《SNIA-SDC23-Yallapragada-Rath-Data-Immutability-Retention-Locking-WORM.pdf》由会员分享,可在线阅读,更多相关《SNIA-SDC23-Yallapragada-Rath-Data-Immutability-Retention-Locking-WORM.pdf(28页珍藏版)》请在三个皮匠报告上搜索。
1、1|2023 Dell Inc.Virtual ConferenceSeptember 28-29,2021Data Immutability Retention Locking/WORMSailu Yallapragada,Distinguished Engineer,Dell TechnologiesJagannathdas Rath,Software Senior Principal Engineer,Dell Technologies2|2023 Dell Inc.Key Takeaways Data Immutability&Retention What is Data Immuta
2、bility and Data Retention?System Implementations to enable data immutability Retention Locks/WORM and its features Enhanced Backup workflows with Data Immutability Tackling Cyber and Ransomware attacks with Immutability Complete Data Immutability Techniques against attack vectors and best practices
3、Data Immutability in action(example use cases)Immutability in Replication Air-gapped Cyber Secure Vault3|2023 Dell Inc.Data Immutability&RetentionData Retention,Backup workflows with and without immutability 4|2023 Dell Inc.Immutable DataData that cannot be modified or deleted,once written.It can be
4、 read multiple times though.Immutable Data(unmodifiable,indelible)5|2023 Dell Inc.Data RetentionRegulatory Requirements Securities and Exchange Commission(SEC),FINRA,SOX,GDPR etc.Organizations coming under these rules must comply with the policies Backup data(and its copies)must be protected in non-
5、modifiable andnon-erasable format for the required durationGovernance Requirements Many companies have self-imposed retention policies Internal policies to preserve data,auditing purposes Meet privacy regulations where historical data might be requested bycustomers or government No mandatory duratio
6、n to comply6|2023 Dell Inc.Typical Data Backup FlowPrimary data getting backed up as per policy schedule or manually Keeps on getting modifiedCannot be made ImmutablePoint in Time Copies Never gets modifiedCan be deleted at any time Can be made ImmutableBackup Policies&Schedules Backup ApplicationBa
7、ckup StorageBackup Servers&Assets addedAssetsBLOCK STORAGENASFiles,ArchivesVirtual Disk imagesBlock Volume SnapshotsFilesystem SnapshotsPrimary DataBackup Data7|2023 Dell Inc.Cyber Attacks&Ransomware1.Cost of Data Breach Report 2023 Ponemone Institute and IBM Security2.2023 Sonicwall Cyber Threat Re
8、portCyber Attacks Hackers/Attackers gain access of the data centers/storage servers Via Stolen credentials,Weak credentials,Phishing attacks,Insider attacks Objectives of such attacks “Gain access to confidential data”ORDestructive breach-“Destroy all data,backups and copies to bring down the organi
9、zation”Ransomware Attacks Kind of a malware that creeps into the client systems Its attack model is to encrypt all the application/system data and ask for a significant fee to decrypt them%of all data breaches1493 Million attacks2(16 attacks/second)Avg.$5.13 Million loss/attack12022-20232
10、5%of all data breaches1Avg.$5.24 Million loss/attack18|2023 Dell Inc.Cyber Attacks,Ransomware&Accidental DeletesCyber Attacks|RansomwareStolen credentials Weak credentialsPhishing attacksInsider attacksDestroy Primary DataEncrypt Primary DataPrimary data gets backed up as per scheduleRansomware encr
11、ypted data gets backed up as copiesAccidental DeletesDestroy Backup copies alsoLeave nothing to recover fromUnintentional Cron JobsMistaken User deletionsMistaken Admin deletionsWrong directory pathFile OverwritesRansomware impact detectedAdmins try to restore previous backup copy of dataNo Reliable
12、 Backup copy present to recoverPrimary Application DataNon-Immutable Backup DataBackup Copy1Backup Copy2Backup Copy3Backup Copy4Backup Copy5 Encrypted bad copiesGood copiesdestroyedNo“Reliable”copy left for later recoveryRecoveryNo Recovery possible9|2023 Dell Inc.Ways to Make Data ImmutableMake Rea
13、d-Only(RO)RO data cannot be deleted or modified directly Still not enough protection from all threats Attackers can toggle RO mode on data and then destroy it No defined duration of protectionRetention Locking/WORM Data is allowed to be written only once No modifications or deletion until lock expir
14、es No way for attackers to toggle the lock mode They have to wait until the lock duration expires 10|2023 Dell Inc.Retention Locking VariantsCompliance Mode Complaint with regulatory requirements like SEC 17f-4(a)and FINRA Stricter variant No lock reversal possible Enforces dual sign-on requirements
15、 Support for placing indefinite“legal hold”on the locked&expired dataGovernance Mode Administration and Governance use cases within Organization Lenient Variant Admins can revert locks before expiry No dual authentication measures enforced Support for placing indefinite“legal hold”on the locked&expi
16、red data11|2023 Dell Inc.Data Backup Flow With ImmutabilityBackup StorageIntegrated Backup Application5.Ingest data from client systems into the backup serverPrimary data Keeps on getting modifiedCannot be made ImmutableBackup data Point in Time Copies Never gets modifiedCan be made Immutable1.Integ
17、rate backup apps with the RL capability of backup servers2.Add backup servers to the backup application3.Add assets to be backed up to the backup application4.Create backup policies with RL enabled for the required duration6.Utilize RL APIs/methods to lock newly ingested data in backup server7.Clean
18、up old backup files after their locks expireAssetsBLOCK STORAGENAS12|2023 Dell Inc.Data Immutability-Protection Against RansomwareCyber Attacks|RansomwareStolen credentials Weak credentialsPhishing attacksInsider attacksDestroy Primary DataEncrypt Primary DataPrimary data gets backed up as per sched
19、uleRansomware encrypted data gets backed up as copiesAccidental DeletesDestroy Backup copies alsoLeave nothing to recover fromUnintentional Cron JobsMistaken User deletionsMistaken Admin deletionsWrong directory pathFile OverwritesBlocked as Data is Immutable nowBlocked-as Data is Immutable nowRanso
20、mware impact detectedAdmins try to restore previous backup copy of dataLast good copy recovered successfullyPrimary Application DataImmutable Backup DataBackup Copy1Backup Copy2Backup Copy3Backup Copy4Backup Copy5 Encrypted bad copiesGood copiescannot be destroyed“Reliable”copies still available for
21、 later recovery13|2023 Dell Inc.Complete Data Immutability-Attack VectorsNamespace and Beyond-Challenges&Best Practices14|2023 Dell Inc.Physical Access to Data CenterAttackers gaining physical access to the datacenter that hosts the backup server is a major concern as well.They can physically destro
22、y the disks,shred them,or secure erase them Such attackers are usually from within the organization and have seamless physical accessAccess is not refreshed periodically(revokes,grants)Absence of strict access guidelines in the organizationShared access between employees without any restrictions/rol
23、esGrant physical access to datacenters on a need basisFollow industry standard physical access guidelinesShared Responsibility Mode Customers need to ensure security&protection for the areas under their control15|2023 Dell Inc.Dual Sign-on ModelRequires two users System Admin&Security Officer(SO)SO
24、credentials to be owned by a different individual in the organizationTo prevent data destruction by a single attackerEven stronger by-Multi-Factor-Authentication(MFA)for SO credentials Enforced by compliance variants16|2023 Dell Inc.Namespace Level Protection And BeyondFilesystem Namespace Protectio
25、nNamespace level protection via its Retention Lock capabilityOperations like file modify,delete,rename,resize,overwrite,truncate etc.are blockedLocked data cannot be tampered or deleted in any way via the namespace operationsBeyond Namespace?Attackers can exploit layers beyond the filesystem namespa
26、ce to destroy retention locked dataFor example:Clock&NTP OS shell Hypervisor Boot loader Platform management interface17|2023 Dell Inc.Attack VectorMitigationClock&NTPCan move the system clock forward and delete locked files prematurely before expiry Can control the external NTP servers to manipulat
27、e date and time in the backup serverRestrict the frequency and amount of clock modifications and bring NTP configurations under Dual sign on modelEnable secure clock in the backup server software to detect clock skewRestrict the amount of time skew that is allowed18|2023 Dell Inc.Attack VectorMitiga
28、tionOperating SystemCan enter#bash shell as root user and execute disk level destructive commandsNo dual-sign on kind of protection available in operating systemsUse strong root user password or randomize it.Prevent unlimited entry into the root shellsEnforce need for time bound unique token to acce
29、ss the OS root shell.19|2023 Dell Inc.Attack VectorMitigationHypervisors(Ex.ESXi,Hyper-V)Can enter the hypervisor console and perform destructive operations -Delete virtual disks,delete virtual machines,corrupt physical disks holding the virtual disks etc.Lockdown hypervisor console if supportedBloc
30、k CLI,GUI,or REST API interfaces from outside access Restrict Hypervisor console access20|2023 Dell Inc.Attack VectorMitigationBootloaders(Ex.GRUB,LILO)Can enter Single User Mode of OS and perform the destructive operationsCan exploit/misuse various disk management commands available in the bootload
31、er console itself Set randomized bootloader passwordPrevent bootloader entry modifications,Prevent bootloader console accessProvide access only via USB keys requiring when physical access is needed in the server21|2023 Dell Inc.Attack VectorMitigationPlatform Management Interfaces(Ex.iDRAC,ILO)Can e
32、nter the remote management interface(ex.IPMI,ILO,iDRAC etc.)and destroy disk volumes,disk groups,raid configs,initialize disks etc.Disconnect management interfaces from the network so that physical presence is enforcedRandomize root user passwordDisable platform management users by default(they can
33、be enabled securely on need basis)22|2023 Dell Inc.Advantage of Hyper-converged/Converged AppliancesEx.Dell Power Protect DM5500 Integrated ApplianceAll the components of a backup ecosystem are bundled into one single unit.Hyper-converged/converged appliance vendors have additional control on more a
34、reas end-to-end and can hardened them effectively.Backup ApplicationPower Protect Data ManagerRL Integrated Backup ApplicationBackup ServerPower Protect Data Domain Virtual EditionData Immutability via Retention LockHardened Clock&NTP managementSecured OS Shell accessSpecial RLC Security Clock Dedup
35、licationHardened GRUB Layer(No GRUB console access)Hardened iDRAC Layer(Remote Management interface restricted&users disabled by default)Hardened Hypervisor layer(Console and Interfaces Protected)Dell Power Protect DM5500Integrated Backup Appliance23|2023 Dell Inc.Data Immutability in ActionExample
36、use cases:Replication&Air-gapped Cyber Secure Vaults24|2023 Dell Inc.Retention Locking in Replication EnvironmentReplication Source Backup ServerReplication Destination Backup ServerPrimary data get ingested as per scheduleReplication policy between backup servers New data get replicated regularly R
37、etention Lock state of system and files also get replicatedFile1Expiry:Dec 31,2025File1Expiry:Dec 31,20251st Immutable Backup Copy2nd Immutable Backup CopyAssetsBLOCK STORAGENASCopy Data Management25|2023 Dell Inc.Data-protection via Air-gapped Cyber Secure VaultsReplication Source Backup ServerDell
38、 Power Protect Cyber Recovery VaultPrimary data get ingested as per scheduleReplication policy between backup servers AIR GAPAutomated Operational Air GapGap is closed for a durationto allow replication and then opened againDell Power Protect Cyber Recovery Dell Power Protect Data Domain Virtual Edi
39、tionCyberSense AI/ML analysis to detect Ransomware infected dataImmutable Point in Time copies of backup data Recovery path From Restore points(PIT copies)AssetsBLOCK STORAGENASCopy Data Management26|2023 Dell Inc.Please take a moment to rate this session.Your feedback is important to us.27|2023 Del
40、l Inc.Auto Retention Lock(ARL)/Default Retention LockAfter ingest,data gets auto-locked for a pre-configured durationTransforms from“Backup application controlled”to“Storage controlled”lockingAuto Retention Period:Duration for which all new files would be auto-lockedCooling Off Period(COP):No-modifi
41、cation duration after which files get auto-lockedNon-integrated backup applications benefit the most28|2023 Dell Inc.Legal Holds on DataRegulatory or Judicial asks to hold the compliance data until investigation is over.With a legal hold,retention lock expired data also cannot be deletedLegal holds stay until removed manually.Also called as Indefinite Retention Hold(IRH)