How are your backups configured ?
* What are the different backup types such as Full, Differential and Incremental backups .. or maybe even Delta / Block level? What are the pros and cons of the different approaches? What are the consequences? Enough time to finish backup within your backup window? Is there different solution or can your’s be more effective?
Is it enough for a complete restore ?
* What is the minimum for backups to restore a complete system crash or just parts of it? Is there documentation on HOW to do it? Do you have systems that are interdependent and in what order should a restore be done as quickly as possible to return to normal operation again? How does your server-operative behave? Microsoft Windows, Novell NetWare, SUN Solaris, Linux .., they all behave differently at restore.
Or, is it too much backed up ?
* For instance, when restoring a Microsoft Exchange Server, certain things should be excluded that can “entangle” the restore. There are many examples and it requires know how and experience. Backing unnecessary functions and files will cost you time, space and bandwidth. Is it possible perhaps to streamline? Have you backed up a lot of unnecessary private files that occupy time and space on backups? Are your workstations and laptops backed up? If that is the case, how?
Backup log files, who reeads them and manages errors?
* Missing error messages in the backup can have dire consequenses if your critical data is not included when necessary
How are your backup stored and who has access to them ? And when ? Whos responibility is it if the go missing ?
* Remember that all of your company’s data is stored on tapes/media and with the right knowledge it can be used to do you harm.
What guidelines are in place and how they are followed?
* Are there any policies set for overwriting of tapes? From how far back in time is data supposed to be able to be restored? For how long do you have archived data? What does the law state in your case? What guidelines are decided from the top?
Communications
* Fixed connection or ADSL or another and what are the consequences? Frame Relay? Speed? From which provider? should there be redundancy in communication? Routing and Switching? Wireless networks and how secure is it, WEP, WPA, WPA2? VLANs in the switches? Spanning tree? Monitoring of the links?
Firewall
* What firewalls covers your needs? Hardware-based or software based? Microsoft ISA/TMG Server? Linux? FireWall1? NetScreen? Juniper? Clavister ? How should the rules be set up to block malicious traffic? Are rules also applied to outbound traffic? Should there also be a IDS/IPS system? Brute force prevention at the firewall-level or the servers? DMZ and forwarding? Who/what should have access to the firewall? How quickly can they make changes if needed?
The servers
* Will the servers be placed on a separate server network, server LAN or backbone? What is the speed, 100 Mbit, 1 Gbits or 10 Gbits? How you can optimize your speed? Should the network is divided into zones so-called subnets? What is “private IP network”? What is “public addresses”? How does DNS work and who manages it? Need of WINS? How to plan a Microsoft Active Directory or Novell NetWare NDS? Global catalog? What will/should be monitored? With what software? SNMP? Insight Manager? Microsoft SCMM? Where should alarms be sent? How should the alarm be handled?
The users
* Will users be placed on a separate network? What should they able to reach and use of the resources? Are there integrated solutions with useraccounts and Firewall rules? How do we secure the server from brute force attempts and unauthorized access
What guidelines and policies do you vae in place?
* Are there policies in place for what the users are allowd to do and access? Do you have a policy for social medias? Is bandwidth limiting an option ? Restricting sites? How do you manage laptops, VPNs, mobile phones, iPads?
