Interested in learning more? Global Information Assurance Certification Paper. Copyright SANS Institute Author Retains Full Rights

Similar documents
USA WESTBOUND LCL SAILING SCHEDULES

The smartest media mix is best left to Science.

TERMS AND CONDITIONS OF THE OFFER FROM SINCLAIR BROADCASTING GROUP (LICENSEE) for the station(s) See Rider A attached (STATION(S))

2017 Pocket Planners

Finding List by Question by State *

Finding List by Question by State

FILED: NEW YORK COUNTY CLERK 10/16/ :27 PM INDEX NO /2014 NYSCEF DOC. NO. 33 RECEIVED NYSCEF: 10/16/2014

NEW YORK CITY 2019 PREVIEW BANDS ORCHESTRAS CHOIRS MUSICAL THEATRE DRAMA PERFORMANCE TOURS EVENT PLANNING & CONCERT PRODUCTION

Outline. flip-flops registers. sorting words values of numbers given in words. using Python lists towers of Hanoi

The Weakest Link: The Human Factor Lessons Learned from the German WWII Enigma Cryptosystem

Stocklmeir Band Schedule

Air Service Schedule Winter October 28, March 30, Schedule information as of Oct 9, 2018

SINCLAIR BROADCAST GROUP (COMPANY) See Rider A attached (STATION) See Rider A attached (DESIGNATED MARKET AREA)

An Interactive Broadcasting Protocol for Video-on-Demand

STAGING CONCEPTS, INC.

Library. Summary Report

An AGL Media Group Publication Celebrating 12 Years. AGL Magazine ABOVE GROUND LEVEL. Small Cell Magazine. Buyers Guide.

2 2 Relay outputs. M DIN W72 H7mm. LE7 Weekly/Yearly timer

Strategic innovation programme IoT Sweden Trend report:

Our circuit is the third largest in the U.S. with 339 theatres and 4,566 screens in 41 states.

AGL Magazine. Towers for Investment New FCC Rules Safety and Broadband Fall Protection THE FAST TRACK. Incident Investigations

RETHINKING SCHOOLS PROOFREADING AND STYLE SHEET (November 2002)

Modified Generalized Integrated Interleaved Codes for Local Erasure Recovery

MLA Format. and Style. Creating a Works Cited Page. Includes: Handout of general guidelines Explanations and examples Sample Works Cited page

Licensed Access: The Smarter Policy for TV White Space and Broadband Internet Access

INFO 1001: CITING RESEARCH DATABASES MLA STYLE

Automatic Construction of Synthetic Musical Instruments and Performers

ALA Webinar August 21, 2013

Barnas International Pvt Ltd Converting an Analog CCTV System to IP-Surveillance

TC-1 Timeclock. Operating and Programming Instructions Thursday, 25 March Lighting Controls for the World we live in

Guide to the Arthur B. and Sally Bruce Kinsolving papers (bulk )

USER DOCUMENTATION. How to Set Up Serial Issue Prediction

Finding aid for the Grand Rapids Public Library underground newspapers collection Collection 256

KACO-display. Wireless Solar Monitoring System. Operating Instructions KACO-display. full of energy...

Arena Mon, 10/23/17 Tue, 10/24/17

2 2 Relay outputs. M DIN W72 H7mm. LE7 Weekly/Yearly timer

RDR 2060 WEATHER RADAR UPGRADE

APA Documentation. Lampe, G. P. (1998). Douglass spoke out: Freedom s voice. East Lansing: University of Michigan Press.

A Naukri.com group company. A Report on Hiring Activity in India. by: Location, Industry and Experience

Important Information

Communication Lab. Assignment On. Bi-Phase Code and Integrate-and-Dump (DC 7) MSc Telecommunications and Computer Networks Engineering

Questions we aim to answer through this Newsletter

Expanding AT&T U-verse with GigaPower SM

Syndication April 2006

Contents. DVR Penetration Ethnic Penetration...4. DVR v. Non-DVR Time Spent With DVR Time Spent By Demo...9

IoT and the Implications for Security Inside and Outside the Enterprise. Richard Boyer CISO & Chief Architect, Security

