File system level data protection during potential security breach
First Claim
1. A method for creating a data snapshot and executing file system protection-specific commands to protect data and limit access of the snapshotted data upon suspicion of a potential security breach, the method comprising:
- in response to identifying a suspected breach to a file system, at a time of the identifying the suspected breach;
generating a read-only snapshot of at least one file set of data that is stored on a storage volume of the file system;
invoking at least one file system protection command that restricts access to the snapshot of the at least one file set of data;
detecting a user credential associated with the suspected breach;
extracting from an authentication server a user identification indicia and a group identification indicia for the user that is associated with the suspected breach;
referring to an access table of the file system to identify a first plurality of file sets stored within system storage resources to which the user identification indicia and the group identification indicia have write access and which comprises the at least one file set of the generated read-only snapshot; and
using the snapshot to roll a current state of the file system data back to a previous data copy of the file set that belongs to the user identification indicia and the group identification indicia associated with the suspected breach.
7 Assignments
0 Petitions
Accused Products
Abstract
Immediately upon identifying a potential breach to a file system, a read-only snapshot of one or more file sets of data stored on a storage volume of the file system is created, and one or more file system protection commands are invoked that restrict access to the snapshot of the file set. Generating the snapshot and restricting access to the snapshot data may include immediately opening an administrative shell for the file-system in response to identifying a potential breach, and executing administrative shell commands that invoke creation of snapshot and limit access of the snapshot data to an administrator or super user.
34 Citations
20 Claims
-
1. A method for creating a data snapshot and executing file system protection-specific commands to protect data and limit access of the snapshotted data upon suspicion of a potential security breach, the method comprising:
-
in response to identifying a suspected breach to a file system, at a time of the identifying the suspected breach; generating a read-only snapshot of at least one file set of data that is stored on a storage volume of the file system; invoking at least one file system protection command that restricts access to the snapshot of the at least one file set of data; detecting a user credential associated with the suspected breach; extracting from an authentication server a user identification indicia and a group identification indicia for the user that is associated with the suspected breach; referring to an access table of the file system to identify a first plurality of file sets stored within system storage resources to which the user identification indicia and the group identification indicia have write access and which comprises the at least one file set of the generated read-only snapshot; and using the snapshot to roll a current state of the file system data back to a previous data copy of the file set that belongs to the user identification indicia and the group identification indicia associated with the suspected breach. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A system, comprising:
-
a processing unit; a computer readable memory in communication with the processing unit; and a tangible computer-readable storage medium in communication with the processing unit; wherein the processing unit, in response to identifying a suspected breach to a file system, at a time of the identifying the suspected breach, executes program instructions comprising at least one file system protection command and stored on the tangible computer-readable storage medium via the computer readable memory and thereby; generates a read-only snapshot of at least one file set of data that is stored on a storage volume of the file system; restricts access to the snapshot of the at least one file set of data; detects a user credential associated with the suspected breach; extracts from an authentication server a user identification indicia and a group identification indicia for the user that is associated with the suspected breach; refers to an access table of the file system to identify a first plurality of file sets stored within system storage resources to which the user identification indicia and the group identification indicia have write access and which comprises the at least one file set of the generated read-only snapshot; and uses the snapshot to roll a current state of the file system data back to a previous data copy of the file set that belongs to the user identification indicia and the group identification indicia associated with the suspected breach. - View Dependent Claims (10, 11, 12, 13, 14)
-
-
15. A computer program product for generating a data snapshot and protecting the data snapshot upon a suspected breach of a file system, the computer program product comprising:
-
a computer readable tangible storage medium having computer readable program code embodied therewith, the computer readable program code comprising instructions comprising at least one file system protection command for execution by a computer processing unit that causes the computer processing unit to, in response to identifying a suspected breach to a file system, at a time of the identifying the suspected breach; generate a read-only snapshot of at least one file set of data that is stored on a storage volume of the file system; restrict access to the snapshot of the at least one file set of data; detect a user credential associated with the suspected breach; extract from an authentication server a user identification indicia and a group identification indicia for the user that is associated with the suspected breach; refer to an access table of the file system to identify a first plurality of file sets stored within system storage resources to which the user identification indicia and the group identification indicia have write access and which comprises the at least one file set of the generated read-only snapshot; and use the snapshot to roll a current state of the file system data back to a previous data copy of the file set that belongs to the user identification indicia and the group identification indicia associated with the suspected breach. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification