CHAPTER 7

RECOVERY STRATEGIES AND TOOLS

1
 Contents

• Preventing Data Loss

• Developing an Effective Data Backup Strategy
• Backup Techniques
• Backup and Recovery Checklist
• Data Backup and Recovery Tools

2
 Preventing Data Loss
• What is meant by Data Loss Prevention?
“Data loss/leak prevention solution is a system that is designed to
detect potential data breach / data ex-filtration transmissions and
prevent them by monitoring, detecting and blocking sensitive data
while in-use (endpoint actions), in-motion (network traffic), and at-
rest (data storage).“[1]

Good definition
http://csrc.nist.gov/groups/SNS/rbac/documents/data-loss.pdf

[1] http://en.wikipedia.org/wiki/Data_loss_prevention_software

3
 Preventing Data Loss-continue
• Organizations should take the following steps to protect data
against loss:

▪ Back up often and wisely:

The most effective thing to do is back up data on a daily basis, but
this can be costly and time-consuming.

For the average business, the percentage of data that changes

daily is between 2% and 5%, so it can save significant time by only
backing up those changes.

▪ Prioritize data for disaster recovery:

An organization should prioritize each system and its related data,
including e-mail, telephones, databases, file servers, and Web
servers.
4
 Preventing Data Loss-continue
Typically, systems are prioritized into three categories:
• redundant (required immediately)
• highly available (minutes to hours)
• backed up (four hours to days)

▪ Archive important data for the long term:

Depending on federal and state regulations, data may be retained
for between 7 and 17 years.

Older data should be stored in a separate physical storage location.

Some businesses will choose a full-service company that picks up,

stores, and delivers the data when it is needed.

5
 Preventing Data Loss-continue

▪ Store data cost-effectively:

Most small-to-midsize businesses do not have available IT resources
to setup and manage a storage solution.

These businesses may wish to purchase an integrated solution.

The up-front cost may be a bit more, but in the long run, the time,
money, and effort spent on a custom solution will be far greater.

6
 Preventing Data Loss-continue
• Identify where holes or exit points where leaks may occur:

▪ Instant messaging (Brosix, Discord, Mattermost, Fleep)

▪ P2P file sharing (e.g. LimeWire case as reported by LA Times)
▪ Media streaming
▪ Web mail (Yahoo mail, Gmail, Hotmail)
▪ USB storage devices (ZDNet story from UK)
▪ Removable drives
▪ Devices connected through external ports (Firewire, serial,
parallel)
▪ FTP server
▪ Printouts

7
 Developing an Effective
Data Backup Strategy
• Three different levels of solution
▪ Data in Motion
Data which uses HTTP, FTP, IM,
P2P and SMTP protocols are
mirrored in the DLP server for
inspection where visibility is
enhanced.

▪ Data at Rest
Data in file servers, databases,
hosts computers set for file
sharing, etc.

▪ Data at End Points

Data which sits on end user hosts
(workstations and notebooks).

8
Developing an Effective
Data Backup Strategy

9
 Developing an Effective
Data Backup Strategy-continue

• Full backup only / System imaging

▪ A full backup makes a complete copy of all data of the business
system
▪ Advantage - minimal time to restore data
▪ Disadvantages - takes longer to perform a full backup and
requires more storage space
▪ Full backups are typically run only periodically
▪ Typically use in combination with either incremental or
differential backups

10
 Developing an Effective
Data Backup Strategy-continue

• Incremental
▪ An incremental backups take backup from more points in
time and organize the data into increments of change
between points in time.
▪ A full backup is made on specific timeframe i.e. weekly or
monthly and incremental backups are made after successive
time periods i.e. daily.
▪ Restore will from the last full backup taken before the data
loss, and then applying in turn each of the incremental
backups since then.

11
 Developing an Effective
Data Backup Strategy-continue

• Differential
▪ Backup the data that has changed since the last full backup.
▪ Advantage - only a maximum of two data sets are needed to
restore the data.
▪ Disadvantage - the time to perform the differential backup
increases when the last full backup was done, i.e.
accumulated changes in data
▪ Restoring an entire system would require starting from the
most recent full backup and then applying just the last
differential backup since the last full backup.

12
 Developing an Effective
Data Backup Strategy-continue

• A successful backup strategy should meet the following

criteria:
▪ Off-site backup
▪ Scheduled backup
▪ Daily notifications
▪ Sufficient space
▪ Data availability at all times
▪ Adequate security
▪ Guarantee from provider
▪ Tested regularly

13
Difference Between Full, Differential and
Incremental Backups

14
 Backup Techniques
• Disk Mirroring
▪ Disk mirroring involves creating an exact bit-by-bit copy of all
data on a physical disk drive.
▪ The mirrored disks are stored off-site and kept synchronized.
This way, if the primary disk fails, important data can be
accessed from the other disk.
▪ Disk mirroring can be done in two ways:
• Synchronous mirroring: The disk is updated on every write
request, which can affect application performance.
• Asynchronous mirroring: Multiple changes to the primary disks
are reflected in the secondary mirrored disk at predetermined
intervals, which does not require an uninterrupted high-
bandwidth connection.

15
 Backup Techniques-continue
▪ Disk mirroring has a few
drawbacks.
▪ If a file is deleted from the
primary disk, it is also deleted
from the secondary disk.
▪ Also, any effects from viruses
or data theft will be
synchronized.
▪ Establishing a disk mirroring
infrastructure may require
additional resources and
continuous maintenance. Disk Mirroring
Source:https://software.fujitsu.com/jp/manual/manualfiles/

16
Backup Techniques-continue

System Disk Mirroring Mirroring between Disk Array Unit

Source:https://software.fujitsu.com/jp/manual/manualfiles/

17
 Backup Techniques-continue

Shared Disk Mirroring Mirroring among Servers

Source:https://software.fujitsu.com/jp/manual/manualfiles/

18
 Backup Techniques-continue
• Snapshots
▪ A storage snapshot contains a set of reference markers that
point to data stored on a disk drive, on a tape, or in a storage
area network (SAN). It streamlines access to stored data and
hastens the data recovery process.

▪ There are two main types of snapshots:

• Copy-on-write snapshot: Creates a snapshot of changes or
modifications to stored data each time new data are entered or
existing data are updated.
• Split-mirror snapshot: Physically clones a storage entity at a
regular interval, allowing offline access and making it simple to
recover data.

19
 Backup Techniques-continue

Copy on Write Snapshot Split Mirror Snapshot

Source: https://technoscooop.wordpress.com/tag/copy-on-write/ Source: https://sites.google.com/site/ujjwalpl/home/snapshots

20
 Backup Techniques-continue
• Continuous Data Protection (CDP)
▪ CDP, also known as continuous backup or synchronous
mirroring, involves backing up data by automatically saving a
copy of every change made to those data.

▪ This creates an electronic record of storage snapshots, with

one storage snapshot for every instant that data modification
occurs, allowing the administrator to restore data to any point
in time.

21
Backup Techniques-continue

Continuous Data Protection (CDP)

Source: https://excitingip.com/770/continuous-data-protection-cdp-back-up-files/

22
 Backup Techniques-continue
• Parity Protection
▪ Parity protection involves creating a parity disk from all the
available disks in the array.

▪ If any disk in the array fails, the parity disk can be used to
recover the data from the failed disk.

▪ Parity protection represents a low-cost and low-maintenance

mirroring infrastructure, but if two drives fail simultaneously,
then the data will be lost completely.

▪ Also, any threat that affects one disk could also affect the
parity disk.

23
Backup Techniques-continue

Parity Protection
Source: https://www.fujitsu.com/global/about/resources/news/press-releases/

24
 Backup and Recovery Checklist
• Backup Checklist

25
Backup and Recovery Checklist-continue

26
Backup and Recovery Checklist-continue

27
Backup and Recovery Checklist-continue

28
Backup and Recovery Checklist-continue

29
Backup and Recovery Checklist-continue

30
Backup and Recovery Checklist-continue

31
Backup and Recovery Checklist-continue
• Storage & Recovery Checklist

32
Backup and Recovery Checklist-continue

33
Backup and Recovery Checklist-continue

34
Backup and Recovery Checklist-continue

35
Backup and Recovery Checklist-continue

36
 Data Backup and Recovery Tools
• Open Source VMware Backup Solution
▪ Keeping several copies of VM data;
▪ Storing VMware backups in multiple locations;
▪ Providing complete copies of systems, down to every last
document;
▪ Being independent and not relying on any single part of
internal infrastructure;
▪ Having the ability to backup applications inside VM as well,
such as databases, ERP, CRM ‘s, etc.

37
Data Backup and Recovery Tools-continue
• Symantec NetBackup PureDisk
▪ NetBackup PureDisk is the deduplication engine for
NetBackup, enabling efficient, storage-optimized data
protection for the data center, remote office and virtual
environments.

▪ PureDisk is ideal for unique environments that require high

performance and scalability.

38
 Summary

• Have considered
▪ Preventing Data Loss
▪ Developing an Effective Data Backup Strategy
▪ Backup Techniques
▪ Backup and Recovery Checklist
▪ Data Backup and Recovery Tools

39
Recommended Textbooks and References

Recommended textbooks:
[1] Corey Schou, Steven Hernandez (2014). Information Assurance Handbook:
Effective Computer Security and Risk Management Strategies, ISBN-13:
978- 0071821650, McGraw Hill.
[2] Disaster Recovery (2011). EC-Council | Press. ISBN-13: 9781435488700,
Cengage Learning.

Recommended reference:
[1] Kim, Michael G.Solomon (2013). Fundamentals of Information Systems
Security (Jones & Bartlett Learning Information Systems Security &
Assurance), 2nd Edition, ISBN-13: 978-1284031621, Jones & Bartlett
Learning.

40