IS-486 Unit 2 (ch03).pdf

Full Transcript

College of Computer Science & Engineering
Department of Information Systems

Managing Cyber Security Operations
Chapter 3
Contingency Strategies for IR/DR/BC
 Objectives
Discuss the relationships between the overall
use of contingency planning and the
subordinate elements of incident response,
business resumption, disaster recovery, and
business continuity planning
Describe the techniques used for data and
application backup and recovery
Explain the strategies employed for
resumption of critical business processes at
alternate and recovered sites

2
 Introduction
Contingency planning (CP)
– Preparing for the unexpected
– Keeping the business alive
Incident response (IR) process
– Detecting, evaluating, and reacting to an incident
– Keeping business functioning if physical plant
destroyed or unavailable
Business resumption plan
– Used when IR process cannot contain and resolve
an incident

3
 Introduction (cont.)
Business resumption plan (BR plan)
elements
– Disaster recovery plan (DR plan)
Lists and describes efforts to resume normal
operations at primary business places
– Business continuity plan (BC plan)
Steps for implementing critical business functions
until normal operations resume at primary site
Primary site
– Location(s) where organization executes its
functions

4
 Introduction (cont.)
BRP, DRP and BCP
– Distinct place, role, timing, and planning
requirements

5
6
 Introduction (cont.)
Organizations require:
– Reliable method of restoring information
and reestablishing all operations
Five key procedural mechanisms
– Delayed protection
– Real-time protection
– Server recovery
– Application recovery
– Site recovery
7
 Data and Application
Resumption
Data backup: recovery from an incident
– Snap-shot of data from a specific point in time
Data considered volatile and subject to change
– Online backup, disk backup, and tape backup
Archive: recovery from threat to on-site backups
– Long-term document or data file storage
Usually for legal or regulatory purposes
Data backup policy
– Data files and critical system: daily
– Nonessential files: weekly

8
 Data and Application
Resumption (cont.)
Retention schedule
– Guides replacement frequency and storage duration
– May be dictated by law
Routine critical data
– Retain one or two most recent daily backup copies
– Retain at least one off-site copy
Full backups of entire systems
– Store at least one copy in a secure location
NIST backup and recovery strategies
– Alternatives should be considered

9
Data and Application
Resumption (cont.)

10
 Online Backups and the Cloud
Online backup to third-party data storage vendor
– Referred to as data storage “in the cloud”
– Commonly associated with leasing resources
Raises security challenges
Descriptions
– Software as a Service (SaaS)
– Platform as a Service (PaaS)
– Infrastructure as a Service (IaaS)
Cloud deployment
– Public cloud, community cloud, private cloud

11
 Disk to Disk to Other:
Delayed Protection
Organizations create massive arrays
– Independent, large-capacity drives
Store information at least temporarily
– Example: home users
Add external USB-mounted SATA 1–2 terabyte
drives
Advantages
– Avoids time-consuming nature of tape backup
– Avoids tape costs and implementation
challenges
At the individual-user level
– Allows quick and easy recovery

12
 Disk to Disk to Tape
Solves problem with massively connected
storage area networks
– Lack of redundancy if both online and backup
versions fail
Uses secondary disk series to avoid the need
to take the primary set offline for duplication
Reduces resource usage on the primary
systems
Disk-to-disk initial copies
– Can be made efficiently and simultaneously with
other system processes

13
 Disk to Disk to Cloud
Also called disk-to-disk-to-online
Aggregate all local backups to a central
repository
– Then back up repository to an online vendor
Benefits
– Reduced risk of corruption to the confidentiality,
integrity, availability of stored online data
– Users can back up their data to a central location
– Most providers use an encryption process
– Can easily access data from Internet
– Can automate the cloud backup process

14
 Types of Backup
Full: complete system backup
Differential: files changed or added since full
backup
Incremental: archive files modified since last
backup
– Requires less space and time than differential
Copy: set of specified files
Daily: only files modified on that day
All on-site and off-site storage must be secured
– Fireproof safes or filing cabinets to store tapes
– Encryption to protect online or cloud data storage

15
Differential vs. Incremental Backups

16
 Tape Backups and Recovery:
General Strategies
Traditional: cost-effective for large data
quantities
– Digital audio tapes (DATs), quarter-inch cartridge
(QIC) drives, 8-mm tape, digital linear tape (DLT)
Tape-based backup and recovery process
– Schedule backup coupled with storage
arrangement
– Six-tape rotation method: media used in rotation
– Grandparent/Parent/Child method: retains four full
weekly (Friday) backups and adds a full monthly
backup
Drawbacks: equipment cost and time
17
Tape Backups and Recovery:
General Strategies (cont.)

18
Tape Backups and Recovery:
General Strategies (cont.)

Grandparent/Parent/Child method

19
Redundancy-Based Backup and
Recovery Using RAID
Redundant array of independent drives
(RAID)
– Uses multiple hard drives to store information
– Provides operational redundancy by
spreading out data and using checksums
– RAID implementations
Failure Resistant Disk Systems (FRDSs)
Failure Tolerant Disk Systems (FTDSs)
Disaster Tolerant Disk Systems (DTDSs)
– Does not address need for off-site storage

20
 Redundancy-Based Backup and
Recovery Using RAID (cont.)
RAID Level 0
– Not a form of redundant storage
Remember it as having zero redundancy
– Creates one larger logical volume across several
available hard disk drives
– Disk striping
Data segments written in turn to each disk drive in the array
Good for performance and speed
– Disk striping without parity
Occurs when multiple drives combined in order to gain
large capacity without data redundancy
– Increased risk: losing data from a single drive failure

21
 Redundancy-Based Backup and
Recovery Using RAID (cont.)
RAID Level 1
– Disk mirroring
Uses twin drives in a computer system
Computer records data to both drives
simultaneously
Provides a backup if the primary drive fails
Expensive and inefficient media use
Same drive controller manages both drives
– Disk duplexing
Each drive has its own controller
Can create mirrors and splits disk pairs to create
highly available copies of critical system drives

22
 Redundancy-Based Backup and
Recovery Using RAID (cont.)
RAID Level 2
– Specialized form of disk striping with parity
Uses the Hamming code
– Specialized parity coding mechanism
Allows data reconstruction
– If some data or redundant parity information lost
– Stores stripes of data on multiple data drives
– Stores corresponding redundant error
correction on separate error-correcting drives
– No commercial implementations
Not widely used
23
 Redundancy-Based Backup and
Recovery Using RAID (cont.)
RAID Levels 3 and 4
– RAID 3 uses byte-level striping of data
– RAID 4 uses block-level striping of data
– Data segments stored on dedicated data
drives
– Parity information stored on a separate
drive
– One large volume used for data
– Parity drive operates independently
Provides error recovery

24
 Redundancy-Based Backup and
Recovery Using RAID (cont.)
RAID Level 5
– Balances safety and redundancy
Against costs of acquiring and operating systems
– Similar to RAID 3 and 4 striping data across
drives
Difference: no dedicated parity drive
– Data segments interleaved with parity data
Written across all drives in the set
– RAID 5 drives can be hot swapped
Replaced without taking entire system down

25
26
Redundancy-Based Backup and
Recovery Using RAID (cont.)
Combine RAID 0 for performance and
RAID 1 for fault tolerance
– RAID Level 0+1
RAID 0 at lower level and RAID 1 at upper level
Striping, then mirroring
– RAID Level 1+0
RAID 1 at lower level and RAID 0 at upper level
Mirroring, then striping
One of the most widely used
RAID systems

27
 RAID 1+0 vs. RAID 0+1
You have:
– Original disk with 2 data files (A, B)
– 6 disks to be used for RAID RAID 1+0
– Each RAID disk has capacity for 2 data files

A B

RAID 0 (Striping)
B11
A B
A2 B
A3

A1 A1 A2 A2 A3 A3
1 2 3
RAID 1
RAID 1 RAID 1
B1 Mirror B1 B2 B2 B3 B3
Mirror Mirror

28
 RAID 1+0 vs. RAID 0+1 (cont.)
You have:
– Original disk with 2 data files (A, B)
– 6 disks to be used for RAID RAID 0+1
– Each RAID disk has capacity for 2 data files

RAID 0 (Striping)
B1 A1 A B A1 B1

B
A B
A
B2 A2 A2 B2
RAID 0 (Striping)

