Protecting Oracle backups from ransomware and malicious intent

As database professionals we are the custodians of our organisations data and in the event of any data related issue are usually one of the first on the scene.

Over the last few years we have seen an increasing number of ransomware attacks, this has been headline news across the globe impacting all industries, with no targets it seems off-limits.

With this in mind we need to be constantly reviewing, and reducing our exposure to malware and other external and internal threats, by adopting a multi-level approach to data protection, think Defence-in-Depth.

Defence-in-Depth

During database server security reviews we need to consider how we can make the malware or unauthorised intruders’ job as hard as possible, as well as maintaining latest operating system and application patches, we should explore hardening our servers, by for example:

  • Not installing unnecessary applications
  • Only run required services
  • Using non-default ports
  • Not advertising operating system and version
  • Locking down access with correct file permissions and ownership
  • Implementing a SIEM (Security Information and Event Management) solution such as Splunk

Additionally, when we consider our database servers we need to include backups.

Off-Array Backups

Wherever possible, database backups should be stored off the primary storage array to ensure the storage platform is not a single point of failure or risk.

A popular approach is to present a shared filesystem to all database servers delivered from an NFS server.

Hide Backup Locations

Hiding our backup locations and only mounting the NFS file systems when accessed with Automouner (autofs).

Automounter can be used with Oracle RMAN to mount NFS file systems when required and automatically unmount the filesystem when they are no longer being accessed.

Snapshot RMAN Backups

Storage snapshots can be used to provide a simple way of protecting our Oracle Recovery Manager (RMAN) backups from accidental or malicious deletion.

Oracle RMAN jobs and backup processes will continue to read, write and delete files in the backup location, but having a Read-Only snapshot stops the any malware, or DBA accidentally or maliciously deleting important backup files.

Replicate Snapshots

To protect against loss of hall, data centre or site, we should also consider snapshot replication to ensure our backups are also available in a different location.

SafeMode Snapshots

The above provides good protection from many host based issues, but what if our storage administrators credentials are compromised and storage snapshots are deleted directly on the array ?

Pure Storage FlashBlade SafeMode Snapshots can further enhance our data protection by prohibiting the eradication of snapshots.

Protecting RMAN backups

To automate the taking of snapshot and optional replicate to a secondary array I have developed a Python script which I can call from my RMAN backup scripts.

$ python3 pureTakeFBsnapshot.py -h
Usage: pureTakeFBsnapshot.py [options]

This application has been developed using Pure Storage v1.12 RESTful Web
Service interfaces. Developed and tested using Python 3.9.5 Please contact
ron@purestorage.com for assistance.

Options:
  --version             show program's version number and exit
  -h, --help            show this help message and exit
  -d, --debug           Debug [default: False]
  -f FS, --filesystem=FS
                        FlashBlade File System
  -r FLASHBLADEREP, --replicant=FLASHBLADEREP
                        FlashBlade Replicant array
  -s FLASHBLADE, --server=FLASHBLADE
                        FlashBlade array
  -t API_TOKEN, --token=API_TOKEN
                        Pure API Token
  -S SUFFIX, --suffix=SUFFIX
                        File system snapshot suffix
  -v, --verbose         Verbose [default: False]

In the example below you can see I have taken a snapshot, provided a suffix and initiated replication to another array.

Now we have a Read-Only snapshot of the RMAN backup we are protected against accidental, ransomware encryption or malicious destruction of the database backups. Pure Storage SafeMode snapshots can provide additional protection against a rogue storage administrator or compromised storage platform.

Cataloging Backups in the Recovery Catalog

An Oracle RMAN feature which you may not be familiar is catalog start with, this provide the ability to manually catalog backups in the recovery catalog, we can use this to include the the snapshot location using catalog start with <mount point/.snapshot/file filesystem.suffix>

RMAN> catalog start with '/mnt/orabkup/DEMO/.snapshot/z-oracle_orabkup.08-JUN-2021-093552' noprompt;
RMAN catalog start with

RMAN Validate

Now we have the RMAN backup snapshot location registered we use RESTORE... VALIDATE to confirm that backups required to restore the database are present, readable, and not corrupted:

RMAN> restore database validate;

RMAN Restore

The RMAN RESTORE command can now use the NFS snapshot backup location to restore, validate, or preview RMAN backups.


Summary

In this blog I have shared a few ideas on how we can use our storage platform to give greater protection to our critical database backups

I have demonstrated how Oracle Recovery Manager (RMAN) can work with NFS Read-Only snapshot directories for database recoveries, providing protection against accidental, ransomware encryption or malicious destruction of the backups and snapshots.

SCHRODINGER’S BACKUP

Finally, remember SCHRODINGER’S BACKUP and keep testing your backups.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Create a website or blog at WordPress.com

Up ↑

%d bloggers like this: