Create a Simple Date and Time Script in Python

Create a Simple Date and Time Script in Python

CeleriumMind-Python-Banner2


Overview:

This script can be used to parse date and time. Open a blank file and name it for example dateParser.py Copy and paste the code below (and make sure you understand what it does) into the file.

dateParser.py:

from datetime import datetime
now = datetime.now()
mm = str(now.month)
dd = str(now.day)
yyyy = str(now.year)
hour = str(now.hour)
mi = str(now.minute)
ss = str(now.second)
print mm + "/" + dd + "/" + yyyy + " " + hour + ":" + mi + ":" + ss

Now save and exit the file and run it by:
$ python dateParser.py

Time.sleep:

In Python you can use time.sleep() to suspend execution for the given number of seconds. The seconds are being given between the parentheses.

# How to sleep for 5 seconds in python:
import time
time.sleep(5)
# How to sleep for 0.5 seconds in python:
import time
time.sleep(0.5)

How to get the current date and time:

import datetime
now = datetime.datetime.now()
print
print "Current date and time using str method of datetime object:"
print str(now)
print
print "Current date and time using instance attributes:"
print "Current year: %d" % now.year
print "Current month: %d" % now.month
print "Current day: %d" % now.day
print "Current hour: %d" % now.hour
print "Current minute: %d" % now.minute
print "Current second: %d" % now.second
print "Current microsecond: %d" % now.microsecond
print
print "Current date and time using strftime:"
print now.strftime("%Y-%m-%d %H:%M")

The result:

Current date and time using str method of datetime object:

2013-02-17 16:02:49.338517

Current date and time using instance attributes:

Year Month Day House Minute Second Microsecond
2013 2 17 16 2 49 338517

Current date and time using strftime:
2013-02-17 16:02

Conclusion:

I hope this quick guide helps you on your way.  We all have to start somewhere and for me a simple script like this can be the gateway to something much greater.

Thank you


logo3


Firewalls, what are they and how do they work?

Firewalls, what are they and how do they work?

CeleriumMind-FirewallInspiration Article

Introduction:

Firewall, a word that most people hear everyday yet do not understand fully. So what is a firewall? A firewall is a system that provides network security by filtering incoming and outgoing network traffic based on a set of user-defined rules. In general, the purpose of a firewall is to reduce or eliminate the occurrence of unwanted network communications while allowing for legitimate communications. Yet most people really only think that a firewall provides a layer of security that, combined with other measures, prevent attackers from accessing your servers in malicious ways. Well they are not wrong, but just like an iceberg there is so much more to a firewall then meets to eye.

In this in-depth guide I will discuss how firewalls work, with a focus on stateful software firewalls, such as iptables and FirewallD. We’ll start with a brief explanation of TCP packets and the different types of firewalls. Then we’ll discuss a variety of topics that a relevant to stateful firewalls.

TCP Network Packets:

Before discussing the different types of firewalls, let’s take a quick look at what Transport Control Protocol (TCP) network traffic looks like.

TCP network traffic moves around a network in packets, which are containers that consist of a packet header—this contains control information such as source and destination addresses, and packet sequence information—and the data. While the control information in each packet helps to ensure that its associated data gets delivered properly, the elements it contains also provides firewalls a variety of ways to match packets against firewall rules.

It is important to note that successfully receiving incoming TCP packets requires the receiver to send outgoing acknowledgment packets back to the sender. The combination of the control information in the incoming and outgoing packets can be used to determine the connection state (e.g. new, established, related) of between the sender and receiver.

Types of Firewalls:

Let’s quickly discuss the three basic types of network firewalls: packet filtering (stateless), stateful, and application layer.

Packet filtering, or stateless, firewalls work by inspecting individual packets in isolation. As such, they are unaware of connection state and can only allow or deny packets based on individual packet headers.

Stateful firewalls are able to determine the connection state of packets, which makes them much more flexible than stateless firewalls. They work by collecting related packets until the connection state can be determined before any firewall rules are applied to the traffic.

Application firewalls go one step further by analyzing the data being transmitted, which allows network traffic to be matched against firewall rules that are specific to individual services or applications. These are also known as proxy-based firewalls.

Firewall Rules:

As mentioned above, network traffic that traverses a firewall is matched against rules to determine if it should be allowed through or not. An easy way to explain what firewall rules looks like is to show a few examples, so we’ll do that now.

Suppose you have a server with this list of firewall rules that apply to incoming traffic:

  1. Accept new and established incoming traffic to the public network interface on port 80 and 443 (HTTP and HTTPS web traffic)
  2. Drop incoming traffic from IP addresses of the non-technical employees in your office to port 22 (SSH)
  3. Accept new and established incoming traffic from your office IP range to the private network interface on port 22 (SSH)

Note that the first word in each of these examples is either “accept”, “reject”, or “drop”. This specifies the action that the firewall should do in the event that a piece of network traffic matches a rule. Accept means to allow the traffic through, reject means to block the traffic but reply with an “unreachable” error, and drop means to block the traffic and send no reply. The rest of each rule consists of the condition that each packet is matched against.

As it turns out, network traffic is matched against a list of firewall rules in a sequence, or chain, from first to last. More specifically, once a rule is matched, the associated action is applied to the network traffic in question. In our example, if an accounting employee attempted to establish an SSH connection to the server they would be rejected based on rule 2, before rule 3 is even checked. A system administrator, however, would be accepted because they would match only rule 3.

Default Policy:

It is typical for a chain of firewall rules to not explicitly cover every possible condition. For this reason, firewall chains must always have a default policy specified, which consists only of an action (accept, reject, or drop).

Suppose the default policy for the example chain above was set to drop. If any computer outside of your office attempted to establish an SSH connection to the server, the traffic would be dropped because it does not match the conditions of any rules.

If the default policy were set to accept, anyone, except your own non-technical employees, would be able to establish a connection to any open service on your server. This would be an example of a very poorly configured firewall because it only keeps a subset of your employees out.

Incoming and Outgoing Traffic:

As network traffic, from the perspective of a server, can be either incoming or outgoing, a firewall maintains a distinct set of rules for either case. Traffic that originates elsewhere, incoming traffic, is treated differently than outgoing traffic that the server sends. It is typical for a server to allow most outgoing traffic because the server is usually, to itself, trustworthy. Still, the outgoing rule set can be used to prevent unwanted communication in the case that a server is compromised by an attacker or a malicious executable.

In order to maximize the security benefits of a firewall, you should identify all of the ways you want other systems to interact with your server, create rules that explicitly allow them, then drop all other traffic. Keep in mind that the appropriate outgoing rules must be in place so that a server will allow itself to send outgoing acknowledgements to any appropriate incoming connections. Also, as a server typically needs to initiate its own outgoing traffic for various reasons—for example, downloading updates or connecting to a database—it is important to include those cases in your outgoing rule set as well.

Writing Outgoing Rules:

Suppose our example firewall is set to drop outgoing traffic by default. This means our incoming accept rules would be useless without complementary outgoing rules.

To complement the example incoming firewall rules (1 and 3), from the Firewall Rules section, and allow proper communication on those addresses and ports to occur, we could use these outgoing firewall rules:

  1. Accept established outgoing traffic to the public network interface on port 80 and 443 (HTTP and HTTPS)
  2. Accept established outgoing traffic to the private network interface on port 22 (SSH)

Note that we don’t need to explicitly write a rule for incoming traffic that is dropped (incoming rule 2) because the server doesn’t need to establish or acknowledge that connection.

Firewall Software and Tools:

Now that we’ve gone over how firewalls work, let’s take a look at common software packages that can help us set up an effective firewall. While there are many other firewall-related packages, these are effective and are the ones you will encounter the most.

Iptables:

Iptables is a standard firewall included in most Linux distributions by default (a modern variant called nftables will begin to replace it). It is actually a front end to the kernel-level netfilter hooks that can manipulate the Linux network stack. It works by matching each packet that crosses the networking interface against a set of rules to decide what to do.

UFW:

UFW, which stands for Uncomplicated Firewall, is an interface to iptables that is geared towards simplifying the process of configuring a firewall.

FirewallD:

FirewallD is a complete firewall solution available by default on CentOS 7 servers. Incidentally, FirewallD uses iptables to configure netfilter.

Conclusion

Now that you understand how firewalls work, you should look into implementing a firewall that will improve your security of your server setup by using the tutorials above.

Thank you


logo3


 

Installing pfSense on VMWare ESXI 6.0

Installing pfSense on VMWare ESXI 6.0

CeleriumMind-pfSense_Banner


 

Introduction:

Pfsense is a software UTM system based on FreeBSD, and is capable of being turned into a dedicated router and firewall. It supports many features such as OpenVPN, PPoE, DNS Servers and the list goes on. This software is FREE-TO-USE and most of all it’s OpenSource.

For this post, I’m going to show you a step-by-step guide on how to set up a pfSense instance on a VMWare ESXI 6.0 VM. The VM will only have 1 CPU and 2 HDD’s though you can add more if you feel like it. You can view pfSense’s hardware requirements on their site, which surprising enough pfSense consumes very little hardware.

Pfsense version 2.2.4 shall be use with this guide. If you’re ready to try it out, make sure you read the hardware compatibility list for FreeBSD 8.3.

Requirements:

To start off with this guide, make sure you have the following:

pfSense Installation:

  • Step 1:
  • Boot your VM from the CD-Rom drive and you should be greeted with the pfSense boot screen. Upon booting from the CD you will see various boot options to select from.  At this point you should choose to boot into multiuser mode.

     

  • Step 2:
  • After selecting the boot option, you’ll be taken to a screen with a list of options, go ahead and just continue with the installation of pfSense by pressing “I” to installCeleriumMind-pfSense_3
  • Step 3:
  • At this point you should see a splash screen similar to the images shown below. Use your arrow keys to hight-light and select Accept these Settings. Then hit Enter key. After this you will need to select “Setup GOEM Mirror”.  This will allow you to create a software RAID 1.  This provides HDD failover for peak uptime during a disaster.
  • Step 4:
  • After creating you software RAID 1 in the above steps, you can select  Quick/Easy Install and press Enter key.
  • Step 5:
  • pfSense is now ready to copy the core files to your hard-drive. At this point, you should see images similar to the ones below.
  • Step 6:
  • After the file-copy process above, another screen will show up. It offers 2 Kernel options to choose from. If you are installing pfSense in a PC or Desktop platform, you should choose the Standard Kernel, otherwise choose Embedded kernel. I chose Standard for this installation. After setting the kernel, you’ll be prompted to reboot your machine. Do so by selecting Reboot menu and hit Enter key. Once the system reboots you will be greeted with an IP address that youcanaccessyournewpfSense system by.

Conclusion:

That’s it, installing pfSense into a VMWare esxi 6.0 system is incredibly simple. Check back later for some more quick how to guides with pfSense.

Thank you


logo3


 

How To Create and Manage Databases in MySQL and MariaDB

How To Create and Manage Databases in MySQL and MariaDB

CeleriumMind-Database


 

What are MySQL and MariaDB?

MySQL and MariaDB are relational database management systems that implement forms of the SQL querying language and are some of the most popular open source databases.

In this quick guide I will cover how to create a database using these tools. This is a fundamental skill needed to manage your data in a SQL environment. I will also go over several other examples of how to work with theses databases.

For the purposes of this guide, I will be using a CentOS 7 x64 minimal installation. However, everything should translate directly to other distributions just fine.

How to Create a Database in MySQL and MariaDB

To begin, sign into MySQL or MariaDB with the following command:

mysql -u root -p

Enter the administrator password you set up during installation. You will be given a MySQL/MariaDB prompt.

We can now create a database by typing the following command:

CREATE DATABASE new_database;
Query OK, 1 row affected (0.00 sec)

To avoid errors in the event that the database name we’ve chosen already exists, use the following command:

CREATE DATABASE IF NOT EXISTS new_database;
Query OK, 1 row affected, 1 warning (0.01 sec)

The warning indicates that the database already existed and no new database was created.

If we leave the “IF NOT EXISTS” option off, and the database already exists, we will receive the following error:

ERROR 1007 (HY000): Can't create database 'other_database'; database exists

How to View Databases in MySQL and MariaDB

To view a list of the current databases that you have created, use the following command:

SHOW DATABASES;
+--------------------+
| Database           |
+--------------------+
| information_schema |
| mysql              |
| new_database       |
| other_database     |
| performance_schema |
+--------------------+
5 rows in set (0.00 sec)

The “information_schema”, “performance_schema”, and “mysql” databases are set up by default in most cases and should be left alone unless you know what you are doing.

How to Change Databases in MySQL and MariaDB

Any operations performed without explicitly specifying a database will be performed on the currently selected database.

Find out which database is currently selected with the following command:

SELECT database();
+------------+
| database() |
+------------+
| NULL       |
+------------+
1 row in set (0.01 sec)

We have received a result of “null”. This means that no database is currently selected.

To select a database to use for subsequent operations, use the following command:

USE new_database;
Database changed

We can see that the database has been selected by re-issuing the command we ran previously:

SELECT database();
+--------------+
| database()   |
+--------------+
| new_database |
+--------------+
1 row in set (0.00 sec)

How to Delete a Database in MySQL and MariaDB

To delete a database in MySQL or MariaDB, use the following command:

DROP DATABASE new_database;
Query OK, 0 rows affected (0.00 sec)

This operation cannot be reversed! Make certain you wish to delete before pressing enter!

If this command is executed on a database that does not exist, the following error message will be given:

DROP DATABASE new_database;
ERROR 1008 (HY000): Can't drop database 'new_database'; database doesn't exist

To prevent this error, and ensure that the command executes successfully regardless of if the database exists, call it with the following syntax:

DROP DATABASE IF EXISTS new_database;
Query OK, 0 rows affected, 1 warning (0.00 sec)

The warning indicates that the database did not exist, but the command executes successfully anyways.

Conclusion

You now have the basic skills necessary to manage databases using MySQL and MariaDB. There are many things to learn, but you now have a good starting point to manage your databases. I myself am still new to databases and am learning new things constantly.  I hope this quick how to guide helps you start your journey into databases and the potential they have.

25-GPU cluster cracks every standard Windows password in <6 hours

25-GPU cluster cracks every standard Windows password in <6 hours

All your passwords are belong to us.

Welcome to Radeon City, population: 8. It’s one of five servers that make up a high-performance password-cracking cluster.

 

 

A password-cracking expert has unveiled a computer cluster that can cycle through as many as 350 billion guesses per second. It’s an almost unprecedented speed that can try every possible Windows passcode in the typical enterprise in less than six hours.

The five-server system uses a relatively new package of virtualization software that harnesses the power of 25 AMD Radeon graphics cards. It achieves the 350 billion-guess-per-second speed when cracking password hashes generated by the NTLM cryptographic algorithm that Microsoft has included in every version of Windows since Server 2003. As a result, it can try an astounding 958 combinations in just 5.5 hours, enough to brute force every possible eight-character password containing upper- and lower-case letters, digits, and symbols. Such password policies are common in many enterprise settings. The same passwords protected by Microsoft’s LM algorithm—which many organizations enable for compatibility with older Windows versions—will fall in just six minutes.

The Linux-based GPU cluster runs the Virtual OpenCL cluster platform, which allows the graphics cards to function as if they were running on a single desktop computer. ocl-Hashcat Plus, a freely available password-cracking suite optimized for GPU computing, runs on top, allowing the machine to tackle at least 44 other algorithms at near-unprecedented speeds. In addition to brute-force attacks, the cluster can bring that speed to cracks that use a variety of other techniques, including dictionary attacks containing millions of words.

“What this cluster means is, we can do all the things we normally would with Hashcat, just at a greatly accelerated rate,” Jeremi Gosney, the founder and CEO of Stricture Consulting Group, wrote in an e-mail to Ars. “We can attack hashes approximately four times faster than we could previously.”

Gosney unveiled the machine last week at the Passwords^12 conference in Oslo, Norway. He previously used a computer equipped with four AMD Radeon HD6990 graphics cards that could make about 88 billion guesses per second against NTLM hashes. As Ars previously reported in a feature headlined “Why passwords have never been weaker—and crackers have never been stronger,” Gosney used the machine to crack 90 percent of the 6.5 million password hashes belonging to users of LinkedIn. In addition to the power of his hardware, his attack was aided by a 500 million-strong word list and a variety of advanced programming rules.

Using the new cluster, the same attack would move about four times faster. That’s because the machine is able to make about 63 billion guesses against SHA1, the algorithm used to hash the LinkedIn passwords, versus the 15.5 billion guesses his previous hardware was capable of. The cluster can try 180 billion combinations per second against the widely used MD5 algorithm, which is also about a four-fold improvement over his older system.

The speeds apply to so-called offline cracks, in which password lists are retrieved by hackers who exploit vulnerabilities on website or network servers. The passwords are typically stored using one-way cryptographic hash functions, which generate a unique string of characters for each unique string of plaintext. In theory, hashes can’t be mathematically reversed. The only way to crack them is to run guesses through the same cryptographic function. When the output of a particular guess matches a hash in a compromised list, the corresponding password has been cracked.

