T 2.101 Inadequate contingency planning for a security gateway

Inadequate contingency planning may significantly worsen problems occurring during security gateway operation and may prolong downtimes.

In addition to the common mistakes frequently made in the context of contingency planning, there are certain special mistakes that can be made with a security gateway that make a fast reaction to security incidents very difficult or even impossible. Some of these mistakes are described in the following.

• In the absence of any plans for actions to be taken in the event of an emergency and corresponding instructions, an efficient reaction is usually not possible at all. For complex systems such as multi-stage security gateways, additional problems may arise if dependencies between individual components are not known or documented or if they are not taken into consideration properly during planning.
• If no replacement parts and/or devices are available for important hardware components and if no corresponding agreements (for example service level agreement or on-site replacement within a guaranteed period) have been concluded with the manufacturers or suppliers, this may cause significant downtimes and cost.
• If there is no or only inadequate documentation of the configuration and the most important operating parameters, it may be very difficult to even restore a functioning configuration after an emergency. Poor documentation may also cause configuration errors to remain unnoticed at first, which may then make extensive troubleshooting necessary when problems occur.
• If the tools and programs required for error diagnostics are not available or if the administrators are not able to properly use these tools and programs, this may cause significant delays.
• If important data is not included in logging, this may make the proper assessment of the type and severity of an incident more difficult or impossible.
• When recovering the system after an emergency, it may be desirable to restore the system using an older configuration. If the versions of configuration data (especially the packet filter rules) are not administered, this may be difficult or even impossible.