Storage Security

shiroi_kami writes "What does Information Security mean to you? To many, it means firewalls and encryption. To some, it means intrusion detection systems. Chances are the words "file servers" weren't high on your list, but they probably should be. After all, information security is about information, and when it's not flying across the network it's got to be stored somewhere, right? In fact, the security of the storage mechanism is often overlooked, which makes it an attractive target for attackers. In their new book, Storage Security, the authors take a comprehensive look at this often-ignored subject. Update: 03/26 05:44 GMT by T : Please note, this review was written by David Bianco under the handle shiroi_kami as an Amazon.com review, and also appears at InfosecBooks.com. Apologies to David for the misplaced and delayed attribution. Storage Security: Protecting, SANs, NAS and DAS author John Chirillo, Scott Blaul pages 408 publisher John Wiley & Sons rating 9.8 reviewer David Bianco ISBN 0764516884 summary A storage security handbook that examines strengths and weaknesses, describes architectural security concerns and considerations, and identifies ways to implement and design more secure storage systems.

Storage Security is not about turning on the right configuration options on your XYZ brand server appliance. It's about applying solid, methodical security practices to your storage systems, regardless of whether they are disks directly attached to a single computer, Network Attached Storage or part of a Storage Area Network. The authors address the full security cycle, too, starting with evaluating the security of proposed new storage solutions. Comparative data in hand, the book shows you how to narrow the field to a single solution that offers the best balance between functionality and security.

And once the system is selected, you can't stop there. You've got to decide on appropriate security policies for the new storage system, draft and implement a backup and restore plan, deal with disaster recovery and take care of a host of other issues. In short, this is a good guide to an entire range of considerations necessary to select, deploy and manage a secure storage solution.

The book's evaluation methodology is particularly valuable. Each type of storage (directly attached, NAS and SAN) is covered in a chapter of its own. Within each chapter, the authors address specific technologies used to implement that type of storage. For example, the direct-attach chapter discusses such common storage technologies as SCSI and IDE, moderately exotic systems like USB and Firewire drives, and some more advanced solutions like HiPPI and SSA. Each technology is then placed in a matrix and scored in 11 different categories, including popularity and industry acceptance, built-in data protection features, typical fault tolerance and physical security characteristics.

The authors assign each rating on a scale of 1 (poor) to 5 (the best). This gives a good general indication of how each technology measures up, but they tend to rely on a straight average of the ratings when determining the best technology. Although it's true that the average allows you to make a quick ballpark comparison, there are many other factors to consider as well, such as the suitability for your particular environment and the way in which your users need to access their data. The matrixes are quite useful, but just remember that you can't always boil things down to a simple numerical score.

Probably the biggest problem with this book is that it's pretty dry. As a reference book, the writing style is fine, since it's easy to find what you're looking for, and the chapters are concise. It's difficult to read from cover-to-cover, though, which is a shame because that's what you should probably do the first time through. Take it in small doses, a chapter or so at a time, and you should be fine.

Storage Security is about just what you'd think: the security of your data as it's being stored on your server(s). It's not a detailed look at the configuration of any one product, but rather a comprehensive, theory-based approach to managing the security of your storage subsystem from evaluation to purchase to daily operations. If you manage a small or mid-size network, you may or may not need this book. If you have a larger network, though, or have significant data-storage needs, this deserves a space on your shelf.

You can purchase Storage Security: Protecting, SANs, NAS and DAS from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Encrypted File System

This is something I've wondered about, and this reminded me.

Is there any operating system that supports encrypting the storage at the file system level. In other words, is there any operating system where I can specify that I want a particular path encrypted, and then copy files over, edit files, etc without worrying about having to decrypt, recrypt manually all the time?

Even a weak encryption would satisfy me.

Re:Encrypted File System

[olip]

Encrypted HD can't be safe, can it ?
Fo example, if it's a PKI, the private key has to be somewhere in the computer (BIOS, HD, ROM, etc.) for the OS to be able to decrypt. So it is very vulnerable.
The computer is a deterministic system, it fully contains all the information needed for automated processing ; usually security is ensured by the externalization of some part of data (password, private key, fingerprint) considered as needed for some processing.
I mean, you wont type your password everytime your OS reads from the HD ;-)
BTW NTFS is a first step in the direction you suggest.

