Slashdot Mirror
Storage Security
Storage Security is not about turning on the right configuration options on your XYZ brand server appliance. It's about applying solid, methodical security practices to your storage systems, regardless of whether they are disks directly attached to a single computer, Network Attached Storage or part of a Storage Area Network. The authors address the full security cycle, too, starting with evaluating the security of proposed new storage solutions. Comparative data in hand, the book shows you how to narrow the field to a single solution that offers the best balance between functionality and security.
And once the system is selected, you can't stop there. You've got to decide on appropriate security policies for the new storage system, draft and implement a backup and restore plan, deal with disaster recovery and take care of a host of other issues. In short, this is a good guide to an entire range of considerations necessary to select, deploy and manage a secure storage solution.
The book's evaluation methodology is particularly valuable. Each type of storage (directly attached, NAS and SAN) is covered in a chapter of its own. Within each chapter, the authors address specific technologies used to implement that type of storage. For example, the direct-attach chapter discusses such common storage technologies as SCSI and IDE, moderately exotic systems like USB and Firewire drives, and some more advanced solutions like HiPPI and SSA. Each technology is then placed in a matrix and scored in 11 different categories, including popularity and industry acceptance, built-in data protection features, typical fault tolerance and physical security characteristics.
The authors assign each rating on a scale of 1 (poor) to 5 (the best). This gives a good general indication of how each technology measures up, but they tend to rely on a straight average of the ratings when determining the best technology. Although it's true that the average allows you to make a quick ballpark comparison, there are many other factors to consider as well, such as the suitability for your particular environment and the way in which your users need to access their data. The matrixes are quite useful, but just remember that you can't always boil things down to a simple numerical score.
Probably the biggest problem with this book is that it's pretty dry. As a reference book, the writing style is fine, since it's easy to find what you're looking for, and the chapters are concise. It's difficult to read from cover-to-cover, though, which is a shame because that's what you should probably do the first time through. Take it in small doses, a chapter or so at a time, and you should be fine.
Storage Security is about just what you'd think: the security of your data as it's being stored on your server(s). It's not a detailed look at the configuration of any one product, but rather a comprehensive, theory-based approach to managing the security of your storage subsystem from evaluation to purchase to daily operations. If you manage a small or mid-size network, you may or may not need this book. If you have a larger network, though, or have significant data-storage needs, this deserves a space on your shelf.
You can purchase Storage Security: Protecting, SANs, NAS and DAS from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.
Duct tape your storage devices.
Protect Freedom!
Buy Tom Ridge Brand Duct Tape, it's minty fresh!
This is something I've wondered about, and this reminded me.
Is there any operating system that supports encrypting the storage at the file system level. In other words, is there any operating system where I can specify that I want a particular path encrypted, and then copy files over, edit files, etc without worrying about having to decrypt, recrypt manually all the time?
Even a weak encryption would satisfy me.
This is nothing new. Administrators and other have known for a long thime that no machine is secure if someone has access to the physical machine. If someone can open your box up, reboot it, attach new devices to its private subnet, etc. then it is not secure.
Why anyone thinks this should be different for storage systems is beyond me. If someone can break in and steal your data, or attach new devices to the data transfer channel, or whatever, then your data isn't secure. That the authors think this comes as a revelation to anyone means either they are really stupid or they think administrators are really stupid.
Get your machines installed in a location with good physical security. That's really all there is to it.
"Security is a process, not a product"
Why is this something you'd need a book for? It comes down to the basics.
One, never allow physical access to what you're trying to secure.
Two, _never_ allow physical access to what you're trying to secure.
Three and so on: log all security events, break users into groups for simplification of manageability, set permissions properly, protect network shares and device access, and be aware of the content that's being secured (what it is, how it's used, etc.)
Beyond that, there's not much else to consider. However, from the review it looks like they go beyond security issues to stuff like, "what hardware is best for my particular application." Sure, it's a big consideration. For example, you wouldn't want a two million row database running off a Network Appliance over NFS across switched fast ethernet, but there's enough free information out there that making decisions like that should be trivial. Furthermore, if you're doing system specifications w/o knowing about the technologies you have to choose from, I sure hope you're not an employee of the place for which you're building a system, because they're not going to like you very much when it dies on a regular basis.
Not having actually read the book, I may be way off base, but from the title and the review above, I don't see how it would be all that helpful except maybe as a primer to a junior-level engineer.
IEEE is working on a standard (IEEE P1619) which will allow encryption to shared media (SANs I guess). They've set up a working group.
