Disaster Recovery Planning: The Best Defense • Chapter 8 457 that your DRP is up to date and everyone knows the part they need to play recovering systems and software. It isn’t essential to actually cut ser- vices over to your hot site, but you’ll want to practice the cut-over as if it were really happening. Or, if you want to fully test the abilities of your hot site, you can set up its Web servers with a fictitious name and assign several people to be fictitious customers visiting it after the cutover. If you’ve chosen an alternate site where personnel should meet in event of fire, you can instruct them to act as if a fire just occurred and they must now recover the business. It may be melodramatic, but disaster drills force people to think about questions they don’t normally have to ask. Understanding Your Insurance Options Even the best-prepared companies buy insurance to protect themselves from events outside their control, but until a couple of years ago most business liability policies didn’t provide adequately for hazards related to e-commerce. Historically, brick-and-mortar businesses have maintained a general liability policy that protects against damage to tangible property. This kind of policy covers damage claims for bodily harm that happen by accident on company property or as the result of the company’s busi- ness operations and typically include claims of libel, slander, or defama- tion in the context of business advertising. However, the Internet has introduced new definitions of property, damage, and lost revenue that simply don’t fit well with the provisions of traditional general liability policies.The result? Companies expecting their loss was covered found themselves incurring large legal expenses to force their insurance com- panies to pay, and in many cases the insurance companies won.To address deficiencies in coverage by these traditional policies, new insur- ance products have emerged over the past two to three years targeting the needs of various types of e-commerce businesses. Some of the new insurance product offerings are hybrids of security and insurance that aim to reduce risk prior to underwriting insurance. For example, Lloyd’s of London (www.lloyds.com) and SafeOnline (www.safeonline.com) are e-business insurance underwriters that have www.syngress.com 134_ecomm_08 6/19/01 12:03 PM Page 457 458 Chapter 8 • Disaster Recovery Planning: The Best Defense partnered with Counterpane systems to perform ongoing security mon- itoring of their customers.These underwriters require a security audit and installation of Counterpane’s security monitoring service before selling insurance to cover the remaining risk. Lloyd’s has also partnered with Tripwire (www.tripwire.com) to offer a 10 percent discount on its two-year-old product E-Comprehensive if the insured installs Tripwire’s intrusion detection software. INSUREtrust (www.insuretrust.com) offers assessment services and insurance products aimed at e-commerce risk management. IBM has teamed with large insurance broker Sedgwick to provide data protection insurance to e-businesses, with IBM performing security audits as part of the qualification for insurance. Marsh and McLennan Company (www.mmc.com) provide risk assessment and insurance services for all aspects of the enterprise including e-commerce. Many other insurance companies also require a one-time security assess- ment as part of the qualification process. The new era of e-commerce insurance products can be classified into several major categories, although product lines are continuing to evolve with developments in intellectual property and e-commerce law. Most e-business insurers have products covering three major areas: ■ Professional liability, also known as professional services errors and omissions coverage. ■ Liability coverage related to publishing, such as trademark and copyright infringement. ■ E-commerce property and income protection for the company and/or for third parties. Errors and Omissions Coverage Professional liability insurance (E&O) protects against damage done by professionals such as doctors, lawyers, engineers, and design consultants as they do business with their clients.These policies cover negligent acts and errors of omission as defined by the courts. Many doctors or lawyers dispensing services over the Web find that their traditional malpractice insurance doesn’t cover their services anymore when they are delivered www.syngress.com 134_ecomm_08 6/19/01 12:03 PM Page 458 Disaster Recovery Planning: The Best Defense • Chapter 8 459 over the Web. Software development companies that hire consultants also want protection against claims resulting from deficiencies in the work they