Re:Encrypted File System

[Beetjebrak]

Would a smartcard system not solve this problem? Smartcard reading will bring some overhead, but it needn't be done every time a file is accessed, just once during the user session. Store the key in RAM and make sure that particular bit of RAM never gets swapped to disk. That way the key remains outside the computer, and gets permanently erased when the user logs out or the screensaver kicks in. The user only gets their desktop back from the screensaver after they plug their smartcard back in and enter their password. Combined with S/Key passwords this could be pretty secure... though I'm no expert, so comments more than welcome!

Re:Encrypted File System

[Sloppy]

The loopback device approach just encrypts at a device level, rather than the filesystem level. While that is cool, it isn't quite what the original poster was asking about. While it's good for your personal porn collection on your (effectively) single-user PC, it's not very useful in a multiuser situation, where you don't want everything on the filesystem to have the same key.

It would be nice to have actual filesystems (not just devices) that have crypto really designed into them.

physical securty has been around for a long time

This is nothing new. Administrators and other have known for a long thime that no machine is secure if someone has access to the physical machine. If someone can open your box up, reboot it, attach new devices to its private subnet, etc. then it is not secure.

Why anyone thinks this should be different for storage systems is beyond me. If someone can break in and steal your data, or attach new devices to the data transfer channel, or whatever, then your data isn't secure. That the authors think this comes as a revelation to anyone means either they are really stupid or they think administrators are really stupid.

Get your machines installed in a location with good physical security. That's really all there is to it.

Why?

[netwiz]

Why is this something you'd need a book for? It comes down to the basics.

One, never allow physical access to what you're trying to secure.

Two, _never_ allow physical access to what you're trying to secure.

Three and so on: log all security events, break users into groups for simplification of manageability, set permissions properly, protect network shares and device access, and be aware of the content that's being secured (what it is, how it's used, etc.)

Beyond that, there's not much else to consider. However, from the review it looks like they go beyond security issues to stuff like, "what hardware is best for my particular application." Sure, it's a big consideration. For example, you wouldn't want a two million row database running off a Network Appliance over NFS across switched fast ethernet, but there's enough free information out there that making decisions like that should be trivial. Furthermore, if you're doing system specifications w/o knowing about the technologies you have to choose from, I sure hope you're not an employee of the place for which you're building a system, because they're not going to like you very much when it dies on a regular basis.

Not having actually read the book, I may be way off base, but from the title and the review above, I don't see how it would be all that helpful except maybe as a primer to a junior-level engineer.

What about temp files?

[burgburgburg]

Even if your final documents are stored under the encrypted path, you have to worry about temp files that might have been created that are "stored" elsewhere.

MS products, in particular, like to create a large number of temp files and there is no way of configuring where they are kept. I'm not sure if OSS alternatives have this configuration ability.

And of course, you also have to worry about elements of documents in memory (which can be recovered).

Re:Encrypted Tape Backup Vendor

[Qzukk]

Obviously you need to manage this very well to avoid being SOL during an actual recovery situation.

Not only is the key needed, the original drive is needed too according to the interex article. Not good for recovering from offsite backups after the place (and the original drive) burns down.

Similar book

[neoThoth]

I know the author of a similar book that hasn't quite finished up yet. He was concentrating on the SAN's aspect of it since NAS security is pretty much the same FAQ as 'how to setup a file server'.

Secure SANs was slated to come out last year but hasn't ever been more then a link on Amazon. It dealt with the ugliness of iSCSI and how the 'air gap' security that protected this data for so long is now gone and storage administrators are struggling to learn how the real world works.

Not to bash storage admins but they've relegated most of their 'security efforts' to LUN masking and other such techniques. Now that SCSI drive commands are traversing networks huge security vulnerabilities are opened up. I read an advanced chapter of the Secure SAN title and the best part was an executive from a prominent NAS company stating that he wasn't worried about the security of the products since "only a handful of ppl in the world could have this conversation".

Check out the recent efforts at Storage Networking Industry Association who have come as close to working miracles as I've personally seen. They have managed to create some various technial frameworks and security processes that make vendors work together.

One interesting note about the book featured here is that it also deals with NAS and DAS. NAS and SANS have been fighting it out as IDE and SCSI have. One is cheap and easy the other pricey and very difficult. DAS on the other hand is a joke to me. The ability for one computer to change bits in another's memory DIRECTLY does not sound like a good idea. Hackers have worked for decades to write shell code that allows the ability to change bits in memory and now the storage industry has created a way to get directly in there bypassing all OS security.... yea great idea