They're looking at (from the website):
Something to look at in the future. Hopefully it'll be more secure than WEP. :)
I know that the term security here is refering to keeping thinigs secret, but I've often wondered what is the best medium for stable storage of data. Right now I've got a large external firewire hd that I backup everything to. However, I'm really paranoid about keeping the drive level, keeping it away from monitors an all other sorts of magnetic devices. I wonder if I'm being too paranoid?
Anyway, the question I ask is what is a good place to backup data to (besides tape). I know if my firewire were to die I'd probably wanna die too. I've got gigs of my own music on there, and that stuff is not replacable. How paranoid about magnets etc. should I be?
Go here for teh [sic] funny.
MS products, in particular, like to create a large number of temp files and there is no way of configuring where they are kept. I'm not sure if OSS alternatives have this configuration ability.
And of course, you also have to worry about elements of documents in memory (which can be recovered).
perhaps not on the hard drive but on a cd, floppy, network/internet. it can be off of the hard drive in case you lose all your warez...uh...i mean back ups in some police raid or something...
if you used a cd you could take it with you (the back up copy of course, scratch your key up and you might lose everything).
if you used the net, and got your key from another place online (secure place if there is such a thing), perhaps you'd have a big enough key that it'd take a REALLY long time for a supercomp to crack. now a days, i can dl a file that's 1.44mb within seconds on my cable internet (shaw in van bc).
not sure how the key could be protected from people copying it along the way. perhaps even more encryption for your net connection.
alot of trouble but if yer a business or someone who has alot to lose, it might be worth investing in security.
i recently lost 30gb of music and movies, the bad side is i lost alot. the good side is it made room for more (was at 50mb left...lol)
blue tiger
I've had this similar thinking before, because the information in and of itself is not important, from a technical perspective, it's the mechanism to access that needs to be secure. Hence, a SAN with a fibre-channel fabric would seem secure (a client needs an HBA card), but hook it up to a MS File server, SQL Server, or Oracle, and suddenly all the same exploits apply.
;)
I would suggest it's not the type of nails used, it's the design of the front door. I could be wrong.
Peace, Out!
~Airrage
"This isn't a study in computer science, its a study in human behavior"
Some machines are more secure then others. With Suns you can lock the PROM (== BIOS) so that even to boot you need to enter a password. You basically need to open up the box, pull the EEPROM chip, and put in another before you can even think about booting.
Alot harder then simply press DEL on bootup, wouldn't you say? :)
Try doing that with a regular PC BIOS. (I think Apple also uses OpenFirmware (IEEE 1275 as well.)
In fact, today there was a high profile F-Up by someone in my department; they wanted to be in charge of upgrading our mainframe, even tho they have no experience whatsoever working on such equipment, and know nothing about Unix. Thousands of dollars an many consultant hours later they got it 'Live', and now it routinely drops printer support, and was down for three hours this morning.
Funny, somewhere they forgot that the information on that machine was very important, and that hundreds of users need that machine to function so they can work. Oh well.
Manipulate the moderator system! Mod someone as "overrated" today.
Erm, several PC BIOSes support passwords on boot etc., likewise necessitating opening the machine up (to discharge the battery or whatnot)..
One particular memo was about the servicing of the water coolers, and went out to the whole company. When I strings'ed the memo, though, at the top was a draft of an employee's termination letter! Oops. Apparently, this was the undo buffer for Word -- the writer of the memo had just written the termination letter, printed it, deleted it from the document, and wrote the water cooler memo in the same instance of word. However, if opened this doc in Word, I couldn't access the hidden info, no matter what I tried.
Since then, I've always wondered how much other sensitive information has snuck out, via MS Word.
Yes, and there are programs that either crack or read the password (doing a quick Google):
If you don't the PROM password for a Sun the only thing you can do is can a new EEPROM chip -- you can't access the password in anyway. There is no ``discharging'' the battery (though I think some PC BIOSes now do this). Of course you can simply do a BIOS-update to get rid of all the values....
Keys are stored in smart cards. Reading backup tapes requires a Cyberntics drive and the correct key. Obviously you need to manage this very well to avoid being SOL during an actual recovery situation.
Of course, consider how vulnerable your backup media really is. I don't need to hack your network, just show up in an Iron Mountain uniform with forged ID maybe 30 minutes before the real Iron Mountain guy shows up. I then drive off with ALL you data.
If your children ever found out how lame you are, they'd murder you in your sleep
The next problem to securing data on EFS is Window's use of a recovery agent.
