Backup Policy, Standards, and Procedures
A backup policy provides the information detailing the what, who, when, and where of information system backups. Standards designate the current approved backup programs and methodologies that will be used. Procedures detail the steps that must be taken to fulfill the policies and meet the standards. Refer to your organization's policy, standards, and procedures to determine what must be done accordingly. You should also be knowledgeable of the specifics of Windows Server 2003 backup and restore. You must ensure that your organization's documentation and practices fulfill the requirements stated by Microsoft for full data recovery, and you must also test the procedures to ensure that when you need to recover, you can.
Many organizations use third-party backup software instead of the native backup software included with Windows Server 2003. They say they do so because the features they require are not available with the native backup software. This may be true, but I have found that many organizations purchase third-party software without even knowing what they can do without it, and they only use features that are readily available in the native software.It is also true that sometimes their knee-jerk reliance on third-party software gets them into trouble when it is not Active Directoryaware. Things appear to work just fine until they must restore Active Directory.Finally, knowing what needs to be backed up and the native tools that are available to do so leads to better purchasing decisions because the right software will be purchased and better backup processes because the requirements of the operating system and the organization are known. If native tools do not fulfill the requirements, third-party software should be purchased. |
More specifically, if your documentation does not include instructions on backing up system data for Windows systems, especially domain controllers and specialized services, you need to do so. In the interim, you should ensure the correct backup of this data.Active Directory-Specific Backup Basics
The backup of the Active Directory database and the associated files that are needed to restore Active Directory are included in a system state backup. But the requirements of restoring Active Directory also dictate how old of a backup can be used in a restore. An Active Directory restore requires that the backup used be no older than the Active Directory tombstone lifetime.An Active Directory tombstone is created when an object in the Active Directory is deleted. This tombstone is replicated throughout the domain and takes the place of the object. This ensures that the change is replicated throughout the domain, and yet prevents use of the object on those domains that have received the change. The tombstone eventually is deleted based on the tombstone lifetime. In a perfect world, the tombstone lifetime would exactly match the period that extends from the moment the object is deleted on one DC to the moment when every DC receives the replicated change. Although it is possible to determine how long it takes for changes to replicate throughout a specific Active Directory environment, this period may vary over time and therefore cannot be accepted as the time it will always take. Therefore, the tombstone lifetime should be set longer than the longest time it takes for changes to the Active Directory to be replicated, and any major change will require an adjustment. The tombstone lifetime is set to 60 days by default.The tombstone lifetime attribute is part of the enterprise-wide DS config object and is located at CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuraiton,DC=domainname,DC=domainextension. To change the tombstone lifetime, you need to use adsiedit.msc, ldp.exe, or an ADSI script.If a backup older than the tombstone lifetime must be used in an Active Directory restore, the replica will have objects in its database that no other DC will have. An administrator would have to manually delete each object on the restored DC.In most environments where a regular backup plan is adopted and enforced, a backup of Active Directory is usually made more frequently than every 60 days. Take care to see that the Active Directory tombstone lifetime is not adjusted arbitrarily or shortened without ensuring that the backup/restore procedures will provide a backup that can be successfully used in an Active Directory restore.The Part Backup Plays in an Organization's Business Continuity Plan
In addition to operating system and Windows Server 2003 applications and services, a complete backup program includes provisions for all applications and data. A backup program is but one part of a disaster recovery program, which in turn is part of a business continuity plan. A disaster recovery program creates plans and recovery practices for major disasters, such as a flood, fire, system or network compromise, or other major events. It should include provisions for offsite storage of backups as well as plans for recovering information systems at an alternative location. Disaster recovery includes plans for recovery of other critical business systems as well. Business continuity plans include this process and dictate how to return the business from recovery to a continuation of the business in a more normal operational mode, such as rebuilding and returning to the business location or moving to a new one, restoring less essential services such as access to cafeteria lunch menus, and so forth. The book Network Security: The Complete Reference (published by McGraw-Hill Osborne, 2003) contains a good introduction to disaster recovery and business continuity. |
لطفا منتظر باشید ...
Windows Server 2003 Security: A Technical ReferenceBy
Table of Contents
| Index
If you''''re a working Windows administrator, security is your #1
challenge. Now there''''s a single-source reference you can rely on
for authoritative, independent help with every Windows Server
security feature, tool, and option: Windows Server 2003
SecurityRenowned Windows security expert Roberta Bragg has brought
together information that was formerly scattered through dozens of
books and hundreds of online sources. She goes beyond facts and
procedures, sharing powerful insights drawn from decades in IT
administration and security. You''''ll find expert implementation tips
and realistic best practices for every Windows environment, from
workgroup servers to global domain architectures. Learn how to:
Reflect the core principles of information security throughout
your plans and processes
Establish effective authentication and passwords
Restrict access to servers, application software, and
data
Make the most of the Encrypting File System (EFS)
Use Active Directory''''s security features and secure Active
Directory itself
Develop, implement, and troubleshoot group policies
Deploy a secure Public Key Infrastructure (PKI)
Secure remote access using VPNs via IPSec, SSL, SMB
signing,
LDAP signing, and more
Audit and monitor your systems, detect intrusions, and respond
appropriately
Maintain security and protect business continuity on an ongoing
basis"Once again, Roberta Bragg proves why she is a leading authority
in the security field! It''''s clear that Roberta has had a great deal
of experience in real-world security design and implementation. I''''m
grateful that this book provides clarity on what is often a
baffling subject!"James I. Conrad, MCSE 2003, Server+, Certified Ethical
Hacker
James@accusource.net"Full of relevant and insightful information. Certain to be a
staple reference book for anyone dealing with Windows Server 2003
security. Roberta Bragg''''s Windows Server 2003 Security is a
MUST read for anyone administering Windows Server 2003."Philip Cox, Consultant, SystemExperts Corporation
phil.cox@systemexperts.com"Few people in the security world understand and appreciate
every aspect of network security like Roberta Bragg. She is as
formidable a security mind as I have ever met, and this is
augmented by her ability to communicate the concepts clearly,
concisely, and with a rapier wit. I have enjoyed working with
Roberta more than I have on any of the other 20 some odd books to
which I have contributed. She is a giant in the field of network
security."Bob Reinsch
bob.reinsch@fosstraining.com"Windows Server 2003 Security explains why you should do
things and then tells you how to do it! It is a comprehensive guide
to Windows security that provides the information you need to
secure your systems. Read it and apply the information."Richard Siddaway, MCSE
rsiddaw@hotmail.com"Ms. Bragg''''s latest book is both easy to read and technically
accurate. It will be a valuable resource for network administrators
and anyone else dealing with Windows Server 2003 security."Michael VonTungeln, MCSE, CTT
mvontung@yahoo.com"I subscribe to a number of newsletters that Roberta Bragg
writes and I have ''''always'''' found her writing to be perfectly
focused on issues I ''''need'''' to know in my workplace when dealing
with my users. Her concise writing style and simple solutions bring
me back to her columns time after time. When I heard she had
written a guide on Windows 2003 security, I ''''had'''' to have it.Following her guidance on deployment, her advice on avoiding
common pitfalls, and her easy to follow guidelines on how to lock
down my network and user environments (those darned users!) has me
(and my clients) much more comfortable with our Win2k3 Server
deployments. From AD to GPO''''s to EFS, this book covers it all."Robert Laposta, MCP, MCSA, MCSE, Io Network Services, Sierra
Vista
AZrob.laposta@cox.net"Roberta Bragg has developed a ''''must have'''' manual for
administrators who manage Microsoft Windows 2003 servers in their
organizations. The best practices for strengthening security
controls are well organized with practical examples shared
throughout the book. If you work with Windows 2003, you need this
great resource."Harry L. Waldron, CPCU, CCP, AAI, Microsoft MVP - Windows
Security Information Technology Consultant
harrywaldronmvp@yahoo.com"Roberta Bragg''''s Windows Server 2003 Security offers more
than just lucid coverage of how things work, but also offers sound
advice on how to make them work better."Chris Quirk; MVP Windows shell/user
cquirke@mvps.org"This book is an invaluable resource for anyone concerned about
the security of Windows Server 2003. Despite the amount and
complexity of the material presented, Roberta delivers very
readable and clear coverage on most of the security-related aspects
of Microsoft''''s flagship operative system. Highly recommended
reading!"Valery Pryamikov, Security MVP, Harper Security Consulting
valery.pryamikov@harper.no"As long as you have something to do with Windows 2003, I have
four words for you: ''''Order your copy now.''''"Bernard Cheah, Microsoft IIS MVP, Infra Architect, Intel
Corp.
bernard@mvps.org"Roberta Bragg has developed a ''''must have'''' manual for
administrators who manage Microsoft Windows 2003 servers in their
organizations. The best practices for strengthening security
controls are well organized, with practical examples shared
throughout the book. If you work with Windows 2003, you need this
great resource."Harry L. Waldron
CPCU, CCP, AAI Microsoft MVPWindows Security Information
Technology Consultant
