You've probably seen numerous stories in the media about Web sites being defaced, altered or wiped out due to an intrusion. Many of these sites practiced reasonable security measures; they just happened to have overlooked a hole or two, or were behind on applying updates and patches. This activity should serve as a warning and as a sobering reminder that even the best intentions to protect the security of your Web site can be less than effective.
You must remain vigilant in shoring up the security of your Web servers. As the value, confidentiality and privacy of the data found on those systems increases, so does the need to provide adequate protection. But what happens if you do your best and your systems are still compromised? Well, hopefully you have a reliable backup.
Backups are an essential part of maintaining the availability of data for any network or computer system, and Web servers are no different. You should have a specific backup policy and procedure in place to provide protection for your Web hosted files. In the event that your Web system is simply defaced or vandalized, you'll have a quick path to restore the system back to its original state. In the event that your Web system is severely damaged, you'll have the data to rebuild the system on another system quickly. If you've never had the pleasure of rebuilding a complex Web system from scratch, I don't recommend putting yourself in the position to experience it.
In addition to standard daily backups, I would recommend creating a Web server mirror. This secondary system can be placed anywhere within your network so that it has one-way access to pull files from the primary Web server. This Web mirror will serve as a near real-time backup and can be used in an emergency as an instant swap-out replacement system if the primary Web server fails for any reason (malicious or not).
About the author
James Michael Stewart is a partner of ITinfo Pros, Inc., a technology-focused writing and training organization.