Data Protection and Backups

data protection and backups

• explain the necessity for backup

• describe backup scope and methods

• describe the different RAID levels

• explain the need for data storage policies

data’s role in business

• data are the principal element of any information system

• businesses gather enormous amounts of data

  • information is then extracted for decision making

  • data are valuable assets that are core components of a larger corporate strategy

  • source code, intellectual property, user data, etc,.. must all be protected

sony data breaches

• series of attack against sony corp:

  • lost data for 100+ million user accounts

  • shut down the PlayStation network

• subsequent SQL injection attack:

  • 1 million usernames and passwords stolen

  • passwords stored as plaintext

  • included names, e-mail addresses, phone numbers, dates of birth, music coupons, layout of the databases, and maps of sony’s internal corporate network

data protection and backup: Importance

in an incident, you may lose all data that is not backed up

data protection and backup: Threats That Are Addressed by Backup

• mechanical hard drive failure or damage in a fire or flood

• data on lost or stolen computers is not available to the organization

• malware (including ransomware) can reformat or encrypt the hard drive or other data destruction

scope of backup

• fraction of information on the hard drive that IS backed up

scope of backup: File/Directory Data Backup

• select data files and directories to be backed up

• do not forget items on the desktops

• not good for programs

scope of backup: Image Backup

• everything, including programs and settings

• image backup is very slow

• data files change the most rapidly, so doing several file/directory data backups for each image backup may be appropriate

scope of backup: Shadowing

a backup copy of each file being worked on is written every few minutes to the hard drive, or to another location

full backups

• all files and directories

• slow, so it is typically done weekly

incremental backups

• only records changes since the last backup

• fats, so usually done daily

• do incremental backups until the next full backup

restoration order

• restore the full backup first

• then restore incremental backups in the order created, otherwise, newer files will be overwritten

generations

• save several generations of full backups

• usually do not save incremental backups after the next full backup

centralized backup schema

• local backup on individual PCs difficult to enforce

• centralized backup provides backup labor and enforcement

Backup Technologies: Continuous Data Protection (CDP)

• used when a firm has two server locations

• each location backs up the other in real time

• other site can take over very quickly in case of a disaster, with little data loss

• requires expensive high-speed transmission link between the sites

backup approaches

• PCs back up one another

• data is stored redundantly

• security issues must be addressed

backup media: magnetic tape

slow but cheap per bit stored

backup media: second hard drive on computer

• very fast backup

• but lost if computer is stolen or burns in a fire

• backup up on tape occasionally for archival (long-term storage)

backup media: Optical Disks (DVDs)

• all users have optical disk burners

• dual-layer DVDs offer about 8GB of capacity

  • often not enough, user may have to insert additional disks to do backup

• backup up to a second client PC hard drive; then occasionally back up onto optical disks

• the life of information on optical disks is unknown

cloud storage, backup, and recovery solutions

NAS Network Attached Storage

Disk Arrays - RAID (Redundant Array of Independent Disks)

• multiple hard drives within a single system

• increased reliability and performance

• a single hard drive failure will not necessarily precipitate data loss

• multiple disks can be written to simultaneously

RAID Levels

ways of configuring multi-disk arrays

striping

• writing data simultaneously across multiple disks

• very fast, but no reliability

• one disk failure will cause COMPLETE data loss

mirroring

• creating an exact copy of a disk at the same time

• data transfer speeds remain nominal

• virtually no data loss, but more costly to buy additional hard drives

Raid Levels: NONE

• minimum number of disks needed: 1

• parity: no

• striping: no

• redundancy: no

• data transfer speed: normal

• cheap to implement

• slow access speeds

• cannot recover from disk failure

Raid Level: RAID 0 (STRIPING)

• minimum number of disks needed: 2

• parity: no

• striping: yes

• redundancy: no

• data transfer speed: very fast

• very fast access speeds

• cannot recover from disk failure

• additional disks increase capacity

• costly to implement

• striping used across disks

Raid Level: RAID 1 (MIRRORING)

• minimum number of disks needed: 2

• parity: no

• striping: no

• redundancy: yes

• data transfer speed: normal

• mirrored disk does not increase total storage capacity

• CAN recover from disk failure

• very costly to implement for a large number of drives

Raid Level: RAID 5 (DISTRIBUTED PARITY)

• minimum number of disks needed: 3

• parity: yes

• striping: yes

• redundancy: yes

• data transfer speed: fast read, slow write

• can recover from one lost disk, but not two

raid level 5 recovery

• part 1 and part 2 are used to compute parity 1&2

• part 3 and parity 3&4 are used to compute part 4

• parity 5&6 and part 5 are used to compute part 6

• recovered disk 3 is identical to the lost disk 3

recovery times and acceptable data loss

• short RPO times are more costly, but less data is lost

• short RTO times are more costly, but normal operations are restored more quickly

backup management policies: Backup Creation Policies

• understand current system and future needs

• create policies for different types of data and computer

• what should be backed up, how often, and how frequently to test restorations, etc,..

backup management policies: Restoration Policies

• do restoration tests frequently

backup management policies: Media Storage location Policies

• store media at a different site

• store backup media in a fireproof and waterproof safe until it can be moved offsite

backup management policies: Encryption Policies

• encrypt backup media before moving them so that confidential information will not be exposed if the tape is stolen or lost

backup management policies: Strong Access Control Policies for Backup Media

• checkouts are rare and therefore suspicious

• checking out media can result in their loss and the damages that come with this loss

• the manager of the person requesting the checkout should approve the checkout

backup management policies: Data Retention Policies

• there are strong legal requirements for how long certain types of data must be kept

