Do You Have Your 'Crisis Week'? 133
pmbarth asks: "This week, the large company I work at is having a 'Crisis Week', where we simulate different types of problems, and have training on how to deal with them. Beyond the normal fire drills or chemical spills, a new addition was 'Attack on IT Infrastructure'. I was wondering how many other companies out there are actually training their non-IT employees on how to be aware of, and perhaps even counteract these types of issues?" It's an interesting idea, and one can't tell when an extra skill one learns on the job may come in use in a critical situation. Do other companies have something similar? Do you think such drills are particularly effective?
Depends on the industry (Score:1)
Older industries, particularly manufacturing, do this fairly regularly. Of course, manufacturing as an activity has been going on for many years, so they've learned the hard way.
Power failure tests, system control failure tests (when your furnace burns itself up because you couldn't regulate it, and you spend 7M$ to rebuild it, I bet you work very hard not to make the same mistake in the future.)
As for IT-attacks, I haven't encountered that, but it makes good sense.
With all of the failure tests you should start with planned failure test, and eventually run "unplanned" (at least from the perspective of some of the employees) test to see how people respond. It's easy to remember where the emergency exits are in a maze of corridors and factory equipment when you know there's going to be a drill
We've never had one... (Score:1)
That said, when I quit as sysadmin due to "political" reasons I went on holiday for a week and when I got back it took 30 seconds to work out a server had been compromised and was being used to launch DOS attacks on www.microsoft.com. My replacement had spent a week replacing everyones NIC blaming the bad network performance on a faulty network card.
Re:OT: Interesting (Score:1)
Incredible
Interesting
Mediocre
Redundant
Tiresome
Completely Erronious
Dont Bother
Re:First things first. (Score:1)
We don't need no stinking crisis week (Score:1)
kashani
Re:I'll now present slashdot's opnion on Crisis we (Score:1)
Re:Of course... (Score:1)
Crisis week? Let me tell you what that is... (Score:1)
It's when you pull the plug on your daily XFS CVS compilation and stress testing because someone finds it annoying that the machine reboots every night even if you plucked all the problems this was causing, namely the not-in-the-kernel-because-they-are-binary-only-cra p NVIDIA drivers weren't being recompiled along and the some people left some mp3 players open on a no-longer-existant NFS mount, and then they complain because now there are bugs showing up in that freaking old version of the kernel because the machine no longer rebooted (bugs which incidentally wouldn't have showed up if the recompiles had kept their pace) and someone claims they lost two whole freaking hours of valuable work because of this problem (which I'm sure wouldn't have happened if he hadn't heard of the problem in the first place) and then to calm people down you upgrade the kernel to a current version only to find that hardware thing that had been creeping on the box suddenly shows up in all its glory and some moron that thinks he knows (dick) about the problem because he reads LinuxToday starts giving his unrequested opinion about it. This while all you want to do is some real work. This is a crisis week, and it spans over 14 days and counting.
No, seriously, rant aside, I'd love to have something like this. Maybe people would actually learn to differentiate between it doesn't work *whine* and this particular part of the infrastructure has this particular problem, where that part of infrastructure is something more specific than the network and the problem goes beyond it doesn't do what I want (I'd pay for "it worked ok until I did this"). I'd also love if people were able to spot a problem ("hmm... I type ls --weird-option and it doesn't recognize it anymore") and report it instead of thinking "oh, the planets must be in the wrong position, I'll try again next week" and do zilch about it.
And while day dreaming, can people stop saying "could it be possible that foo and bar have a problem?" if a) they know there's a problem and b) they try to smooth it out because they know it pisses the hell out of me when I hear "foo and bar just don't work". If you are going to say that, say it without the sugar, please.
Re:not a bad idea, but probably not worth it (Score:1)
Granted, continuous training isn't always worth the time lost in it, but still, don't dismiss an idea like this out of hand just because.
we dont have to train (Score:1)
I work for an architorture firm and we have crisis weeks every week. what we train for is the annual slow friday
Re:Citing CISSP (Score:1)
Often I wonder how much a company has prepared for a disaster, via way of anything imaginable, hurricanes, fires, break-ins, etc.
Not at all, in a lot of cases companies don't even plan for problems they know they will have. A friend works at a major estate agent here in the UK, when recently they announced large branch closures. Firstly they announced these to the TV stations before their own employees, with a couple of weeks notice before closure. Secondly they failed to come up with any plan regarding what to do with the properties where they managed shorthold renting on behalf of others. Customers were left frantically phoning branches trying to find out this information for days before a decision was actually made.
If multi-billion pound companies can't prepare for obvious short term definite eventualities how can we expect them to have plans for remote eventualities.
Another problem is who reports these things. At a previous (Fortune 50)employer 50+ programmers were left for almost an entire day without power because no-one had the initiative to call in the problem, I (the summer student) eventually sorted out the problem (I have the unfortunate curse of feeling responsible for fixing other's mistakes).
On the subject of breakins, the same company managed to let theives get away with 60+ Sun Workstations and a room-sized MAINFRAME, with full security on watch at the time. How?, I dont know! As far as I can tell, gross incompetence of companies as wholes is rife.
No need ... (Score:1)
---
Who needs drills? (Score:1)
I am having a crisis week where I work. When I came in on Monday my HD failed to spin up. Which was pretty bad considering it wasn't backed up.
I guess its time to RAID my desktop and pray my FS doesn't crash, since backing it up really isn't an option considering the amount of space on it. I would need to spend 10x on a backup solution. Of course I do backup the 'critical' data onto the server and on zips.
Re:First things first. (Score:1)
My favorite crisis response... (Score:1)
When in doubt,
Run in circles,
Scream and shout.
(Author unknown)
Others, anyone?
The abbreviated Laws of Thermodynamics:
1)You can't win.
2)You can't break even.
Yup - 2 weeks a year (Score:1)
Hospitals and disaster simulations (Score:1)
Crises to plan for:
"Boeing events" - ?400 injured -can the ambulance/ER/OR cope? How many doctors/nurses can you get to the hospital in 30 minutes on fridays night? I've seen this simulated with 50 patients in a rural hospital. They employed actors to test this, and used the results in to extrapolate to other hospitals. It was great fun, they didn't tell us it was a simulation until we arrived (talk about crying wolf). The ER was overflowing with actors in bandages pretending to die while a surgeon suggested to the study co-ordinator that he could amputate with a hammer since no other equipment was available...
"Power cuts" Power goes and the backup generators fail. Not cool if your in theatre with someone's chest open. The aneathetic machines have good batteries, but the lights have only minutes of power to clamp/close important things.
IT problems are a joke. When the do snapshots ie declare "at 0935 today all computers/phones (which means all xrays,labs results, communications) go, then survey what might have happened" the number of predicted deaths is relatively small. Sure its a major distruption, but not too many people die.
Seriously these "crises" are real issue for places like a hospital. Disasters happen. People MUST plan for them. IT disaster just don't feature compared to earthquakes, big plan crashes, total power failure etc...
Elvis
Re:Caffeine Crisis (Score:1)
We're talking attacks, and you start WW3..
//rdj
Re:'Crisis Week' ?? (Score:1)
--
Later...
working in technical support (Score:1)
Re:It lasts about 4 days... (Score:1)
Re:It lasts about 4 days... (Score:1)
Re:'Crisis Week' ?? (Score:1)
Re:VBS anyone? (Score:1)
It worked well until we did an AV procedure on our Mail store and it efficently deleted them all
Re:OT: Interesting (Score:1)
So of course, your post has been moderated as Interesting. :) You can win for losing, can you?
--Ty
Crisis Friday (Score:1)
We even thought of not working on fridays but the plan never worked :)
Yes, we did, sort of. (Score:1)
Re:First things first. (Score:1)
=\=\=\=\=\=\=\=\=\=\=\=\=\=\=\=\=\=\=\=
Pah.. (Score:1)
Re:It would be a good idea.. (Score:1)
Yes, that is another issue you could make them aware of. Why not take a day, or even a few hours of a day to educate the emplyees in basic security awareness?
"Do not give out this information to ppl outside the company. Do not click on these
Having drills otoh... I dunno, how would you set them up?
--
"I'm surfin the dead zone
Re:The Ping Flood Drill (Score:1)
Fire Drills (Score:1)
The list of things was fairly involved: rebuild the servers from backups and from scratch; switch to an alternate pipe (isdn, dialup) if the primary failed; run through the restart procedures on the critical systems (necessary because you couldn't just power them back up); plus various repair procedures for filesystems, hardware, etc..
The rebuilding of the fileserver was particularly useful. In one case, we realized that though a system was emailing lots of "successful" messages, the backup was useless in recovering the system. I know restoring is the other half of backing up, but at this place, the job was so onerous that it was rarely actually performed.
Re:Of course... (Score:1)
they probably can't even read
Re:Wish my company would (Score:1)
www.securityfocus.com
And see all the holes and exploits available for your system. That should be a start
Re:The Real Thing (Score:1)
you are so spoiled. I ran an ISP with 50 users on a 64k line for 6 months
The COUNTRY of Gambia has
International Bandwidth (Kbps): 128
from http://www3.sn.apc.org/africa/index.html
I picked Gambia because it had 64k the last time I looked. They must be well pleased with the upgrade!
Re:Two Words: EM Pulse!!! (Score:1)
put your server in a lead lined case of you're that concerned. People need a Quaker server in times of nuclear war
Re:OT: Interesting (Score:1)
Be careful what you wish for, you just might... oh. Too late.
(Score: -1 Flamebait)
(Score: -1 True)
(Score: -1 Very True)
Crisis Week? Try Release Week (Score:1)
We're doing an unscheduled major code realease to our website today. I think this qualifies as a "crisis week".
Re:First things first. (Score:1)
This would be a great idea for my company if... (Score:1)
fear
Retail (Score:1)
I know (Score:1)
Re:not a bad idea, but probably not worth it (Score:1)
Re:First things first. (Score:1)
The slashdot 2 minute between postings limit: /.'ers since Spring 2001.
Pissing off hyper caffineated
Re:First things first. (Score:1)
The only reason you were hired is so people have somebody to alert when there is an e-mail problem.
They were all hired to generate revenue.
Don't have time (Score:1)
Everything is in a crisis as it is.
Seriously, think of the fun a pointy haired manager would have with this!
Check out the Vinny the Vampire [eplugz.com] comic strip
Wow... (Score:1)
...you mean that you actually have to set aside time for your crises? And that they only last a week?
Need a Perl programmer?
b&
Real Crisis (Score:1)
Re:Crisis Week in the military (Score:1)
Sanchi
Re:Of course... (Score:1)
Re:Of course... (Score:1)
Of course! (Score:2)
--
Network hack attack (Score:2)
You will see that the network hacking attack exercise will be successfully ended, and everyone will begin the simulation of what to do when the data center loses power.
Re:What these exercises are REALLY good for... (Score:2)
Right on, my brother. It's been a couple of years (gee, time flies) but I was trained that it was always better to know where to look things up then to try and know everything. STAN-EVAL just ate that shit up. I wish we could have done more with the continuity binders though, we were always so busy putting out fires and holding the office together we didn't have much time for things, like proper docs and recurring training.
I was a 1W051 (Weather Observer) and every unit I was at always seemed to be running as fast as they could just to stay in one place. I was never able to make much progress trying to make the place better, it was very frustrating and is one of the reasons that I didn't reenlist.
Of course I'm in the same boat with my current job, running as fast as I can just to keep from being swamped. The difference is that I have hope in my current job that it will get better sooner rather than later. Also in my current job I really can make a difference and make things better for myself and the others around me. Sometimes it helps being small.
Re:No need ... (Score:2)
Therefore, if it's not from Lassie, it's not a crisis.
Re:OT: Interesting (Score:2)
Then I got to the bottom of the page, and saw this quote:
Your love life will be... interesting.
Ya gotta love irony.
I thought it was 2 weeks ago (Score:2)
--
Re:First things first. (Score:2)
I can't get to CNN/eBay/Am I Hot or Not/online bingo/every other non-business essential site.
Of course, what's the first thing I do when the router goes down? Dial my laptop to a local ISP and make sure I can get my /. cause, dammit, this is important!
Other Crisis' to be concerned about... (Score:2)
2. CFO Fired [How fast can you forge his signature all those PO's you've been wanting.]
3. Stock Devaluation [Speed selling]
4. Stock Devaluation at a dot com [Resume update]
possible solutions (Score:2)
Its always good to have at least 90 days worth of backups in case something may have been corrupted, whats more is the storage of that data. You don't want to just leave it lying around. Consider renting small storage space for a monthly dump of the tapes or keep em locked up in a secure place such as a safe, or encrypt the tapes so the average joe can't read it should they get their hands on them (the tapes)
I hate even thinking about the idea of going to a new company, and having to deal with this since its a painstaking task, but once its done, its all a matter of following up on things, and making it part of daily/weekly/monthly work. It gets easier once you've done it and gotten it over with.
