopefully fun future projects, to include here as well.

These will also allow for practicing JavaScript and python coding. Will be happy for any coding practice I can get at this point in time. For now just a couple of my beginner discussion posts.

CSIRT response

Considering the technical skills required, do you think it is feasible to have a CSIRT response team consisting of employees with other job duties (i.e., not a full-time CSIRT job category)? Why or why not? What factors will influence this? Explain your answer.

Responding How?

Despite the technical skills required, it is feasible to have a CSIRT response team consisting of employees with other job duties, in fact, the doing so will strengthen the team. However, unless it’s a very small company, there needs to be at least one person who sole responsibility is CSIRT.

The Staff

There needs to be a dedicated staff if even a staff of one. Despite the need for technical knowledge, skills, and abilities, none of these are the absolute needed ability of the main staff CSIRT person. In fact, the people with those skills could very well be the people handling other assignments in the company.  Those skills would work well in the IT and computer departments, with a day to day hands on the companies’ network and software, their insight into any needed response would be heightened. Though if it is multiperson staff, yes most need these technical skills, but the most important skill needed is organization.

Keeping Your Head

Running the plans, bringing the right people together, following on needed agendas, and getting information to and from all members. Such coordination can only be done correctly by someone who can focus on CSIRT tasks and be an anytime needed hub of communication. This requires someone who can calmly deal with people with multiple backgrounds and perhaps with multiple cultures.


It would be beneficial, in a large company, to have at least one member of each department included in the CSIRT or at least be able to have a part in the planning sessions of the team. Again, the lead person would need to organize meetings of groups or the inviting of an individual from other departments to basically pick their brain. We are talking about protecting the company resources, strength comes from not just having knowledge but having the correct knowledge.

Worse by Far

Ever work on frozen water pipes, usually, they freeze close to the outside wall especially if a hole lets wind through. But when you fix those pipes you cannot just apply heat to that section of pipe. Sure, you might get away with depending on how fast you discover the problem. Normally you open all your faucets, and make sure the entire line gets or has the needed warmth, why? Because a frozen line gets weakened with stress, and when you melt the main blockage the pressure released can blow a hole in a different part of the pipe. The mess from this is usually worse than the beginning problem.

Next Discussion

Discuss the difficulties of performing backups in organizations that have a 24/7 business processing day. What options are available? What are the advantages and disadvantages of each option?

Redundant Data

With no downtime, personally, I would want to first consider a redundancy system such as a RAID 1 or 5. This shadowing should give a complete copy, especially if the budget is there to have a 3-drive redundancy, to have to run your backup from in normal situations. I tend to go a bit extreme in hypothetical, because of experiencing some worse cases in my past. Like seeing a backup done wrong and wiping out the data it was supposed to protect, the newer software has safeguards but only need to experience once, it stays with you.

So, now you are doing a backup from a mirrored system, you must also consider being offsite. A good backup is on a different system in a different location. If your mirror is remote then one problem might be solved but I usually think of redundancy systems as being close for fast recovery, and backups being the fail-safe worst-case.

Choices and Problems

That leaves you making your own backup and taking it offsite or using remote, or cloud. Again, the budget is an issue as well as “question 2” security. With the onsite backup and remove than you need to deal with a mostly physical transfer, storage, and individual trust, though this may be most cost-effective for now or depending on existing equipment.

With remote or cloud again in-house, you need a second location that is physically secure and the software to keep a secure connection between the two systems. Plus, the software to keep this always-on backup protected from outside attacks. This is an expense that most small companies can’t afford and why the growing market for growing security vendors.


Hiring a third-party data protection company, most are jumping on the cloud system bandwagon, this makes the remote and the continuing copy easier. This also removes the need for providing the physical location, and the necessary software is usually provided in your contract price. However, it does not remove trust or responsibility! In the end, it’s your company and your clientele, so you must make sure of the trustworthiness of this vendor and on the security of your client’s data.

Securing choices

The issue of securing backups is a difficulty of performing backups that will influence your choice. In fact, as time goes on, it may become the most important reason, cost aside. The more digital things become, the protection of their data will be the major way of ensuring customer loyalty.


Leave a Reply

Your email address will not be published.