A Web Site Protection Oriented Remote Backup and Recovery Method



Similar documents
Res. J. Appl. Sci. Eng. Technol., 5(7): , 2013

STREAD CLOUD BACKUP MILITARY-GRADE ONLINE BACKUP BUILT FOR YOUR BUSINESS

Web-Based Data Backup Solutions

Maintaining a Microsoft Windows Server 2003 Environment

Table Of Contents. - Microsoft Windows - WINDOWS XP - IMPLEMENTING & SUPPORTING MICROSOFT WINDOWS XP PROFESSIONAL...10

NAS 259 Protecting Your Data with Remote Sync (Rsync)

Yiwo Tech Development Co., Ltd. EaseUS Todo Backup. Reliable Backup & Recovery Solution. EaseUS Todo Backup Solution Guide. All Rights Reserved Page 1

Web Security School Final Exam

Ovation Security Center Data Sheet

VMware vsphere Data Protection

Xopero Centrally managed backup solution. User Manual

Product Brief. DC-Protect. Content based backup and recovery solution. By DATACENTERTECHNOLOGIES

NE-2273B Managing and Maintaining a Microsoft Windows Server 2003 Environment

Detailed Features. Detailed Features. EISOO AnyBackup Family 1 / 19

Exploration on Security System Structure of Smart Campus Based on Cloud Computing. Wei Zhou

Maintaining a Microsoft Windows Server 2003 Environment

C p o y p r y i r g i h g t D t e a t i a lie l d

HELPDESK & SERVER MONITORING. Helpdesk HOURS OF COVER KEY FEATURES

DNS must be up and running. Both the Collax server and the clients to be backed up must be able to resolve the FQDN of the Collax server correctly.

VTLBackup4i. Backup your IBM i data to remote location automatically. Quick Reference and Tutorial. Version 02.00

BackupAssist v6 quickstart guide

CA ARCserve Replication and High Availability Deployment Options for Hyper-V

Cover sheet. How do you create a backup of the OS systems during operation? SIMATIC PCS 7. FAQ November Service & Support. Answers for industry.

Security Policy JUNE 1, SalesNOW. Security Policy v v

Managing and Maintaining a Microsoft Windows Server 2003 Environment

Deployment Topologies

Part Two: Technology overview

NAS 253 Introduction to Backup Plan

ClockWork Enterprise 5

System Management. What are my options for deploying System Management on remote computers?

CA ARCserve Family r15

HP IMC Firewall Manager

White Paper ClearSCADA Architecture

Ovation Security Center Data Sheet

TECHNOLOGY OVERVIEW INTRONIS CLOUD BACKUP & RECOVERY

ViewBox: Integrating Local File System with Cloud Storage Service


Enterprise Backup and Restore technology and solutions

Backup and Recovery FAQs

Table of Contents. Introduction. Audience. At Course Completion

VIPERVAULT STORAGECRAFT SHADOWPROTECT SETUP GUIDE

We look beyond IT. Cloud Offerings

VANGUARD ONLINE BACKUP

IBM Tivoli Storage Manager for Microsoft SharePoint

Retrospect 7.7 User s Guide Addendum

HP A-IMC Firewall Manager

Symantec Backup Exec Blueprints

Quanqing XU YuruBackup: A Highly Scalable and Space-Efficient Incremental Backup System in the Cloud

EISOO AnyBackup 5.1. Detailed Features

Administering the Web Server (IIS) Role of Windows Server

Virtual Machine Environments: Data Protection and Recovery Solutions

SOLUTION GUIDE AND BEST PRACTICES

Administering the Web Server (IIS) Role of Windows Server 10972B; 5 Days

Active Directory - User, group, and computer account management in active directory on a domain controller. - User and group access and permissions.

Database Backup and Recovery Guide

MCSE Objectives. Exam : TS:Exchange Server 2007, Configuring

Symantec Backup Exec.cloud

CrashPlan PRO Enterprise Backup

BackupAssist v6 quickstart guide

User Guide. CTERA Agent. August 2011 Version 3.0

INTRUSION PROTECTION AGAINST SQL INJECTION ATTACKS USING REVERSE PROXY

Frequently Asked Questions About WebDrv Online (Remote) Backup

Maintaining the Content Server

HIGH AVAILABILITY DISASTER RECOVERY SOLUTION

IceWarp to IceWarp Server Migration

Loophole+ with Ethical Hacking and Penetration Testing

Planning for Windows Server 2008 Servers

"Charting the Course to Your Success!" MOC D Windows 7 Enterprise Desktop Support Technician Course Summary

APPENDIX G ASP/SaaS SECURITY ASSESSMENT CHECKLIST

Easy Setup Guide 1&1 CLOUD SERVER. Creating Backups. for Linux

Service Level Agreement (SLA) Arcplace Backup Enterprise Service

Capability Service Management System for Manufacturing Equipments in

FORBIDDEN - Ethical Hacking Workshop Duration

Projectplace: A Secure Project Collaboration Solution

DocAve 6 Service Pack 1 Platform Backup and Restore

IBM Security QRadar Vulnerability Manager Version User Guide

Redefining Microsoft SQL Server Data Management. PAS Specification

National Fire Incident Reporting System (NFIRS 5.0) Configuration Tool User's Guide

Best Practices for Trialing the Intronis Cloud Backup and Recovery Solution

Multi-level Metadata Management Scheme for Cloud Storage System

Frequently Asked Questions

Passing PCI Compliance How to Address the Application Security Mandates

Comparing Microsoft SQL Server 2005 Replication and DataXtend Remote Edition for Mobile and Distributed Applications

CTERA Agent for Windows

Disk-to-Disk-to-Offsite Backups for SMBs with Retrospect

PN: Using Veeam Backup and Replication Software with an ExaGrid System

10972B: Administering the Web Server (IIS) Role of Windows Server

Compulink Advantage Online TM

MCSA Objectives. Exam : TS:Exchange Server 2007, Configuring

RingStor User Manual. Version 2.1 Last Update on September 17th, RingStor, Inc. 197 Route 18 South, Ste 3000 East Brunswick, NJ

Storage Guardian Remote Backup Restore and Archive Services

Hyperoo 2 User Guide. Hyperoo 2 User Guide

FAQ. Hosted Data Disaster Protection

Total Backup Recovery 7

Migration and Disaster Recovery Underground in the NEC / Iron Mountain National Data Center with the RackWare Management Module

Data Replication in Privileged Credential Vaults

Managing and Maintaining a Windows Server 2003 Network Environment

CimTrak Technical Summary. DETECT All changes across your IT environment. NOTIFY Receive instant notification that a change has occurred

Transcription:

2013 8th International Conference on Communications and Networking in China (CHINACOM) A Web Site Protection Oriented Remote Backup and Recovery Method He Qian 1,2, Guo Yafeng 1, Wang Yong 1, Qiang Baohua 1 1. Key Laboratory of Cognitive Radio and Information Processing, Ministry of Education Guilin University of Electronic Technology, Guilin 541004, China 2. College of Computer, National University of Defense Technology, Changsha 410073 treeqian@gmail.com Abstract It becomes more and more important to protect the security of web sites. In order to solve the problem about web site disaster recovery, a web site protection oriented remote backup and recovery method is proposed in this paper. Customers can design various backup strategies such as full, incremental and differential backup by themselves. A multi version control method is given to text files, and the remote transmission and backup mechanism is designed based on Rsync and FTP protocols. Rsync is used to reduce the transferred data efficiently, the experiment results show that the remote backup and recovery system can work fast and it can meet the requirements of web site protection. Keywords-Backup and Recovery, Web Protection, Version Control, Rsync, FTP I. INTRODUCTION With the rapid development of Internet technologies and applications, websites Information security issues are increasingly complex, and the Webpage has been tampered more and more seriously. The statistics of 2010 Internet Security Report given by the National Computer network Emergency Response technical Team/Coordination Center of China (CNCERT/CC) shows that Web pages Tampered events are at the top of the all the events of network security. According to the monitoring data, there are Web sites are being tampered with the average number of 2904 every month, and there are 100 sites being tampered in Chinese mainland per Day [1]. The problem about how to protect Web files is facing severe challenges. Once the web pages are tempered by a hacker illegally, it may hurt their owners and even bring some society serious damage and negative influence. So, the studies of web pages anti-tampered system or web site protection system are pay attention to. The studies of anti-tampered protection of the website can be separated into 3 types: pre-prevention, inrestraint and post-recovery [2]. The pre-prevention relies on some safety assessment and firewalls, such as ref [3], using static analysis to test if the Web code exits security vulnerabilities. Firewalls and Intrusion detection systems are typical technologies for in-restraint protection. Post-recovery, as the last measure which can prevent page from being tampered, requires the web page to be recovered timely after being tampered. Existing researches discuss little about postrecovery mechanisms which is usually used as the complement of Website Protection System. Ref [4] introduces a web antitampered model. The model includes a prepared recovery subsystem which can provide bare metal system recovery after the Web server fails to work. However, it is not able to achieve the requirements of real-time recovery after the event. From the publicly available information, we can know that a lot of popular web site protection system have weak backup and recovery capacity. For example, IGuard [5] has no backup and recovery function, WebGuard [6] only uses digital certificates for file encryption backup, and InforGuard [7] just takes a simple automatic incremental backup. None of these systems can achieve the real-time recovery after a WEB page being tampered. There are a lot of backup products in the market, but most of these systems focus on large-scale clusters which provide centralized backup service [8], for example, the massive data backup and storage without paying attention to the real-time backup and recovery of small files. Therefore, they cannot satisfy the requirements of safety recovery mechanisms of anti-tampered Webpage. The common file management system is not suitable for the requirements of antitampered system of Webpage. In this paper, we design a specific web site protection oriented backup and restore method to solve the special requirements of website protection. The automatic backup and recovery system for Web site not only plays an important part in the Web defense system but also is the last line for disaster recovery. After a server is attacked successfully by a hacker, all the files on that server shouldn t be trusted. So, the remote data outside the web site should be used, and then the backup and restore method is needed. Based on our former work [9], importing multi-version control and the Rsync synchronization algorithm, which is simple to realize and easy to achieve remote data synchronization fast [10], a specific web site protection oriented remote backup and restore method is designed. In this method, a multi version control method is given to text files recovery, transferred data are obtained based on Rsync which can decrease communication, and the File Transfer Protocol (FTP), a very popular and standard network protocol, is used in the transmission process. The rest of this paper is organized as follows. The overview system architecture is discussed in section 2. Section 3 introduces the multi-version control method for the text file. The remote transmission and backup/recovery method is 395 978-1-4799-1406-7 2013 IEEE