perform. However, damage claims caused directly by software, or by failure of software to perform properly, are not covered by general lia- bility policies because software isn’t considered a tangible property and can’t by itself cause bodily injury. As a result, many software companies today require contractors and consultants to provide certificates of E&O coverage to protect themselves. As an example of a professional liability, consider what would happen if a Web designer created an e-commerce site for a client company and in the process made a recommendation that the company purchase a partic- ular software to run the site, but at delivery the software turned out to be incompatible with the company’s hardware. If the consultant has made a specification error, his E&O policy would cover the cost of replacement software for the company. If the hardware or software vendor has improp- erly advertised the capability of their product on their own Web sites, then the vendor’s policy would cover the cost. Even if the error is not your fault, E&O policies typically cover legal expenses incurred during your defense.This type of coverage is indispensable for smaller companies and individual contractors that can’t afford large legal expenses yet find them- selves forced to defend against a frivolous or groundless lawsuit. Bear in mind, E&O coverage doesn’t include bankruptcy or poor market condi- tions resulting in business failure, and it won’t cover expenses found to be the result of making poor business decisions. Intellectual Property Liability E-business Web sites that merely advertise a brick-and-mortar company’s products have the least risk of all e-commerce ventures, but their risks are still not necessarily covered by traditional insurance products. Prior to the Internet, companies infringing on a trademark in a printed brochure were limited in damages by the circulation of the brochure. Today, a trademark violation on a Web site might incur damages world- wide.The Internet has also created e-mail risks for traditional compa- nies. An employee that sends e-mail discussing a customer could become the target of a lawsuit if the e-mail contains private details that get www.syngress.com 134_ecomm_08 6/19/01 12:03 PM Page 459 460 Chapter 8 • Disaster Recovery Planning: The Best Defense posted to a newsgroup or otherwise made public. Because e-mail is not considered advertising or marketing by general liability policies, the damages are not covered without special provisions and endorsements addressing e-business. First Party E-Commerce Protection E-commerce protection typically includes coverage for hazards caused by hackers, DoS attacks, computer viruses, malicious acts by employees, loss of intellectual property, and damage to third-party systems.Typically, comprehensive insurance products targeted directly at e-commerce busi- nesses also include professional errors and omissions provisions directly or by endorsement, and they cover copyright and trademark issues as well. If your site resells its Web services to other companies, E&O provi- sions of a comprehensive e-commerce package will be an important consideration to protect your business if the services you sell don’t meet customer expectations. Specialty e-commerce policies may cover damage to the insured, damage to third parties, or both, and exact provisions vary widely from one underwriter to the next. The need for specialized e-commerce insurance can be illustrated by examining how a traditional commercial insurance product would cover a disaster resulting in lost revenue for the insured company. Disasters tra- ditionally have meant earthquakes, fires, and floods that prevent the busi- ness from opening its doors for days or weeks at a time and may have waiting periods of several days before income continuance coverage takes affect. Delays in coverage can mean no coverage at all if an e-com- merce site suffers a DoS attack for a few hours, yet even a few hours can mean large revenue losses if the site is the company’s main source of doing business. Lean and tightly financed dot-coms suffering a service outage may have to depend on coverage by the insurance company for sudden expenses to deal with the public relations and recovery fallout and can’t wait for the coverage delay. Perhaps the greatest reason for considering e-commerce coverage is provisions for theft or loss of intellectual property. High-tech companies are becoming increasingly aware that the data stored on their computer systems is far more valuable than the systems themselves.Yet traditional www.syngress.com 134_ecomm_08 6/19/01 12:03 PM Page 460 Disaster Recovery Planning: The Best Defense • Chapter 8 461 commercial property products don’t view data as tangible property and won’t cover the expense of theft or damage by a disgruntled employee or intruder. Intentional destructive acts by an employee, such as inserting a backdoor into software or deliberately disabling the software product during coding, is illegal; neither kind of insurance product covers legal expenses for the person committing the act. However, the company employing the individual may be covered under e-commerce insurance if the company is named in a lawsuit and can demonstrate that it did not know about or participate in the illegal activity. Data theft is not the only type of loss you may need coverage for. Legal expenses arising from a patent or copyright infringement suit can put you out of business before the case is even settled. Domain names are often trademarked but you may not know this when you register. Unless you can demonstrate good faith, damages the court can award for cyber-piracy (meaning, intentionally registering a domain name to which someone else believes they own the rights) range from $1,000 to $100,000 (source:American Intellectual Property Law Association, 1999; www.aipla.com).Web crime endorsements can also cover losses you may incur reimbursing, investigating, and prosecuting if an intruder uses your Web site to perform a criminal financial transaction. Determining the Coverage You Need The first step in deciding what coverage is needed is to examine the venture to be covered and write down in detail what the e-commerce operations include. Most underwriters will ask for this detailed e-busi- ness description when you apply for a policy.You will also need to pro- vide financial statements for the business. If the company has only been in existence a short while, the underwriter may also request leadership or resume information about the owners or upper management. Examine carefully the set of risks you want to insure and make a list so you can examine suggested policies for coverage of items you consider critical.To date, there is wide disparity between product offer- ings among different insurers, so you should inspect the policy carefully to see if it meets your needs. For instance, if your Web site is a brochure- only type site that advertises but does not engage in selling products www.syngress.com 134_ecomm_08 6/19/01 12:03 PM Page 461 462 Chapter 8 • Disaster Recovery Planning: The Best Defense online, you will need to focus on risks associated with publishing such as trademark infringement, copyright protection, and defamation. However, some e-commerce policies exclude advertisement sites if they are cov- ered by your general liability insurance. If your site also collects cus- tomer data and advertises products, general liability policies won’t cover damages to or loss of that data.You may need to request an optional endorsement if you want to ensure you have this coverage. If your site is part of an extranet where different business partners share data or cross-develop products, the risk of spreading a virus or Trojan horse between companies may pose a significant financial risk to the partners. Reality Research (www.realityresearch.com) reports that the cost incurred by U.S. companies in lost productivity and downtime related to computer viruses and security intrusions are $266 billion (U.S.$).This represents 2.5 percent of the gross national product and total downtime of 3.2 percent (source: PricewaterhouseCoopers). Some policies exclude damage to third-party systems caused by a virus origi- nating from your site, so you should examine the policy or purchase an optional endorsement to ensure that you are covered. Another consideration is whether or not your company hires consul- tants and contractors. Insurance policies may distinguish between employees, consultants, and temporary workers in terms of coverage. Even if your company requires E&O coverage by consultants, those policies may not cover the company’s expenses if it is named in a lawsuit along with a consultant. Consider the provisions of the policy carefully and purchase an option endorsement to provide coverage for consultants if necessary. If you purchase E&O coverage and are later sued, the policy may pro- vide that the insurance company chooses legal counsel for you to defend the case. If you wish to retain the right to choose your own counsel, you may need to request this as an optional endorsement, depending on the insurer. Likewise, if the insurance company determines that a settlement is in order but you wish to continue defending the suit to clear your name, you may need to request this separately. Some companies simply don’t offer the choice, and others offer it with the insurer