[Webinar] Streamline your web hosting managementRegister Today


Data migration project

Posted on 2013-02-06
Medium Priority
Last Modified: 2013-11-22
I have been tasked with migrating data from one network into another. The former network has been riddled with successful attacks. The data must undergo a quarantine process but I am not sure what the best strategy might be.

As of right now an aresenal of antivirus software seems to be the best alternative along with OS independent transfer using a "dumb" box. I was wondering if someone has a suggestion to minimize the risk of transfering a potentially corrupted data into the new network.
Question by:paulycrackerhead
  • 2
  • 2

Expert Comment

ID: 38860089
how much data are we talking about?

if it's less than 2 Tb i'd suggest to copy it on an external drive and scan it with all sorts of live cds and malwarescanners / cloud scanners
connect it to a pc which is separated from the LAN/Intranet (but has access to the internet)


Author Comment

ID: 38864373
It should be no more than 5 tb's at most, if not less than 3Tb. We are making sure that the process is air gapped and the current solution is to run them through all sorts of malwares. What I am seeking is a specific strategic; a way to statistically eliminate any possibility of corrupted data passing by us (i.e. botnet, zero day threats). Is there any publication that you can refer me to that show the best theoretical way or an historical incident that has been quarantined successfully using a specific process.

Or am I being too paranoid and an arsenal of antivirus software is in fact the best option?

Accepted Solution

wshty earned 1500 total points
ID: 38867206

well if you want to absolutely make sure that no data is being passed by the scanner - delete all data and start over (this is the most effective process ever known ;-)

yes of course this is a joke and by no means any option for you.

i am no anti malware expert to say this at first but then again i'd be working for an AV company instead of posting here :-)

there is absolutely NO guaranteed success in this - even if you scan the data with 20+ anti malware scanners.
the malware could still reside on the drive and not be detected.
there is enough malware out there which is currently is not being detected by any scanner.
BUT it still is the best way to get rid of it short of starting over or recovering from backup (a recovery point where you can definitely say that data from this backup is not corrupted, which you may very well not know).

zero day threats which may have corrupted your data now are no zero day threats anymore so the possibility that AV companies release new AV patterns for this is very probable.

so, if you want to migrate the data i suppose that you set up a new server(or comparative) which is in a completely separated network for this.

in most cases that means the following:
copying all necessary data to an external drive (or sth.) separates it from the OS meaning that the data on the ext. drive is simply data which may contain harmful software but there is no OS that could be utilized by it.

if you then boot a standard pc (or server) with a live cd (see this link for a list of AV Live-CDs: http://www.livecdlist.com/purpose/windows-antivirus )
the potentially infected drive has no means to "jump" over to the new pc (autoplay, index, etc..).

if you want to keep your data you have either this option or recover your data from backup.

there is no real best practice for this kind of situation.
or at least i don't know of any.
it is either scan the hell out of that data or jeopardize the datas' integritiy
and when it comes to infected data you can never be too paranoid.
and being paranoid means that you do not trust the OS the data resides on unless it is a live cd :-)

speaking of paranoid: did you already check (CHECK!) the client pcs for malware, since they connect to the server?
a very essential piece to mind if you want to rid your network of malware


Author Comment

ID: 38867987
Thank you for the detailed suggestions. These are methodolgies that we have planned and in place already. The quarantine process will involve OS independent transfer using a dumb box and 3 servers are involved that are dedicated specifically just for the process. Everything is air gapped so no network will come in contact with each other at any point in time.

The major issue is how do we set up a new network and still allow the client access to their old data on their new drive when the data comes from an old network ridden with custom build malware hidden in pdf files and God knows what else. Its a mess, but I guess from the last two suggestions all we can do is put it through a random AV wash cycle, make it OS independent and dump it in the new network and hope for the best. thanks guys!

Featured Post

The new generation of project management tools

With monday.com’s project management tool, you can see what everyone on your team is working in a single glance. Its intuitive dashboards are customizable, so you can create systems that work for you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

An introduction to the wonderful sport of Scam Baiting.  Learn how to help fight scammers by beating them at their own game. This great pass time helps the world, while providing an endless source of entertainment. Enjoy!
A new hacking trick has emerged leveraging your own helpdesk or support ticketing tools as an easy way to distribute malware.
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Suggested Courses

640 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question