0% found this document useful (0 votes)
4 views93 pages

KPC-OF-ALL-045 - Database backup and recovery

The document outlines a training module on Database Backup and Recovery, detailing various database architectures, backup methods, and recovery procedures. It emphasizes the importance of database architecture for scalability, security, and data management while discussing risks associated with data loss and strategies for mitigation. Additionally, it covers backup types, including full, incremental, and differential backups, along with the significance of data dictionaries and structure verification in database management.

Uploaded by

hailish4421ict
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
4 views93 pages

KPC-OF-ALL-045 - Database backup and recovery

The document outlines a training module on Database Backup and Recovery, detailing various database architectures, backup methods, and recovery procedures. It emphasizes the importance of database architecture for scalability, security, and data management while discussing risks associated with data loss and strategies for mitigation. Additionally, it covers backup types, including full, incremental, and differential backups, along with the significance of data dictionaries and structure verification in database management.

Uploaded by

hailish4421ict
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 93

Module Title: Database Backup and Recovery

Module code: EIS WDDBA4 M07 1123


Nominal duration: 24 Hours

Prepared by: Haile Sitotaw


May, 2025
Learning outcome

1 Database Architecture

Database Backup
2 Methodes

Database Recovery points


3 and procedures
Database File System Architecture and
associated risks
Database Architecture
Definition
 Database architecture refers to the design and structure of a

01 
database system.
It governs the models, standards, and protocols for how data
is stored and accessed.
 It includes the frameworks to manage, secure, and scale
enterprise-level data.
Example: Online banking systems, hospital patient data
management systems.
Importance of Database Architecture
 Enables scalability and security.
 Simplifies data access and management.
 Ensures proper integration within existing IT infrastructure.
 Diagram: Architecture layers overview.
Types of database system architectur

Single-Tier Architecture
 Architecture where client, server, and DB are on the same machine.
 Used for development/testing rather than production.
 Entire application stack runs locally.
 Example 1: Local SQL database installation.
 Example 2: Standalone desktop inventory app
Diagram – Single-Tier Architecture
 Diagram illustrating user interface, middleware, and DB on one machine.
Two-Tier Architecture
 Client-Server model with DB on server and UI on client.
 Uses APIs like ODBC/JDBC for communication.
 Better security than single-tier as DB is not exposed.
 Example 1: A desktop accounting app connecting to DB server.
 Example 2: Mobile app communicating with remote SQL server.
Three-Tier Architecture
 Separates application logic into three layers.
 Has DB, application, and presentation layers.
 Most common in web applications.
 Example 1: E-commerce platforms.
 Example 2: University information systems.
Presentation Layer: This layer handles the user interface,
including web pages, desktop applications, or mobile interfaces.
Application Logic Layer: This layer contains the
business rules and logic needed to process user requests and
interact with the data layer. It often includes functions like data
validation, calculations, and interactions with external services.
Data Layer: This layer manages the storage and retrieval of
data, typically using a database.
Examples:
•Online Store:
•Presentation Layer: The web pages displaying product catalogs,
shopping carts, and checkout forms.
•Application Logic Layer: Handles order processing, inventory
management, payment processing, and applying discounts.
•Data Layer: Stores product information, customer data, order
history, and financial transactions.
N-Tier Architecture
 Multi-tiered, extendable form of 3-tier.
 Adds more logical layers like security or analytics.
 Improves flexibility and maintainability.
 Example 1: Enterprise Resource Planning (ERP)
systems.
 Example 2: Cloud-native applications.
Risks and Failure Scenarios –
Introduction Disk Failure
 Importance of understanding failures in DB  Physical damage to storage.
systems.  Logical corruption of disk sectors.
 Overview of risks: hardware, software, human  One of the most dangerous data loss
error, etc. causes.
Power Failure  Example 1: Hard disk head crash.
 Unexpected loss of electricity affecting operations.  Example 2: RAID array failure.
 Can lead to hardware malfunction.
 Interrupts data write operations.
 Example 1: Sudden shutdown during transaction.
Human Error
 Accidental deletion/modification of data.
 Definition 2: Incorrect queries or commands.
Virus Infection
 Example 1: Modifying records without a backup.  Malicious code affecting DB integrity.
 Can steal, modify, or delete data.
Software Corruption  Often introduced via network or
removable media.
Malfunction due to bugs or resource constraints.
 Example 1: Ransomware attack.
 Repeated crashes cause unsaved data loss.
 Example 1: Incompatibility after update.
Natural Disasters
System Crash
 Unpredictable events destroying infrastructure.
 OS or application failure.
 Results in complete data center failure.
 Can freeze or reboot the system.
 Example 1: Flood damaging server room.
 Causes transaction loss.
 Example 2: Earthquake disrupting services.
 Example 1: Blue screen during DB
Hardware Failure backup.
 Malfunction of DB infrastructure.  Example 2: Deadlock in query
 Includes CPU, RAM, and storage. processing.

 Definition 3: Often caused by aging or overheating.


 RAM errors during processing.
Sabotage Mitigation Strategies
 Intentional data destruction.  Backup and recovery planning
 Redundant systems and RAID
 Targets hardware or software.
 User access control
 Example 1: Hackers altering records.
 Disaster recovery sites
 Example 2: Malicious user deleting backups.
 Diagram: DB failover architecture
N.B
Sabotage is the deliberate damage to
equipment. Infecting a website with
malware is an example of information
sabotage.
2 Database Backup Methods

2.1: Introduction to Backup


Definition of Backup
 Backup is the process of creating copies of data to protect it
from loss or corruption.
 Backup refers to storing duplicate data files in local or offsite
locations.
 A backup is a safety mechanism against accidental or
malicious deletions, failures, or attacks.
Definitions of Restore and Recovery
 Restore: Retrieving data from backup storage
and copying it back to a device or location.
 Recovery: Process of making a system
operational after a failure.

Examples of Backup (Textual) Purpose of Backup


 Example 1: A company backs up its financial  Protects against:
records to a cloud server every night. o Accidental deletion
Example 2: A school backs up student data to an
external hard drive weekly.
o Hardware failure
o Corruption and
ransomware attacks
Methods for Back-up and Recovery

Backup Types Overview


 Full, Incremental
 Differential
 Mirror
 Log
 Increamental
Full Backup - Definition and Description
 A complete backup of all files and data.
 Creates a full copy of all data to a new location.
 Backup of entire system/data every time it runs.

Example
Imagine a company backs up its server data weekly. On Sunday, they perform a full
backup of all the files on the server. This includes all documents, databases, and system
files.
Incremental Backup - Definitions
 Backs up only changes made since last backup.
 Captures modified data from previous backup.
 Time-efficient backup of newly added or changed data.
 An incremental backup copies only the data that has changed since the last
backup, whether it was a full or incremental backup.
Incremental Backup - Examples
 Example 1: Nightly backups of updated documents only
 Example 2: Backup system for real-time edited project files
Differential Backup - Definitions
 Captures data changed since last full backup.
 Repeatedly backs up changed files until next full backup.
 More data stored than incremental, less than full
Differential Backup - Examples
 Example 1: Weekly full, daily differential for hospital patient data
 Example 2: Daily differential of project work from design firm

A differential backup strategy copies only newly added and changed data since the
last full backup. If your last full backup was on Sunday, a backup on Monday would
copy all changes since Sunday.
Backup type Date backed up Backup time Restore time Storage space
Full backup All data Slowest Fast High
Incremental Only Fast Moderate Lowest
backup new/modified
files and folders
Differential All data since Moderate Fast Moderate
backup last full
Mirror backup Only Fastest Fastest Highest
new/modified
files and folders

A mirror backup is a type of backup in which an exact replica of data is created and
stored in a separate location.
Mirror backup ትክክለኛ የመ ቅጂ የሚፈጠርበት እና በተለየ ቦታ
የሚከማችበት የመጠባበቂያ አይነት ነው።
Determining Appropriate Methods
Choosing the Right Backup Strategy Example Strategies
 Factors: Data volume, budget, performance, and  Small Business:
availability Full backup daily
Backup Strategy Options  Enterprise:
 Full Daily
Weekly full + daily differential
 Full Weekly + Incremental Daily
 Full Weekly + Differential Daily
Range of Backup and Restoration
Recovery Considerations
 Data usage type: read vs. write
 Storage capacity
What is online backup?
Online backup is the system of sending copies of data N.B
to remote locations using an internet connection.
Online backup is also called a hot
These locations will often be cloud-based servers
hosted by third-party services. backup or dynamic backup
You can either send specific files to the cloud for
back up, or back up your entire computer system.
What is offline backup?
Unlike online backup, an offline backup strategy
N.B does not use software or the cloud. Instead, this type
Offline backup is also known as of backup copies data to a location that is accessible
“local backup” and “removable when a computer doesn’t have an internet
backup” connection.
It also called cold backup An offline target location could be a physical piece of
hardware such as an external hard drive, USB, or
even a DVD.
Disk mirroring
Also known as RAID 1, is a data storage technique where data is replicated across
two or more physical hard disks, ensuring continuous availability and data
protection.
If one drive fails, the data is still available on the mirrored copy.