Re:OT: Interesting (Score:2)
---
What these exercises are REALLY good for... (Score:2)
It's a huge pain in the a$$ to prepare this material but it helps insure that there's always SOMEONE around who knows what to do and there is a source of info to check when the crap hits the fan. A little investment in time to create these documents pays off in a big way, one incident at a time. These are living documents instead of regulations, so they are continually subject to improvement or even disposal if they become obsolete or something better comes along.
This kind of thing ought to work in the corporate world especially in a company where there is a measure of procedural inertia that carries on regardless of who is holding down each particular job.
Crisis, what Crisis (Score:2)
Re:It lasts about 4 days... (Score:2)
Re:No need ... (Score:2)
A lack of planning on your part does not constitute an emergency on my part.
Re:OT: Interesting (Score:2)
=\=\=\=\=\=\=\=\=\=\=\=\=\=\=\=\=\=\=\
Re:The Real Thing (Score:2)
Re:VBS anyone? (Score:2)
It would be a good idea.. (Score:2)
Daily Drill (Score:2)
Someone codes something good and shouts something like 1 4M S000 13373 D00DZ!!11 (or something else in 13373 speak), then we beat the ever living crap outta them.
I'd like to see a script kiddie pop their head up in my company.
BTW - This article sounds like a preface to a new BOFH.
Redundant? (Score:2)
Those people are merely sharing how common crisis mode is.
Even if it is just due to managers believing that you can do with half the staff, or half the hardware, or half the budget you need to get the results they want.
Maybe it was a silly question to begin with, but it sure seems like whoever had the 150 moderator points had a problem with that much unexpected opinion.
Check out the Vinny the Vampire [eplugz.com] comic strip
Crisis Week in the military (Score:2)
Sanchi
My company takes security VERY seriously. (Score:2)
I was thinking though, technically most mail that I get falls under the category of "unexpected" :)
dynamo
not a bad idea, but probably not worth it (Score:2)
Re:Every week is a crisis week :) (Score:2)
It's disappointing to see that as time goes by, more and more of my work putting out fires. It reflects badly on the management of the organization as a whole, but that's the nature of IT. You don't hear from people unless thay have a problem. Crisis week once in a while huh? Try having crisis week three times per month.
--
Must be an NT domain... (Score:2)
But I work from home... (Score:2)
"I wouldn't have that code finished until next week, I'm practicing having crisis this week."
OR
"NOooooooooo! this is the third time this week I've split bong water on my keyboard."
--
Re:No need ... (Score:3)
Wish my company would (Score:3)
I've started putting some info together on possible situations and what should be done but but I'm not a security guru and could use some tips on possible senarios or some form of an example that might wake the management up in this company.
And for those that seem to think you are reading between the lines, thats not an open invite to attack.
Rule 1: prevent social engineering (Score:3)
Prevention of social engineering is critical to corperate and personal information security.
'Crisis Week' ?? (Score:3)
--
Uh-oh.. (Score:3)
You can just imagine the script kiddies already getting busy, tracking down this company and taking advantage of the situation..
".. and now you can observe how easily the intruder is gaining access to our classified documents. But don't worry folks, remember; it's just a simulation!"
Army Installations (Score:3)
Bombings
Spies Peering into places
Security Checkpoints almost everywhere
Attacks on networks (software AND hardware)
Power outages
Phone outages
All simulated of course. From the Army's standpoint, it was a great training excercise. From the contractor's standpoint, it was a huge hassle, but I learned a lot regardless. That was my experience though.
It lasts about 4 days... (Score:3)
Dancin Santa
Re:Drill: delete that e-mail! (Score:3)
VBS anyone? (Score:3)
Yes they do! (Score:3)
Drill: delete that e-mail! (Score:4)
Now try to find the delete key... press it... done. Ah, life can go on now.
Re:Every week is a crisis week :) (Score:4)
Disaster Recovery facilities (Score:4)
Along with allowing us to test our procedures once a year, in case of a real emergency, our critical systems can be reloaded at their facilities and brought back up until the neccesery repairs/reloads are performed here.
When you're doing a test, or an actual disaster recovery, they also have a full staff of experienced sysadmins to help. This is really valuable as even the most experienced sysadmin doens't get as much practice at disaster recovery as those guys do.
As you can imagine, services like this aren't cheap, but they are aimed at large companies that need this type of protection. They also have a whole host of other services they provide, mostly network monitoring services; this may include testing your site's ability to defend against a hacker attack, but I'm not sure. If you work for a large (or growing) company and don't yet have a company providing these services for you, I highly, highly recommend Comdisco.
Ensure the bullet misses the foot... (Score:4)
Then one day, we actaully had a fire, at about 6 pm. Three of us were containing it, and called the QuarterDeck (front office) to sound the alarm, which they did, except they announced that it was a drill!
Sooo, the people who usually run the drill (officers=managers) called the QuarterDeck and told them to cancel it because there was no drill for the day.
Needless to say, we spent a VERY LONG time on the phone before the QuarterDeck got the story right, and the fire crew finally arrived.
Moral of the story: Don't get so caught up in doing drills that you miss the actual fire!
Intrusion Detection (Score:4)
My company did this (Score:5)
One day I came in to work and I was told that the CVS server went down. The support staff knew exactly when it went down because NetSaint sent messages to their phones.
I'm not normally support/admin, but I have experience in it so I jumped in to help. Here is what we did:
- Went to the console and tried to boot it up. No go
- I booted from a rescue disk and tried to boot it that way. Nope
- Tried to mount the partitions, found that the partition table was gone
- We then split into two different efforts: I mentioned gpart (guesses lost partition tables) and started running it with various options while the other team began rebuilding the server from backups
- gpart didn't work so I just partitioned it again with the original settings (I've done that successfully before on a home computer)
- That didn't work, but the replacement server was ready by then so we plugged it into the network
Once the backup server was up the head of development announced that he had replaced the CVS server's hard drive with a blank one early that morning.
We all wrote reports on what we did and, while we were pissed for a minute ("You WHAT!?!?!?"), the drill was determined to be a success.
I was freaked out mainly due to the fact that I volunteered to help out... Me and my big mouth
Oh, don't even start... (Score:5)
I sysadmin for a government research lab. You'd better believe every week is an IT crisis week. If it's not crackers in China looking for revenge for the embassy accident, it's some dumbfsck college kid trying to telnet past the routers or something.
Those aren't the crises, though (the routers keep those jerks out). The actual crises begin when the logfiles get too big to fit on the backup tape. Then I have to scrounge around to find more tapes, 'cause they won't let me buy any more on the government budget (yes dammit I'd raise my own grandmother's taxes if it means I have money to buy backup tapes), and then I have to decide whether the stuff currently on the tapes can be sacrificed for the holy cause (backups! backups always take priority!). This decision-making process usually requires some caffeine, and the single soda machine within reach charges a freaking dollar for a 20-oz bottle, so there's another twelve or thirteen dollars gone.
Don't talk to me about "planned" crisis week.
Citing CISSP (Score:5)
Personally I think companies grow too fast and focus on growing, growing, growing, rarely stopping to take the time to implement measures against disaster recovery.
One of the things we do @ my place is once every other month we have a sit in with beers, pizza, etc., and focus on security via way of games. Why do you need a safe password is based on a guess your co-workers info to see how much we can gather by knowing them to see if we could guess their pw's, we also have a twist on Jeopardy where we use the names obtained from Attrition.org, and make a question about the company, so we could say "yes this company was owned this/last month" in order to make our workers aware of the risks involved on the `net'.
Its better than ramming security down their throats and constantly lecturing people. We also have little twists on dealing with all sorts of issues, voicemail management to avoid having pw's cracked, social engineering games, and makeshift scenarios where someone comes in to social engineer their way into information.
keep us on our toes
OT: Interesting (Score:5)
I'm glad the editors are posting stuff that piques their interest, but maybe it's time for a bit more editorial creativity? A vocab building class perhaps? Or maybe they should change the site name to "Slashdot: An interesting idea."
[ yes, this is offtopic. It's probably also flaimbait. But I, for one, think it's funny. Or at least intersting. hehehe ]
---
Re:We don't simulate it, we are a crisis center (Score:5)
Comment removed (Score:5)
We don't simulate it, we are a crisis center (Score:5)
Caffeine Crisis (Score:5)
They took away the coffeemaker?
must... have... caffeine... to... code...