• the legal department must get involved in retention policies

backup management policies: Auditing Policy Compliance

• all policies should be audited

• includes tracing what happened in samples of data

benefit of email retentions

• major part of corporate memory

• often need to retrieve old mail for current purposes

dangers of retention

• legal discovery process

• defendant must supply relevant emails

• potentially very damaging information

• always expensive

• even if very expensive to retrieve, firms must pay whatever is necessary to do so

accidental retention

• even if firms delete email from mail servers

• may be stored on backup tapes

• users will often copies on their own computers

legal archiving requirements

• many laws require retention

• securities and exchange commission

• many labor laws

• involuntary terminations

• public information about job openings

• medical problem complaints that may relate to toxic chemicals

• laws vary in duration of storage requirements

• fines or summary judgments if fail to retain and produce required emails

US Federal Rules of Civil Procedure

• specify rules for all US federal civil trials

• specifically address electronically stored info

• initial discovery meeting

• defendant must be able to specify what information is available

• comes shortly after civil lawsuit begins

• unless carefully thought through beforehand, will fail

• holds on destruction

• must be put in place if it is foreseeable that a lawsuit will soon begin

• must have string hold procedures to place holds on electronically stored info

archiving policies and processes

• must have them

• must reflect a firm’s legal environment

• must be drawn up with the firm’s legal department

message authentication

• spoofed messages can frame employees or the firm itself

• need message authentication to prevent spoofed sender addresses

user training

never put anything in a message that you would not want seen in court, printed in the newspaper, or read by your boss

spreadsheet security

• spreadsheets are widely used and the subject of many compliance regulations

• need for security testing

• spreadsheet vault server to implement controls

• the vaul server stores spreadsheets and strongly controls access to them (AAA)

databases

• often used in mission-critical applications

• require additional security precautions

• relational databases: tables (relations) with rows (records) and columns (attributes)

• as discussed earlier; avoid SQL injection attacks

databases pt. 2

• restrict access to data

• restrict users to certain columns (attributes) in each row

• for instance, deny access to salary column to most users

• limit access control to rows

• for instance, only rows containing data about people in the user’s own department

databases pt. 3

• restrict level of detail

• prevent access to individual data

• allow trend analysts to deal only with sums and averages for aggregates such as departments

• restrict info about the structure of the database itself (data model)

• knowledge about the data model can make SQL injection much easier

Database Access Control

• restrict access to databases via database management systems (e.g. microsoft SQL Sever, MySQL, IBM DB2, Oracle, etc,…)

• rename administrator account, disable guest/public accounts, lowest possible permissions necessary

SQL Injection Attacks

• data must be sanitized to remove unacceptable characters

• stored procedures can be used to sanitize and validate incoming data

auditing

• collect info about users’ interactions with databases

• policy driven, reflecting legal and regulatory obligations

what should be audited?

logins, changes to the database, warning, exceptions, and special access

trigger

code that is automatically run when changes are made to a database

Data Definition Language (DDL) trigger

used to produce automatic responses if the structure of the database has been altered (e.g. create new table, drop a table, alter properties of an existing table)

Data Manipulation Language (DML) trigger

used to produce automatic responses if the data has been altered (e.g. data are inserted, updated, or deleted)

data protection - encryption

• makes data unreadable to someone who does not have the key

• prevents theft of private or trade secret info

• may reduce legal liability if lost or stolen data is encrypted

what to encrypt

• files and directories

• the entire disk

key escrow

• loss of the key is disastrous (cannot be reset)

• stores a copy of the key in a safe place

• bad if managed by user

  • may not do it

  • may not be able to find it

  • if fired, may refuse to give it, locking up all data on the computer

• central key escrow on a corporate server is better

strong login authentication is needed

• encryption is transparent to logged-in users

  • once a user is logged in, they can see all encrypted data

• protect with strong password and/or biometrics

  • ensure that the password is not lost

file-sharing problems

file sharing may be more difficult because files usually have to be decrypted before sending them to another computer

Data Loss Prevention (DLP)

a set of policies, procedures, and systems designed to prevent sensitive data from being released to unauthorized persons

data collection

most companies collect more data than they can adequately protect

Personally Identifiable Information (PII)

• private employee or customer info that can be used to uniquely identify a person

• PII includes full names, SSN, addresses (online and offline), photo, date of birth

data masking

obscuring data such that it cannot identify a specific person, but remains practically useful

spiders (crawlers)

navigate the Web gathering, organizing, and indexing web content

web scraper

• tool that extracts predefined data from specified web pages

• can aggregate extracted data from multiple websites

mashup

combining data from various sites or applications

restrictions

• attempt to restrict what users can do to documents, in order to reduce security threats

• embryonic

digital rights management (DRM)

• prevent unauthorized copying, printing, etc.

• may not be able to see parts of documents

data extrusion management

• attempt to prevent restricted data files from leaving the firm without permission

• watermark with invisible restriction indicators

• can be notified if sent via email attachments or FTP

• if each document is given a different watermark, can forensically identify the source of a document leak

• traffic analysis to look for unusually large numbers of outgoing files sent by a user

removable media controls

• forbid the attachment of USB RAM drives and other portable media

• reduces user abilities to make copies

perspective

• have proven difficult to enforce

• often reduces functionality in uncomfortable ways

• companies have been reluctant to use them

social networking

• so not discuss work on personal blogs

• be cautious about info posted on professional networks

• USG classified environments - totally different set of rules

data destruction

• necessary

• backup media are not needed beyond their retention dates

• reformatting the hard drive is not enough