RAID
Redundant array of independent disks” is a form of storage that writes data to many
disks in the same system.
 Different configurations, including
 RAID 0
 RAID 1 and
 RAID 5
are stated as numbers.
RAID 0
 Also known as data striping, distributes data across multiple hard drives to
increase performance but provides no redundancy or fault tolerance.
 It combines the storage capacity of multiple drives into a single logical drive,
making it ideal for applications requiring high speed but not critical data
protection.
 If one drive in a RAID 0 array fails, all data on the array is lost.

RAID 1
Consists of an exact copy (or mirror) of a set of data on two or more disks; a
classic RAID 1 mirrored pair contains two disks.
What is RAID 2?
RAID 2 was an early way to store data across multiple hard drives. It
broke data into tiny bits and spread them over several drives. It also
used extra drives to help fix errors if something went wrong.

This system could hold more data and work a bit faster than one drive
alone.

Advantages of RAID 2
•High data integrity due to its use of error-correction codes.
• This method can detect and correct multiple errors, ensuring data is accurate.
Difference Between RAID 2 and RAID 3

RAID 2 RAID 3

RAID 2 stands for Redundant Array of RAID 3 stands for Redundant Array of
Independent Disk level 2. Independent Disk level 3.

In RAID 3 technology, Byte-level Striping is


In RAID 2 technology, Bit-level Striping is used.
used.

In this level, One group of disk are used to write


In this level, Multiple disks are used for storing
the data and other group is used to write the
data and one dedicated disk is used to store parity
ECC.

It require extra drive for Error Code. It require extra drive for Parity.
Documentation
Définitions:
1. Written records of system configuration, architecture, and changes.
2. Helps in troubleshooting, audits, and system upgrades.
3. Includes setup steps, parameter settings, and user roles.
Examples:
 A Word document listing SQL Server installation settings.
 A spreadsheet tracking schema changes.
Monitoring Irregularities - Overview
Definitions:
1. The process of identifying unexpected behavior or system faults.
2. Ensures early detection of issues before they cause failure.
3. Focuses on anomalies in performance or security.
Examples:
 Noticing sudden spike in query execution time.
Detecting memory leaks via logs.
Log and Performance Monitoring
Definitions:
1. Analyzing system logs to trace warnings and errors.
2. Monitoring CPU, memory, disk usage to optimize performance.
3. Key for identifying bottlenecks and failures.
Examples:
 Analyzing logs to find failed login attempts.
Using Grafana dashboard to view query performance trends.
Alerts, Health Checks, and Security Audits
Definitions:
1. Alerts: Notifications for predefined issues (CPU spike, failed backup).
2. Health Checks: Periodic review of system metrics.
3. Security Audits: Review of access control and logins.
Examples:
 Email alert when disk usage > 90%.
 Weekly script checking user permissions.
Query and User Activity Monitoring
Definitions:
1. Query monitoring identifies inefficient queries and delays.
2. User activity logs reveal access patterns and anomalies.
3. Helps in tuning performance and detecting misuse.
Examples:
 Logging all queries that take > 5 seconds.
 Tracking IP addresses used for logins.
Data Consistency and Backup Verification
Definitions:
1. Regular validation of data against expected rules.
2. Backup verification ensures backups can be restored correctly.
3. Prevents corruption and data loss.
Examples:
 Running daily checks for NULLs in mandatory columns.
Restoring a test copy from backup every Sunday.
Data Consistency and Backup Verification
Definitions:
1. Regular validation of data against expected rules.
2. Backup verification ensures backups can be restored correctly.
3. Prevents corruption and data loss.
Examples:
 Running daily checks for NULLs in mandatory columns.
Restoring a test copy from backup every Sunday.
2 Database management