presented in Section 4 and the performance is evaluated in Section 5. Finally, we conclude the paper in Section 6. II. THE OVERVIEW OF SYSTEM ARCHITECTURE A. The distributed anti-tampered system All our work are based on the distributed anti-tampered system[9] which provides a full range of three-dimensional protection system for the Website, including five subsystems: consists of five sub systems including web file monitor, content publish, reverse proxy, backup and recovery, and monitor center, as shown in Figure 1. Fig.1 The distributed anti-tampered system architecture The web file monitor subsystem runs on web servers, including application and driver components. All the operations such as file creation, deletion and modification of web directories are monitored by driver component. While illegal modifications are found, messages can be forbidden and sent to application components to warn. The content publish subsystem is used to publish web program files to web server. Only the web pages that publish through this subsystem are legal, otherwise are illegal. The processes of content publish use SSL and digital certificate technology. The reverse proxy subsystem runs on independent servers. It not only achieve WWW server to forward requests and responses, but also checks semantics, protects dynamic pages, and resists SQL injection and cross site scripting attacks. The backup and recovery subsystem can backup program files of websites. When the websites files are lost or illegal modified, they can be recovered based on this subsystem. The remote backup and recovery method talking in this paper is working for this subsystem. The monitor center subsystem is a unified administrator platform for all these subsystems. The running information of web servers, webpage intrusion detection warning, and interactive information between subsystems are shown. B. The backup and restore model The backup and recovery system model mainly consists of local backup system and remote backup system which is shown in Figure 2. The local backup system uses snapshot technology. If the Web server s pages and snapshot files are destroyed at the same time, on this occasion, the tampered pages cannot be recovered only relying on local backup. To protect the security of the Web server further, it deploys on the remote backup server, and the administrator can define backup strategies. There are several kinds of remote backup strategies including full, differential and incremental. The full backup needs more space, the differential backup can backup fast and the incremental has better space performance. Administrators can select the backup strategy based on what they need. When the differential and incremental strategies are used, there are text and file modes. Every line is checked in the text mode, while the file mode just test whether the whole file is modified. So, the version control management is used for the text mode in the remote backup and recovery system. According to the administrator s strategies, the file system can achieve file backup and restore. As the time goes, there are more and more backup files. In order to recover to either station before, we need to carry on version management for these files. So that when it is recovering the webpage, we can achieve a particular page or a special period Website for the exact restore. In order to improve the speed of backup and restore, and reduce network load, all transfer data are gotten based on Rsync, and then they are compressed and transferred using FTP over the network. Figure 2 Backup and recovery model III. THE TEXT VERSION CONTROL MANAGEMENT Because a lot of web files are text mode, for example, files of jsp, php, asp and so on, these is a special multi-version control management mechanism for that. Web files of web server changes frequently and how to recover is complex. The version control system must have the following characteristics: (1) Using the version of the directory tree to implement a change to track the virtual version of the file system, file and directory; (2) Recording the reasons for changes and modification; (3) Getting the differences between the version and the local copy; (3) When two users modify a file, the system can automatically merge changes; (4) Preventing unauthorized modification and access. The purpose of version comparison is to obtain the differences between the same documents of different versions. Each time the same file updates are logged to a differential file by the system and version comparison is based on these differential files. The generation of differential file based on two rules: the add operation and delete operation. An example of add operation to note the generation process of differential files is shown as follows. add line start: \\m,n Content to be added 396

add line end The first line represents the add operation, m identifies the starting row will be added, and n gives the total number of rows that will be added. Based on these differential files, the system can obtain the difference between any versions of the files, which is conducive to recovery page on the version of choice. The backup and recovery subsystem generates a version when the content distribution subsystem publishes a web site to the web server. When the web server is illegal tampered, the recovery sub-module will receive the restore instruction from the monitoring center, then analyze the instruction and obtain to the files' information. Lastly, version control module extracted corresponding version files according to version information and send it to the web server, the process is shown in Figure 3. IV. Figure 3 Version control mechanism REMOTE TRANSMISSION AND BACKUP/RECOVERY A. File synchronization and transmission In the web site protection system, web files may be small and changed frequently, so how to realize synchronous files between website and backup servers are very important. In the process of backup and restoring files, the synchronous algorithm and the transmission protocol may affect speed very much. In our method, rsync and standard FTP protocol are selected. Client:Backup Server bda abcd h1 h2 Hash FTP Hash Server:Web Server F F FTP Matching ef abcd h1 F diff Figure 4 Synchronization and transmission mechanism In the synchronous process, the web server works as server, and the backup server works as client. The client checks the h2 server-side data regularly. If there are changes it will send the synchronous request to the web server for refreshing its data. Assuming the client file is F and the server-side file is F. After synchronization, the client file will be synchronized as F. In many systems, the server-side F is directly sent to the client to cover F files. It is simple but has many shortcomings, especially if the network speed is slow, the file transmission will take a lot of time. The rsync algorithm can get a small difference file F diff to the client through calculating the difference of F and F, and then FTP is used to transmit the data, which is a standard network protocol used to transfer files from one host to another host over a TCPbased network. Because s multi-file synchronization based on single file synchronization, in the next, we mainly talk about a single file synchronizing process. In the server side, we can combine with F to generate F to achieve the file synchronization. The file synchronous and transmission method can be divided into three main stages, which are as follows and shown in figure 4. Step 1, in the backup server, all the synchronous file F are divided into blocks, and the hash table, which includes the 124 bit MD4 strong and 32 bit rolling weak checksum, is computed for each block. All checksums of all the files that should be synchronized are computed like that and stored as checksum files. Step 2, If there is changed on web server, it may download the checksum files using the FTP protocol. After the web server receives the request message, it will check checksums of its current files and obtain a hash table for F. If the hash table is same to the hash sent by client, it means there is no change. If not, the different matching file F diff should be established, and be sent to the backup server. Step 3, if the backup server receives F diff, it will reconstruct the F file set and a temp file is created. Based on F diff, the unmodified file blocks are copied directly to the temp file while the modified are copied from the F diff. So, the temp file is same as F of the web server, and then the synchronous process is finished after using the temp to replace F. B. Remote backup and recovery process The remote backup works as a disaster recovery measure, and also as an online anti-tamper mechanism to ensure the security of the Web server. The remote backup system is a filelevel, so the administrator can select client backup source, create a backup task, and choose backup strategy custom. The remote backup process is as follows and the whole remote backup and recovery process is shown in Figure 5. Step 1: Customers create a backup task. If it is the first time, the full backup will be run automatically. Otherwise, the backup strategy is defined by what they want. Step 2: Web files are operated differently based the backup strategy. If it is full backup, all the web files should be 397

synchronized to the backup server; if incremental backup, the added or modified files according to the last backup process should be recorded into a temp file. If differential backup, the added or modified files are according to the last full backup process. Step 3: All the files including the full backup files and temp files for incremental or differential are transferred to the backup server through FTP protocol. If the incremental or differential strategy is select, we just store F diff and tag their corresponding backup version but not synchronize the file in Step 3 in the process of synchronization and transmission. The backup server will manage these files in order to realize version control and recovering process. the rsyn based method is slower than the method using FTP directly. But when the file size becomes more than 11M, their speeds are very similar. The method s advantages are not obvious for that it is a consuming process to compute the checksum. From the figure 6.b, we can find that if the speed of network is 1Mbps, which is a typical local network speed, the method is better than the FTP based method very much. When the file size becomes 51M, nearly 86 percent of backup time is saved using rsyn. The reason is mainly that the lower transferred data costs long time. Therefore, the rsyn based method is very suitable for real network backup environment. (a) Under the unlimited virtual network Figure 5 Remote backup and recovery process The recovery of the data is actually the inverse process of backed up. If the snapshot is fail, here is a disaster on the web server, or the administrator want to roll back to an version web application, the remote recovery will work. Administrators just select which the files or fers to recover that on the web server based on what they want. V. EXPERIMENT ANALYSIS We implement the FTP protocol through the open source project j-ftp[11], and realized the remote backup system based on JDK 1.6. The experiment is working on the table PC Thinkpad X220. The Backup server is run on the physical operation while the Web server needing to backup data is run on a VMware virtual PC. All the parameters are listed in the table 1. Table 1 Experimental environment parameters parameter configuration Backup Intel i5-2450m; 8G memory; CT256M4SSD3 and Server 500G hard disk; Win 7+ JDK 1.6+VMWare 9; Backup Vmware virtual PC: 2 Processors; 2G memory; Client Windows XP + Network Virtual Network We test how to backup files whose size vary from 1M-byte size to 51M-byte size, and there are 10 percent data changed in the web server which want to be send to the backup server. The result recording the backup time is shown in Figure 6. According the Figure 6.a, if the network speed is not limited, (b) Under the virtual network with 1M bps Fig 6 Backup time for the system VI. CONCLUSION With the events about web page tampered being increasingly serious, the web site protection system becomes more and more necessary. The remote backup and recovery subsystem is very important to realize full protection. In this paper, a web site protection system oriented remote backup and recovery method is proposed. Customers can design various backup strategies by themselves. A special multi version management mechanism is given for text mode file, the whole remote transfer and backup system is mainly based on Rsync and FTP protocols. The experiment results show that the Rsync algorithm can decrease the backup time very much under normal network, and it is suit for web site protection. 398

ACKNOWLEDGMENT This work was partly supported by the National Natural Science Foundation of China (61201250, 61172057, 61172058), the Important National Science & Technology Specific Projects (2012BAH18F00, 2012ZX03006001) and Guangxi Natural Science Foundation of China (2012GXNSFBA053174, 2012GXNSFAA053230). REFERENCES [1] Internet White Paper(in China) [EB/OL].[2011-05- 15]. http://s.xinhuanet. com/2010-06/08/c_12195221.htm. [2] Gao Yanling, Zhang Yuqing, Bai Baoming, Wang Xinmei. Overview of Web protection system [J]. The Computer Engineering.2004.30(10):113-115. [3] Huang Yaowen, Yu Fang, Christian Huang, et al. Securing web application code by static analysis and runtime protection[c]//proc. of Thirteenth International World Wide Web Conference Proceeding. New York, United states:association for Computing Machinery,2004: 40-52 [4] Zhang Lei, Wang Lina, Wang Dejun. Model of Webpage Tamper-Proof System [J]. Journal Wuhan University..2009.55(01):121-124. [5] http://www.tcxa.com.cn/solution/ solution_ government.htm [6].http://www.zhihengit.com/a/chanpinyufuwu/zhuanyejihulianwangwang zhananquanf/2010/0705/27.html [7] http://www.inforguard.com/index.shtml [8] Xu Wei,Wang Min, He Xiang, etc. BM-CVI: A backup method based on a cross-version integration mechanism[c] //Proc. of International Conference on Convergence Information. Gyongju: IEEE Press. 2007:781-788. [9] Zhou Jun, He Qian, Yao Linlin. A distributed website anti-tamper system based on filter driver and proxy[c]//proc. of the 2011 MSEC International Conference on Multimedia, Software Engineering and Computing, Wuhan, China. Germany:Springer Verlag.2011:415-421. [10] A. Tridgell, P. Mackerras.The rsync algorithm[eb/ol]. [2011-08-19]. http://rsync.samba.org. [11] http://j-ftp.sourceforge.net/ 399

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information