By default, the Administrator is recognized as the recovery agent so in an environment without a properly configured domain, it is very possible that someone can take ownership of your EFS files/folders and decrypt them.
Windows does encode a unique marker onto each drive to identify it's affiliation with a certain domain or Admin, but if someone has physical access to the drive it's also quite easy for the Admin on another system to take ownership of the physical disk.
If I want the data on a machine, I don't care about booting. One could just remove the hard drive.
>a. Never forget that what happened on September
>the 11th of 2001 was an act of war.
I have a really hard time seeing it as anything but an extremely destructive act of mayhem.
If it suits your agenda to call it an act of war, so be it.
I used to work for a Fortune 500 company as a Unix sys admin. One of my projects was to assist in bringing a new Oracle financials system on line. The data on this system was so sensitive that only the executive board was given access, and then only via SecurID cards from specific locations during specific time windows.
Nightly backup tapes were queued in a fireproof walk-in vault before going offsite at the end of each day. I happened to be strolling by the vault one day and noticed the backup tapes sitting there on a shelf in the vault, right next to the open vault door. I did some checking and found out that the vault was left open during business hours so that the operations folks had easy access to backup media. The vault was in a different department than I/S, on a main hallway, right near the front door of the building. Obviously, I mentioned this to the Operations Manager. The new policy limited access to only a couple of operations supervisors, and instituted a media checkout policy (nothing a little social engineering couldn't thwart, but far better than the previous situation).
So what's the moral of the story? Make sure your security policy deals with backup media. Don't just assume that your operations department (or the offsite storage provider) is securely managing your media.
I've taken the pessimistic stance that most of them are... otherwise I wouldn't be regularly bombarded by worm attacks. That and this overwhelming feeling that my universities networking department is run by monkeys...
I know the author of a similar book that hasn't quite finished up yet. He was concentrating on the SAN's aspect of it since NAS security is pretty much the same FAQ as 'how to setup a file server'.
Secure SANs was slated to come out last year but hasn't ever been more then a link on Amazon. It dealt with the ugliness of iSCSI and how the 'air gap' security that protected this data for so long is now gone and storage administrators are struggling to learn how the real world works.
Not to bash storage admins but they've relegated most of their 'security efforts' to LUN masking and other such techniques. Now that SCSI drive commands are traversing networks huge security vulnerabilities are opened up. I read an advanced chapter of the Secure SAN title and the best part was an executive from a prominent NAS company stating that he wasn't worried about the security of the products since "only a handful of ppl in the world could have this conversation".
Check out the recent efforts at Storage Networking Industry Association who have come as close to working miracles as I've personally seen. They have managed to create some various technial frameworks and security processes that make vendors work together.
One interesting note about the book featured here is that it also deals with NAS and DAS. NAS and SANS have been fighting it out as IDE and SCSI have. One is cheap and easy the other pricey and very difficult. DAS on the other hand is a joke to me. The ability for one computer to change bits in another's memory DIRECTLY does not sound like a good idea. Hackers have worked for decades to write shell code that allows the ability to change bits in memory and now the storage industry has created a way to get directly in there bypassing all OS security.... yea great idea
http://linux01.gwdg.de/~alatham/ppdd.html
/.'s mandatory 20 second reply delay is gay. Now I will write stupid shit here so I can submit this comment. Blahblahblah. Windoze sucks.
PS.
www.decru.com ofers both.
I'm sure others have said this already, but there's more to security than physical location. You're only as secure as your weakest link. If any unauthorized people can gain physical access to the system you KNOW its insecure. If it uses any unencrypted network protocols it is possibly insecure, depending on what data is transmitted over them, like NFS and possibly SMB, telnet, ftp, etc. Its unlikely that, on a switched network, an attacker could gather much valuable data, but there's always the possibility.
Security is almost a state of mind. If anyone in your company isn't thinking securely and isn't trained to think this way you may be insecure. In short EVERY corporation I've worked for is entirely insecure and could easily be hacked by a professional like myself. Its a good thing I choose to work for the high paying tech industry instead of the high paying black market.
And if you think things are insecure now just wait a couple years as our modern technology pours out into the hands of those black hat script kiddies. A 400Mhz PDA sitting outside your building could be logging and forwarding all wireless communications anywhere and to anyone and nobody would ever know it. That same PDA could easily be walked into a building and connected to a live net drop for an hour at lunch someday, again snooping for useful data. Its only a matter of time before they find something and gain access. Then you're hacked. Its almost that easy, for them.
50% Offtopic
50% Overrated
Viz
Keep your packets off my GNU/Girlfriend!