subject to the famous “hammer clause.”This clause requires you to pay the difference between what the insurance company could have settled for and the actual damages www.syngress.com 134_ecomm_08 6/19/01 12:03 PM Page 462 Disaster Recovery Planning: The Best Defense • Chapter 8 463 resulting from the court decision. Another consideration is that general lia- bility insurance typically covers legal expenses in addition to the limit of liability dollar amount specified in the policy, but newer electronic errors and omissions policies may lump defense costs in with other covered expenses when applying the limit. Make sure you purchase an adequate amount of insurance to cover your need. So-called “Hacker Insurance,” which covers damage done during a security breach, is not included in e-commerce liability insurance by some insurers but is included as an automatic provision by others. According to Betterley Risk Consultants (www.betterley.com) some companies such as AIG (www.aig.com) don’t exclude security breaches at all, whereas others such as Chubb, Evanston, and Kemper exclude security breaches unless a breach resulted from broken security software being used to protect against the unauthorized access. St. Paul excludes security breaches as part of the standard policy but offers optional endorsements to provide the coverage. Financial Requirements Most underwriters will require a security audit before selling e-com- merce insurance but may offer a discount on the insurance that covers the entire cost of the audit if results are within expectations.A security audit can cost as much as $20,000 or higher depending on the provider, if not. Minimum annual premiums for e-commerce policies start at $1,000 to $3,000 with liability limits of $1 million ranging upward from $25 to $50 million, depending on the insurer. Deductibles range from $2,500 to $10,000, depending on the insurer and the policy.These poli- cies are suitable for small- to mid-size businesses with less than $25 mil- lion annual revenue and less than 500 employees entering into business on the Internet for the first time. Betterley Risk Consultants estimates a $10 million NetAdvantage policy from AIG at between $100,000 to $300,000 per year. If you are a consultant or contractor building e-commerce sites for other client companies, you likely will be asked to provide a Professional Liability Certificate to the company hiring you.Typical E&O policies for consultants have a $1 million minimum limit of liability and premiums www.syngress.com 134_ecomm_08 6/19/01 12:03 PM Page 463 464 Chapter 8 • Disaster Recovery Planning: The Best Defense begin at about $1,000 per year. InsureNewMedia (www.insurenewmedia .com) provides some sample professional liability premium quotes on its Web site for various business sizes, as shown in Table 8.2. If your e-busi- ness is adult-oriented, maintains online medical records, involves down- loadable music, or sells health-negative products such as tobacco, you may have trouble obtaining insurance at all from certain providers with “No,Thank You” customer preferences. Table 8.2 Sample E&O Quotes from InsureNewMedia.com Size Employees Revenue (Millions) Premium (Yearly) Small 1 Up to $.5 $1,750 Medium 10 $.5–$2 $2,250 Large 25+ $3+ $4,000–$15,000 The Delicate Balance: Insurance and the Bottom Line Insurance should only be considered when the risk of not insuring is more than the business can tolerate. Risk of incurring expenses from a disaster means evaluating the uncertainty of a high-cost event against the certainty of a lower cost event. Deciding which is better must be viewed in the context of the business, so each decision is different. One way to view insurance expense is to accept the cost of the insured event as given and spread that cost out over a period of time. Quantifying the value to the business of absorbing the cost gradually as opposed to suddenly deter- mines how much can be spent on the cost of insurance. Small companies that are sufficiently well capitalized may decide to self-insure against e- commerce threats, whereas larger companies without spare cash may decide that the predictable expense is better for its business model. Coverage That May Not Be Needed The best way to keep insurance costs to a minimum is to shop around for policies that most precisely fit your need. If your Web site does not www.syngress.com 134_ecomm_08 6/19/01 12:03 PM Page 464 Disaster Recovery Planning: The Best Defense • Chapter 8 465 accept credit cards, you may not want policy provisions for merchant fraud insurance that protect against customers using fraudulent credit card numbers on your site. If you are a Web designer, a comprehensive e-commerce