For each important or critical file or directory, you must have backup copies that allow you to trace all the changes introduced for those files and directories. You must be able to identify the following changes:
File type
File path
Alternate paths, such as links, aliases, and shortcuts
Contents of files and directories
Precise file size
Data and time when the file was created and last modified
File owner and access rights
These changes can be traced using integrity-control tools that were covered in the previous chapter. The description of the backup tools themselves (such as ARCserver, Ghost, etc.) goes beyond the range of topics discussed in this book.
Critically important elements of the information system that must be backed up and controlled include the following:
Operating system files
Access control lists (ACLs) for the routers, firewalls and other protection tools
Application files
Security tools and data used for integrity control, and detecting traces of attacks
Organizational data and records which can disrupt business activity or inflict severe damage on the company if lost or compromised (for example, financial reports, information on employees, marketing plans, and so on)
User data
Public information (for example, Web pages)
These requirements are quite similar to the requirements that must be met for the protection of log files. Therefore, we will not repeat them here.