As someone that manages ~100 ASAs, I see this every single day and really there's nothing you can do. Your firewall will do it's job. Having other mechanisms in place like IPS and other inspection tools ups the ante.
This is absolute crap. They're getting free labor pretty much and most likely paying you absolutely nothing or next to nothing. I would contact the Better Business Bureau and the Department of Labor about this practice, this cannot be legal... unless you were stupid enough to sign something that says you waive all rights blah blah blah and consent to blah blah blah
Most of the posts on here are absolutely rubbish; just ignore them, and listen to what I have to say. I've helped businesses in this situation before - here you go:
Your shop is not that big if you're only 6 servers, and you're only in the PRE-evacuation. You have time to do this right. Everything out of the datacenter but the wiring. Leave the racks too. The only thing you need is the physical equipment, your data, and a way for continuation after re-establishment somewhere else (Backups). Ensure you've grabbed all backup tapes that may be on-site. 6 servers will not take you that long to evacuate. Your datacenter is most likely a wiring closet or something equivalent, so take the extra time to label things. Make a diagram or map before you start removing things so you know how to put it back together. If you have some networking equipment scattered throughout the premises, ensure to grab that stuff too. Remember, you're not on fire yet. You have time to think this over and get all of the REALLY important stuff.
You have two options for how you want to handle the client workstations and IP phones. The first option is for you and your IT team to go around to each one with a cardboard box and pack it all up. The second option is to give each employee a cardboard box and have them pack their own workspace - why should you guys have to do everything? Unfortunately, NON-IT workstation users are stupid and do not always store company data on their assigned network storage, so your workstations are actually assets, that could be holding data that is not replaceable. Because you mentioned all of the items (servers, workstations, networking equip. and phones) in your post, I'm assuming skipping them is not an option. Go with the fastest - each employee packs their own workspace. Get support from management to make it happen, it would save you and your team time as well as expedite the evacuation process. Each employee packing their own workspace also ensures they grab the things that are necessary that may be hiding in their desks/around their workspace.
The rest is up to you. Really, and I know you've probably heard this 100x and read about it several times from the comments above - but the organization is not taking itself seriously if it does not have any type of protection from this type of disaster/condition. I don't have to spell out the obvious, but if the organization exists in an area that is prone for this type of disaster, then the business should have been designed to "hit the road" in the event this type of condition threatened the business... as well as protection and correction.
The company I work for, which is a leader in information security based products, has a lot of road warriors; me being one of them. We use a service called Crash Plan Pro - http://www.crashplan.com/business/
Crash Plan Pro essentially provides you with onsite and off-site backup with a secure cloud storage feature. Basically, for us road warriors, we have a client that is configured to backup certain directories on a certain frequency. It's pretty awesome; we never have to worry about losing data. My laptop does a backup of my C:\users\USERNAME directory about every 15 minutes; only the files that have changed, not a full backup every 15 minutes.
At home, I have a Buffalo Linkstation 1TB NAS configured with RAID 1 (disk mirroring). It's an awesome home solution. I've had the NAS since 2008 and I've only had to replace 1 hard drive, which was a cost of 50 bucks off Amazon. Replacing the Serial ATA drive took about 5 minutes and then the RAID rebuild took about an hour. It has FTP and web services that allow you to access your data from anywhere.
That was pretty stupid of you to build the application when you were not asked to - OFF HOURS EVEN - and then expect to be compensated for it. Get real.
Terrorists and any other human who willingly takes another humans life, does not have a soul and therefore, is not a person. They should all be executed swiftly, without question.
If another person has the intent to, or has damaged another persons life to the point of non-recovery or death, the individual(s) should be executed. Fuck their "rights" they have no rights. They threw their rights out the door when they decided to commit the senseless crime. Kill em' all. What is the point of having them around? Just fucking kill them.
For those of you suggesting background checks, credit checks, attorney documents etc... you're all a bunch of idiots.
I am a CISSP and a CISA. I deal with this kind of stuff on a daily basis. Here is a REAL recommendation. Please disregard all the other morons who think they know what they're talking about.
Use SFTP. Use SSH-2 or above. It is a simple implementation, and there are many opensource options for you to choose from. It will provide you with the confidentiality you're looking for, as all data will be encrypted.
You do not need to worry about background checks, credit checks, attorney documents etc. It's not like your company went and found some people in the alley behind your building and paid them to do some work and help your company with software. Chances are there is an agreement of some type between the consultants and your company. The consultants know what they are expected to do, they know their limitations, and they are aware of the consequences of deviation. Your company obviously trusts them enough to help them implement the software, and im betting this isn't their first rodeo.
This is a simple task, with a simple solution. It's not rocket science. There is no need to complicate it anymore than it needs to be. If you follow my recommendations, you will be fine.
If anything would happen, it's not your fault, it's senior managements fault. You didn't pick the consultants, you simply provided a safe means to allow your organization accomplish it's objective.
Re:Circuit City shoppers are the Slashdot standard
on
Hostile ta Vista, Baby
·
· Score: 1
Asterisk + RxFAX and TxFAX. I wrote a script that will send X amt. of total black pages to any number i choose, just in case i ever have to deal with this.
