Embed Size (px)
Citation preview
Dell - Internal Use - Confidential2 of Y
Maurice: No... a masz jakiś plan?
Julian: Lepiej! Mam urok osobisty.
Źródło: Pingwiny z Madagaskaru, odc. 1a, Popcornowa panika
Dell - Internal Use - Confidential3 of Y
Agenda
• Why backup and cyber security?
• Can backup protect my environment against cyber security?
• Protection levels
Why backup person talks about
Cyber Security?
5EMC CONFIDENTIAL—INTERNAL USE ONLYEMC CONFIDENTIAL—INTERNAL USE ONLY
Cyber Theft
Denial of ServiceAttacks
Cyber Extortion
Cyber Destruction
Traditional Threats Emerging Threats
Isolated Recovery Solutions Protect Against these Classes of Attacks
Are you staying ahead of the Criminal evolution?
CYBER CRIME GETS SOPHISTICATED
Dell - Internal Use - Confidential6 of Y
Potential attacks
Virus / Ransomware Hacker
Dell - Internal Use - Confidential7 of Y
Target of the attack
Production data
Dell - Internal Use - Confidential8 of Y
Production data and security
If we loose
our production data…
Dell - Internal Use - Confidential9 of Y
Production data and security
If we loose
our production data…
we have magic button:
RECOVERY
Dell - Internal Use - Confidential10 of Y
Target of the attack
Production dataWhat if the attack is also
successful for backup data?
Dell - Internal Use - Confidential11 of Y
Target of the attack
Production dataWhat if the attack is also
successful for backup data?
Our plan B is gone…
Can backup system protect us
Cyberattack?
Dell - Internal Use - Confidential13 of Y
How do we store backups?
Disk Tapes
in library
Tapes
offsite
1. Usually CIFS
share
2. Can be hacked
the same way as
production
3. Can be deleted by
hacker
1. Can be
deleted by
hacker
2. Shall be
rewound /
checked
periodically
1. Shall be
rewound /
checked
periodically
2. Costly
3. Hardly works
(practically)
Dell - Internal Use - Confidential14 of Y
Data Domain as backup medium
Applications,Databases,
Linux, UNIX, Windows,
BackupServer
DBs Mails
Linux, UNIX, Windows,
Site A
SAN
Data Domain Data Domain
VM
LAN
Site B
Applications,Databases,
Disaster Recovery
(1% - 3% sent)
VM
Backup with source de-duplication
(only 1% - 3% sent)Source de-duplication
Source de-duplication Source de-duplication
Dell - Internal Use - Confidential15 of Y
Data Domain as backup medium
Applications,Databases,
Linux, UNIX, Windows,
BackupServer
DBs Mails
Linux, UNIX, Windows,
Site A
SAN
Data Domain Data Domain
VM
LAN
Site B
Applications,Databases,
Disaster Recovery
(1% - 3% sent)
VM
Backup with source de-duplication
(only 1% - 3% sent)Source de-duplication
Source de-duplication Source de-duplication
• Decreases costs
• Speeds-up backup/restore
• Guarantees data recovery
• Provides Disaster Recovery
• Makes backup environment elastic
Dell - Internal Use - Confidential16 of Y
Data Domain – that is real
https://www.linkedin.com/pulse/magic-quadrant-gartnera-dla-de-duplikator%C3%B3w-olkowski-daniel?trk=mp-reader-card
Dell - Internal Use - Confidential17 of Y
Against what cybertattacks can Data Domain protect my environment?
Hardening
BOOST
Snapshots
Backup Compliance
Replication
Isolated recovery with air gap
Dell - Internal Use - Confidential18 of Y
• Examples:– Inactivity Timeout
– Deny Consecutive Login Attempts
– Password Aging/Rotation
– Password Complexity
– Disable Default Accounts
– Communication Port Disable / Change
– Restrict hosts access / IP
– Use of SSH and Certificates
– Disable HTTP, FTP, Telnet, etc.
– Disable unused services
– Apply Latest Security Patches
– Use SYSLOG Server / Prevent Audit Log Roll Over
• Review the latest respective Dell EMC Product Security Guides for Hardening Guidelines
Environment hardening
18
Dell - Internal Use - Confidential19 of Y
Environment hardening
Dell - Internal Use - Confidential20 of Y
Environment hardening
No cost option
Dell - Internal Use - Confidential21 of Y
Snapshots
Dell - Internal Use - Confidential22 of Y
CIFS / NFS technology are easy to be hacked
CIFS
NFS
Backup
to share
CIFS / NFS backups
a. Easy to be encrypted
by ransomware
b. Easy to be deleted by
hackers
Dell - Internal Use - Confidential23 of Y
. . .
Backup
System
LAN servers
Mail Files
Virtual
Machines
SAN
LAN
100GB
Source
de-duplication
1GB
BOOSTSource
de-duplication
100GB
BOOST
DBs
Apps
1GB
Dell - Internal Use - Confidential24 of Y
. . .
Backup
System
LAN servers
Mail Files
Virtual
Machines
SAN
LAN
100GB
Source
de-duplication
1GB
BOOSTSource
de-duplication
100GB
BOOST
DBs
Apps
1GB
BOOST as backup method
Ransomware is not able to infect BOOST
resources
A number of customers recovered data from
BOOST backups after ransomware attacks
Dell - Internal Use - Confidential25 of Y
. . .
Backup
System
LAN servers
Mail Files
Virtual
Machines
SAN
LAN
100GB
Source
de-duplication
1GB
BOOSTSource
de-duplication
100GB
BOOST
DBs
Apps
1GB
BOOST
• Security
• Performance
• Minimal cost
26EMC CONFIDENTIAL—INTERNAL USE ONLYEMC CONFIDENTIAL—INTERNAL USE ONLY
COMPLIANCECOMPLIANCE PER SINGLE BACKUP
Backupsystem
#1
Backupsystem
#2
Backupsystem
#3
Backupsystem
#4
Data Domain allows to lock (compliance) backup files for certain amount of time. We have following options:
• Every file can be locked (compliance) for different amount of time• During lock no one can modify / delete file
Backup1
Backup3
Backup3
30 days
60 days
90 days
Backup1
Backup3
Backup3
30 days
15 days
15 days
Backup1
Backup3
Backup3
20 days
10 days
20 days
Backup1
Backup3
Backup3
60 days
30 days
30 days
Dell - Internal Use - Confidential27 of Y
Management of Retention Lock with Data Domain
• Leverage Data Domain Retention Lock for Data Compliance
MTree
MTree
NetWorker MgtConsole
Set retention
policy
Orchestration
Dell - Internal Use - Confidential28 of Y
Replication
Applications,Databases,
Linux, UNIX, Windows,
BackupServer
DBs Mails
Linux, UNIX, Windows,
Site A
SAN
Data Domain Data Domain
VM
LAN
Site B
Applications,Databases,
Disaster Recovery
(1% - 3% sent)
VM
Backup with source de-duplication
(only 1% - 3% sent)Source de-duplication
Source de-duplication Source de-duplication
29EMC CONFIDENTIAL—INTERNAL USE ONLYEMC CONFIDENTIAL—INTERNAL USE ONLY
AIR GAP – DATA DOMAIN
Primary StorageIsolated Recovery
System
Air Gap
• Create Backup of Data• Enable Link and Replicate to Isolated System • Complete Replication and Disable Link• Air Gapped Solution• Enable Link and Initiate Restore
Backup Appliance
DD Replication
Mgmt Host
Validation Hosts
Isolated Recovery System
Restore Hosts• Dedicated workstation /
management host in isolated recovery area
• Dedicated connection between two DD systems
• Disable all other non-necessary TCP/IP ports and services such as Telnet, HTTP, FTP, etc.
• Configure SSH to require connection to be done via a Certificate
• Disable all NIC interfaces not in use for IRS replication
• Run book procedures for air gap creation (disabling/enabling replication ports)
• Data Domain Retention Lock preventing data corruption or malicious data changes to file system
Dell - Internal Use - Confidential30 of Y
Dell - Internal Use - Confidential31 of Y
Be sure that backup is one of
those letters…