2.1. Data Dictionary Compilation and Structure Verification


What is a Data Dictionary?
Definition :
A data dictionary is a centralized repository providing metadata about data within a
database.
A collection of descriptions of data objects/items in a data model for programmers and
users.
Information describing database contents, format, structure, and relationships to control
access and manipulation.
Purpose and Contents of Data Dictionary
 Definitions of schema objects
 Space allocation and usage
 Default column values
 Integrity constraints
 Auditing info (access, updates)
 User roles and privileges
 Descriptions of users and responsibilities
Example of Data Dictionary Entry
 Table: Customers
 Fields: CustomerID (int, PK), Name (varchar), Email
(varchar), Phone (varchar)
 Constraints: CustomerID is primary key, Email unique
Usage: Helps developers understand data types and
constraints
Advantages of a Data Dictionary
 Simplifies understanding of table structures
 Helps new users/admins quickly learn schema
 Centralized documentation of database design
 Improves communication among developers
What is Structure Verification?
Definition
Process of verifying actual database schema against the
documented data dictionary.
Ensures database structure aligns with intended design.
Confirms all changes in database are updated in the data
dictionary for consistency.
Why Structure Verification is Important
 Maintains database design integrity
 Detects discrepancies between documentation and actual schema
 Prevents errors due to outdated or incorrect documentation
 Ensures smooth database maintenance and upgrades
Example of Structure Verification
 Data dictionary says "Orders" table has FK to
"Customers" table
 Verify FK relationship exists in the database schema
 Check data types and constraints match documentation
Example of Structure Verification
 Data dictionary says "Orders" table has FK to
"Customers" table
 Verify FK relationship exists in the database schema
 Check data types and constraints match documentation
Structure Verification Types
 Consistency Checks: Verify documentation matches database
 Data Type Verification: Check field types match dictionary
 Constraint Verification: Verify PK, FK, Unique, Check constraints
 Documentation Updates: Reflect changes in data dictionary
 Version Control: Track changes over time
Types of Data Integrity Constraints
1. Entity Integrity

2. Referential Integrity

3. Domain Integrity

4. User Defined Integrity

Entity Integrity
 Primary key must be unique and not null

 Ensures every record can be uniquely identified


Example 1: CustomerID in Customers table is PK, unique and not null
Example 2: ProductID in Products table serves as unique identifier
Referential Integrity
 Foreign key must reference a valid primary key or be null

 Prevents orphaned records and inconsistent relationships


Example 1: Order.CustomerID FK references Customers.CustomerID
Example 2: Invoice.CustomerID FK references Customers.CustomerID or is null if
no customer linked

Domain Integrity
 All columns must contain values within a defined domain (valid data type and
range)
Example 1: Age column must be integer between 0 and 120
Example 2: Email column must follow proper email format.
Referential Integrity
 Foreign key must reference a valid primary key or be null

 Prevents orphaned records and inconsistent relationships


Example 1: Order.CustomerID FK references Customers.CustomerID
Example 2: Invoice.CustomerID FK references Customers.CustomerID or is null if
no customer linked

Domain Integrity
 All columns must contain values within a defined domain (valid data type and
range)
Example 1: Age column must be integer between 0 and 120
Example 2: Email column must follow proper email format.
User Defined Integrity
 Business-specific rules not covered by other integrity types

 Implemented via constraints, stored procedures, triggers


Example 1: On deletion of a sales record, write to audit table automatically
Example 2: Discount applied only if customer is premium member

Indexes: What and Why?


Definition
Index is a separate physical data structure to speed up data retrieval.
Used to quickly locate data without scanning entire table.
Improves query performance at the cost of additional storage and write overhead.
Why Use Indexes?
 Enforce uniqueness on columns
 Speed up query response time
 Support quick lookups, joins, and sorting
 Optimizes large database operations
Deciding Which Columns to Index
 Frequently used in WHERE clauses

 Frequently used in JOIN operations

 Frequently used in ORDER BY clauses

 Columns with mostly unique values

 Avoid small tables or columns with many duplicates

Creating Indexes
 Use SQL command: CREATE INDEX index_name ON table_name (column1 ASC|DESC, ...)

