Search This Blog

Tuesday, October 25, 2005

The danger of relying solely on Active Directory for backups

NETWORK WORLD NEWSLETTER: M. E. KABAY ON SECURITY
10/25/05
Today's focus: The danger of relying solely on Active Directory
for backups

Dear security.world@gmail.com,

In this issue:

* Backups via Microsoft Active Directory
* Links related to Security
* Featured reader resource
_______________________________________________________________
This newsletter is sponsored by Websense
Protection Anytime, Anywhere

Websense Remote Filtering extends the Websense industry leading
web filtering and web security protection to remote laptop users
outside the network. This ensures secure employee internet use
anytime, anywhere! Find out how Websense takes your endpoint
security strategy to the next level:
http://www.fattail.com/redir/redirect.asp?CID=118428
_______________________________________________________________
MANAGEMENT FRAMEWORKS ARE OUT - BUT WHAT'S IN?

Many vendors stopped using the term "frameworks" when they
became synonymous with endless deployment cycles. So, if
management frameworks are out, what is the alternative? Does a
series of multiple products from multiple vendors work? Will
Configuration Management Database (CMDB) emerge as the new
"framework" or "platform" for the enterprise? Click here for
more:
http://www.fattail.com/redir/redirect.asp?CID=118213
_______________________________________________________________

Today's focus: The danger of relying solely on Active Directory
for backups

By M. E. Kabay

Recently my colleague John Orlando reminded everyone in our
group at the Online Graduate Programs of Norwich University
about the limitations of the automated back-up system provided
by Microsoft Active Directory.

John wrote:

"Active Directory is a big advance over the former back-up
system used by the vast majority of the University - nothing -
but it might be a step back for us. If your documents get
corrupted without your knowing it, the corrupted version will
just overwrite the backup, and both the original and backup will
be corrupted. Plus, the backups are saved on a server with 500
other users, which exposes them to any nasty creatures that
other people download. To avoid finding yourself having to
retype a stack of documents thicker than the pile of Oprah
magazines in [a colleague's] living room, you should also
continue to make periodic disk backups of your documents and
e-mail."

Alan Freedman succinctly summarizes key features of Active
Directory as follows: "Active Directory: An advanced,
hierarchical directory service that comes with Windows 2000
servers. It is LDAP [Lightweight Directory Access Protocol]
compliant and built on the Internet's Domain Naming System
(DNS). Workgroups are given domain names, just like Web sites,
and any LDAP-compliant client (Windows, Mac, Unix, etc.) can
gain access to it. Active Directory can function in a
heterogeneous, enterprise network and encompass other
directories including NDS [Novell Directory Services, now
eDirectory] and NIS+ [Network Information Services from
SunSoft]. Cisco is supporting it in its IOS router operating
system." (From the " Computer Desktop Encyclopedia
<http://www.computerlanguage.com/> " v 18.3 ; see also
Wikipedia's entry
<http://en.wikipedia.org/wiki/Active_Directory>.)

John is right about the danger of relying solely on Active
Directory for backups of critically important files. Even though
there may be system-wide backups of the Active Directory, it is
often tedious to locate old backups and comb through them trying
to determine which one has a non-corrupted version of the bad
file. His helpful note prompts me to supplement his suggestion
with a reminder about version numbers on important files.

If your file has the same name day after day and version after
version, then there is no way to avoid overwriting the backup on
the Active Server or any other type of backup, and you will lose
the valid version in an accident of the type John was
describing.

It is for these reasons (to avoid overwriting backups containing
older files with the same name as the currently used file and to
keep track of separate versions) that information security
specialists recommend that everyone get into the habit of using
versions on important documents. That way, the file you change
today has a different name from the same file that you changed
yesterday.

You can do this manually if you get into the habit of including
something like "Vnn" as the last part of your document name -
for example, "OGP policy list v12.doc" or "Enormous narrated
lecture on backups v03.ppt". Then when you open the file on
another day, you can immediately Save As - v13.doc or whatever's
appropriate.

There is a tool on the File menu of Microsoft Word (but not
those of PowerPoint or Excel) called Versions that brings up a
dialog where you can add notes about what's different in your
new version. However, you must still assign your own version
number or other distinguishing tag (for example, a date - and be
sure to use the YYYY-MM-DD format to support file-name sorting)
to the file you are saving. Word does not change the filename
automatically.

A note about TinyURL:

Gary MacIsaac of Cetacea Networks <http://www.orcaflow.ca/> very
kindly took the time to let me know of a recent improvement in
the TinyURL service: It now offers the opportunity to see where
you will be redirected. Turning on the "Preview" feature (it
requires cookies) displays the full URL to which you can then
choose to go (or not). Thanks also to several other readers who
pointed this out.

The top 5: Today's most-read stories

1. Cisco talking IP-radio nets
<http://www.networkworld.com/nlsec9576>
2. School traps infected PCs in its web
<http://www.networkworld.com/nlsecuritynewsal9459>
3. Cartoon of the Week
<http://www.networkworld.com/nlsecuritynewsal9460>
4. Juniper gains corporate network ground
<http://www.networkworld.com/nlsec9577>
5. Cisco finally brings security push to LAN
<http://www.networkworld.com/nlsec9066nlsecuritynewsal9145>

_______________________________________________________________
To contact: M. E. Kabay

M. E. Kabay, Ph.D., CISSP, is Associate Professor in the
Division of Business and Management at Norwich University in
Northfield, Vt. Mich can be reached by e-mail
<mailto:mkabay@norwich.edu> and his Web site
<http://www2.norwich.edu/mkabay/index.htm>.

New information assurance journal - Norwich University Journal
of Information Assurance (NUJIA). See
<http://nujia.norwich.edu/>
_______________________________________________________________
This newsletter is sponsored by Websense
Protection Anytime, Anywhere

Websense Remote Filtering extends the Websense industry leading
web filtering and web security protection to remote laptop users
outside the network. This ensures secure employee internet use
anytime, anywhere! Find out how Websense takes your endpoint
security strategy to the next level:
http://www.fattail.com/redir/redirect.asp?CID=118054
_______________________________________________________________
ARCHIVE LINKS

Archive of the Security newsletter:
<http://www.networkworld.com/newsletters/sec/index.html>
Security Research Center:
<http://www.networkworld.com/topics/security.html>
Instant sign-up for Security News Alert:
<http://www.networkworld.com/isusecna>
Instant sign-up for Virus & Bug Patch Alert:
<http://www.networkworld.com/isubug>
_______________________________________________________________
FEATURED READER RESOURCE

Network World New Data Center: Spotlight on Advanced IP

Piecing Together the Next Generation IT Architecture. This 5th
installment in a 6 part series takes a look at at On-demand
services, automated management, and management technologies.
PLUS, see how two IT Execs are plotting their way to an all
IP-world. This NDC issue has it all, click here to read now:

<http://www.networkworld.com/supp/2005/ndc5/>
_______________________________________________________________
May We Send You a Free Print Subscription?
You've got the technology snapshot of your choice delivered
at your fingertips each day. Now, extend your knowledge by
receiving 51 FREE issues to our print publication. Apply
today at http://www.subscribenw.com/nl2

International subscribers click here:
http://nww1.com/go/circ_promo.html
_______________________________________________________________
SUBSCRIPTION SERVICES

To subscribe or unsubscribe to any Network World e-mail
newsletters, go to:
<http://www.nwwsubscribe.com/Changes.aspx>

To change your e-mail address, go to:
<http://www.nwwsubscribe.com/ChangeMail.aspx>

Subscription questions? Contact Customer Service by replying to
this message.

This message was sent to: security.world@gmail.com
Please use this address when modifying your subscription.
_______________________________________________________________

Have editorial comments? Write Jeff Caruso, Newsletter Editor,
at: <mailto:jcaruso@nww.com>

Inquiries to: NL Customer Service, Network World, Inc., 118
Turnpike Road, Southborough, MA 01772

For advertising information, write Kevin Normandeau, V.P. of
Online Development, at: <mailto:sponsorships@nwfusion.com>

Copyright Network World, Inc., 2005

No comments: