Concept of a Server Based Open Source Backup Process with an Emphasis on IT Security Bachelor’s Thesis submitted in partial fulfillment of the requirements for the degree of Bachelor of Science in Software and Information Engineering by Florian Pritz Registration Number 1125452 elaborated at the Institute of Computer Aided Automation Research Group for Industrial Software to the Faculty of Informatics at the TU Wien Advisor: Thomas Grechenig Assistance: Florian Fankhauser Vienna, March 12, 2016 Technische Universität Wien, Forschungsgruppe INSO A-1040 Wien Wiedner Hauptstr. 76/2/2 Tel. +43-1-587 21 97 www.inso.tuwien.ac.at Kurzfassung Mehr und mehr Menschen sowie Firmen hängen immer stärker von IT-Infrastrukturen und den darin verarbeiteten Daten ab. Diese Abhängigkeit wird oft erst sichtbar, wenn die IT nicht funktioniert. Dies kann beispielsweise durch Hardware-Ausfälle, aber auch durch Angriffe auf die IT-Sicherheit passieren. Um die Verfügbarkeit dennoch auf einem ausreichendem Niveau halten zu können, sind heutzutage unterschiedliche Lösungen verfügbar. Eine dieser Lösungen ist die Durchführung von Backups. Allerdings werden oft keine, oder nur inkorrekte und somit nutzlose, Datensicherungen erstellt. Insbesondere für unerfahrene Nutzer kann es besonders schwierig sein eine Entscheidung zu treffen, welche Software genutzt werden soll um Sicherungen zu erzeugen. Es ist für sie eventuell nahezu unmöglich mehrere Produkte korrekt miteinander zu vergleichen und die jeweiligen potentiellen Schwächen in der Art und Weise, in der sie Sicherungen erstellen und speichern, zu erkennen. Solche Vergleiche werden besonders durch die vielen Details erschwert, die beachtet werden müssen. Diese werden aber nicht immer von den Herstellern der Produkte erwähnt. Ohne hinreichendes Hintergrundwissen ist es schwierig eine gute, und vor allem eine informierte, Entscheidung zu treffen. Diese Arbeit enthält einen umfassenden Überblick über die unterschiedlichen Aspekte der sicheren Erstellung und Verwaltung von Backups. Neben theoretischen Grundlagen-Aspekten von Backups wird gezeigt wie ein funktionierendes Sicherheitskonzept für ein kleines Netzwerk erstellt werden kann. Diese Arbeit beschreibt zuerst die Grundlagen von IT-Sicherheit sowie die Grundlagen von Siche- rungen indem existierende Literatur und Forschung evaluiert und komibiniert wird. Nachfolgend werden die notwendigen Teile zur Erstellung eines Sicherungskonzeptes behandelt. Abschließend werden einige Beispiele für Software die zur Erstellung von Sicherungen genutzt werden kann dargestellt und es wird ein Beispiel eines Sicherungskonzeptes für ein kleines Netzwerk erstellt. Schlüsselwörter Datensicherung, Sicherungskonzept, IT-Sicherheit i Abstract Increasingly more people and companies heavily rely on IT infrastructures and the data they process. This dependency often only becomes visible once the IT no longer works. Examples for this include hardware failure as well as attacks on IT Security. Nowadays, there are multiple solutions to to keep availability sufficiently high despite these problems. One of these solutions is the creation of backups. However, many systems are not backed up properly or, even worse, not at all. It can be difficult, especially for an inexperienced user, to determine which software to use to create them. It may be near impossible for them to accurately compare different products with each other and to determine potential weaknesses in the way in which they create and store their backups. This is especially difficult because there are many nuances that need to be considered and that may not be explicitly mentioned by software vendors which means that without sufficient knowledge of the field it may be impossible to make a good - and certainly informed - choice. This work contains a comprehensive overview of different aspects of securely creating and managing backups. Alongside theoretical basics of backups, it also shows how a working backup concept, that is suitable for use in small networks, can be created. This work first describes some of the basics of IT Security as well as the basics of backups by evaluating and combining existing literature and research. Later it examines the parts that need to be considered when a backup concept is created. Finally, some examples of backup software are discussed and an example concept for a small network is created. Keywords data backup, backup concept, security ii Contents 1 Introduction1 1.1 Problem........................................ 1 1.2 Motivation....................................... 1 1.3 Goal......................................... 2 2 Foundations of IT Security3 2.1 IT Security ..................................... 3 2.2 Confidentiality ................................... 3 2.3 Integrity....................................... 5 2.4 Availability ..................................... 5 2.5 Threat Models.................................... 6 2.6 Risk......................................... 6 2.7 Security Aspects of Open Source.......................... 7 3 Basics of Backups8 3.1 Reasons for Making Backups............................ 8 3.2 Types of Backups.................................. 8 3.3 Storage Location .................................. 9 3.3.1 Local Storage................................ 9 3.3.2 Traditional Client Server Architectures ................... 11 3.3.3 Cloud Storage ................................ 11 3.3.4 P2P...................................... 11 3.3.5 Other Concepts............................... 12 3.4 Security Aspects .................................. 13 3.4.1 Traditional Client Server Architecture................... 14 3.5 Threat Models.................................... 15 3.5.1 Client Security............................... 15 3.5.2 Server Security (Storage).......................... 15 3.5.3 Example Threats.............................. 17 3.6 Verification of Backup Content........................... 19 3.7 Recovery Planning and Testing........................... 20 4 Backup Creation Process 21 4.1 Backup Process.................................... 21 4.2 Functional Requirements.............................. 23 4.2.1 Backup Triggers .............................. 23 4.2.2 Full and Incremental/Differential Backup................. 26 4.2.3 Storage Location Diversity......................... 26 4.2.4 Source Data Consistency.......................... 27 4.2.5 Backup Data Storage Requirements.................... 28 4.2.6 Server Pull and Client Push ........................ 33 4.2.7 Transport Security ............................. 35 4.3 Non-functional Requirements............................ 36 4.3.1 Speed.................................... 36 iii 4.3.2 Impact of the Backup Process on the System ............... 37 5 Selected Examples of Software for Backups 39 5.1 Tarballs ....................................... 39 5.2 Duplicity, Duply .................................. 40 5.3 Rsnapshot...................................... 40 5.4 zfs-backup.sh..................................... 41 5.5 Comparision..................................... 42 6 Backup Concept for a Small Network 43 6.1 Description of the Case Example Network..................... 43 6.2 Threat Model.................................... 44 6.3 Concept Description ................................ 46 6.3.1 Backup Process............................... 46 6.3.2 Different Aspects of the Backup Creation Process............. 48 6.4 Review and Testing................................. 49 7 Conclusion and Outlook 51 Bibliography 53 References......................................... 53 Online References..................................... 55 A Appendix 56 A.1 backup.sh...................................... 56 iv List of Figures 3.1 Attacks on a storage system identified by using the Data Lifecycle Threat Model. Source: Hasan et al.[19] ................................ 16 6.1 Network graph of the example network ........................ 43 v vi vii Chapter 1. Introduction 1 Introduction Not only increasingly more businesses but also private homes heavily rely on their IT infrastructure. IT systems can fail for numerous reasons, including attacks, user mistakes or natural disasters, but also simple hardware or software failure. Garfinkel, Spafford, and Schwartz[14] illustrate that in such cases, backups can be necessary to restore operations since hardware can be bought again, but the data stored on that hardware, like customer data, custom developed software or holiday pictures, is probably lost. Keeping up to date backups is, therefore, important to almost everyone who uses computer systems yet the field is rather broad and it can be easy to miss important details when making backups for the first time. 1.1 Problem Especially in a business environment, losing data and not being able to restore it from a backup can have a serious impact. Customers may lose confidence in the company if they learn that the company lost their address or other data. Merchants may lose their order history and be unable to ship requested products while sales personnel may be demoralised if the hard work they put into acquiring these sales is lost. Finally, there is also the issue of time and money spent to acquire or create the data that is lost. This obviously also applies to private computers that store pictures, recipes, configuration for many programs, save files of video games, passwords and similar unique information. Such data has been created during countless hours of work and it would be rather horrifying to lose it all at once. Finding
Details
-
File Typepdf
-
Upload Time-
-
Content LanguagesEnglish
-
Upload UserAnonymous/Not logged-in
-
File Pages67 Page
-
File Size-