Backups are copies of data created to ensure that when the original data is lost or corrupted, it can be restored. If you’re planning to take the SY0-501 version of the Security+ exam, you should understand backup concepts in relation to disaster recovery and continuity of operation concepts.
For example, can you answer this question?
Q. Your backup policy for a database server dictates that the amount of time needed to restore backups should be minimized. Which of the following backup plans would BEST meet this need?
A. Full backups on Sunday and incremental backups on the other six days of the week
B. Full backups on Sunday and differential backups on the other six days of the week
C. Incremental backups on Sunday and differential backups on the other six days of the week
D. Differential backups on Sunday and incremental backups on the other six days of the week
More, do you know why the correct answer is correct and the incorrect answers are incorrect? The answer and explanation are available at the end of this post.
Backup Types
The most common media used for backups is tape. Tapes store more data and are cheaper than other media, though some organizations use hard drives for backups. However, the type of media doesn’t affect the backup type.
The following backup types are commonly used:
• Full backup. A full (or normal backup) backs up all the selected data.
• Differential backup. This backs up all the data that has changed or is different since the last full backup.
• Incremental backup. This backs up all the data that has changed since the last full or incremental backup.
• Snaphots. A snapshot backup captures the data at a point in time. It is sometimes referred to as an image backup.
Choosing Full/Incremental or Full/Differential
A logical question is, “Why are there so many choices for backups?” The answer is that different organizations have different needs. For example, imagine two organizations perform daily backups to minimize losses. They each do a full backup on Sunday, but are now trying to determine if they should use a full/incremental or a full/differential strategy.
The first organization doesn’t have much time to perform maintenance throughout the week. In this case, the backup administrator needs to minimize the amount of time required to complete backups during the week. An incremental backup only backs up the data that has changed since the last backup. In other words, it includes changes only from a single day. In contrast, a differential backup includes all the changes since the last full backup. Backing up the changes from a single day takes less time than backing up changes from multiple days, so a full/ incremental backup is the best choice.
In the second organization, recovery of failed systems is more important. If a failure requires restoring data, they want to minimize the amount of time needed to restore the data. A full/ differential is the best choice in this situation because it only requires the restoration of two backups, the full and the most recent differential backup. In contrast, a full/incremental can require the restoration of several different backups, depending on when the failure occurs.
Snapshot Backup
A snapshot backup captures the data at a moment in time. It is commonly used with virtual machines and sometimes referred to as a checkpoint. Virtual machines (VMs) and administrators often take a snapshot of a VM before a risky operation such as an update. If the update causes problems, it’s relatively easy to revert the VM to the state it was in before the update.
Testing Backups
I’ve heard many horror stories in which personnel are regularly performing backups thinking all is well. Ultimately, something happens and they need to restore some data. Unfortunately, they discover that none of the backups hold valid data. People have been going through the motions, but something in the process is flawed.
The only way to validate a backup is to perform a test restore. Performing a test restore is nothing more than restoring the data from a backup and verifying its integrity. If you want to verify that you can restore the entire backup, you perform a full restore of the backup. If you want to verify that you can restore individual files, you perform a test restore of individual files. It’s common to restore data to a different location other than the original source location, but in such a way that you can validate the data.
As a simple example, an administrator can retrieve a random backup and attempt to restore it. There are two possible outcomes of this test, and both are good:
• The test succeeds. Excellent! You know that the backup process works. You don’t necessarily know that every backup tape is valid, but at least you know that the process is sound and at least some of your backups work.
• The test fails. Excellent! You know there’s a problem that you can fix before a crisis. If you discovered the problem after you actually lost data, it wouldn’t help you restore the data.
An additional benefit of performing regular test restores is that it allows administrators to become familiar with the process. The first time they do a restore shouldn’t be in the middle of a crisis with several high-level managers peering over their shoulders.
Protecting Backups
If data is important enough to be backed up, it’s important enough to protect. Backup media should be protected at the same level as the data that it holds. In other words, if proprietary data enjoys the highest level of protection within an organization, then backups of this data should also have the highest level of protection.
Protecting backups includes:
• Storage. This includes using clear labeling to identify the data and physical security protection to prevent others from easily accessing it while it’s stored.
• Transfer. Data should be protected any time it is transferred from one location to another. This is especially true when transferring a copy of the backup to a separate geographical location.
• Destruction. When the backups are no longer needed, they should be destroyed. This can be accomplished by degaussing the media, shredding or burning the media, or scrubbing the media by repeatedly writing varying patterns of 1s and 0s onto the media.
Q. Your backup policy for a database server dictates that the amount of time needed to restore backups should be minimized. Which of the following backup plans would BEST meet this need?
A. Full backups on Sunday and incremental backups on the other six days of the week
B. Full backups on Sunday and differential backups on the other six days of the week
C. Incremental backups on Sunday and differential backups on the other six days of the week
D. Differential backups on Sunday and incremental backups on the other six days of the week
Answer is B. A full/differential backup strategy is best with one full backup on one day and differential backups on the other days. A restore would require only two backups, making it quicker than the other options.
A full/incremental backup would typically require you to restore more than two backups. For example, data loss on Friday would require you to restore the full backup, plus four incremental backups.
Backups must start with a full backup, so neither an incremental/differential nor a differential/incremental backup strategy is possible.
See Chapter 9 of the CompTIA Security+: Get Certified Get Ahead: SY0-501 Study Guide for more information on protecting data with backups.