product is probably overkill when you are primarily inter- ested in protecting against errors and omissions claims by client compa- nies, but you might be interested in an additional trademark infringement endorsement to protect you against accidents. Many insurers offer a comprehensive package of insurance com- prised of several smaller products you can choose individually. Individual products can usually be tailored to suit your needs with optional endorsements.To obtain a specific endorsement you may have to con- sider several insurers’ products to find one that’s suitable. Some policies include provisions for worldwide coverage that you may be able to exclude, for example, if your only customer base is in the US. One consideration in purchasing an umbrella policy intended to cover several business locations is whether standard provisions covering punitive damages would even apply in all states in which you are con- ducting business. Some states exclude punitive damages as coverable by statute, so you should try to exclude those from the policy. Another consideration is how the policy covers indirect injury. Some policies include coverage if your business unknowingly provides a defec- tive product that causes injury when used by a third party. An example of this might be if your company were to provide a financial calculator on its Web site that another company used for calculating payroll expenses, and due to an unknown bug in your calculator, the other company understated payroll for several employees.The employees would have suffered an indirect injury caused by your calculator soft- ware. If your policy covers this type of injury but your Web site is not involved in any activities that could result in this type of claim, it would be wasteful not to exclude the provision. You can also purchase coverage against events that may result in a liability claim, but it does not cover income continuance in the event your site goes down.The first is an example of a third-party coverage, and the latter is first-party coverage.Your business may not need the first-party coverage provisions of the policy. If this is the case, you can save money by purchasing a policy that only covers third-party claims. www.syngress.com 134_ecomm_08 6/19/01 12:03 PM Page 465 466 Chapter 8 • Disaster Recovery Planning: The Best Defense Summary In this chapter we’ve covered the basics of disaster recovery from the per- spective of e-commerce.We looked at the various components of a good disaster recovery plan and how some companies fare without one. Some of the components of disaster recovery involve planning for how to deal with losing trade secrets or data, losing access to critical systems, and losing key personnel. Planning can help identify key areas where prevention may avert the disaster before it happens. Events that can’t be prevented can still be examined for ways to minimize the risk of downtime. Certain quality assurance programs can assist businesses in the process of creating a disaster recovery plan.The importance of quality can’t be stressed enough, because maximum uptime is quality of service to your customers. Involving upper management early on in the planning process is also essential to provide direction for downtime and budgetary tolerances. When disaster strikes and data must be recovered, quality backups are critical. In this chapter we examined the importance of storing backup media offsite and discussed several offsite rotation schemes. Feel free to implement a hybrid scheme that fits best with your business, but do remember to retain your offsite tapes long enough to restore everything that may be required. Some companies have agreements to retain data for a number of years, which should be factored into the retention schedule. Backups of data classified as sensitive by your security policy need to be encrypted to prevent data theft.We discussed several key fea- tures of backup software that provides encryption, how they are used, and why these features are important. Adding fault tolerance to your Web site eliminates single points of failure in your hardware and software configurations that can be the cause of downtime.We discussed several ways to add redundant hard- ware, software, network services, and even data center hot sites to act as standbys in case of catastrophic failure of one or more systems.Warm and cold standby hardware and data centers also offer benefits if budgets are too small to implement full hot-standby options. After you select a hot site, you should plan one or two practice drills per year to test fail over capabilities to it. www.syngress.com 134_ecomm_08 6/19/01 12:03 PM Page 466 [...]