Slashdot Mirror
As someone that manages ~100 ASAs, I see this every single day and really there's nothing you can do. Your firewall will do it's job. Having other mechanisms in place like IPS and other inspection tools ups the ante.
Imperva Cloud DDoS protection.
This is absolute crap. They're getting free labor pretty much and most likely paying you absolutely nothing or next to nothing. I would contact the Better Business Bureau and the Department of Labor about this practice, this cannot be legal... unless you were stupid enough to sign something that says you waive all rights blah blah blah and consent to blah blah blah
Most of the posts on here are absolutely rubbish; just ignore them, and listen to what I have to say. I've helped businesses in this situation before - here you go: Your shop is not that big if you're only 6 servers, and you're only in the PRE-evacuation. You have time to do this right. Everything out of the datacenter but the wiring. Leave the racks too. The only thing you need is the physical equipment, your data, and a way for continuation after re-establishment somewhere else (Backups). Ensure you've grabbed all backup tapes that may be on-site. 6 servers will not take you that long to evacuate. Your datacenter is most likely a wiring closet or something equivalent, so take the extra time to label things. Make a diagram or map before you start removing things so you know how to put it back together. If you have some networking equipment scattered throughout the premises, ensure to grab that stuff too. Remember, you're not on fire yet. You have time to think this over and get all of the REALLY important stuff. You have two options for how you want to handle the client workstations and IP phones. The first option is for you and your IT team to go around to each one with a cardboard box and pack it all up. The second option is to give each employee a cardboard box and have them pack their own workspace - why should you guys have to do everything? Unfortunately, NON-IT workstation users are stupid and do not always store company data on their assigned network storage, so your workstations are actually assets, that could be holding data that is not replaceable. Because you mentioned all of the items (servers, workstations, networking equip. and phones) in your post, I'm assuming skipping them is not an option. Go with the fastest - each employee packs their own workspace. Get support from management to make it happen, it would save you and your team time as well as expedite the evacuation process. Each employee packing their own workspace also ensures they grab the things that are necessary that may be hiding in their desks/around their workspace. The rest is up to you. Really, and I know you've probably heard this 100x and read about it several times from the comments above - but the organization is not taking itself seriously if it does not have any type of protection from this type of disaster/condition. I don't have to spell out the obvious, but if the organization exists in an area that is prone for this type of disaster, then the business should have been designed to "hit the road" in the event this type of condition threatened the business... as well as protection and correction.
The company I work for, which is a leader in information security based products, has a lot of road warriors; me being one of them. We use a service called Crash Plan Pro - http://www.crashplan.com/business/ Crash Plan Pro essentially provides you with onsite and off-site backup with a secure cloud storage feature. Basically, for us road warriors, we have a client that is configured to backup certain directories on a certain frequency. It's pretty awesome; we never have to worry about losing data. My laptop does a backup of my C:\users\USERNAME directory about every 15 minutes; only the files that have changed, not a full backup every 15 minutes. At home, I have a Buffalo Linkstation 1TB NAS configured with RAID 1 (disk mirroring). It's an awesome home solution. I've had the NAS since 2008 and I've only had to replace 1 hard drive, which was a cost of 50 bucks off Amazon. Replacing the Serial ATA drive took about 5 minutes and then the RAID rebuild took about an hour. It has FTP and web services that allow you to access your data from anywhere.
That was pretty stupid of you to build the application when you were not asked to - OFF HOURS EVEN - and then expect to be compensated for it. Get real.
Not 'Cosmo'
stupid.
Terrorists and any other human who willingly takes another humans life, does not have a soul and therefore, is not a person. They should all be executed swiftly, without question. If another person has the intent to, or has damaged another persons life to the point of non-recovery or death, the individual(s) should be executed. Fuck their "rights" they have no rights. They threw their rights out the door when they decided to commit the senseless crime. Kill em' all. What is the point of having them around? Just fucking kill them.
For those of you suggesting background checks, credit checks, attorney documents etc... you're all a bunch of idiots. I am a CISSP and a CISA. I deal with this kind of stuff on a daily basis. Here is a REAL recommendation. Please disregard all the other morons who think they know what they're talking about. Use SFTP. Use SSH-2 or above. It is a simple implementation, and there are many opensource options for you to choose from. It will provide you with the confidentiality you're looking for, as all data will be encrypted. You do not need to worry about background checks, credit checks, attorney documents etc. It's not like your company went and found some people in the alley behind your building and paid them to do some work and help your company with software. Chances are there is an agreement of some type between the consultants and your company. The consultants know what they are expected to do, they know their limitations, and they are aware of the consequences of deviation. Your company obviously trusts them enough to help them implement the software, and im betting this isn't their first rodeo. This is a simple task, with a simple solution. It's not rocket science. There is no need to complicate it anymore than it needs to be. If you follow my recommendations, you will be fine. If anything would happen, it's not your fault, it's senior managements fault. You didn't pick the consultants, you simply provided a safe means to allow your organization accomplish it's objective.
I agree. This guy is a douche bag
Asterisk + RxFAX and TxFAX. I wrote a script that will send X amt. of total black pages to any number i choose, just in case i ever have to deal with this.