 Can be single or multi-column

 Improves ordered data access


Deciding Which Columns to Index
 Frequently used in WHERE clauses

 Frequently used in JOIN operations

 Frequently used in ORDER BY clauses

 Columns with mostly unique values

 Avoid small tables or columns with many duplicates

Creating Indexes
 Use SQL command: CREATE INDEX index_name ON table_name (column1 ASC|DESC, ...)

 Can be single or multi-column

 Improves ordered data access


Deleting Indexes
 Use SQL command: DROP INDEX index_name ON table_name

 Can be deleted via GUI tools like Object Explorer


 Keep database optimized by removing unused indexes

Viewing and Editing Indexes


 Use database tools (Object Explorer) to view indexes
 Modify indexes via properties or SQL commands
 Adjust columns and index options as needed
Multiple-Field Keys (Composite Keys)
Definition
A key made up of two or more columns to uniquely identify a record.
Used when no single column is unique by itself.
Helps maintain entity integrity with combined uniqueness.

Example of Composite Key


 Table: OrderDetails
 Composite PK: (OrderID, ProductID)
 Ensures uniqueness of product in each order
Example 2: Enrollment table with (StudentID, CourseID) composite key
Summary
 Data dictionary documents database schema and metadata
 Structure verification ensures consistency between dictionary
and actual database
 Integrity constraints maintain data accuracy and business rules
 Indexes improve performance by speeding up data retrieval
 Composite keys ensure unique identification via multiple fields.
2.4. Lock options for the database monitoring

Contents
Lock Options for Database Monitoring
Backup Verification & Retrieval
Storage Monitoring & Resizing
Data Updates per Guidelines
2.4. Lock options for the database monitoring
Types of Locks

1. Shared Locks
 Definition: Allows concurrent read access but blocks writes.
 Example 1: Multiple users querying a product catalog simultaneously.
 Example 2: Reporting tools reading financial data without blocking transactions.

2. Exclusive Locks
 Definition: Grants exclusive write access; blocks other reads/writes.
 Example 1: Admin updating a user’s salary record.
 Example 2: Batch process modifying inventory levels.
Monitoring Locks
 Definition: Tracks active locks to prevent contention.
 Example 1: SQL Server’s sys.dm_tran_locks view.

Deadlock Detection & Timeout

1. Deadlock Detection
 Definition: Identifies cyclic dependencies where transactions wait indefinitely.
 Example 1: Transaction A locks Table 1; Transaction B locks Table 2; both wait for the other.
 Example 2: DBMS automatically kills one transaction to resolve deadlock.
Isolation Levels & Lock Escalation

1. Isolation Levels
 Definition: Controls transaction visibility (e.g., dirty reads, phantom reads).
 Example 1: READ COMMITTED prevents dirty reads but allows non-repeatable reads.
 Example 2: SERIALIZABLE ensures strict isolation but reduces concurrency.

2. Lock Escalation
 Definition: Converts many row-level locks to a single table-level lock.
 Example 1: SQL Server escalates locks to reduce memory usage.
 Example 2: Disabling escalation for high-concurrency OLTP systems.
Backup Retrieval Process
1. Backup Logs & Timestamps
 Definition: Logs confirm successful backups with timestamps.
 Example 1: AWS RDS logs backup completion times.
 Example 2: Nagios alerts for missed backups.

2. Retention Policy Compliance


 Definition: Ensures backups align with legal/organizational rules.
 Example 1: 7-year retention for financial data (SOX compliance).
 Example 2: Auto-deletion of backups after 30 days.
Storage Monitoring & Resizing

Storage Monitoring

1. Auto-Growth Settings
 Definition: Automatically expands database files when space runs low.
 Example 1: SQL Server file groups set to grow by 10% increments.
 Example 2: Monitoring alerts for frequent auto-growth events.

2. Partitioning
 Definition: Splits large tables into manageable chunks.
 Example 1: Partitioning sales data by year.
 Example 2: Faster queries on recent partitions while archiving old data.
Storage Optimization
1. Data Archiving
 Definition: Moves old data to cheaper storage.
 Example 1: Moving 5-year-old records to cold storage (e.g., AWS Glacier).
 Example 2: Compliance archiving for audit trails.

2. Index Optimization
 Definition: Rebuilds fragmented indexes to save space.
 Example 1: Weekly REINDEX jobs in PostgreSQL.
 Example 2: Removing unused indexes to free 20% storage.
Compliance & Testing
1. Staging Environment Tests
 Definition: Validates updates in a non-production clone.
 Example 1: Testing a price increase in staging before production.
 Example 2: Data migration validation.

