S 6.91 Data backup and recovery on routers and switches
Initiation responsibility: Head of IT, IT Security Officer
Implementation responsibility: Administrator
Routers and switches should also be integrated into the overriding data backup concept. In this context, backing up the configuration files is of particularly high importance.
For active network components, backing up file systems is not possible. If configuration files are often stored to and also loaded from separate servers within the framework of central administration, these servers may be used for the purpose of backing up the data. The configuration files on these servers must be protected against unauthorised access. This is particularly applicable if the configuration files contain passwords in clear text.
If a TFTP server is used for backing up the configuration files, this server must only be available in the administration network. Alternatively, PCMCIA storage inserts may also be used with some systems in order to backup the data.
In order to be prepared for using the data backup, regular recovery drills for restoring the backup must be performed (see also S 6.41 Training data reconstruction).
Further applicable safeguards:
S 6.36 Stipulating a minimal data backup policy
S 6.37 Documentation of the data backup
S 6.35 Stipulating data backup procedures
S 6.41 Training data reconstruction
Review questions:
- Have the routers and switches been taken into consideration in the organisation's overriding data backup concept?
- Is the data of the configuration files backed up regularly?
- Is the TFTP server, if used, only available in the administration network for backing up the configuration files?
- Are the recovery drills for configuration backup restoration performed regularly?