Abstract: Embodiments of a system and method to prevent mass deletion of data in a data storage system. A data deletion operation comprises a delete operation marking blocks to be deleted followed by a garbage collection (GC) operation to remove marked blocks from storage media. Based on historical information regarding deletions per GC cycle and certain user-defined thresholds based on data age, the storage system can detect any significant deviations as potentially dangerous. If a deletion in excess of a deviation threshold is detected, the next GC operation is skipped to provide a delay period during which time the user can investigate the data delete command and restore data if necessary. De-risking conditions such as known abnormal high deletion periods or new system installation can be used to override any garbage collection delay.

Abstract: Systems and methods for securing Accounts of Last Resort (ALRs) are described. In an illustrative, non-limiting embodiment, an IHS may include a processor and a memory coupled to the processor, the memory having program instructions that, upon execution, cause the IHS to receive a credential from one of a plurality of users to log onto an ALR, where the credential is shared among the plurality of users, and log the user onto the ALR in response to verification of a signed digital certificate provided by the user.

Abstract: Described is a system for secure distribution of a client certificate private key to client-based services. The system implements a specialized technique to minimize exposure of a key-encryption-key (KEK) that may be used to secure the client certificate private key that is managed by a certificate manager (CM). A client-based service generates a one-time secret message that is encrypted with the symmetric key and provided to the CM as part of a request to access the private key. The CM authenticates the request originates from a trusted before decrypting the private key with the KEK that remains known only to the CM. The CM then encrypts the decrypted private key with the secret message and provides the client-based service access to private key that is encrypted with the secret message.

Abstract: Systems and methods for using certificate authority certificates inline as part of a file transfer protocol are described. A backup system may receive a request from a client system for a first secure communications channel secured with a previously-shared encryption key. The backup system may transmit a message via the first secure communications channel that indicates that the backup system is one-way CA certificate encryption capable. In response to the message, the client system may transmit a query to create a second secure communications channel. The backup system may then transmit, via the first secure communications channel, the one-way CA certificate to the client system. Once the client system has been configured for CA certificate-based communication, the second secure communications channel may be established. The client system may then transmit, via the second secure communications channel, encrypted client data for storage on the backup server.

Abstract: Systems and methods for using certificate authority certificates inline as part of a file transfer protocol are described. A backup system may receive a request from a client system for a first secure communications channel secured with a previously-shared encryption key. The backup system may transmit a message via the first secure communications channel that indicates that the backup system is one-way CA certificate encryption capable based on the client version of the backup application of the client system. In response to a query, received via the first secure communications channel, to create a second secure communications channel, the backup system may transmit, via the first secure communications channel, the one-way CA certificate after a comparison of security settings indicates that one-way CA certificate encryption is the highest encryption level available. The second secure communications channel may then be set up to transmit encrypted client data.

Abstract: A cluster service receives a cluster message based on a removal of a first service from membership in a first node in a cluster, and requests a shared storage to generate and then provide a new access key, thereby enabling the shared storage to use the new access key to validate requests to access resources stored by the shared storage. The cluster service receives the new access key from the shared storage, and sends the new access key in at least some cluster messages to at least a second service in a second node in the cluster of nodes. The second service creates a key based on the new access key. The second service uses the key to create a request to access a resource stored by the shared storage, sends the request to the shared storage, and then accesses the resource, which was previously accessed by the first service.

Abstract: A fencing service receives a cluster message based on a first service's removal from membership in a first node in a cluster, and generates an access key based on a generation identifier in the cluster message. The fencing service sends the access key to a shared storage, thereby enabling the shared storage to create signing keys based on the access key, and which are used to validate signed requests to access resources stored by the shared storage. A second service in a second node in the cluster receives the cluster message, and generates the access key based on the generation identifier. The second service accesses a resource previously accessed by the first service, by generating a signing key based on the access key and a request to access the resource stored by the shared storage, and then sending the request signed by the signing key to the shared storage.

Abstract: Embodiments for a system and method for secure authentication of backup clients in a way that eliminates the need to create users for backup client authentication anywhere in the backup ecosystem, and which eliminates the need for credentials, such as passwords that need protection, updating and synchronization. Such embodiments use a short-term token, such as a JSON web token, for both client and server authentication within the system, and verifies that the tokens grant access using the public key corresponding to the private key assigned to the directory objects by the creator of the directory objects.

Abstract: Embodiments of a system and method to prevent mass deletion of data in a data storage system. A data deletion operation comprises a delete operation marking blocks to be deleted followed by a garbage collection (GC) operation to remove marked blocks from storage media. Based on historical information regarding deletions per GC cycle and certain user-defined thresholds based on data age, the storage system can detect any significant deviations as potentially dangerous. If a deletion in excess of a deviation threshold is detected, the next GC operation is skipped to provide a delay period during which time the user can investigate the data delete command and restore data if necessary. De-risking conditions such as known abnormal high deletion periods or new system installation can be used to override any garbage collection delay.

Abstract: A system clock is protected by limiting clock changes, change frequency, and calculating skew. System and secure clocks are initialized to a same time. First and second thresholds are set. The first threshold corresponds to an alert and the second threshold corresponds to an action. At a time interval at which the secure clock is to be updated, a skew is calculated between the system and secure clocks, and a cumulative skew is calculated. Upon a determination that the cumulative skew has reached the first threshold, but not the second threshold, the alert is triggered while deletions of files having retention locks that have expired according to the system clock are allowed to continue. Upon a determination that the cumulative skew has reached the second threshold, the action is triggered. The action includes blocking the deletions of files having retention locks that have expired according to the system clock.

Abstract: This disclosure provides system, methods, and media for identifying inadvertent compression or encryption in data streams from a client that land on a deduplication storage system. When one or more such abnormalities are detected, an alert message is generated to alert the administrator of the deduplication storage system so that corrective actions can be taken to prevent undesired consequences. According to an exemplary method, machine learning techniques are used to plot and smoothen global compression ratios and local compression ratios of historical backups from a client over a period of time. Then, a second derivative of each data point on the smoothened curves is taken and compared with a predetermined threshold to detect whether that the slope of the data point exceeds a threshold. A data point whose slope exceeds the threshold can be determined to be a data point corresponding to a backup that includes compression and/encryption.

Abstract: Methods, apparatus, and processor-readable storage media for automatically discovering and securely identifying connected systems are provided herein. An example computer-implemented method includes discovering a set of one or more systems connected via at least one network using one or more domain name server (DNS) service discovery techniques; identifying at least one of the one or more systems of the discovered set by processing cryptographic data associated with at least a portion of the one or more systems using one or more digest access authentication techniques; and performing one or more automated actions based at least in part on the at least one identified system.

Abstract: A method of sending blocks of data from a client to be stored at a storage server, wherein for each block compression and encryption is performed at the client, and deduplication is performed at the server. Security is thus enhanced as the block is compressed and encrypted when it is sent over an unsecured network and when it is stored in potentially a third-party backup system. Provisions are made to enable addition of new compression algorithms and for retirement of old compression algorithms, while ensuring that a client would not receive a block which was compressed using an unsupported, e.g., retired, compression algorithm. In some examples a compression algorithm ID is tied to an encryption key version to enable refresh of blocks compressed with old algorithm.

Abstract: Embodiments of a system and method to prevent mass deletion of data in a data storage system. A data deletion operation comprises a delete operation marking blocks to be deleted followed by a garbage collection (GC) operation to remove marked blocks from storage media. Based on historical information regarding deletions per GC cycle, the storage system can detect any significant deviations as potentially dangerous. If a deletion in excess of a deviation threshold is seen, the next GC operation is skipped to provide a delay period during which time the user can investigate the data delete command and restore data if necessary. De-risking conditions such as known abnormal high deletion periods or new system installation can be used to override any garbage collection delay.

Abstract: Embodiments of the runtime risk assessment process monitors deliberate or potentially data destructive operations against a filter of dynamic risk assessment. A filter process recognizes the following conditions as highly indicative of increased risk factors: (1) recent creation of the security officer role, (2) changing of the system time or clock, and (3) disabling of system alerts. If all three of these events occur, the system recognizes this as indicative of a high probability of data attack. The runtime risk assessment process imposes a delay on the execution of each of these commands to provide time to alert the user and an opportunity to re-enter the commands at the end of the delay period. Thus, a potentially dangerous sequence of commands will not occur automatically or immediately, but will instead be delayed to provide an extra validation check or user action.

Abstract: One example method includes receiving clear text data at a storage system, generating, at the storage system, a clear text data encryption key, requesting a key management system to encrypt the clear text data encryption key with a master key to create an encrypted data encryption key, and the requesting is performed by the storage system, receiving, at the storage system, the encrypted data encryption key from the key management system, encrypting, at the storage system, the clear text data with the clear text data encryption key to create encrypted data, and storing, together, the encrypted data and the encrypted data encryption key.

Abstract: Described is a system (and method) for securely authorizing service level access to a backup system using an access key. The service level access (or access via a service account) may provide a user with an enhanced set of privileges to perform troubleshooting operations on the backup system. Such privileges may be unlocked by allowing a user to perform operations using an unrestricted interface of the backup system such as an operating system shell. To authorize such access, the system may provide a limited (or specialized) access key. The access key may be narrowly tailored to only provide access to a particular backup system and only remain viable for a limited duration. Accordingly, the access key may be configured to embed a system identifier, a timestamp, and a digital signature, which may be independently verifiable by the backup system before granting service level access.

Abstract: Described is a system for maintaining dual-party authentication requirements for data retention compliance in a distributed storage environment that includes servers or nodes with remote access components. When administering a data retention policy, an operating system component may require a dual-party authentication mechanism to prevent data deletion, while a different authentication mechanism may control access to the remote access components. Access to the remote access component by a single privileged user, however, may enable overriding or compromising the retention lock compliance implemented by the operating system. Accordingly, the system may tie the dual-party authentication requirement to the authentication mechanism of the remote access components.

Abstract: Embodiments for a system and method for secure authentication of backup clients in a way that eliminates the need to create users for backup client authentication anywhere in the backup ecosystem, and which eliminates the need for credentials, such as passwords that need protection, updating and synchronization. Such embodiments use a short-term token, such as a JSON web token, for both client and server authentication within the system, and verifies that the tokens grant access using the public key corresponding to the private key assigned to the directory objects by the creator of the directory objects.

Abstract: A subset of data encryption keys are stored in plain text form in system memory of an information handling system. A master key and another subset of the data encryption keys are stored in a credential vault of the information handling system. The credential vault forms part of an out-of-band management platform and is protected by an AES key. A request is received for a data encryption key to decrypt a unit of data backed up to backup storage of the information handling system, the unit of data having been encrypted by the data encryption key, and the data encryption key having been encrypted by the master key and stored at the backup storage as an encrypted data encryption key. One or more locations are checked for the data encryption key. The one or more locations include the system memory, credential vault, and backup storage.