Unit VI Network Monitoring Policy and Data Backup Recovery

Management

Introduction to Data Backup & Planning: Understanding Data Backup & Its Importance,
developing a Backup Strategy/Plan, Identifying Critical Business Data, Selecting the Right
Backup Media
RAID Technology & Data Storage Solutions: Introduction to RAID (Redundant Array of
Independent Disks), Advantages & Disadvantages of RAID Systems, RAID Storage
Architecture & Levels (0, 1, 3, 5, 10, 50),
Storage Area Network (SAN) & Network Attached Storage (NAS): Understanding SAN &
Its Advantages, NAS Implementation Types: Integrated & Gateway NAS Systems, Data
Backup Software: AOMEI Back upper, Windows & Mac OS Backup Tools, Data Recovery
Techniques & Tools (Windows, Mac OS, RAID, SAN, NAS Recovery Services)
Network Traffic Monitoring & Analysis: Advantages of Network Traffic Monitoring and
Analysis, Router-Based Monitoring Techniques: SNMP Monitoring, NetFlow Monitoring, Non-
Router Based Monitoring Techniques
Packet Sniffing & Wireshark: Introduction to Packet Sniffer: Wireshark, Understanding
Wireshark Components, Monitoring and Analyzing FTP, TELNET, and HTTP Traffic
OS Fingerprinting & Network Scanning Detection: OS Fingerprinting Detection: Passive &
Active OS Fingerprinting Attempts, Detecting ICMP and TCP-Based OS Fingerprinting,
Detecting Network Scanning Techniques (PING Sweep, ARP Sweep, TCP Scans, UDP
Scans), Detecting Password Cracking & Sniffing Attempts
Introduction to Incident Handling & Response: Understanding Incident Handling & Response
(IH&R), Overview of IH&R Process Flow, Roles & Responsibilities of the Incident Response
Team
First Responder & Incident Assessment: First Response Steps by a Network Administrator,
Making an Initial Incident Assessment & Determining Severity Levels, Containment & Forensic
Investigation, Recovery & Post-Incident Activities : System Eradication & Recovery
Procedures, Post-Incident Documentation & Damage Assessment, Updating Response
Policies & Training & Awareness Initiatives
Introduction to Data Backup & Planning
1. Understanding Data Backup & Its Importance
Data backup refers to the process of copying and storing data in case of an emergency
or loss. This ensures that the data can be restored when required.
The importance lies in protecting against data loss due to hardware failure, cyberattacks
(like ransomware), or accidental deletion.
Example: A business that stores its customer data on a server regularly backs up that
data to prevent loss due to hardware failure or cyberattack.
2. Developing a Backup Strategy/Plan
A backup strategy outlines how often data will be backed up, where it will be stored, and
how it can be retrieved. It is crucial to have a plan in place to minimize data loss and
downtime.
Example: A company may back up its critical financial data daily, its less critical data
weekly, and store backups both on-site and in the cloud.
3. Identifying Critical Business Data
Critical business data includes any essential information for day-to-day operations, such
as financial records, customer details, intellectual property, and more.
Identifying what data needs to be backed up ensures that no important information is
left unprotected.
Example: A hospital would identify patient health records as critical, while a marketing
agency may prioritize creative files and client contracts.
4. Selecting the Right Backup Media
Backup media includes external hard drives, tapes, network-attached storage (NAS),
cloud storage, and RAID systems. The selection depends on factors like the volume of
data, speed, cost, and recovery time objectives.
Example: A small business may use cloud storage for simplicity and cost-effectiveness,
while a large enterprise may use a combination of on-site and cloud backups for
redundancy.
RAID Technology & Data Storage Solutions
1. Introduction to RAID (Redundant Array of Independent Disks)
RAID is a technology that combines multiple physical hard drives into a single unit for
redundancy and performance improvement. It ensures data integrity and can improve
storage speed or redundancy, depending on the RAID level used.
2. Advantages & Disadvantages of RAID Systems
Advantages include fault tolerance, improved performance, and storage efficiency.
Disadvantages might be complexity, higher costs, and potential data loss in certain
RAID configurations.
Example: RAID 1 (mirroring) ensures data redundancy but requires twice the storage
capacity as data is written to two disks.
3. RAID Storage Architecture & Levels
 RAID 0: Stripes data across multiple disks (no redundancy). Faster performance,
but if one disk fails, data is lost.

 RAID 1: Mirrors data on two disks (redundancy). High reliability but no

performance boost.

 RAID 3: Data is striped with a dedicated parity disk.

 RAID 5: Stripes data with distributed parity. Offers both redundancy and
performance.

 RAID 10 (1+0): Combines mirroring and striping for high performance and
redundancy.

 RAID 50: Combines RAID 5 with RAID 0 for better performance and fault
tolerance.
Storage Area Network (SAN) & Network Attached Storage (NAS)
1. Understanding SAN & Its Advantages
SAN is a high-speed network that connects servers to storage devices. It provides
centralized, block-level data storage, often used by large organizations for its scalability
and high availability.
Example: A data center hosting virtual machines may use a SAN to provide fast and
reliable storage across all servers.
2. NAS Implementation Types: Integrated & Gateway NAS Systems
 Integrated NAS: A dedicated storage system that combines both hardware and
software.
 Gateway NAS: A system that connects existing storage devices to a network.
Example: A small business might use integrated NAS to store files and share
data across its network, while a larger company may use gateway NAS to
integrate their existing storage with their network.

Data Backup Software

1. AOMEI Backupper
AOMEI Backupper is a backup software that provides backup solutions for data,
partitions, systems, and disks. It supports both full and incremental backups.
Example: A personal computer user might use AOMEI to back up their entire system,
ensuring easy recovery in case of failure.
2. Windows & Mac OS Backup Tools
 Windows: Tools like Windows Backup and File History allow users to create
system backups and restore points.
 Mac OS: Time Machine automatically backs up files, applications, and system
settings for easy restoration.
Example: A user might use Time Machine to back up their MacBook to an
external drive for automatic, continuous backups.

Network Traffic Monitoring & Analysis

1. Advantages of Network Traffic Monitoring and Analysis
Monitoring network traffic helps detect security issues, identify bottlenecks, and optimize
the performance of network infrastructure.
Example: A company using traffic monitoring might identify unusual traffic patterns
indicating a potential DDoS attack.
2. Router-Based Monitoring Techniques
 SNMP (Simple Network Management Protocol): Used to gather and monitor
network statistics from routers and switches.
 NetFlow: Allows tracking traffic flow and analyzing bandwidth usage across the
network.
Example: A network administrator might use NetFlow to analyze bandwidth
consumption and pinpoint traffic congestion points.

Packet Sniffing & Wireshark

1. Introduction to Packet Sniffer: Wireshark
Wireshark is a network protocol analyzer that captures packets from network traffic for
detailed analysis. It is often used in troubleshooting and security monitoring.
Example: A network administrator may use Wireshark to diagnose slow network
performance or detect unauthorized data traffic.
2. Monitoring and Analyzing FTP, TELNET, and HTTP Traffic
Wireshark can be used to monitor unencrypted traffic such as FTP (File Transfer
Protocol), TELNET, and HTTP requests. This is essential for detecting potential security
issues or performance problems.
Example: An IT team might capture FTP traffic to ensure that sensitive files are being
transmitted securely or to identify unauthorized data transfers.

OS Fingerprinting & Network Scanning Detection

1. OS Fingerprinting Detection
OS fingerprinting attempts to identify the operating system on a remote machine using
network traffic patterns. It can be active (sending probes) or passive (analyzing traffic).
Example: A network security team detects an active OS fingerprinting attempt using a
tool like Nmap and blocks the scanning IP.
2. Detecting Network Scanning Techniques
Network scanning, such as PING sweeps, ARP sweeps, TCP scans, and UDP scans,
identifies active devices on the network. These attempts can indicate an attack or
reconnaissance by an intruder.
Example: Intrusion Detection Systems (IDS) may detect a series of PING sweeps from
a new IP and alert network security.
Introduction to Incident Handling & Response
1. Understanding Incident Handling & Response (IH&R)
Incident handling involves the detection, containment, and resolution of security
incidents. The goal is to minimize damage, recover, and prevent future incidents.
Example: A company detecting a ransomware attack would initiate its response plan to
contain the attack and start recovering data.
2. Roles & Responsibilities of the Incident Response Team
The team includes roles such as the Incident Response Manager, Analysts, Forensic
Specialists, and Communication Officers. Each member plays a role in assessing,
containing, and mitigating the incident.
Example: The Response Manager decides to isolate affected systems while analysts
investigate the source of the breach.

First Responder & Incident Assessment

1. First Response Steps by a Network Administrator
The first responder assesses the situation, limits the damage, and prevents further
spread. This could involve disconnecting affected systems or applying emergency
security patches.
Example: A network administrator disconnects an infected machine from the network to
stop the spread of malware.
2. Making an Initial Incident Assessment & Determining Severity Levels
The severity of the incident is determined based on the potential impact on business
operations and security.
Example: A minor phishing attempt may be classified as low severity, while a data
breach would be high severity.

Recovery & Post-Incident Activities

1. System Eradication & Recovery Procedures
Once an incident is contained, the next step is to remove any malicious code or
vulnerabilities, restore data from backups, and return systems to normal operations.
Example: After a ransomware attack, the organization may restore systems from clean
backups and patch vulnerabilities.
2. Post-Incident Documentation & Damage Assessment
A detailed report of the incident, its impact, response actions, and lessons learned is
created to improve future response plans.
Example: A post-mortem report from a breach could include steps taken to resolve it,
security holes discovered, and improvements to implement.
3. Updating Response Policies & Training & Awareness Initiatives
After an incident, response policies should be updated, and training should be provided
to staff to prevent recurrence.
Example: After a phishing attack, an organization might train employees on identifying
suspicious emails to reduce future risks.