Call: +44 (0)7759 277220 Call
Blog

Pete Finnigan's Oracle Security Weblog

This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.

[Previous entry: "Blog birthday, speaking, training and Oracle Java security"] [Next entry: "Default Users"]

Backups are valuable



I have spent a lot of time this week dealing with backups; not databases but of my own main machine that runs my email, development and business needs - used by myself when in the office and by my PA when I am away. I always backup the box and can do "almost" point in time recovery; I am not going to go into details of exactly how. On Saturday I wiggled the mouse (the machine runs almost continuously, for almost 3 years) and the screen never crinkled and crackled, hmmm, left it and worked on my laptop instead and then had some time Sunday morning and tried again. No joy; I worked on Client work on Monday and Tuesday to get a piece of work delivered on time and then took the broken box to a local computer shop on Wednesday morning; he announced a load of nonesense which I didnt beleive and asked me to leave it with him; no chance.

I then took it to another place and they were much better, talked sense and actually proved the problem to me; the mother board was fried and the graphics chip was also shot; it seems that the problem could have been the fan not working properly that fried the graphics chip which then did damage to the motherboard; so no machine, new one needed.

I removed the RAM, the BIOS chip (with a hammer and chisel - fast de-soldering!, I am a qualified electrician) and also the disk, now the rest can be disposed of. I then bought a new machine and spent most of yesterday and today so far whilst also trying to work installing software and copying data, boy is that distracting to work and load software on another box at the same time.

I have backups (not one jot of data is lost) but in a PC world the problem is much bigger, the machine runs programs (some cause issues when moving them to a new machine because the vendors think you are cheating them) so they all have to be re-installed, setup, updates found, drivers updated, data moved to the right places.... its a big job i made a list of two sides of A4 of tasks to complete. A backup is great no lost data but its not possible (well not easy so I am not doing it) to backup all setup, programs, drivers, etc and then restore to a different machine in the future - same hardware maybe.

A lost system is more than just the data; when we applying this to Oracle I am always amazed when i do Oracle database security audits how many sites do not have adequate backups, don't test the media, dont test the backups them selves or have a DR strategy that involves a plan to buy the hardware if needed and to set it up and install Oracle at the time of the disaster. Liken it to my machine, its not bad for me, I can work on another machine, indeed I am doing so now and no client suffers (just response to email is suffering at the moment, should be backup tomorrow, I hope, so if you emailed me dont worry i will respond) but i suffer as I am using a lot of time to rebuild my environment on the new machine. my Oracle database security audits encompass the whole environment and things like backups, data flow and DR are all included. I cringe when sites say they will get the hardware if they need it and build from scratch; I cringe more now as I know how long it takes to set up machines. Even yesterday I started to install software and found that the CD/DVD drive of the new box didnt work; this took over an hour to resolve. Imagine your business held up waiting for hardware, waiting to build it and waiting to recover the data.

I also was forced to buy a machine with Vista installed, arrrhhhhh, what a horible interface. I have also wasted time last night trying to remove all the stupid dropdowns and toobars that vista brings, change menus, look etc so I can find things; now the machine looks like XP and earlier again, simpler to use.

Backups are important but time to resolve and resume is as well; remember it.

There has been 2 Comments posted on this article


October 2nd, 2009 at 03:36 pm

James Foronda says:

Hi Pete,

Great post. I can totally relate because I do a lot of setup and recovery of damaged environments and I'm amazed at how people tend to underestimate what it takes to do the things you just described.

When it is acceptable to do so, I always virtualize my environments using VMware or VirtualBox. Development environments are great for this... and so are my home environments (I have my "personal finance" stuff on a dedicated virtual machine). Then, when the time comes to replace the hardware (either because of a disaster like you described or just a simple hardware upgrade), all I do is setup the virtualization software in the new hardware environment, copy the files representing the VM to the new environment, and then just run the virtual machine from there.

James



October 5th, 2009 at 09:34 am

Pete says:

Hi James,

Thanks for your comment. I have used virtual machines in the past many times but i aways tend to gravitate back to native installed stuff as it just seems to work better for me. I guess it woudl be better if i was strict in only installing into the VM's and not cluttering the rest of the native OS up with stuff that tends to run in the background. sad

Thanks for your note

cheers

Pete