2. Regulatory Compliance
 Definition: Ensures updates follow laws (e.g., GDPR, CCPA).
 Example 1: Anonymizing data before testing.
 Example 2: Approval workflows for sensitive data changes.
Database Access
3 Management
Access Privilege Management (3.1)
 Definition :
 Access privilege management refers to the process of assigning, modifying,
or revoking access rights to database resources based on user roles and
organizational policies.
 It ensures that users have appropriate permissions to perform their tasks while
protecting sensitive data.

Database Access
3 Management
Allocate Access Privileges for New Users
 Definition: Granting appropriate access rights to new employees
based on their job roles.
 Example 1:
GRANT SELECT ON database.table TO 'new_user'@'localhost';
 Example 2:
GRANT INSERT, UPDATE ON database.table2 TO 'new_user'@'localhost';
Database Access
3 Management
Remove Access Privileges for Departing Users
 Definition: Revoking access from users who have left the
organization.
 Example 1:
REVOKE ALL PRIVILEGES ON database.* FROM 'departing_user'@'localhost';
 Example 2:
DROP USER 'departing_user'@'localhost';
Database Access
3 Management
Adjust Access Privileges for Role Changes
 Definition: Modifying access rights when a user changes
roles within the organization.
 Example 1:
REVOKE SELECT ON database.table FROM 'user'@'localhost';
 Example 2:
GRANT UPDATE ON database.table TO 'user'@'localhost';
Database Access
3 Management
Periodic Access Review and Adjustment
 Definition: Reviewing user access periodically to align with
job responsibilities.
 Example 1:
REVOKE DELETE ON database.table FROM
'user_to_review'@'localhost';
 Example 2: Remove privileges after audit reveals over-access.
Access Privileges Based on User Status
 Definition: Granting or restricting access depending on
whether a user is active, on probation, or inactive.
 Example 1: IF user_status = 'active' THEN

GRANT SELECT ON database.table TO 'user';