Some years ago I hacked up GNU tar to encrypt the tar file as it wrote it. It used the Blowfish algorithm with a key derived from a user-supplied passphrase. It was fast enough to keep my 500 kbyte/sec DDS-2 tape drive streaming when running on the 33 mhz 80486 that I had back then. If there's interest I may dig out the source and put it on my web site. These days though, it's probably simpler to use an external encryption program, since the performance penalty from the external program is more than made up by today's much faster cpu's (tape drives haven't gotten faster by nearly as much).
You'd know the format of the file.
Imagine you had mypic.jpg encrypted. Well, if the attacker knows it's a JPEG file, he can guess at the first few bytes and struture of the file, reverse engineer the algorithm and key and have access to ALL your files...
Rename your file 0x7si69fa876fdes987 and it makes it harder. Pad and compress your files, too.
OK, now how do you manage all these cryptic file names? Do you encrypt that reference list/file? What if that file is comprimised?
After all that effort, you're better off with an encrypted file system. IMHO.
If you have your network attached through a hub and someone roots one of your hosts attached to the hub, they can sniff out any clear text passwords that go by -- like for sql servers, imap servers, maybe even logins if you have rsh or telnet. Everyone knows that...
but if you have a switch instead of the hub, you can still sniff all the traffic through the switch on many types of switch by using a technique called "arp poisoning". Basically, you flood the switch with a bizillion arp messages so that it no longer knows which mac addressses are on which of its switch ports. If it's going to pass traffic, it has to basically turn into a hub by repeating all the traffic on all the ports until the arp cache times out again.
while the arp cache is poisoned, the switch will show you all the clear text just the same as a hub.
moral of the story -- a switch isn't a security device really. It's better than a hub for performance and to a degree for security, but it's not as good as physically seperated subnets.
now... if you have a big switch divided up with vlans, and you poison the arp cache, does it start sending data for all the vlans out all the ports? I don't know. I would doubt that since it would be a huge security problem.
this is what i use for windoze:
http://www.drivecrypt.com/dcplus.html
encrypts bootsector also. very cool app.
fed computer cops (read: weasles) will check your hidden cache files if you only encrypt a folder/partition (like your print cache when you printed that supposedly secure file, it's saved in plain text in non encrypted portions of your filesystem/os), they can also run brute dictionary attacks on your password/phrase within the operating system if you do not fully encrypt your OS/Filesystem & boot sector.
If you don't want to spend $150 and just encrypt your pr0n partion, then I'd check out some secret cache/.dat file cleaning utilities, though who knows if this'll do the full trick.
PS, DCPP works on win2k also bud, not just XP
I also read Storage Security and found it to be quite thought provoking. I think there could have been more scenarios and modeling, but all in all, it gave me several ideas and confirmation that the building blocks I've started will help make and ensure my SAN environment is more secure. There were many topics covered that really got me thinking. I'd recommend it. Techierat
What can I say, I'm a moderation whore.
1f u c4n r34d th1s u r34lly n33d t0 g37 l41d
Considering that you saw the innocuous word "flute" and the image that sprang into your mind was apparently a penis, you would seem to be the one with some repressed issues.
My suggestion: come out publicly and lay off the simmering passive aggression.
Check out OmniSecure. It encrypts the files themselves, independently of the FS. Temp files can be auto-encrypted; SMB traffic is encrypted; files are decrypted locally, and only as needed (unlike NT encryption, which has the whole file in cleartext while it is open). Strong and weak encryption, pluggable encryption modules, and even auto-delegation of keys to applications like Apache.
I'm ordering this book. It often surprises me that there isn't a *lot* more attention paid to protecting data at its source: the files on disk. Sure the mechanisms are there, but philosophy of use often seems vague.
Sure, sure, everyone knows the deal about keeping your data physically secure. Keeping up with patches to stay ahead of whatever buffer overflow was discovered yesterday, protecting your username/password stores, building strong perimeter protection (firewalls), and various log-reading or network-sniffing techniques (IDS) for detecting attacks in progress.
But it seems to me there just isn't enough attention paid to the various strategies available for protecting the files at filesystem level. This seems to me, where the action is really at, and on far too many networks, a small subset of data has structured access controls, while the larger majority of data is either wide open or a free-for-all mishmash of whatever someone thought at the time - no overall strategy for data valuation & protection, sunsetting, etc. Little thought is given to tamper protection, evidence chains, etc.
I'm hoping this book will bring a few file permission/encryption/management strategies to light.