FILED: NEW YORK COUNTY CLERK 10/16/ :27 PM INDEX NO /2014 NYSCEF DOC. NO. 34 RECEIVED NYSCEF: 10/16/2014

BANDS ORCHESTRAS CHOIRS MUSICAL THEATRE DRAMA 2018 SEASON MUSIC PERFORMANCE TOURS EVENT PLANNING & CONCERT PRODUCTION MASTER CLASSES MUSICAL FESTIVALS

BANDS ORCHESTRAS CHOIRS MUSICAL THEATRE DRAMA 2019 SEASON MUSIC PERFORMANCE TOURS EVENT PLANNING & CONCERT PRODUCTION MASTER CLASSES MUSICAL FESTIVALS

Blockbuster Advertising Campaign By Cara Smith, Chi Kalu, Bill Citro, Tomoka Aono

Let s Get Together. Reading. Exam Reminder. Exam Task

Essential Learning Products

JUDSON. Teacher Booktalks: An Examination of Motivational Influence on Intermediate Grade Readers. Follow Us on Twitter stevenlayne and benzulau 2

RCOA Mandatory Contestability for Phase 1 Customers. 16 December 2016

TRADE DISPUTES INTERACTIVE CASE STUDIES

Enhanced Campaigns: A Post-Apocalyptic Survival Guide. William Goldfarb Sr. Client Manager Dustin Lewis Sr. Client Manager April 24 th 2013

Tour By Denise Scott READ ONLINE


We look forward to working with you in one of our nine venues, traditional and non-traditional, located throughout the Hollywood area.

Music and arts. Fall, winter and spring seasons. September 2017 June 2018

Circular Villages by Zoltan P. Dienes

COMPLETE TISSUE PRODUCTION IMPROVEMENT SYSTEM

Initialisms are abbreviations made from the first letter of each of the words in a title or name.

And You Thought the Printing Press was Important

B106. OBSOLETE SERVICE OFFERINGS - DATAPHONE DIGITAL SERVICE

Table of Contents. Section E: Inspection and Acceptance

10/31/ /20/14 10/20/14

Weekly Time Switch. Rated time Time setting range Time division 24 hrs x 7 days 00:00 to 23:59 1min

Video Storage in Ocularis

Digital Real Time Recording VCR

South County High School Library s MLA 8th Edition Citation Guide

800 MHz Band Reconfiguration

EXECUTIVE SUMMARY. MARKET DYNAMICS CHINA CINEMATIC rd QUARTER

Formatting Instructions for the AAAI Fall Symposium on Advances in Cognitive Systems

Chapter 3 Answers. Problem of the Week p a)

Music Forum Information MUS 1010 All Sections; Zero Credit Fall Goals and Objectives. The goals of Music Forum are to:

Mosaic 1.1 Progress Report April, 2010

DEPARTMENT OF FINE ARTS

Archives and Special Collections. Dickinson College. Carlisle, PA COLLECTION REGISTER. Name: Walker, Paul R. ( ) MC 2003.

Prospects of Digital Broadcasting and Convergence Services. - The Essential and Expanding Role of Broadcasting September 02, 2010

Recovering and Relaying Cables

Riverdance - 20th Anniversary Tour Spring 2018

Coding Productivity & Audit. Laura Dornsife Director, Coding & Revenue Cycle Support

EdgeX Foundry. Facilitating IoT Interoperability by Extending Cloud Native Principles to the Edge GLOBAL SPONSORS

Transition Notebook for the [LIBRARY NAME] Library

Greetings and welcome to the Illumination show choir season!

Fourth Quarter 2018 / Office Market Report. Los Angeles

Employment Cost Index Original Data Value Series Id: Seasonally adjusted Series Title: Ownership: Component: Occupation: Industry: Subcategory:

Pioneer Trail Middle School. Choir Handbook Mr. Eric Newlin Director of Choirs

1 Overview. 2 Specifications. 3 Installation Instructions. HPT724 Programmable LCD Timer PN 52765:A 1/25/06 ECN Product Installation Document

Thank you for your inquiry about the Bennett & Giuttari continuo organ, built and sold exclusively by the Harpsichord Clearing House.

COURSE TITLE : Safety and Health Officer COURSE CODE : SHO / SHOM / SHOP COURSE DURATION : 22 day(s) / hour(s)

Hannah Montana and Miley Cyrus: Best of Both Worlds Concert Tour in Disney Digital 3D

ipl2 Reference by Megan McCrery

Level 1 Mathematics and Statistics, 2011

Before attempting to connect or operate this product, please read these instructions carefully and save this manual for future use.

