Backup

&
physical security(HW security)

Chapter 16
 Backup
• One of the three dangers that face data and
information system infrastructure is system
failure (the other two are malicious ware and
intruders).
• One of the methods used to mitigate the
effect of system failure is BACKUP.
 BACKUP/RESTORE
• Backup: copying file, files, folder or the contents of
the entire internal storage device TO an external
storage device. It performs formatting, compression
then encryption for data before backing up.
• Restore: (the opposite of backup) copying all backup
from external storage devices to internal storage
device. It performs decryption then decompression
before restoring.
• Refer to ms-backup/restore operation on your
computer.
 Backup

• backup refers to making copies of data so that these additional

copies may be used to restore the original data after a data loss
event.
• Backups are useful primarily for two purposes:
1- To restore a state following a disaster (called disaster recovery).
2-To restore small numbers of files after they have been accidentally
deleted or corrupted.
• Backups differ from archives in the sense
• archives are the primary copy of data usually put away for future use
• backups are a secondary copy of data , kept on hand to replace the
original item.
 Types of Backup
1- Full backup
• Full backup is a method of backup where all the files and
folders selected for the backup will be backed up(It is a full
copy of your entire data set).  When subsequent backups
are run, the entire list of files will be backed up again.
• The advantage of this backup is restores are fast and easy
as the complete list of files are stored each time.
• The disadvantage is that each backup run is time
consuming as the entire list of files is copied again.  Also,
full backups takes a lot more storage space when
compared to incremental or differential backups.
 2-Incremental backup

• Incremental backup is a backup of all changes made since the last

full backup. With incremental backups, one full backup is done
first and subsequent backup runs are just the changes made since
the last backup. The result is a much faster backup than a full
backup for each backup run. Storage space used is much less
than a full backup and less than with differential backups.
Restores are slower than full backup and differential backup.
• For example, suppose that you created a full backup on Monday,
and used incremental backups for the rest of the week. Tuesday's
backup would only contain the data that has changed since
Monday. Wednesday's backup would only contain the data that
has changed since Tuesday and so on.
 Incremental backup(cont)
• The primary disadvantage to incremental backups is
that they can be time-consuming to restore. Going
back to the previous example, suppose that you
wanted to restore the backup from Wednesday. To
do so, you would have to first restore Monday's full
backup. After that, you would have to restore
Tuesday's tape, followed by Wednesday's. If any of
the tapes happen to be missing or damaged, then
you will not be able to perform the full restoration.
 3- Differential backup
• Differential backup is a backup of all changes made
since the last full backup. With differential backups,
one full backup is done first and subsequent backup
runs are the changes made since the last full
backup. The result is a much faster backup than a
full backup for each backup run. Storage space used
is much less than a full backup but more than with
Incremental backups. Restores are slower than with
a full backup but usually faster than with
Incremental backups. 
 Differential backup(cont)
• Suppose for example that you wanted to create a full backup on
Monday and differential backups for the rest of the week.
Tuesday's backup would contain all of the data that has changed
since Monday. It would therefore be identical to an incremental
backup at this point. On Wednesday, however, the differential
backup would backup any data that had changed since Monday
and on Thursday differential backup would backup any data that
had changed since Monday and so on .
• The advantage that differential backups have over incremental is
shorter restore times. Restoring a differential backup never
requires more than two tape sets. Incremental backups on the
other hand, may require a great number of tape sets.
 4- Mirror Backup

• Mirror backups are as the name suggests a

mirror of the source being backed up. With
mirror backups, when a file in the source is
deleted, that file is eventually also deleted
from the mirror backup. Because of this,
mirror backups should be used with caution as
a file that is deleted by accident or through a
virus may also cause the mirror backups to be
deleted as well. 
• The advantage of mirror backup as opposed to
full, incremental, or differential backups, is that
you’re not storing old, obsolete files. When
obsolete files are deleted, they disappear from
the mirror backup as well when the system
backs up. The downside to mirror backup is
that if files are accidentally deleted, they can be
lost from the backup is well if the deletion isn’t
discovered before the next scheduled backup.
 5- Cloud Backup

• This term is often used interchangeably with

Online Backup and Remote Backup.  It is
where data is backed up to a cloud service or
storage facility connected over the Internet.
With the proper login credentials, that backup
can then be accessed or restored from any
other computer with Internet Access. 
 RAID
Redundant Arrays of Independent Disks
• The basic idea of RAID was to combine multiple small,
inexpensive disk drives into an array of disk drives which
yields performance exceeding that of a Single Large
Expensive Drive. Additionally, this array of drives appears
to the computer as a single logical storage unit or drive.
• Five types of array architectures, RAID-1 through RAID-5,
each providing disk fault-tolerance and each offering
different trade-offs in features and performance. In
addition to these five redundant array architectures, it has
become popular to refer to a non-redundant array of disk
drives as a RAID-0 array.
 Data Striping

A method of concatenating multiple drives into

one logical storage unit.
Striping involves partitioning each drive's storage
space into stripes which may be as small as one
sector (512 bytes) or as large as several
megabytes.
These stripes are then interleaved round-robin, so
that the combined space is composed of stripes
from each drive.
 The different RAID levels

• RAID-0
• RAID Level 0 is not redundant. In level 0, data is split across
drives, resulting in higher data throughput. Since no redundant
information is stored, performance is very good, but the failure
of any disk in the array results in data loss. This level is
commonly referred to as striping.
• RAID - 0 Data Striping Array
• RAID-0 stripes the data across all the drives, but doesn't utilize
parity. If one of the disks fails, the data must be restored on all
five drives from backups. This RAID is designed for speed and is
the fastest of all the RAIDs, but provides the least protection.
 RAID-1

• RAID - 1 Transparent or Striped Mirroring

• The RAID-1 technology requires that each primary
data disk have a mirrored disk. The contents of
the primary disk and the mirror disk are identical.
RAID- 1 provides for the best data protection.
• When data is written on the primary disk, a write
also occurs on the mirror disk. The mirroring
process is invisible to the user. For this reason,
RAID- I is also called transparent mirroring.
 RAID-5

• A RAID 5 uses block-level striping with parity data distributed

across all member disks. RAID 5 is one of the most popular
RAID levels, and is frequently used in both hardware and
software implementations.
• Virtually all storage arrays offer RAID 5. As with RAID 0, RAID 5
can be created with disks of differing sizes, but the storage
space added to the array by each disk is limited to the size of
the smallest disk—for example, if a 120 GB disk is used to build
a RAID 5 together with two 100 GB disks, each disk will donate
100 GB to the array for a total of 200 GB of storage. 100 GB are
used for parity information, and the excess 20 GB from the
larger disk are ignored.
 Parity

• A method to generate parity is called eXclusive

OR (XOR).
• A bit is taken (either a 0 or 1) from each disk
and totaled.
• If the total is even the parity bit is set to 0. If the
total is odd the parity bit is set to 1.
• Put in another way(Bits are compared if they
are equal, then the parity is 0 otherwise it is 0.)
 Disaster recovery

• Disaster recovery is the process, policies and procedures of restoring

operations critical to the resumption of business, including regaining
access to data (records, hardware, software, etc.), communications
(incoming, outgoing), workspace, and other business processes after a
natural or human-induced disaster.
• To increase the opportunity for a successful recovery of valuable
records, a well-established and thoroughly tested disaster recovery
plan must be developed. This task requires the cooperation of a well-
organized committee led by an experienced chairperson.
• A disaster recovery plan (DRP) should also include plans for coping
with the unexpected or sudden loss of communications and/or key
personnel. Disaster recovery planning is part of a larger process known
as business continuity planning(BCP).
 Disaster Recovery Strategies
• Two strategies used:
A- Recovery Time Objective (RTO)
B- Recovery Point Objective (RPO)
The RTO is how long you can basically go
without a specific application. This is often
associated with your maximum allowable or
maximum tolerable failure.
• The RPO is slightly different. This dictates the allowable data
loss -- how much data can I afford to lose? In other words, if I
do a nightly backup at 7:00 p.m. and my system goes up in
flames at 4:00 p.m. the following day, everything that was
changed since my last backup is lost. My RPO in this particular
context is the previous day's backup. If I'm a company that
does online transaction processing -- American Express for
example -- maybe my RPO is down to the last, latest
transaction, the latest bits of information that came in.
• RTO and RPO, really influence the kind of redundancy or
backup infrastructure you will put together.
 STORAGE AREA NETWORK (SAN)

• Storage Area Network (SAN) is a high-speed sub network of shared

storage devices(network of storage devices that are connected to
each other and to a server). A storage device is a machine that
contains nothing but a disk or disks for storing data.  
• The main objective of a SAN is to facilitate the exchange of data
between operating systems and storage elements. Components of
a SAN infrastructure include the following:
• communication infrastructure.
•  storage elements.
• Computer systems.
• management layer.
• The connecting elements of a SAN network include
routers, gateways, hubs, switches and directors.
• Benefits of a SAN include
1-faster transfer of data to the intended destination
with minimum utilization of server capacities,.
2- access for multiple hosts to several storage devices.
3- independent storage speeds up applications and
offers better availability
4- the management of stored data is easier.
 Physical and Infrastructure Security
chapter 16
• Logical security : Protects computer-based data from
software-based and communication-based threats.
• Physical security: Also called infrastructure security
Protects the information systems that contain data
and the people who use, operate, and maintain the
systems.
• Physical security also must prevent any type of
physical access or intrusion that can compromise
logical security.
• For information systems, the role of physical security is to protect the
physical assets that support the storage and processing of information.
Physical security involves two complementary requirements.
I-First, physical security must prevent damage to the physical
infrastructure that sustains the information system. In broad terms,
that infrastructure includes the following:
• Information system hardware: Includes data processing and storage
equipment, transmission and networking facilities, and offline storage
media.
• We can include in this category supporting documentation.
• Physical facility: The buildings and other structures housing the
system and network components.
• Supporting facilities: These facilities underpin
the operation of the information system.
• This category includes electrical power,
communication services, and environmental
controls (heat, humidity, etc.).
• Personnel: Humans involved in the control,
maintenance, and use of the information
systems.
II- Second, physical security must prevent
misuse of the physical infrastructure that leads
to the misuse or damage of the protected
information. The misuse of the physical
infrastructure can be accidental or malicious.
It includes vandalism, theft of equipment,
theft by copying, theft of services, and
unauthorized entry.
 Physical Security Threats
• physical situations and occurrences that
threaten information systems:
A- environmental threats
B- technical threats
C-human-caused threats
 A- environmental threats

• Natural disasters are the source of a wide range of

environmental threats to data centers, other
information processing facilities, and their personnel.
• It is possible to assess the risk of various types of
natural disasters and take suitable precautions so that
catastrophic loss from natural disaster is prevented.
• Examples include – earthquakes, floods, lightning
 Computers and related equipment

• Computers are designed to operate within a certain temperature

range. Most computer systems should be kept between 10 and
32 degrees Celsius (50 and 90 degrees Fahrenheit).
• Outside this range, resources might continue to operate but
produce undesirable results.
• If the temperature around a computer gets too high, the
computer cannot adequately cool itself, and internal
components can be damaged.
• If the temperature gets too cold, the system can undergo
thermal shock when it is turned on, causing circuit boards or
integrated circuits to crack.
 Humidity(‫) لا&&رطوبة‬
• High humidity poses a threat to electrical and
electronic equipment. Long-term exposure to
high humidity can result in corrosion(‫آكل‬
&&&‫) ت‬.
• Very low humidity may cause materials to
change shape, and performance, color.
 Fire
• It is a threat to human life and property. The
threat is not only from direct flame, but also
from heat, release of toxic fumes, water
damage from fire suppression, and smoke
damage.
 Chemical, Radiological, and Biological
Hazards
• pose a threat from intentional attack and from
accidental discharge.
• discharges can be introduced through the
ventilation system or open windows, and in
the case of radiation, through perimeter walls.
• flooding can also introduce biological or
chemical contaminants.
 Dust and infestation
• Dust :rotating storage media and computer
fans are the most vulnerable to damage can
also block ventilation influxes can result from
a number of things:
– controlled explosion of a nearby building
– windstorm carrying debris
– construction or maintenance work in the building
 B- technical threats
• electrical power is essential to run equipment
– power utility problems:
• under-voltage
• Over-voltage
• electromagnetic interference (EMI)
– noise along a power supply line, motors, fans, heavy
equipment, other computers, cell phones, microwave relay
antennas, nearby radio stations
– noise can be transmitted through space as well as through
power lines.
– may interfere with device operation
 C- Human-caused threats
• designed to overcome prevention measures,
harder to deal with.
• Unauthorized physical access
• Theft
• Vandalism: This threat includes destruction
of equipment and data.
• Misuse
 Physical Security Prevention and Mitigation
Measures
• one prevention measure is the use of cloud computing
• inappropriate temperature and humidity
– environmental control equipment, power supply
• fire and smoke
– alarms, preventative measures, fire mitigation
– smoke detectors, no smoking
• water
– manage lines, equipment location, cutoff sensors
• other threats
– appropriate technical counter-measures, limit dust entry,
pest control
 Mitigation Measures
Technical Threats
• uninterruptible power supply (UPS) for each
piece of critical equipment.
• critical equipment should be connected to an
emergency power source (like a generator)
 Mitigation Measures
Human-Caused Threats

• physical access control

– restrict building access
– controlled areas patrolled or guarded
– locks or screening measures at entry points
– equip movable resources with a tracking device
– power switch controlled by a security device
– intruder sensors and alarms
– surveillance systems that provide recording and
real-time remote viewing
Recovery from Physical Security Breaches

• most essential element of recovery is

redundancy provides for recovery from loss of
data.
• ideally all important data should be available
off-site and updated as often as feasible
 summary
• physical security threats
– natural disasters
– environmental threats
– technical threats
– human-caused physical threats
– physical security prevention and mitigation measures
– environmental threats
– technical threats
– human-caused physical threats
– recovery from physical security breaches
– corporate physical security policy example
– integration of physical and logical security
– personal identity verification (PIV)
– use of PIV credential in physical access control systems