RAID 1
Mirror

B3 A3 A3 B3

29
 RAID 1+0 vs. RAID 0+1
You have:
– Original disk with 2 data files (A, B)
– 6 disks to be used for RAID
– Each RAID disk has capacity for 2 data files

RAID 1+0 (RAID 10) RAID 0+1 (RAID 01)
10 = Mirroring, then striping 01 = Striping, then mirroring
Even if Disk 1, Disk 3, and Disk 5 fail, the If Disk 1 and Disk 4 fail, both the groups
RAID 10 will still be functional will be down; the whole RAID 01 will fail

30
 Database Backups
Considerations
– May or may not back up using operating
system utilities
– May or may not interrupt database use
– Must properly safeguard database
Special journal file requirements: after-image
journals
– Applications to protect databases in near real
time
Legacy backup applications (lock and copy)
Online backup applications (to online vendor)
Continuous database protection (near real time)

31
 Application Backups
Applications using file systems and databases
– Some may invalidate customary backup and
recovery
– Include application support and development
team members
In the planning process, and in training, testing, and
rehearsal activities
Advances in cloud computing
– Example: an organization leasing SaaS
Using applications on someone else’s systems
Service agreement should include recovery
contingencies

32
 Backup and Recovery Plans
Backups must successfully restore
systems
– To an operational state
Backup and recovery settings
– Provide with complete recovery plans
Periodically
– Develop plans
– Test plan
– Rehearse plans

33
 Real-Time Protection, Server Recovery,
and Application Recovery
Mirroring
– Provides real-time protection and data backup
– Duplicates server data using multiple volumes
– RAID level 1 achieved with software or hardware
Can write to drives located on other systems
– Can be extended to vaulting and journaling
Hot, warm, and cold servers
– Hot server provides services to support
operations
– Warm server provides services if primary
busy/down
– Cold server used for administrator’s test platform
34
 Real-Time Protection, Server Recovery,
and Application Recovery (cont.)
Application recovery or clustering plus replication
– Software replication provides increased protection
against data loss
– Clustering services and application recovery
Similar to hot, warm, and cold redundant server model
– Common to install applications on multiple servers
– Application recovery software
Detects primary application server failure
Activates secondary application server
– Vaulting and journaling
Dramatically increase protection

35
 Electronic Vaulting
Bulk transfer of data in batches to an off-site
facility
– Via leased lines or data communications services
Primary selection criteria
– Service costs, bandwidth, stored data security,
recovery, and continuity
– Data transfer without affecting other operations
Scale purchases according to needs
Vendor managed solutions use software agent
– Initiate full backup; continuously copies data
– Data accessed via Web interface or software

36
37
 Remote Journaling
Transfers live transactions to an off-site facility
Only transactions transferred (not archived data)
Transfer performed online; much closer to real
time
Involves online activities on a systems level
– Data written to two locations simultaneously
– Can be performed asynchronously
Facilitates key transaction recovery in near real
time
Journaling may be enabled for an object
– Operating system creates record of object’s
behavior
– Stored in a journal receiver

38
39
 Database Shadowing
Combines Electronic Vaulting (e-vaulting) with
Remote Journaling (RJ)
– Writes multiple database copies simultaneously in
two separate locations
Used with multiple databases on a single drive
in a single system or with databases in remote
locations, across a public or private carrier
Generally used for immediate data recovery
Works well for read-only functions
– Data warehousing and mining, batch reporting
cycles, complex SQL queries, local online access
at the shadow site, load balancing
40
41
 Database Shadowing (cont.)
Database replication
– Backup of multiple copies of the database for
recovery purposes
– Three types
Snapshot replication
– Copying data from one DB to another
Merger replication
– Merging data from multiple DBs into a separate DB
Transaction replication
– Periodically copying new and updated data to a backup
E-vaulting, RJ, and database shadowing
– Quickly becoming functions of various backup
applications rather than services unto themselves
Organizations increasingly focus on availability

42
 Virtualization
Development and deployment of virtual
rather than physical systems and services
implementations
“Virtual machine”
– Virtualized environment operating in or on a
host platform
Host platform (host machine)
– Physical server (and operating system)
Virtualization application and all virtual machines
run on it

43
 Virtualization (cont.)
Virtual machine (guest)
– Hosted operating system or platform running
on the host machine
Hypervisor or virtual machine monitor
– Specialized software that enables the virtual
machine to operate on the host platform
Types
– Hardware-level virtualization
– Operating system-level virtualization
– Application-level virtualization

44
 Virtualization (cont.)
Three applications dominate virtualization
market
– Microsoft’s Virtual Server
– VMware’s VMware Server
– Oracle VM VirtualBox
Virtualization is important to contingency
planning
– Allows to easily and accurately backup the entire
system
– Can create snapshot backups, load into a new
host running the same virtualization application
– No need to purchase and set up multiple pieces of
hardware

45
 Site Resumption Strategies
Items requiring alternate processing capability
– Disaster recovery plan implemented because primary
site temporarily unavailable
– Business continuity strategy to institute operations at
an alternate site
Contingency planning management team (CPMT)
– Chooses strategy often based on cost
– Exclusive control options
Hot sites, warm sites, and cold sites
– Popular shared-use options
Timeshare, service bureaus, and mutual agreements

46
Exclusive Site Resumption
Strategies

47
 Hot Sites
Fully configured computer facilities with all
services, communications links, and physical
plant operations
– Can establish operations at a moment’s notice
Can be staffed around the clock to transfer control
almost instantaneously
– Requires e-vaulting, RJ, or data shadowing
Disadvantages: most expensive alternative
– Must provide maintenance for all systems, equipment
Ultimate hot site: mirrored site identical to primary
site

48
 Warm Sites
Provide similar services and options as a hot site
– Software applications not included, installed, or
configured
– Frequently includes computing equipment and
peripherals with servers; no client workstations
– Has connections to facilitate quick data recovery
Some advantages of a hot site, but at a lower cost
May require hours, perhaps days for full
functionality
Customized costs
– Range upward of several thousand dollars per month

49
 Cold Sites
Provide only elementary services and facilities
– No computer hardware or peripherals provided
All communication services must be installed after
site occupied
No quick recovery or data duplication functions
Empty room with standard heating, air
conditioning, and electrical service
Advantages:
– Better than nothing; reduced contention for floor
space
– Cost: few thousand dollars per month

50
 Mobile Sites and Other Options
Rolling mobile sites
Storing resources externally
– Rental storage area containing duplicate or
second-generation equipment can be used
– Similar to Prepositioning of Overseas Materiel
Configured to Unit Sets (POM-CUS) Cold War
sites
Might arrange with a prefabricated building
contractor
– Provide immediate, temporary facilities (mobile
offices) on site in the event of a disaster

51
 Shared-Site Resumption Strategies
Time-share
– Operates like hot/warm/cold site
– Leased in conjunction with a business partner
or sister organization
– Provides DR/BC option while reducing overall
cost
– Disadvantages
Facility might be needed simultaneously
Need to stock facility with equipment and data from
all involved organizations
Complex negotiating
Party may exit agreement or sublease their options

52
Shared-Site Resumption Strategies (cont.)

Service bureaus
– Service agency that provides a service for a fee
– Service in the case of DR/CP
Provision of physical facilities in the event of a disaster
– Agencies frequently provide off-site data storage
(fee)
– Service bureaus contracts
Specify exactly what the organization needs under what
circumstances; guarantees space when needed
– Disadvantages:
Expensive option
Must be renegotiated periodically

53
Shared-Site Resumption Strategies (cont.)

Mutual agreements
– Contract between two organizations
Assist the other in the event of a disaster
Obligation to provide necessary facilities, resources,
services until receiving organization recovers
– Other agreements provide cost-effective solutions
Between divisions of the same parent company
Between subordinate and senior organizations
Between business partners
– Memorandum of agreement (MOA)
Defined expectations and capabilities for alternate site

54
 Service Agreements
Contractual documents guaranteeing certain
minimum levels of service provided by
vendors
– Must be reviewed and, in some cases,
mandated to support incident, disaster, and
continuity planning
– Should contain information on:
What the provider is promising
How the provider will deliver on those promises
Who will measure delivery and how
What happens if provider fails to deliver as
promised
How the service level agreement (SLA) will change
over time

55