2017 Season (Mar Dec) Submission Information

CS5334 CS Bit, Stereo A/D Converter for Digital Audio &5<67$/6(0,&21'8& '8&76',9,6,21 352'8&7,1)250$7,21 DS237PP2 NOV 96

No online items

About us. pioneers trendsetters leaders. Started in 1956 by L.V.Prasad Actor, Director and Producer. Prasad Corporation

Transcription:

Global Information Assurance Certification Paper Copyright SANS Institute Author Retains Full Rights This paper is taken from the GIAC directory of certified professionals. Reposting is not permited without express written permission. Interested in learning more? Check out the list of upcoming events offering "Security Essentials Bootcamp Style (Security 401)" at http://www.giac.org/registration/gsec

GSEC Practical Version 1.2e SANS 2001 Baltimore Stephen Lennon Aug. 2001 Backup Rotations A Final Defense Defense in depth is an important strategy in protecting and securing your network infrastructure. However, many organizations are just beginning to create a more secure environment and have a limited amount of defensive lines presently installed. With this being the case, the last line of defense that the organization has, and possibly the most important because in many organizations it is all they have, is an effective backup strategy. In the GSEC Paper How to Implement an Effective Backup Solution: A Companies True Story by Wanda Jackson we were presented with the different types of backups (full, incremental, differential). However, even if you are doing backups and you have verified your backups, can you recover the information that is needed in the event of an emergency? If an intrusion incident occurs, will your organization be able to revert to an earlier version or recover with your present backup rotation strategy. Will you have already reused the media that has the data that someone wishes to recover? Or will all your backups be compromised and you have no fall back point? What we will look at in this paper are the different ways to rotate your backup media to aid in recovering either your system in the event of an intrusion or data in the event of an accident or other deletion or failure in the system or disaster. What you choose for a backup rotation strategy will be based upon balancing three specific areas against your business needs and goals. The three areas are Retention Length, Availability and Integrity. Defining several terms will assist in evaluating what will be an appropriate strategy for protecting your organization s data. Retention time is defined as: How long do you want to keep your media before you reuse it? Also included in this the implied concept of how far back into the past will you want or will you need to go to recover what you need? Availability is defined as: How often over a period of time can you recover files? For example, how often over a two week period could a file be recovered? Integrity is defined as: Can you recover the file that is needed? For this paper Backup Media will be defined as the type and amount of media required to complete a backup in a given night. For example, if your system requires two tapes to complete a backup those two tapes are a media set. Aeleen Key Frisch fingerprint Essential = AF19 System FA27 2F94 Administration 998D FDB5 wrote DE3D..it s F8B5 best 06E4 to A169 have five 4E46 sets of tapes that you reuse each week; if you can afford it, you might even have 20 sets that you rotate through every four weeks (Frisch. p.472). Let s look at some of the different rotation strategies that we can apply to protecting our data.

There are several rotation strategies that can be used. Each strategy has it s own benefits and costs. Below is a list of the strategies and some variations to those strategies that will be discussed. 1. Father/Son a. Basics b. 6 Tape Strategy c. 10 Tape Strategy 2. Grandfather/Father/Son a. Basics b. 10 Tape Strategy c. 19 / 24 Tape Strategy 3. Tower of Hanoi 4. Incremental Rotation Father/Son A basic Father/Son rotation consists of four tapes used daily and two tapes used on successive Fridays. Some combination of full/incremental/differential backups will be used on the Monday Thursday series, and a full backup will be run on Fridays. (to start the process an initial full backup should be made). Tape1 Tape 2 Tape 3 Tape 4 Tape5 Tape1 Tape2 Tape3 Tape 4 Tape 6 Recovery in this scenario is limited to a maximum of six days. Your daily file recovery is also limited to a maximum of six days. It also is putting extensive wear on the main weekday media. So your retention length is short but your availability over the short term is high. A modification of the above strategy is to use ten tapes. This increases your daily file recovery length to ten days and increases your maximum recovery length to ten days. Tape 1 Tape 2 Tape 3 Tape 4 Tape5 Key Tape fingerprint 6 = AF19 Tape FA27 7 2F94 998D Tape FDB5 8 DE3D F8B5 Tape 906E4 A169 Tape 4E46 10 This will also decreases the wear on the Monday through Thursday tapes.

