Threat Level: green Handler on Duty: Manuel Pelaez

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Hurricane Katrina Preparations; Broken Mytob?

Published: 2005-08-28
Last Updated: 2005-08-28 23:54:36 UTC
by Marcus Sachs (Version: 1)
0 comment(s)

Hurricane Katrina Preparations


Hurricane Katrina is now a Category 5 storm and is forecast to hit the New Orleans area and central US Gulf Coast in the next 24 hours with catastrophic damage. The Internet Storm Center is interested in publishing any anecdotal stories from those in the storm's path that pertain to preparations in advance of the storm. Of course, the priority must be on personal and family safety but if you are in the path of the storm and have time to send us a note please do so. We are interested in posting your thoughts, comments, and observations about what you are doing to prepare your computer networks and systems for the coming destructive storm.



Also, we plan to try a new feature of our diary that will allow us to post photos. So, if you have any digital photos of what you are doing to prepare for the storm and would can send them to use, please use the upload form at http://isc.sans.org/contact.php



We'll keep the diary updated as information is submitted to us.



Update - notes from last year


Handler Scott Fendley suggested that we reprint last year's list of hurricane preparation items for anybody in the path of Katrina. Here's the list:



Local IT staff

- Work with local building management to coordinate building shutdowns. Be aware that most buildings will begin shutdown procedures when a Hurricane Warning is issued. (If they say power is going off at 1:00 pm that means power is shutdown at that time not that they are starting to shutdown.) Coordinate with firm wide IT to begin systems shutdown 30 minutes prior to building shutdowns.

- Work with local managers and share any information with Firm wide IT.

- Loaner laptops should be issued to key personnel that do not have laptops.

- Keep a loaner laptop that contains Ghost images for desktops/laptops.

- Ensure you have updated your contact information in the IT Contacts.



Firm wide IT

- Perform a full backup of all systems 4 days prior to the impact of the storm unless already scheduled. Have backups sent off site. (Be aware that UPS, FedEx, etc will stop shipments prior to the hurricanes impact.)

- Perform incremental backups every night prior to storm and have them sent off site.

- Perform Full backup prior to storm impact if possible. Have local IT retain control.

- Once building power is shutdown redirect the main numbers for the affected offices to an offsite voicemail box. (This eliminates busy signals and you can notify clients of the offices' status.)

- Update Office Closure hotline as the situation changes.

- Update Intranet with Hurricane updates for offices in unaffected regions.

- Prepare alternate procedures for the firm wide helpdesk.

- Get any necessary equipment into or out off the offsite datacenters. (Be aware the datacenter will not allow access 48 hours prior to the storm making landfall in the area and will not resume until the local authorities have deemed it safe to travel)

- Wrap critical systems that are located in the affected offices in plastic to help reduce water damage.



We'll take other ideas from readers if you have any. Submit them via our contact page.



Other lists


I hunted around the Internet and found many sites with lists that are useful for anybody in the path of Katrina or the other hurricanes that are expected later this year. There are countless commercial and private lists, so I'm limiting this to just a few of the "official" ones sponsored by various government agencies. Remember the first step of the Six Step Incident Handling Process - PREPARATION. Some of these lists are worth printing and posting on office bulletin boards.



http://www.usfa.fema.gov/safety/tips/tornado.shtm

http://www.fema.gov/hazards/hurricanes/whatshouldido.shtm

http://www.nhc.noaa.gov/HAW2/english/prepare/supply_kit.shtml

http://www.aoml.noaa.gov/general/lib/action.html

http://www.weather.gov/om/hurricane/index.shtml

http://www.epa.gov/naturalevents/wwtptips.html

Broken Mytob?



Brian sent us a note that he has received email with an attachment titled "important-details.zip" that he thinks is a broken version of Mytob. If anybody else has seen this or has any analysis to offer please drop us a note via the contact page.





Marcus H. Sachs

SRI International

Handler on Duty

Keywords:
0 comment(s)
Diary Archives