Cal Poly Pomona

    Enterprise Computing      

 

Cal Poly Pomona                        Phone: (909) 869-7659

3801 West Temple Avenue           Submitted By: Daniel Formel

Pomona, California 91768           

                                                    

Title V Project

Backup Integrity

 

I.            Purpose

Returning or restoring a compromised system to normal operation will allow all affected systems and personnel to return to full operational status. If these systems cannot be successfully reinstated, the business operations that depend on them cannot be performed. The efforts to eliminate intruder access and analyze intruder activities to determine vulnerabilities are wasted if systems cannot be returned to service. In order to restore the availability and integrity of information resources following security breaches and accidents, secure and trusted backup must be made.

II.            Procedure Overview

A.      Create a Restoration Plan

o     All system and user data should be backed up on a regular basis. Execute a cost/benefit analysis to determine which is the most cost effective and universal method to implement.

o     Create cryptographic checksums to validate restored files using MD5. For more information on how to use MD5 visit CERT at the following links

http://www.cert.org/advisories/CA-1994-05.html

http://www.cert.org/security-improvement/implementations/i002.01.html

o     Use encryption tools such as SSH if backing up over a network.

o     Determine the suitable medium to backup the system depending on speed, reliability, and storage duration.

o     Ensure that the data is secure using encryption technologies and that it is placed in a secure physical location safe from natural disasters or accidental damage.

B.      Using Backup Tools

o        Decide on any file backup tools or third party software to aid in the backup process. Ensure that all backup tools are kept offline. If a computer has been compromised and you need to recover a file, you cannot trust the integrity of any of the tools on that computer.

o        If the backups are automated, ensure that the restoration process has been successful.

C.      Verifying Backups

o        Once the backup has been successful, it is important to verify the integrity of the backup incase the backup must be utilized. See MD5 instructions from CERT above.

o        Check to guarantee that the proper file protection and file permissions are set after the recovery.

o        Periodically test to ensure that a full system recovery can be performed from the backups.    

Note: This report is based off of CERT’s best practice security module. For a complete version visit http://www.cert.org/security-improvement/practices/p071.html

Other Links:

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/sbs/plan/sbspni5h.asp

http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/windows2000serv/maintain/operate/14w2kada.asp