1 / 18

Secure Storage Servers

Secure Storage Servers. An Intrusion Recovery System. The Situation. After a security breach, compromised files must be restored and the system must be returned to a stable, secure state. This requires an efficient, secure intrusion recovery system. The Standard Solution.

kelly-schwartz
Download Presentation

Secure Storage Servers

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Secure Storage Servers An Intrusion Recovery System CS 591 - Nicholis Bufmack

  2. The Situation • After a security breach, compromised files must be restored and the system must be returned to a stable, secure state. • This requires an efficient, secure intrusion recovery system. CS 591 - Nicholis Bufmack

  3. The Standard Solution • Standard solutions use a file system integrity check that involves periodically generating a checksum or hash (MD5, for instance) and comparing the files after a break-in. • Files with an inconsistent signature can be restored. CS 591 - Nicholis Bufmack

  4. Problems with this Solution • It takes a long time to create the checksum and verify the integrity of the files. • Changed files must be restored making the system unavailable during restoration. • Files can only be restored from a restore point that may not be current. CS 591 - Nicholis Bufmack

  5. A Better Solution • Utilize distributed files system technology, file replication, and a restore point service. • Secure the backup archives and restoration process on a separate server. CS 591 - Nicholis Bufmack

  6. Constraints • My methodology was developed under the following platform: • Microsoft Windows 2003 Server R3 • NTFS File System • DFS (Distributed File System) Service • VSS (Volume Shadow Copy) Service • SQL Server 2005 • WMI Scripting CS 591 - Nicholis Bufmack

  7. Hardware • Must run the core platform and include at least 2 servers: 1 for the Domain Server and 1 for the Secure Storage Server • The faster the network connection the better: Ethernet LAN. CS 591 - Nicholis Bufmack

  8. Topology SQL Server Domain Controller -------- DFS Service Secure Storage Server ---------------- VSS Service VSS Archives File Server File Server CS 591 - Nicholis Bufmack

  9. Distributed File System • DFS allows for files and volumes to be distributed across multiple servers. • Using file replication, files can be replicated to ensure uniformity OR in a single direction for backup purposes. • Replicates only changes to a file – very efficient use of bandwidth. CS 591 - Nicholis Bufmack

  10. Volume Shadow Copy • Creates a backup and a hash for restoration point services. • Can be used on volumes or files. • Can be used to create system wide snapshots. CS 591 - Nicholis Bufmack

  11. Functionality • 2-Way replication occurs between Domain Controller and File Services. • Initially, 1-way replication occurs between Domain Controller and Secure Storage Server. • VSS snapshots and archives are made on the Storage Server of changed files. CS 591 - Nicholis Bufmack

  12. Functionality (cont.) • Using WMI and stored procedures, file signatures can be placed inside the SQL Server based on VSS file archived trigger messages. • The resulting restore points are created with fine granularity. • Processing of restore point creation occurs only on Secure Storage Server. CS 591 - Nicholis Bufmack

  13. Restoration • Search the SQL database for files changes since the incidence • Suspend the DFS replication to the Secure Storage Server • Restore the VSS archives and/or snapshots for that time period. • Restored files and/or snapshots are placed on the Secure Storage Server. CS 591 - Nicholis Bufmack

  14. Restoration (cont.) • Suspend DFS Replication from the File Servers to the Domain Controller. • Reverse the replication direction to the Secure Storage Server and resume replication. • Replicate to the File Servers and restore the initial state. CS 591 - Nicholis Bufmack

  15. Benefits • Real-time file and system snap shots. • Minimal bandwidth utilization for copying of replicated files. • Secure Storage Server can be put behind a file wall isolated from the main subnet. • Processing occurs only on Secure Storage Server. CS 591 - Nicholis Bufmack

  16. Benefits (cont.) • During restoration, the subnet need not be taken down and unaltered files need not be made unavailable. Only affected volumes and files need to be restored and can be restored while the rest of the system is in use. • Entire process can be automated. CS 591 - Nicholis Bufmack

  17. Limitations • Works only on a Windows Network within a Windows ADS Domain. • Will not operate with non-Windows file systems, such Linux ext3. • May not operate with some Windows file systems, such as FAT and FAT32. • Some metadata information, such as alternative data streams, may be lost. CS 591 - Nicholis Bufmack

  18. References and More Info. • See my report, to be uploaded soon. CS 591 - Nicholis Bufmack

More Related