Spring World 2017

Conference & Exhibit

Attend The #1 BC/DR Event!

Bonus Journal

Volume 29, Issue 5

Full Contents Now Available!

Monday, 14 January 2013 02:43

Thanks For Recovering …Now I Can Hack You


Why do disaster recovery (DR) exercises fail? Is it a lack of planning or testing? Both of these would cause an exercise to fail, but is this really a failure? If a DR team member learns something from the exercise, or if the documentation is updated with new knowledge, then it could be debated that the exercise was a success. However, if the data is restored successfully, the exercise has an even greater chance at being an epic failure. During a DR exercise at a remote third-party facility, I took an opportunity to do some basic troubleshooting on a firewall being restored. During this process I was successfully able to recover the firewall configurations of two corporations and a university with very little effort. I immediately updated my DR plan for the firewall with the following line: STEP 27: SQUEEZE For those of you wondering, squeeze is the command used to permanently delete