The technique doesn’t apply to online attacks, because, among other reasons, most websites limit the number of guesses that can be made for a given account.

The advent of GPU computing over the past decade has contributed to huge boosts in offline password cracking. But until now, limitations imposed by computer motherboards, BIOS systems, and ultimately software drivers limited the number of graphics cards running on a single computer to eight. Gosney’s breakthrough is the result of using VCL virtualization, which spreads larger numbers of cards onto a cluster of machines while maintaining the ability for them to function as if they’re on a single computer.

 

 

“Before VCL people were trying lots of different things to varying degrees of success,” Gosney said. “VCL put an end to all of this, because now we have a generic solution that works right out of the box, and handles all of that complexity for you automatically. It’s also really easy to manage because all of your compute nodes only have to have VCL installed, nothing else. You only have your software installed on the cluster controller.”

The precedent set by the new cluster means it’s more important than ever for engineers to design password storage systems that use hash functions specifically suited to the job. Unlike, MD5, SHA1, SHA2, the recently announced SHA3, and a variety of other “fast” algorithms, functions such as Bcrypt, PBKDF2, and SHA512crypt are designed to expend considerably more time and computing resources to convert plaintext input into cryptographic hashes. As a result, the new cluster, even with its four-fold increase in speed, can make only 71,000 guesses against Bcrypt and 364,000 guesses against SHA512crypt.

For the time being, readers should assume that the vast majority of their passwords are hashed with fast algorithms. That means passwords should never be less than nine characters, and using 13 or even 20 characters offers even better security. But long passwords aren’t enough. Given the prevalence of cracking lists measured in the hundreds of millions, it’s also crucial that passwords not be names, words, or common phrases. One easy way to make sure a passcode isn’t contained in such lists is to choose a text string that’s randomly generated using Password Safe or another password management program.

Slides of Gosney’s Passwords^12 presentation are here.


logo3


Creating Your Back Up Plan: Backing Up 101

DataBackup_Banner


Because data is the heart of the enterprise, it’s crucial for you to protect it. And to protect your organization’s data, you need to implement a data backup and recovery plan. Backing up files can protect against accidental loss of user data, database corruption, hardware failures, and even natural disasters. It’s your job as an administrator to make sure that backups are performed and that backup tapes are stored in a secure location.

Creating a Backup and Recovery Plan:

Data backup is an insurance plan. Important files are accidentally deleted all the time. Mission-critical data can become corrupt. Natural disasters can leave your office in ruin. With a solid backup and recovery plan, you can recover from any of these. Without one, you’re left with nothing to fall back on.

Figuring Out a Backup Plan

It takes time to create and implement a backup and recovery plan. You’ll need to figure out what data needs to be backed up, how often the data should be backed up, and more. To help you create a plan, consider the following:

  • How important is the data on your systems? The importance of data can go a long way in helping you determine if you need to back it up—as well as when and how it should be backed up. For critical data, such as a database, you’ll want to have redundant backup sets that extend back for several backup periods. For less important data, such as daily user files, you won’t need such an elaborate backup plan, but you’ll need to back up the data regularly and ensure that the data can be recovered easily.
  • What type of information does the data contain? Data that doesn’t seem important to you may be very important to someone else. Thus, the type of information the data contains can help you determine if you need to back up the data—as well as when and how the data should be backed up.
  • How often does the data change? The frequency of change can affect your decision on how often the data should be backed up. For example, data that changes daily should be backed up daily.
  • How quickly do you need to recover the data? Time is an important factor in creating a backup plan. For critical systems, you may need to get back online swiftly. To do this, you may need to alter your backup plan.
  • Do you have the equipment to perform backups? You must have backup hardware to perform backups. To perform timely backups, you may need several backup devices and several sets of backup media. Backup hardware includes tape drives, optical drives, and removable disk drives. Generally, tape drives are less expensive but slower than other types of drives.
  • Who will be responsible for the backup and recovery plan? Ideally, someone should be a primary contact for the organization’s backup and recovery plan. This person may also be responsible for performing the actual backup and recovery of data.
  • What is the best time to schedule backups? Scheduling backups when system use is as low as possible will speed the backup process. However, you can’t always schedule backups for off-peak hours. So you’ll need to carefully plan when key system data is backed up.
  • Do you need to store backups off-site? Storing copies of backup tapes off-site is essential to recovering your systems in the case of a natural disaster. In your off-site storage location, you should also include copies of the software you may need to install to reestablish operational systems.
The Basic Types of Backup

There are many techniques for backing up files. The techniques you use will depend on the type of data you’re backing up, how convenient you want the recovery process to be, and more.

If you view the properties of a file or directory in Windows Explorer, you’ll note an attribute called Archive. This attribute often is used to determine whether a file or directory should be backed up. If the attribute is on, the file or directory may need to be backed up. The basic types of backups you can perform include

  • Normal/full backups All files that have been selected are backed up, regardless of the setting of the archive attribute. When a file is backed up, the archive attribute is cleared. If the file is later modified, this attribute is set, which indicates that the file needs to be backed up.
  • Copy backups All files that have been selected are backed up, regardless of the setting of the archive attribute. Unlike a normal backup, the archive attribute on files isn’t modified. This allows you to perform other types of backups on the files at a later date.
  • Differential backups Designed to create backup copies of files that have changed since the last normal backup. The presence of the archive attribute indicates that the file has been modified and only files with this attribute are backed up. However, the archive attribute on files isn’t modified. This allows you to perform other types of backups on the files at a later date.
  • Incremental backups Designed to create backups of files that have changed since the most recent normal or incremental backup. The presence of the archive attribute indicates that the file has been modified and only files with this attribute are backed up. When a file is backed up, the archive attribute is cleared. If the file is later modified, this attribute is set, which indicates that the file needs to be backed up.
  • Daily backups Designed to back up files using the modification date on the file itself. If a file has been modified on the same day as the backup, the file will be backed up. This technique doesn’t change the archive attributes of files.

In your backup plan you’ll probably want to perform full backups on a weekly basis and supplement this with daily, differential, or incremental backups. You may also want to create an extended backup set for monthly and quarterly backups that includes additional files that aren’t being backed up regularly.

Tip You’ll often find that weeks or months can go by before anyone notices that a file or data source is missing. This doesn’t mean the file isn’t important. Although some types of data aren’t used often, they’re still needed. So don’t forget that you may also want to create extra sets of backups for monthly or quarterly periods, or both, to ensure that you can recover historical data over time.

Differential and Incremental Backups

The difference between differential and incremental backups is extremely important. To understand the distinction between them, examine table below. As it shows, with differential backups you back up all the files that have changed since the last full backup (which means that the size of the differential backup grows over time). With incremental backups, you only back up files that have changed since the most recent full or incremental backup (which means the size of the incremental backup is usually much smaller than a full backup).

Incremental and Differential Backup Techniques:

Day of Week Weekly Full Backup with Daily Differential Backup Weekly Full Backup with Daily Incremental Backup
Sunday A full backup is performed. A full backup is performed.
Monday A differential backup contains all changes since Sunday. An incremental backup contains changes since Sunday.
Tuesday A differential backup contains all changes since Sunday. An incremental backup contains changes since Monday.
Wednesday A differential backup contains all changes since Sunday. An incremental backup contains changes since Tuesday.
Thursday A differential backup contains all changes since Sunday. An incremental backup contains changes since Wednesday.
Friday A differential backup contains all changes since Sunday. An incremental backup contains changes since Thursday.
Saturday A differential backup contains all changes since Sunday. An incremental backup contains changes since Friday.

Once you determine what data you’re going to back up and how often, you can select backup devices and media that support these choices. These are covered in the next section.

Selecting Backup Devices and Media

Many tools are available for backing up data. Some are fast and expensive. Others are slow but very reliable. The backup solution that’s right for your organization depends on many factors, including

  • Capacity The amount of data that you need to back up on a routine basis. Can the backup hardware support the required load given your time and resource constraints?
  • Reliability The reliability of the backup hardware and media. Can you afford to sacrifice reliability to meet budget or time needs?
  • Extensibility The extensibility of the backup solution. Will this solution meet your needs as the organization grows?
  • Speed The speed with which data can be backed up and recovered. Can you afford to sacrifice speed to reduce costs?
  • Cost The cost of the backup solution. Does it fit into your budget?
Common Backup Solutions

Capacity, reliability, extensibility, speed, and cost are the issues driving your backup plan. If you understand how these issues affect your organization, you’ll be on track to select an appropriate backup solution. Some of the most commonly used backup solutions include

  • Tape drives Tape drives are the most common backup devices. Tape drives use magnetic tape cartridges to store data. Magnetic tapes are relatively inexpensive but aren’t highly reliable. Tapes can break or stretch. They can also lose information over time. The average capacity of tape cartridges ranges from 100 MB to 2 GB. Compared with other backup solutions, tape drives are fairly slow. Still, the selling point is the low-cost.
  • Digital audio tape (DAT) drives DAT drives are quickly replacing standard tape drives as the preferred backup devices. DAT drives use 4 mm and 8 mm tapes to store data. DAT drives and tapes are more expensive than standard tape drives and tapes, but they offer more speed and capacity. DAT drives that use 4 mm tapes can typically record over 30 MB per minute and have capacities of up to 16 GB. DAT drives that use 8 mm tapes can typically record more than 10 MB per minute and have capacities of up to 36 GB (with compression).
  • Auto-loader tape systems Auto-loader tape systems use a magazine of tapes to create extended backup volumes capable of meeting the high-capacity needs of the enterprise. With an auto-loader system, tapes within the magazine are automatically changed as needed during the backup or recovery process. Most auto-loader tape systems use DAT tapes. The typical system uses magazines with between 4 and 12 tapes. The main drawback to these systems is the high cost.
  • Magnetic optical drives Magnetic optical drives combine magnetic tape technology with optical lasers to create a more reliable backup solution than DAT. Magnetic optical drives use 3.5-inch and 5.25-inch disks that look similar to floppies but are much thicker. Typically, magnetic optical disks have capacities of between 1 GB and 4 GB.
  • Tape jukeboxes Tape jukeboxes are similar to auto-loader tape systems. Jukeboxes use magnetic optical disks rather than DAT tapes to offer high-capacity solutions. These systems load and unload disks stored internally for backup and recovery operations. Their key drawback is the high cost.
  • Removable disks Removable disks, such as Iomega Jaz, are increasingly being used as backup devices. Removable disks offer good speed and ease of use for a single drive or single system backup. However, the disk drives and the removable disks tend to be more expensive than standard tape or DAT drive solutions.
  • Disk drives Disk drives provide the fastest way to back up and restore files. With disk drives, you can often accomplish in minutes what takes a tape drive hours. So when business needs mandate a speedy recovery, nothing beats a disk drive. The drawbacks to disk drives, however, are relatively high costs and less extensibility.

Before you can use a backup device, you must install it. When you install backup devices other than standard tape and DAT drives, you need to tell the operating system about the controller card and drivers that the backup device uses. For detailed information on installing devices and drivers, see the section of Chapter 2 entitled “Managing Hardware Devices and Drivers.”

Buying and Using Tapes

Selecting a backup device is an important step toward implementing a backup and recovery plan. But you also need to purchase the tapes or disks, or both, that will allow you to implement your plan. The number of tapes you need depends on how much data you’ll be backing up, how often you’ll be backing up the data, and how long you’ll need to keep additional data sets.

The typical way to use backup tapes is to set up a rotation schedule whereby you rotate through two or more sets of tapes. The idea is that you can increase tape longevity by reducing tape usage and at the same time reduce the number of tapes you need to ensure that you have historic data on hand when necessary.

One of the most common tape rotation schedules is the 10-tape rotation. With this rotation schedule, you use 10 tapes divided into two sets of 5 (one for each weekday). As shown in the table below, the first set of tapes is used one week and the second set of tapes is used the next week. On Fridays, full backups are scheduled. On Mondays through Thursdays, incremental backups are scheduled. If you add a third set of tapes, you can rotate one of the tape sets to an off-site storage location on a weekly basis.

Using Incremental Backups:

Day of Week Tape Set 1 Tape Set 2
Friday Full backup on Tape 5 Full backup on Tape 5
Monday Incremental backup on Tape 1 Incremental backup on Tape 1
Tuesday Incremental backup on Tape 2 Incremental backup on Tape 2
Wednesday Incremental backup on Tape 3 Incremental backup on Tape 3
Thursday Incremental backup on Tape 4 Incremental backup on Tape 4

Tip The 10-tape rotation schedule is designed for the 9 to 5 workers of the world. If you’re in a 24 x 7 environment, you’ll definitely want extra tapes for Saturday and Sunday. In this case, use a 14-tape rotation with two sets of 7 tapes. On Sundays, schedule full backups. On Mondays through Saturdays, schedule incremental backups.