S 6.44 Data back-up under Windows NT

Initiation responsibility: Head of IT Section, IT Security Management

Implementation responsibility: IT-user

Under Windows NT, data backup can be carried out with the service program NTBACKUP.EXE which is integrated into the system. It must be borne in mind that this program only supports backups onto tape and is not capable of encrypting the backup tapes these must, therefore, be securely stored in a safe place.

When carrying out data backup, the following points must be taken into account:

• Access rights to the Windows System directory %SysRoot%\SYSTEM32 (usually \WINNT\SYSTEM32) are necessary for data backup since NTBACKUP stores temporary and log files there.

• Back-up software is able to back up the registry of the local computer. This should be carried out at regular intervals and after significant changes to the configuration.

• Quarter-inch tapes used for data backup should be wound up properly at regular intervals (after being used approximately 20 times) via the option "Wind Tape" to avoid loose sections and possible damage due to abrasion. This safeguard is not necessary for 4 mm (DAT) and 8 mm (Video 8) tapes; the appropriate operation is not available for these tapes.

• When entering the option "Delete Tape", "Secure Deletion" should be selected if the tape contained valuable data as this will ensure that the old data is overwritten. If this option is not selected, a large portion of the data originally stored on the tape remains available and can be reconstructed without a great deal of effort.

• When carrying out a backup operation the opportunity to create a log-file absolutely must be used. Once the operation is completed, the log-file can be used to check whether all the relevant data was really backed up or if any faults occurred during the backup. The option "Log all entries" is recommended, since it can thus also be determined if all relevant data was backed up and whether the directories to be backed up were, in fact, included in the backup.

• When reproducing backed up files, their access protection will also be reproduced, given that the directory into which they are reproduced does not assert any explicit access controls on the files saved therein. If, however, such control is specified in the directory, this then applies to the files and the original access control information is ignored.

• The choice of files and directories to be backed up cannot be saved under the graphic user interface. To regularly back up the same directories, Scripts can be created; these are, however, not designed for file selection.

Due to the restrictions existing in the service program NTBACKUP.EXE, additional data backup software should be installed to ensure extensive installation or for high availability requirements. When selecting backup software of this type, it should be taken into account that the following requirements are satisfied:

• The installed file systems, i.e. FAT, NTFS and, if applicable, HPFS should be supported during backup and restoration.

• It should be possible to allow backup to be executed automatically at pre-determined times, i.e. at pre-set intervals, without the necessity of manual intervention (except possibly for the provision of backup data media).

• It should be possible to inform one or several selected users, via E-Mail or a similar mechanism, of the result of the backup and of any faults.

• The backup software should support securing of the backup medium via a password or, better still, via encryption. Furthermore, it should be able to save the backed up data in compressed form.

• By entering appropriate Include and Exclude lists when selecting files and directories, it should be possible to specify exactly which data ought (and ought not) to be backed up. It should be possible to create backup profiles where the lists can be summarised, saved and re-used for later backups.

• It should be possible to select data to be backed up independent of the date it was created and the last modification.

• The backup software should support the creation of logical and physical full copies as well as incremental copies (backup of changes).

• Back-up should also be possible onto hard disks and network drives.

• The backup software should be able to carry out an automatic comparison after backup between the backed up data and the original. After restoring data, it should be able to carry out a respective comparison between the restored data and the content of the backup data medium.

• When restoring files it should be possible to select whether the files are to be restored into their original location or onto another disk or directory. In the same way it should be possible to control how the software reacts if a file with the same name already exists at the target location. It should be possible to select whether the existing file is to be always, never or only overwritten if it is older than the restored file, or that in this situation an explicit request appears.

Further to the carrying out of normal data backup, it is recommended to back up the current system configuration with the service program RDISK after every significant change in the save directory %SystemRoot%\REPAIR (e.g. \WINNT\REPAIR) as well as on an emergency disk, in order to be able to reproduce this configuration if possible inconsistencies show up (see also S 6.42 Creating start-up floppy disks for Windows NT). It must be taken into account that the current security entries in the registry (in the area SECURITY and SAM) will only be backed up if RDISK is executed with the parameter/s. However, the selection of this parameter can mean that the backup no longer fits on one floppy disk, if a large number of user profiles are defined on the system concerned.

A backup of the registry is also possible with the service program REGBACK.EXE in the Windows NT Resource Kit; in this case restoration takes place with the service program REGREST.EXE in the Windows NT Resource Kit.

Additional controls:

• Are all computer data backed up?

• Are generated data backups being documented?

• Does the data backup procedure conform to an available data backup policy?