Technology Tap

Cybersecurity Fundamentals : High Availability, Real Resilience Chapter 7

Juan Rodriguez Season 5 Episode 95

Share episode

professorjrod@gmail.com

What keeps a business alive when the lights flicker, a server drops, or an ISP blinks? We pull back the curtain on practical resilience—how continuity planning, capacity, and clear runbooks turn chaos into a minor hiccup—then pressure-test the plan with drills, documentation, and ruthless honesty.

We start by grounding COOP in the messy reality of people and places: cross-training gaps, pandemic downsizing, and the strain of return-to-office on infrastructure that never fully grew back. From there, we break down high availability without fluff—hot, warm, and cold sites, plus cloud recovery that scales on demand. Testing gets real with load and failover exercises, because hope is not a strategy. We go deep on clustering choices (active-active vs. active-passive), health checks, and the power stack that actually carries you through outages: dual PSUs, smart PDUs, UPS coverage, and generators that are not just installed but tested.

Security on paper fails at the door, so we layer physical controls that work in the real world: lighting, sight lines, bollards, access vestibules, badges, biometrics, CCTV, alarms, and trained guards who can respond when seconds matter. We add deception technologies to slow attackers and capture valuable telemetry. A blunt backup story drives the point home—retention policies, daily verification, and restoration drills aren’t optional. Snapshots enable quick rollback; off-site copies protect against building-level incidents; simple file naming saves hours under pressure. We even share personal lessons on NAS setups, cloud sync, and the small frictions that derail good intentions.

If you care about uptime, user trust, and sleeping at night, this conversation gives you a blueprint: map critical services, set real RPO/RTO goals, diversify dependencies, practice failover, and verify backups every day. Subscribe, share with a teammate who owns “the pager,” and leave a review with your best resilience win—or the failure that taught you most.

Inspiring Tech Leaders - The Technology Podcast
Interviews with Tech Leaders and insights on the latest emerging technology trends.

Listen on: Apple Podcasts   Spotify

Support the show


Art By Sarah/Desmond
Music by Joakim Karud
Little chacha Productions

Juan Rodriguez can be reached at
TikTok @ProfessorJrod
ProfessorJRod@gmail.com
@Prof_JRod
Instagram ProfessorJRod

SPEAKER_00:

First, continuing continuity of operations planning or COOP ensures the central functions continue during disruption. This includes backup, communication plans, alternate work locations, and even remote access strategy. Capacity planning is vital too. Assessing your people, systems, and infrastructure to ensure resources meet demands. Don't overlook people, people risk, layoffs, rapid hiring, or lack of cross-training can cripple this. And this is happening, you see this a lot with return to work, where people, some companies are asking you to come in three or four days a week just to start. I just think a lot of them don't have the infrastructure. They downsize so much during COVID that I don't think they have the infrastructure to have everybody in. So they I think they want them to stagger people. Unless you're Chase, right? Chase is building a huge building in I think it's 48th Street and Park Avenue. Everybody's going back to work when that opens up. Next on high availability, it's the holy grail of uptime. System designed to keep running even when components fail. We achieve this through a scalability, elasticity, full tolerance, and redundancy. Let's break this down. Hot sites, fully operational duplicates, ready to take over instantly. This is expensive though. Warm sites, partially equipped, requiring some figuration some configurations, and cold sites, just space and power, slow to activate. Cloud sites are flexible, cost efficient, and globally accessible. Testing matters. Low testing, failover testing, and monitoring validation ensures alerts work before disaster strikes. Then there's clustering. Multiple processing nodes, sharing workloads through virtual IPs. Active passive, one node runs, the other waits. Active active, both handle traffic, boosting performance and fault tolerance. Power redundancy keeps everything running. Do PSUs, manage PDUs, UPS systems, and generators for extended outages. Finally, diversity and defense in depth. Avoid single points of failure. Mix platform vendors and clouds. This not only boosts resistance but encourages innovation and reduces dependency on one supplier. Yeah, even something simple as having two different ISPs for your internet access, right? One is the regular one and the other one is the backup. And usually the backup is at a lower speed, so you know, since then you're not really using it, you're not paying as much. So I, you know, the it might not be as fast if you don't need it to be as fast, but it would it would still let the people have email, which is the most critical nowadays. Uh don't forget deception technologies, honey pots, honey nets, honey flies, and fake telemetry telemetry lure attackers away from the real systems. They can provide valuable forensic insight. To wrap up this segment, resistance is a one-time setup. It's tested through tabletop exercise, bail award drills, and simulations. Documentation ensures lessons learned are captured and improvements made. Now let's talk about physical security. Cybersecurity and physical security go hand in hand. Our firewall won't stop someone with bolt cutters. Physical security is your first line of defense. It protects people, hardware, and infrastructure. Start with site layout, fencing, and lighting. Well-designed environments deter intruders through visibility and barriers. A principle known as crime prevention through environment design. Bowlers, those are those things that they put in the front of the buildings, right? They're like metal poles. So they put, I don't know if they're metal, but concrete, they're concrete. That way you can't drive a car into the building. Those are bollards. Protect from vehicle attacks, fencing defines boundaries, lighting eliminates hiding spots. Next, gateway and locks, both physical and electronic. Man trap or access vestibules prevent tailgating and cable locks to ensure to secure laptops. Access badges and biometric scanners provide accountability. Surveillance plays a critical role. CCTV, motion detector, and even drones now monitor sensitive areas. Pair that with an alarm system, motion, noise, proximity, or duress, using infrared, pressure, microwave, or ultrasonic sensors. Finally, trained armed guards act as both for deterrent and rapid responders, reinforcing your technical controls with human presence. And it's weird because, you know, there's only so much the camera can do, right? A lot of this stuff can do, and then at the end you always need a human because a human is gonna be able to do what? Basically taste the guy out, right? If you if you're having an issue, you know, if somebody's there, you can taste them, you can taste them out. Where if you are, you know, just the camera, the camera can't do anything. You know, the camera is the camera. Um but one of the things I'll say about crime prevention through environmental design is you can have all of these things there, right? But if they if you have something of value, something that they want, something that you know it is that they need, they're gonna they're gonna try their yardness to get in. Even after all these things that you have. You may have all these things there, but if there's something that they want, they're gonna get there. It's just like a home. Right? Protecting your your work, you know, physical security is just like physical security in your home. It's the same concept, right? You want lights, right? You want cameras, you want a fence at home, you have a dog, right? And and then you have you have yourself. But if if you have something that somebody wants, right, if they know that you have a lot of money, they're gonna try to go into your house and take it. So yes, these things are good and they'll slow down the person, and you can get to see who they are and what they are right and what they look like, and you may be able to prevent some stuff, but if you have something of value, people are gonna want to get in. That's just you know, that's the reality of it. All right. Now onto the questions. The way we do it is I ask four questions. I'll read the first one, read the four choices, give you and read it again, and then give you five seconds, and then you answer the question. All right, question number one. Which of the following best describes a warm site? a a fully operational duplicate site ready to take over immediately? B a facility with minimal infrastructure that requires setup before use. C a site with partial equipment and data requiring some configuration, or D. A cloud-based failover environment that scales automatically. I'll read the question again. Which of the following best describes a warm site? A. A fully operational duplicate site ready to take over immediately, B. A facility with minimal infrastructure that requires setup before use. C a site with partial equipment and data requiring some configuration, or D. A cloud-based failover environment that scales automatically. I'll give you five seconds to answer this question. Five, four, three, two, one. And the answer is C. Warm sites have partial equipment and backup but need a digital configuration before becoming operational. Alright, hope you got that right. Question number two. What is the main purpose of snapshots and data protection? A. Encrypting files in transit. B capturing the state of the system for quick restoration. C copying data to a remote site, or D. Compressing backup data. I'll read it again. What is the main purpose of snapshot in data protection? A. Encrypting files in transit. B capturing the state of a system for quick restoration. C copying data to a remote site or D compressing backup data. Give me five seconds to answer it. Five, four, three, two, one. And the answer is B. Snapshots record the state or VM at a specific time, allowing quick rollback after corruption or failure. Alright, did you go for two for two? Let's hope so. Now, number three, what physical control helps prevent tailgating? A security guard, B. Access control vestibule, C motion sensor, D cable lock. I'll read it again. Which physical control helps prevent tailgating? A security camera, B access control vestibule, C motion sensor or D cable lock. I'll give you five seconds to think about it. Five, four, three, two, one. And the answer is B. Access control vestibues or man traps ensure only one person passing through at a time, preventing unauthorized entry via tailgating. Alright, last one, let's go four for four. In a clustering configuration, what is the key difference between active active and active passive setups? A. Active active requires more storage. B active passive has no failover capabilities. C active active shares workloads. Active passive keeps a standby node. Or D Active Passive needs manual intervention to switch nodes. I'll read the question again. In clustering configuration, what is the key difference between active active and active passive setups? A active active requires more storage. B active passage has no failover capability. C active active shares workloads, active passive key to standby node. Or D Active Passive needs a manual intervention to switch nodes. Alright, I'll give you five seconds. Five, four, three, two, one. And the answer is C. Active Active Clusters distribute workloads among nodes, while Active Passive keeps one node in standby for failover. Alright, before we wrap it up today, I just one thing I want to talk about, and it's backups. Guys, if you are in charge of the backups, it is very, very important to make sure that you check your backup every day. Here's a story for you. I knew this one person who was in charge of the backup in his office. And this is a this is really a miscommunication between you know the him and the and the company. And when your company goes cheapo or cheap, this is the result that happens. He was in charge of backing up the mail server, the email server. And one day he came in and the email server was asking him for tape two. So this was the physical, it was connected, the backup drive was connected to a server, so he was doing tape drive. It wasn't, it was before cloud backup. I'm pretty sure now they do cloud. Wait, so he came in and says, hey, put in tape two. So he saw this as a problem because in this company it did not have an email retention policy. So people were having their emails from the 90s. This is I'm talking about back in 2014, 2015, right? And people were were had you know 9-11 folders in their in their email systems, right? About everything that happened on that day. There was no email retention. People were keeping emails forever. So it's part, you know, it's part not having a policy, an email policy, was part of the problem. So anyway, he writes in the email and says, hey guys, we need to buy a bigger tape drive with more capacity, because this tape drive is not backing up all the emails. They come back and they tell him that there's no money for a new tape drive. He's gonna have when he comes in in the morning, he's gonna have to put in tape two. The problem with putting in the tape two is if you are in the office at that time at seven in the morning and it hasn't backed up your stuff, while it's backing up your stuff, it will lock your email.

unknown:

Right?

SPEAKER_00:

Your email's locked. You won't be able to do anything with your email while it's backing up. Depending on how long, how much email that you have, it could be a while before the tape backup backs up everything that you have, and then it releases it releases the file, right? Or the files. So, and to be honest, sometimes he will forget.

unknown:

Right?

SPEAKER_00:

He comes in at 10, something else is at seven, something else is going on, right? He forgets to swap the tape, and then in you know, sometime during the middle of the day, he would realize and he would have to hit, you know, insert tape two, yes or no, he would have to hint no. Unfortunately, he would have to hint no. But like I always tell people, you never know when the backup when you're gonna need it. So apparently, this was going on for a while that he wasn't putting in tape two, and that's his fault, right? Anyway, one day he comes in, the server had crashed, he has to restore from tape. He only has tape one, he doesn't have a tape two tape. So 25% of the people in that office lost their entire email system, right? They wanted to fire him, they wanted to fire him, but since he wrote an email, and this is you know comes back to covering your own your own back, right? Since he wrote an email saying that he needed a tape drive, and they told him no, you kinda you kinda you cannot just blame him, you have to blame the company also for deciding to go cheap. Right? So it's partially their fault, partially his fault. They gave him an alternative. When you come in at 7 o'clock, put in tape too. Apparently he wasn't doing it. So he didn't get fired, but he did get moved out of his group and put in with a different group. Don't know if he got written up. I wouldn't be surprised if he got written up, because that has happened before. Not this exact situation, but when the employees do something that's a little bit egregious, they get written up. And he probably was put on probation, probably, you know, not given a raise that year, probably not given a bonus. You know, this this but luckily like this was like employee number five. Like this company has been around 40 years, maybe now. And he was like employee number five. Like he's he's been with them since the beginning. So I think that that also affected whether they were gonna fire him or not. Because he, you know, he was he was there for a while. But, you know, again, there's consequences when you don't take care of the backup. The backup is the most important, one of the most important things that you have to look out for. And if you are responsible for backups, make sure that that backup backs up every day. That was one of my things that I would do when I was working in tech. My job was to make sure my assigned servers had their backup. And that's the first thing I would do in the morning. I would come in in the morning, check my email, nothing else is going on. I would check the backup, make sure all the backups ran the night before. And if they didn't, fix it, see why, right? Take a note, check it the next day, right? And we'll check it every day. This is a Monday through Friday. This was an everyday procedure. Something went wrong. Maybe they needed to clean the tape head. You asked somebody off-site, a lot of the servers were remote. Hey, can you clean the tape drive? And they would clean it, and then we would try it again the next day, see if that if it worked. If it didn't, after a while, I say, hey, sound the alarm. Tape backup tape is not working. Let's get it fixed. You never know. You never know. So if you're responsible for the backups, pay attention. Make sure that your tapes are good. You know, nowadays most people are doing cloud, right? But if you're listening to this and you work for a small company, probably not doing cloud, probably too expensive for you. So if if that's you, listen to this. I'm telling you, take it from me. You never know when that server is gonna crash. And you're gonna need those tape backups. So make sure that you're doing it every day. And another story I want to tell you about backup is my own personal story. Almost, almost a disaster. I was backing up, I just back up nowadays. You just need to back up really your documents, right? So I have a documents folder and a downloads folder, and I have Google Drive. But the problem, you know, I pay for extra storage. The problem with Google Drive is Google, you know, if you don't name your files right, like me, like I put word file, and I know that I've written it by the date. So I usually search for it by date. So I backed up my stuff to my Google Drive. About a month later, my hard drive crashed, and I had all my papers for my doctoral classes in there, and I needed to repost them on my website. I was supposed to upload them after each class. I was supposed to upload the primary paper that I written, and I didn't never got a chance to do it. So we were at the last the last year of the program, they were going to check to see if you did it. I haven't done it. My hard drive crashed. I was like, geez. But luckily, I had backed up a month prior. I had all of the stuff saved. The only thing I don't save, like, oh, you know, semester one, paper two, right? Which is, you know, and then the year. I don't do that. I just sometimes I just put in like gibberish, you know, like part one paper. So when I downloaded everything out of Google Drive and I put it into the new hard drive, everything was the same date. And you know, most people they search by day. Oh, let me see the day I wrote it. Like I know I wrote it in January, right? Or I know I wrote it in in the fall semester, so it has to be between September and December. Well, now that it was gone, everything was the same date. And I had, and I looked at how many documents I had in total, I had like 5,000 Word documents, right? So I was like, wow, I'm gonna have to go through these, you know, open up one by one, which, you know, until I find out, yeah, there's some that were, you know, it was fine because some of them I can tell by by the title, but it's the ones that I didn't write a proper, you know, file name, which is what I was having the trouble with. Luckily, though, right? I would I was going maybe I was through like 200 of them already, with this daunting task of having to go through at least 5,000 of them. I realized that I put everything through Grammarly to check my grammar, of course. And at Grammarly Premium and it stores it, it saves the file. So, and I just went up there and and all the files were there. So I just had to down, you know, re-download them from Grammarly. I made sure that I put the correct file name. So that's you know, that's the other thing. You know, when you back up your personal backups, right? We talked about the company backup, and somebody might think about company backup. You could also back up on your personal stuff. And I find out, I find most people, and I do a poll in my classes, who who backs up. Most people don't. You know, you have a 20 20 students, you get maybe one or two of them that back up regularly. So, you know, it's it's a problem. We we still don't have that backup mentality in in cyber and in this country, right? We don't we don't really we don't do a good job of backing up, at least our personal devices. And even even I'm guilty of that. You know, I let a couple of months go by before I back up myself. Not that you should be backing up every day. That's for for home computers. No, that's impossible. But you should make an effort. So I I ended up getting a NAS drive, a network attached storage drive, and that's what I back up to. That keeps everything, you know, that's that's more than enough to do it. The only thing is it's a Buffalo one. The only thing is every time Windows does an update, I lose the I lose it. I have to re-enable the connection again. And it happens every time that Windows does an update. And the the guy at Buffalo, he told me that it Windows kind of does it on purpose, or they change, they're trying to lock down on certain stuff as far as security concerned. And, you know, I I come, I if I have an update for Windows, I know I'm gonna lose a connection to my NAS drive and I have to do all the setup, the whole thing again. It doesn't take that long, but still, it's I wish it was, you know, something. But the guy told me, he goes, you'll notice it. He goes, notice it again every time you do a Windows update. You're gonna have to do this again because it Windows does something to it that disconnects it. So, but listen, I have there's many ways to back up. You know, network attached storage, there's the cloud, right? There's tape. There should be no excuse for anybody backing, not backing up their stuff, either home or at work. All right, we covered a lot today. We covered asset management and protection, backup and recovery, redundancy and high availability, and physical security fundamentals. All of these come together to create a resistant organization capable of surviving disruptions, digital or physical. Remember, true security isn't just firewalls and passwords, it's the ability to keep operating no matter what happens. Thanks for tuning in to Technology Tap. Uh Professor J-Rod reminding you to keep tapping into technology. This has been a presentation of Little Tatcha Productions art by Sabra, music by Joe Kim. We're now part of the Pod Match Network. You can follow me at TikTok at Professor J Roll at J R O D, or you can email me at professorjroll at j r at gmail.