Presentation is loading. Please wait.

Presentation is loading. Please wait.

CS 591 - Nicholis Bufmack Secure Storage Servers Secure Storage Servers An Intrusion Recovery System.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "CS 591 - Nicholis Bufmack Secure Storage Servers Secure Storage Servers An Intrusion Recovery System."— Presentation transcript:

1 CS 591 - Nicholis Bufmack Secure Storage Servers Secure Storage Servers An Intrusion Recovery System

2 CS 591 - Nicholis Bufmack The Situation After a security breach, compromised files must be restored and the system must be returned to a stable, secure state. After a security breach, compromised files must be restored and the system must be returned to a stable, secure state. This requires an efficient, secure intrusion recovery system. This requires an efficient, secure intrusion recovery system.

3 CS 591 - Nicholis Bufmack The Standard Solution Standard solutions use a file system integrity check that involves periodically generating a checksum or hash (MD5, for instance) and comparing the files after a break-in. Standard solutions use a file system integrity check that involves periodically generating a checksum or hash (MD5, for instance) and comparing the files after a break-in. Files with an inconsistent signature can be restored. Files with an inconsistent signature can be restored.

4 CS 591 - Nicholis Bufmack Problems with this Solution It takes a long time to create the checksum and verify the integrity of the files. It takes a long time to create the checksum and verify the integrity of the files. Changed files must be restored making the system unavailable during restoration. Changed files must be restored making the system unavailable during restoration. Files can only be restored from a restore point that may not be current. Files can only be restored from a restore point that may not be current.

5 CS 591 - Nicholis Bufmack A Better Solution Utilize distributed files system technology, file replication, and a restore point service. Utilize distributed files system technology, file replication, and a restore point service. Secure the backup archives and restoration process on a separate server. Secure the backup archives and restoration process on a separate server.

6 CS 591 - Nicholis Bufmack Constraints My methodology was developed under the following platform: My methodology was developed under the following platform: Microsoft Windows 2003 Server R3Microsoft Windows 2003 Server R3 NTFS File SystemNTFS File System DFS (Distributed File System) ServiceDFS (Distributed File System) Service VSS (Volume Shadow Copy) ServiceVSS (Volume Shadow Copy) Service SQL Server 2005SQL Server 2005 WMI ScriptingWMI Scripting

7 CS 591 - Nicholis Bufmack Hardware Must run the core platform and include at least 2 servers: 1 for the Domain Server and 1 for the Secure Storage Server Must run the core platform and include at least 2 servers: 1 for the Domain Server and 1 for the Secure Storage Server The faster the network connection the better: Ethernet LAN. The faster the network connection the better: Ethernet LAN.

8 CS 591 - Nicholis Bufmack Topology Secure Storage Server ---------------- VSS Service SQL Server VSS Archives Domain Controller -------- DFS Service File Server File Server

9 CS 591 - Nicholis Bufmack Distributed File System DFS allows for files and volumes to be distributed across multiple servers. DFS allows for files and volumes to be distributed across multiple servers. Using file replication, files can be replicated to ensure uniformity OR in a single direction for backup purposes. Using file replication, files can be replicated to ensure uniformity OR in a single direction for backup purposes. Replicates only changes to a file – very efficient use of bandwidth. Replicates only changes to a file – very efficient use of bandwidth.

10 CS 591 - Nicholis Bufmack Volume Shadow Copy Creates a backup and a hash for restoration point services. Creates a backup and a hash for restoration point services. Can be used on volumes or files. Can be used on volumes or files. Can be used to create system wide snapshots. Can be used to create system wide snapshots.

11 CS 591 - Nicholis Bufmack Functionality 2-Way replication occurs between Domain Controller and File Services. 2-Way replication occurs between Domain Controller and File Services. Initially, 1-way replication occurs between Domain Controller and Secure Storage Server. Initially, 1-way replication occurs between Domain Controller and Secure Storage Server. VSS snapshots and archives are made on the Storage Server of changed files. VSS snapshots and archives are made on the Storage Server of changed files.

12 CS 591 - Nicholis Bufmack Functionality (cont.) Using WMI and stored procedures, file signatures can be placed inside the SQL Server based on VSS file archived trigger messages. Using WMI and stored procedures, file signatures can be placed inside the SQL Server based on VSS file archived trigger messages. The resulting restore points are created with fine granularity. The resulting restore points are created with fine granularity. Processing of restore point creation occurs only on Secure Storage Server. Processing of restore point creation occurs only on Secure Storage Server.

13 CS 591 - Nicholis Bufmack Restoration Search the SQL database for files changes since the incidence Search the SQL database for files changes since the incidence Suspend the DFS replication to the Secure Storage Server Suspend the DFS replication to the Secure Storage Server Restore the VSS archives and/or snapshots for that time period. Restore the VSS archives and/or snapshots for that time period. Restored files and/or snapshots are placed on the Secure Storage Server. Restored files and/or snapshots are placed on the Secure Storage Server.

14 CS 591 - Nicholis Bufmack Restoration (cont.) Suspend DFS Replication from the File Servers to the Domain Controller. Suspend DFS Replication from the File Servers to the Domain Controller. Reverse the replication direction to the Secure Storage Server and resume replication. Reverse the replication direction to the Secure Storage Server and resume replication. Replicate to the File Servers and restore the initial state. Replicate to the File Servers and restore the initial state.