... your design for this sort of dependency and the security implications that these redundancy issues have upon your site Tools & Traps… Measuring Your Performance from the Outside We mentioned that if you’re getting at your Web site via a local area network (LAN) connection of some sort, you often get significantly better performance to your site than your customers will How do you find out how your site. .. sleep 0:00 160 qmaild 1 58 0 1364K 200K sleep 36:53 0.01% tcpserver 169 qmailr 1 58 0 768K 240K sleep 21:16 0.01% qmail-rspawn 170 qmailq 1 58 0 744K 184 K sleep 72:32 0.01% qmail-clean 5339 root 1 58 0 2 480 K 360K sleep 0:01 159 root 1 58 0 1352K 296K sleep 64:57 1 root 1 58 0 186 4K 100K sleep 3:43 0.00% init 22923 root 1 58 0 2160K 600K sleep 3:37 0.00% sshd 0.02% sh 0.01% sshd 0.00% splogger NOTE It... minute:1%; five minutes:2% PID QTy PC Runtime (ms) Invoked uSecs 1 Csp 603A1CB8 44 626627 0 2 M* 1304 36 3 Lst 60 388 D30 1315420 345 780 4 Cwe 60 380 530 0 5 Cwe 6038EEE8 6 Mst 602FB590 0 Stacks 2600/3000 TTY Process 0 Load Meter 36222 3536/6000 226 SSH Process 380 4 5636/6000 0 Check heaps 1 0 55 68/ 6000 0 Chunk Manager 76 269 282 5592/6000 0 Pool Manager 0 2 0 5564/6000 0 Timers This is just a brief sample;... 48 sleeping, 1 zombie, 1 on cpu CPU states: 99.5% idle, 0.0% user, 0.5% kernel, 0.0% iowait, 0.0% swap Memory: 512M real, 33M free, 44M swap in use, 470M swap free Continued www.syngress.com 485 134 _ecomm_ 09 486 6/19/01 12:04 PM Page 486 Chapter 9 • Handling Large Volumes of Network Traffic Figure 9.4 Continued PID USERNAME THR PRI NICE SIZE 14164 root RES STATE 1 788 K 1076K cpu0 TIME 1 48 0 0:00 684 5... www.syngress.com 477 134 _ecomm_ 09 4 78 6/19/01 12:04 PM Page 4 78 Chapter 9 • Handling Large Volumes of Network Traffic can serve a Web page in n number of seconds Having a bad test may cause you to skip the problem device in your testing procedure So what is load, how much do you have when your site is working acceptably? How do you measure it? How much is too much? Determining the Load on Your Site Your job, in... upon If your e-commerce site is a business-to-business site, you may find that ISO certification is required for doing business with foreign organizations, especially those in Europe However, even if your e-commerce venture is small or you just don’t wish to pursue ISO certification right now, it’s still good business to www.syngress.com 467 134 _ecomm_ 08 4 68 6/19/01 12:03 PM Page 4 68 Chapter 8 • Disaster... 00:00:00, output hang never Last clearing of “show interface” counters 5w0d Queueing strategy: fifo Output queue 0 /80 , 0 drops; input queue 0/100, 86 08 drops 5 minute input rate 143000 bits/sec, 145 packets/sec 5 minute output rate 83 8000 bits/sec, 176 packets/sec 96 983 2132 packets input, 4 282 579 182 bytes Received 0 broadcasts, 0 runts, 0 giants, 0 throttles 1 input errors, 1 CRC, 0 frame, 0 overrun, 0 ignored... 58 0 25M 24M sleep 220:45 CPU COMMAND 0.41% top 0.07% dnscache 164 qmails 1 58 0 992K 312K sleep 373:24 0.04% qmail-send 166 qmaill 1 58 0 1360K 304K sleep 155: 38 0.02% splogger 157 root 7 31 0 1704K 496K sleep 302:57 0.02% syslog-ng 192 dnslog 1 58 0 752K 212K sleep 61:06 0.02% multilog 1 68 root 1 44 0 764K 204K sleep 40:44 0.02% qmail-lspawn 14147 root 1 48 0 236K 232K sleep 0:00 160 qmaild 1 58. .. capacity, then your overall site is not working properly For most sites, a core set of components make up the most critical part of your site It might not be a huge problem if your e-mail is being delayed 30 minutes Perhaps you can tolerate customer credit cards not being charged for an hour or two.You probably can’t tolerate customers not being able to place orders for half a day For most sites, the critical... 475 134 _ecomm_ 09 476 6/19/01 12:04 PM Page 476 Chapter 9 • Handling Large Volumes of Network Traffic Introduction Every e-commerce business person has the same dream:You put your site up on the Internet, you do some advertising, and the customers browse your site. The orders begin to arrive and the business is booming.That’s usually when the nightmare begins.What if so many people come to your site that . carefully to see if it meets your needs. For instance, if your Web site is a brochure- only type site that advertises but does not engage in selling products www.syngress.com 134 _ecomm_ 08 6/19/01 12:03 PM. that most precisely fit your need. If your Web site does not www.syngress.com 134 _ecomm_ 08 6/19/01 12:03 PM Page 464 Disaster Recovery Planning: The Best Defense • Chapter 8 465 accept credit cards,. backup media offsite and discussed several offsite rotation schemes. Feel free to implement a hybrid scheme that fits best with your business, but do remember to retain your offsite tapes long