Grandfather/Father/Son A second method, the Grandfather/Father/Son, works in much the same way with four rotating daily media. Each successive Friday uses a different backup media, three tapes for three successive Fridays. An additional three media set for three consecutive monthly backups is added to the rotation, this is the Grandfather set. The rotation strategy in its simplest form uses only 10 tapes. The daily tapes are reused each week. The three Friday tapes are rotated through the month and on the fourth Friday of the month one of the monthly (grandfather) tapes is used. This allows for a maximum possible recovery back to the third month, about 90 days after you have completed the full rotation and are one month into the second rotation. But the short-term daily backup is limited to only six days back. However, by the end of the third month s rotation you have now created an image of the end of five consecutive weeks (one of which is the monthly at the end of month two) and an additional monthly backup from the first month. This increases your ability to fail/fall back to a known good state in the event of an incident. With these three extra monthly tapes you now have six good fall back points in addition to the four days of the week. Tape 1 Tape 2 Tape 3 Tape 4 Weekly 1 Tape 1 Tape 2 Tape 3 Tape 4 Weekly 2 Tape 1 Tape 2 Tape 3 Tape 4 Weekly 3 Tape 1 Tape 2 Tape 3 Tape 4 Monthly 1 A more extended rotation could use nineteen backup media. With nineteen media sets you will have the same short term recovery timeline as with the 10 tape rotation, about six days, however, you will have increased your monthly (grandfather) to twelve and will now have a full year worth of monthly backups. With Key the fingerprint increase of = four AF19 additional FA27 2F94 tapes 998D you FDB5 can create DE3D a deeper F8B5 06E4 short-term A169 recovery 4E46 and reduce wear on your tapes by creates a Mon2-Thurs2 set of tapes. This creates immediate short-term recovery of eleven days but still leaves one backup media for each month as a recovery point.

Tower of Hanoi A third method is the Tower of Hanoi. It is a more complex method of rotation. The Tower of Hanoi rotation is taken from the mathematical game of the same name. At this point a short description of the game is probably in order. The Tower of Hanoi is a game that has three posts in a row. The left most post has an N number of disks in increasing size from the bottom to the top and the other two posts are empty. The object is to move the N number of disks from post 1 to post 3, but never putting a larger disk on top of a smaller disk. You are also only allowed to move one disk at a time. Let s look at how you solve the Tower of Hanoi. It is well known that the optimal solution of the Towers of Hanoi with N disks requires 2 N -1 moves. (Art of Prolog) We will look at just the following three scenarios 3,4, and 5 backup media sets. The table below is a rotation for N=3 disks labeled A B C and for Posts labeled 1, 2 and 3, where 1 is the left-most post and 3 is the right most post and is also the destination for the disks. A is the smallest disk and C is the largest disk. For the first set we will explain the full run. (see first table below) A is moved from Post 1 to Post3, then B is moved to post 2. We then move A to post 2 on top of disk B. We now have C on post one and A on top of B on Post 2. We then move C to post 3, and move A from on top of B on post 2 to post one. This allows us to move disk B to post three and finally A to post 3. Disk A B A C A B A Post 3 2 2 3 1 3 3 In the above example three pieces of backup media are used. The longest recovery date will be seven days (C being the oldest media in the run). However, the short-term file recovery is limited to only two days. If we take this scenario another step further by adding another tape to the rotation. Disk A B A C A B A D A Post 2 3 3 2 1 2 2 3 3 Disk B A C A B A Post 1 1 3 2 3 3 By increasing our backup media by one we now have increased our long-term storage to a maximum of fourteen days. Our short-term storage is still two days, but also includes a fourth

day back. This then yields recoverable days of 1,2,4,8 (or 15 depending where you are in the rotation cycle). If we add just one additional backup media we end up with the following scenario. Applying the formula 2 n -1, where n=5 we end up with a thirty one day rotation. Disk A B A C A B A D A Post 3 2 2 3 1 3 3 2 2 Disk B A C A B A E A B 1 1 2 3 2 2 3 1 3 Disk A C A B A D A B A Post 3 1 2 1 1 3 3 2 2 Disk C A B A Post 3 1 3 3 This now creates a maximum long-term file recovery of thirty one days and the following shortterm recovery: Days 1,2,4,8,16. The Tower of Hanoi strategy is an effective method of backup for creating the longest possible recovery situation with a limited number of backup media. In the Grandfather/Father/Son with 10 tapes we had a situation where we had effective short-term recovery of eleven days but we were limited to 90 days of long-term recovery. However, with a ten media set scenario, for the Towers of Hanoi we would have a short-term backup of only two days. But we would have ten fall back points with the oldest tape being 1023 days old. Rotation is as follows: 1,2,4,8,16,32,64,128,256,512 and 1023 at the furthest end of the rotation. The biggest two drawbacks of the Tower of Hanoi rotation is the wear and tear on the more daily backup media, the ABCD media sets, and the reduced short-term file recovery. The benefit is that you can, with a very small number of media sets, create an exceptionally long-term recovery strategy. In this scenario an automated backup log is absolutely required because of the complexity of the rotation and as additional tapes are added the rotation will become increasingly cumbersome to do manually. We would not want our backup operators going crazy. Incremental Rotation The incremental rotation is a sets of media labeled from one to N, where N is the last media set. The initial backup is done on media set one and continues forward through the first week.

Tape 1 Tape 2 Tape 3 Tape 4 Tape 5 Tape 2 Tape 3 Tape 4 Tape 5 Tape 6 At the beginning of the next week we pull the first used set from the previous week out of the rotation and store. Then add the next higher media set number to the end of the rotation. This yields a short-term recovery time of five or six days depending upon when the failure occurs. With twelve media sets you will have seven weekly backup sets before you start the rotation over again. The benefit of this rotation is a reduced wear on media. The media sets all rotate in and out of the cycle equally. However, you will have to use more media sets to achieve the same long-term recovery of the GFS strategy. However, it is fairly easy to implement and with only ten tapes you have a deeper recovery than is possible with just the Father/Son strategy (five weekly sets back as opposed to only one in the Father/Son). Conclusions It is definitely important to be able to recover files over the short-term. However, it is also necessary to be able to recover some files, or even an OS drive in the event of either intrusion or loss of file(s). I have seen instances and have had instances where having three and eight-month old backups were the difference between a successful recover and failure (and maybe keeping your job!!). As we have seen there are several different backup rotation strategies. The one that works the best for you may not be what works best for another site. However, with the above information you should be able to find a strategy that, with some tuning will allow you to meet the recovery needs of your organization. A parting thought from one of the books that I read through during this process. It may take a week or a month to realize that a file has been deleted. Therefore, you should keep some backup media for a week, some for a month, and some for several months... After all, tape is cheap, and rm is forever. Keeping a yearly or a biannual backup forever is a very small investment in the event that it should ever be needed again (Garfinkel. p.108).

Citations / References Feidler and Hunter, Revised by Ben Smith. Unix System V Release 4 Administration 2ed. Hayden Books, 1991. Frisch, AEleen. Essential System Administration 2 nd Edition. O Reilly and Associates, 1995. p 472. Garfinkel, Simson and Spafford, Gene. Practical Unix Security. O Reilly & Associates, 1991. p.108. Jackson, Wanda. How to Implement an Effective Backup Solution: A Companies True Story. http://www.sans.org/infosecfaq/sysadmin/backup.htm Kern, Johnson, Hawkins, Law with William Kennedy. Managing the New Enterprise. SunSoft Press A Prentice Hall Title, 1996. Sterling, Leon / Shapiro, Ehud. The Art of Prolog. MIT Press Series in Logic Programming, Massachusetts Institute of Technology, 1986 p. 65. Seagate Web Site. Tape Rotation Schemes. URL: http://www.seagate.com/products/tapesales/backup.a2g1.html Mateyaschuk, Jennifer. Backup Plans Become Critical. Information Week. January 11, 1999. URL: http://www.informationweek.com/716/16iubkp.htm NIST Web Site URL: http://hissa.nist.gov/dads/html/towershanoi.html Amarillo Datasafe Web Site. Backup Rotation Methods. URL: http://www.amaonline.com/dlps/backup_rotation.htm Lanscape Web Site. Tape Backup Strategy. URL: http://www.lanscape.com.au/support.backup.htm Koller, Mike. Service Takes Collective Approach to Backup. Internet Week. July 10, 2000. URL: Http://www.internetwk.com/story/INW20000710S0008 Unix Systems Independent Learning (USAIL) Backups. 12 May 1999. URL: www.uwsg.indiana.edu/usail/index/backup.html University of Melbourne Academic and Corporate Services IT. 25 June 2001. URL: http://www.acs.unimelb.edu.au/backups/strategy.html

Last Updated: November 8th, 2018 Upcoming Training SANS Osaka 2018 Osaka, Japan Nov 12, 2018 - Nov 17, 2018 Live Event SANS San Diego Fall 2018 San Diego, CA Nov 12, 2018 - Nov 17, 2018 Live Event SANS Mumbai 2018 Mumbai, India Nov 12, 2018 - Nov 17, 2018 Live Event Mentor Session AW - SEC401 Baltimore, MD Nov 13, 2018 - Dec 18, 2018 Mentor SANS San Francisco Fall 2018 San Francisco, CA Nov 26, 2018 - Dec 01, 2018 Live Event SANS Austin 2018 Austin, TX Nov 26, 2018 - Dec 01, 2018 Live Event Austin 2018 - SEC401: Security Essentials Bootcamp Style Austin, TX Nov 26, 2018 - Dec 01, 2018 vlive SANS Nashville 2018 Nashville, TN Dec 03, 2018 - Dec 08, 2018 Live Event SANS Santa Monica 2018 Santa Monica, CA Dec 03, 2018 - Dec 08, 2018 Live Event SANS vlive - SEC401: Security Essentials Bootcamp Style SEC401-201812, Dec 11, 2018 - Jan 29, 2019 vlive SANS Cyber Defense Initiative 2018 Washington, DC Dec 11, 2018 - Dec 18, 2018 Live Event Community SANS Burbank SEC401 Burbank, CA Jan 07, 2019 - Jan 12, 2019 Community SANS SANS Sonoma 2019 Santa Rosa, CA Jan 14, 2019 - Jan 19, 2019 Live Event SANS Amsterdam January 2019 Amsterdam, Netherlands Jan 14, 2019 - Jan 19, 2019 Live Event Community SANS Toronto SEC401 Toronto, ON Jan 14, 2019 - Jan 19, 2019 Community SANS Sonoma 2019 - SEC401: Security Essentials Bootcamp Style Santa Rosa, CA Jan 14, 2019 - Jan 19, 2019 vlive Mentor Session - SEC401 Columbia, SC Jan 15, 2019 - Feb 26, 2019 Mentor Mentor Session - SEC401 Jacksonville, FL Jan 19, 2019 - Feb 23, 2019 Mentor Community SANS Omaha SEC401 Omaha, NE Jan 21, 2019 - Jan 26, 2019 Community SANS SANS Miami 2019 Miami, FL Jan 21, 2019 - Jan 26, 2019 Live Event Mentor Session - SEC401 Cleveland, OH Jan 23, 2019 - Mar 06, 2019 Mentor SANS Las Vegas 2019 Las Vegas, NV Jan 28, 2019 - Feb 02, 2019 Live Event Mentor Session - SEC401 Des Moines, IA Jan 28, 2019 - Feb 27, 2019 Mentor Mentor Session - SEC401 Richmond, VA Jan 31, 2019 - Apr 04, 2019 Mentor SANS Security East 2019 New Orleans, LA Feb 02, 2019 - Feb 09, 2019 Live Event Community SANS Raleigh SEC401 Raleigh, NC Feb 04, 2019 - Feb 09, 2019 Community SANS Security East 2019 - SEC401: Security Essentials Bootcamp Style New Orleans, LA Feb 04, 2019 - Feb 09, 2019 vlive SANS London February 2019 London, United Feb 11, 2019 - Feb 16, 2019 Live Event Kingdom SANS Northern VA Spring- Tysons 2019 Vienna, VA Feb 11, 2019 - Feb 16, 2019 Live Event SANS Anaheim 2019 Anaheim, CA Feb 11, 2019 - Feb 16, 2019 Live Event SANS New York Metro Winter 2019 Jersey City, NJ Feb 18, 2019 - Feb 23, 2019 Live Event

2024 © artsdocbox.com Privacy Policy | Terms of Service | Feedback