15 CS 591 - Nicholis Bufmack Benefits Real-time file and system snap shots. Real-time file and system snap shots. Minimal bandwidth utilization for copying of replicated files. Minimal bandwidth utilization for copying of replicated files. Secure Storage Server can be put behind a file wall isolated from the main subnet. Secure Storage Server can be put behind a file wall isolated from the main subnet. Processing occurs only on Secure Storage Server. Processing occurs only on Secure Storage Server.

16 CS 591 - Nicholis Bufmack Benefits (cont.) During restoration, the subnet need not be taken down and unaltered files need not be made unavailable. Only affected volumes and files need to be restored and can be restored while the rest of the system is in use. During restoration, the subnet need not be taken down and unaltered files need not be made unavailable. Only affected volumes and files need to be restored and can be restored while the rest of the system is in use. Entire process can be automated. Entire process can be automated.

17 CS 591 - Nicholis Bufmack Limitations Works only on a Windows Network within a Windows ADS Domain. Works only on a Windows Network within a Windows ADS Domain. Will not operate with non-Windows file systems, such Linux ext3. Will not operate with non-Windows file systems, such Linux ext3. May not operate with some Windows file systems, such as FAT and FAT32. May not operate with some Windows file systems, such as FAT and FAT32. Some metadata information, such as alternative data streams, may be lost. Some metadata information, such as alternative data streams, may be lost.

18 CS 591 - Nicholis Bufmack References and More Info. See my report, to be uploaded soon. See my report, to be uploaded soon.

Download ppt "CS 591 - Nicholis Bufmack Secure Storage Servers Secure Storage Servers An Intrusion Recovery System."

Similar presentations

Complete Event Log Viewing, Monitoring and Management.

Complete Event Log Viewing, Monitoring and Management.
Complete Event Log Viewing, Monitoring and Management.

Complete Event Log Viewing, Monitoring and Management.
Mecanismos de alta disponibilidad con Microsoft SQL Server 2008 Por: ISC Lenin López Fernández de Lara.

Mecanismos de alta disponibilidad con Microsoft SQL Server 2008 Por: ISC Lenin López Fernández de Lara.
Cloud OS Microsoft’s Vision of the Unified Platform for Modern Business.

Cloud OS Microsoft’s Vision of the Unified Platform for Modern Business.
June 23rd, 2009Inflectra Proprietary InformationPage: 1 SpiraTest/Plan/Team Deployment Considerations How to deploy for high-availability and strategies.

June 23rd, 2009Inflectra Proprietary InformationPage: 1 SpiraTest/Plan/Team Deployment Considerations How to deploy for high-availability and strategies.
Understand Database Backups and Restore 98-364 Database Administration Fundamentals LESSON 5.2.

Understand Database Backups and Restore Database Administration Fundamentals LESSON 5.2.
Toolbox Mirror -Overview Effective Distributed Learning.

Toolbox Mirror -Overview Effective Distributed Learning.
Keith Burns Microsoft UK Mission Critical Database.

Keith Burns Microsoft UK Mission Critical Database.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 12: Managing and Implementing Backups and Disaster Recovery.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 12: Managing and Implementing Backups and Disaster Recovery.
Introduction to Dfs. Limits of Dfs 260 characters per file path 32 alternatives per volume 1 Dfs root per server Unlimited Dfs roots per domain Volumes.

Introduction to Dfs. Limits of Dfs 260 characters per file path 32 alternatives per volume 1 Dfs root per server Unlimited Dfs roots per domain Volumes.
Manage backup vaults and servers Download and install backup agent Download a vault agent Create backup vault.

Manage backup vaults and servers Download and install backup agent Download a vault agent Create backup vault.
5.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 5: Working with File Systems.

5.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 5: Working with File Systems.
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 11 Managing and Monitoring a Windows Server 2008 Network.

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 11 Managing and Monitoring a Windows Server 2008 Network.
VTS INNOVATOR SERIES Real Problems, Real solutions.

VTS INNOVATOR SERIES Real Problems, Real solutions.
It refers to the software used to manage the database.

It refers to the software used to manage the database.
Maintaining Windows Server 2008 File Services

Maintaining Windows Server 2008 File Services
© 2009 Kroll Ontrack Inc.| www.ontrackpowercontrols.com Ontrack PowerControls 6.0 for SharePoint™ A Better Way to Search and Restore.

© 2009 Kroll Ontrack Inc.| Ontrack PowerControls 6.0 for SharePoint™ A Better Way to Search and Restore.
Module 8 Implementing Backup and Recovery. Module Overview Planning Backup and Recovery Backing Up Exchange Server 2010 Restoring Exchange Server 2010.

Module 8 Implementing Backup and Recovery. Module Overview Planning Backup and Recovery Backing Up Exchange Server 2010 Restoring Exchange Server 2010.
Upgrading the Platform - How to Get There!

Upgrading the Platform - How to Get There!
After completing this topic, you will be able to explain the Agent for Hyper-V: backup flows Agent for Hyper-V: Backup flows.

After completing this topic, you will be able to explain the Agent for Hyper-V: backup flows Agent for Hyper-V: Backup flows.

Similar presentations

Ads by Google