END IF;
 Example 2:
REVOKE ALL PRIVILEGES ON database.table FROM 'inactive_user';
User Access Termination
 Definition: Ensuring all access is removed when a user exits.
 Example 1:
REVOKE ALL PRIVILEGES ON *.* FROM 'former_user'@'localhost';
 Example 2:
DROP USER 'former_user'@'localhost';
Access Privileges for Temporary Roles
 Definition: Granting time-limited access to users in project
roles.
 Example 1:
GRANT SELECT, INSERT ON project_db.* TO 'temp_user';
 Example 2: Schedule script to revoke access after a deadline.
Access Based on User Approval
 Definition: Implementing a system where privilege changes
need managerial approval.
 Example 1:
GRANT SELECT ON database.table TO 'approved_user';
 Example 2: Use approval workflows in IAM tools.
Access Audit and Logging
 Definition: Access Audit and Logging refers to the systematic process of
recording and reviewing all user activities related to access control within a system
or database.
Access Audit
•Definition: An access audit is the process of reviewing records of who accessed what
data, when, and what actions they performed.
•Purpose:
• Identify unauthorized access.
Access Audit and Logging
Access Logging
•Definition: The act of recording access events (login, data read/write, privilege
changes) into a secure log file or database.
•Key Log Information:
• Timestamp
• Username or process ID
• Accessed resource
• Action type (e.g., SELECT, UPDATE, DELETE)
• Result (Success/Failure)
•Benefits:
• Enables traceability.
• Supports incident investigation.
• Helps in forensic analysis after security breaches.
Access Audit and Logging
Access Logging
•Definition: The act of recording access events (login, data read/write, privilege
changes) into a secure log file or database.
•Key Log Information:
• Timestamp
• Username or process ID
• Accessed resource
• Action type (e.g., SELECT, UPDATE, DELETE)
• Result (Success/Failure)
•Benefits:
• Enables traceability.
• Supports incident investigation.
• Helps in forensic analysis after security breaches.
Focus on Security-Relevant Logs
 Definition: Logs showing authentication attempts and access
to sensitive resources.
 Example 1: /var/log/auth.log
 Example 2: Cloud-based security logs (AWS CloudTrail).
Identify Suspicious Patterns
Definition: Recognizing abnormal behaviors such as failed login
bursts.
Means analyzing server logs or system activity to detect unusual or abnormal
behavior that may indicate a potential security threat or unauthorized access
attempt.
 Example 1: 5 failed logins within a minute.
 Example 2: Login from foreign country IPs.
Automate Log Analysis
 Definition: Using tools to analyze logs and generate alerts
automatically.
 Example 1: Use Splunk for real-time alerting.
 Example 2: Employ ELK stack (Elasticsearch, Logstash,
Kibana).
Access Audit and Logging
Access Logging
•Definition: The act of recording access events (login, data read/write, privilege
changes) into a secure log file or database.
•Key Log Information:
• Timestamp
• Username or process ID
• Accessed resource
• Action type (e.g., SELECT, UPDATE, DELETE)
• Result (Success/Failure)
•Benefits:
• Enables traceability.
• Supports incident investigation.
• Helps in forensic analysis after security breaches.
Set Thresholds for Alerts
 Definition: Defining limits to flag abnormal login behavior.
 Example 1: Alert if more than 3 failed logins in 10 minutes.
 Example 2: Alert if login from blacklisted IPs.
Real-Time Monitoring & Geolocation
 Definition: Monitor logs live & detect logins from suspicious
locations.
 Example 1: Alert for logins from Asia if users are based in
Africa.
 Example 2: Flag midnight access.
Review Failed Logins & Admin Logins
 Definition: Prioritizing attention to failed attempts and
privileged accounts.
 Example 1: Excessive failed root logins.
 Example 2: Admin login during holiday.
Incident Response Planning
 Definition: Predefined steps for responding to suspicious
logins.
 Example 1: Lock account after multiple failures.
 Example 2: Notify IT admin instantly.
Manage System Resources (3.3)
Introduction to System Resource Management
 Definition 1: Monitoring and optimizing CPU, memory,
storage, and bandwidth.
 Definition 2: Ensures optimal performance and reliability.
 Definition 3: Aligns system capacity with usage demand.
Monitor CPU, Memory, Disk I/O
 Definition: Use tools to assess how resources are consumed.
 Example 1: Use top or htop on Linux.
 Example 2: Use Azure Monitor for cloud systems.
Set Thresholds & Automate Alerts
 Definition: Define max acceptable values; trigger alerts when
exceeded.
 Example 1: Alert at 80% disk use.
 Example 2: Email when CPU > 90%.
Capacity Planning & Scaling
 Definition: Forecast future needs and scale hardware/software.
 Example 1: Add 32GB RAM based on projection.
Example 2: Move to cloud auto-scaling.
: Prioritize Critical Processes
 Definition: Ensure essential tasks get resources.
 Example 1: Allocate more memory to DB backup than
logging.
 Example 2: Lower priority for analytics during peak hours.
Optimize Indexing and Queries
 Definition: Reduce load with efficient queries and indexes.
 Example 1: Add index to customer_id.
Example 2: Use query plans to optimize joins
Caching & Connection Management
 Definition: Reduce redundant DB access and handle
connections smartly.
 Example 1: Use Redis to cache frequent queries.
 Example 2: Implement connection pooling in app server.
Disk & Network Optimization
 Definition: Efficient use of disk space and bandwidth.
 Example 1: Compress archived logs.
 Example 2: Minimize JSON response sizes.
 .
Backup Optimization
 Definition: Reduce backup impact on system.
 Example 1: Use incremental backups.
 Example 2: Schedule backups during off-peak.
 .
Virtualization & Load Balancing
 Definition: Distribute resources smartly in virtual environments.
 Example 1: Adjust VM RAM allocation.
 Example 2: Use HAProxy to balance load.
Regular Updates & Security Patches
 Definition: Maintain software for performance & security.
 Example 1: Update MySQL monthly.
 Example 2: Apply Linux kernel patches.

 .
Virtualization & Load Balancing
 Definition: Distribute resources smartly in virtual environments.
 Example 1: Adjust VM RAM allocation.
 Example 2: Use HAProxy to balance load.
Regular Updates & Security Patches
 Definition: Maintain software for performance & security.
 Example 1: Update MySQL monthly.
 Example 2: Apply Linux kernel patches.

 .
THANKS!
Do you have any questions?
[email protected]
+251 9xx xx xx xx
yourwebsite.com

You might also like