Slashdot Mirror

← Back to Stories (view on slashdot.org)

Storage Security

Posted by timothy on from the place-for-your-stuff dept.

shiroi_kami writes "What does Information Security mean to you? To many, it means firewalls and encryption. To some, it means intrusion detection systems. Chances are the words "file servers" weren't high on your list, but they probably should be. After all, information security is about information, and when it's not flying across the network it's got to be stored somewhere, right? In fact, the security of the storage mechanism is often overlooked, which makes it an attractive target for attackers. In their new book, Storage Security, the authors take a comprehensive look at this often-ignored subject. Update: 03/26 05:44 GMT by T : Please note, this review was written by David Bianco under the handle shiroi_kami as an Amazon.com review, and also appears at InfosecBooks.com. Apologies to David for the misplaced and delayed attribution. Storage Security: Protecting, SANs, NAS and DAS author John Chirillo, Scott Blaul pages 408 publisher John Wiley & Sons rating 9.8 reviewer David Bianco ISBN 0764516884 summary A storage security handbook that examines strengths and weaknesses, describes architectural security concerns and considerations, and identifies ways to implement and design more secure storage systems.

Storage Security is not about turning on the right configuration options on your XYZ brand server appliance. It's about applying solid, methodical security practices to your storage systems, regardless of whether they are disks directly attached to a single computer, Network Attached Storage or part of a Storage Area Network. The authors address the full security cycle, too, starting with evaluating the security of proposed new storage solutions. Comparative data in hand, the book shows you how to narrow the field to a single solution that offers the best balance between functionality and security.

And once the system is selected, you can't stop there. You've got to decide on appropriate security policies for the new storage system, draft and implement a backup and restore plan, deal with disaster recovery and take care of a host of other issues. In short, this is a good guide to an entire range of considerations necessary to select, deploy and manage a secure storage solution.

The book's evaluation methodology is particularly valuable. Each type of storage (directly attached, NAS and SAN) is covered in a chapter of its own. Within each chapter, the authors address specific technologies used to implement that type of storage. For example, the direct-attach chapter discusses such common storage technologies as SCSI and IDE, moderately exotic systems like USB and Firewire drives, and some more advanced solutions like HiPPI and SSA. Each technology is then placed in a matrix and scored in 11 different categories, including popularity and industry acceptance, built-in data protection features, typical fault tolerance and physical security characteristics.

The authors assign each rating on a scale of 1 (poor) to 5 (the best). This gives a good general indication of how each technology measures up, but they tend to rely on a straight average of the ratings when determining the best technology. Although it's true that the average allows you to make a quick ballpark comparison, there are many other factors to consider as well, such as the suitability for your particular environment and the way in which your users need to access their data. The matrixes are quite useful, but just remember that you can't always boil things down to a simple numerical score.

Probably the biggest problem with this book is that it's pretty dry. As a reference book, the writing style is fine, since it's easy to find what you're looking for, and the chapters are concise. It's difficult to read from cover-to-cover, though, which is a shame because that's what you should probably do the first time through. Take it in small doses, a chapter or so at a time, and you should be fine.

Storage Security is about just what you'd think: the security of your data as it's being stored on your server(s). It's not a detailed look at the configuration of any one product, but rather a comprehensive, theory-based approach to managing the security of your storage subsystem from evaluation to purchase to daily operations. If you manage a small or mid-size network, you may or may not need this book. If you have a larger network, though, or have significant data-storage needs, this deserves a space on your shelf.

You can purchase Storage Security: Protecting, SANs, NAS and DAS from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

31 of 125 comments (clear)

  1. Duct Tape by Anonymous Coward · · Score: 3, Funny

    Duct tape your storage devices.

    Protect Freedom!
    Buy Tom Ridge Brand Duct Tape, it's minty fresh!

  2. Encrypted File System by Anonymous Coward · · Score: 5, Insightful

    This is something I've wondered about, and this reminded me.

    Is there any operating system that supports encrypting the storage at the file system level. In other words, is there any operating system where I can specify that I want a particular path encrypted, and then copy files over, edit files, etc without worrying about having to decrypt, recrypt manually all the time?

    Even a weak encryption would satisfy me.

    1. Re:Encrypted File System by mericet · · Score: 4, Informative

      There are a few product to do just that, such as bestcrypt .

      --
      http://www.gnu.org/philosophy/words-to-avoid.html
    2. Re:Encrypted File System by nakhla · · Score: 5, Informative

      Yes, Windows 2000/XP Professional and Windows Server 2003 all support this feature. Encryption/decryption is done transparently so there is no additional user intervention required.

      Also, with PGP you can create PGP disks that are essentially files that are loopback-mounted as an encrypted drive. Any files you copy to this virtual drive are automatically encrypted with your PGP keys.

    3. Re:Encrypted File System by olip · · Score: 5, Insightful

      Encrypted HD can't be safe, can it ?
      Fo example, if it's a PKI, the private key has to be somewhere in the computer (BIOS, HD, ROM, etc.) for the OS to be able to decrypt. So it is very vulnerable.
      The computer is a deterministic system, it fully contains all the information needed for automated processing ; usually security is ensured by the externalization of some part of data (password, private key, fingerprint) considered as needed for some processing.
      I mean, you wont type your password everytime your OS reads from the HD ;-)
      BTW NTFS is a first step in the direction you suggest.

    4. Re:Encrypted File System by Salamander · · Score: 2, Interesting

      Yes, it's a common feature on Windows 2000 on, Linux, etc. Google can help.

      --
      Slashdot - News for Herds. Stuff that Splatters.
    5. Re:Encrypted File System by paulhar · · Score: 5, Informative

      Unfortunately the words "weak encryption" can definately be attributed to Windows EFS encryption.

      Every time you open the file it's decrypted in place, so while the file is "open" it's in an unencrypted state.

      A few scenarios to consider:

      A) Application A always running. While the application is running, the data file in unencrypted on disk so anyone with the appropriate permissions can read it. Exchange is a good example of this - how often do you shut it off?

      B) What happens when you have a powercut. If the file was unencrypted guess what state it'll stay in until you manually poke it?

      C) If it's data like word documents then this is the chain of events: open encrypted file, (it decrypts in the background), you change the file, you save it, windows creates a NEW file and writes the changes to it, office deletes the old file, office renames the NEW file to the name of the old file, windows encrypts the changed file, and office etc rename the encrypted version back to the original filename. But the blocks for the decrypted one are on disk for anyone with the appropriate undelete tools to use.

      Still, better than nothing?

    6. Re:Encrypted File System by wfberg · · Score: 4, Informative

      AFAIK linux doesn't have an encrypted FS, nor have I heard about anything under development. If any FS hackers are reading this, this would be a handy project if you're looking for something to do.


      --
      SCO employee? Check out the bounty
    7. Re:Encrypted File System by stilwebm · · Score: 5, Informative

      There are patches for the Linux Kernel that use loopback devices and the international patches (CryptoAPI) to encrypt filesystems transparently. They also require CryptoAPI enabled losetup, mount, and umount binaries. Linux Encrypted File System Howto

      A similar arrangement is available to OpenBSD. OpenBSD Encrypted Virtual Filesystem Mini-HOWTO

    8. Re:Encrypted File System by giminy · · Score: 4, Informative

      MacOS supports it too. You can create AES encrypted disk images and mount them. And of course so does linux (and I'd guess *bsd). You can make a file and mount it encrypted through the loopback device.

      --
      The Right Reverend K. Reid Wightman,
    9. Re:Encrypted File System by Anonymous Coward · · Score: 2, Interesting

      FreeBSD has a new system in the 5.x series. It's called GBDE (Geom Based Disk Encryption).

      Basically you ``open'' a partition that's encrypted and you can do any operation you want and only ciphertext will hit the disk. You can then ``close'' the partition and no one should be able to read it.

      You can have upto four different pass-phrases so four different people can access the data independently. Each of the four people can also self-destruct access to the data in case of ``attack'' (``blackening'').

      The man(1) page list above has a good description.

    10. Re:Encrypted File System by Beetjebrak · · Score: 4, Insightful

      Would a smartcard system not solve this problem? Smartcard reading will bring some overhead, but it needn't be done every time a file is accessed, just once during the user session. Store the key in RAM and make sure that particular bit of RAM never gets swapped to disk. That way the key remains outside the computer, and gets permanently erased when the user logs out or the screensaver kicks in. The user only gets their desktop back from the screensaver after they plug their smartcard back in and enter their password. Combined with S/Key passwords this could be pretty secure... though I'm no expert, so comments more than welcome!

      --
      Learn from the mistakes of others. There isn't enough time to make them all yourself.
    11. Re:Encrypted File System by rleyton · · Score: 4, Informative
      Here's how it's done.

      Very handy indeed.

      --
      ooooooh! What does this button do? - DeeDee, Dexters Lab.
    12. Re:Encrypted File System by Sloppy · · Score: 3, Insightful
      The loopback device approach just encrypts at a device level, rather than the filesystem level. While that is cool, it isn't quite what the original poster was asking about. While it's good for your personal porn collection on your (effectively) single-user PC, it's not very useful in a multiuser situation, where you don't want everything on the filesystem to have the same key.

      It would be nice to have actual filesystems (not just devices) that have crypto really designed into them.

      --
      As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
  3. physical securty has been around for a long time by Anonymous Coward · · Score: 5, Insightful

    This is nothing new. Administrators and other have known for a long thime that no machine is secure if someone has access to the physical machine. If someone can open your box up, reboot it, attach new devices to its private subnet, etc. then it is not secure.

    Why anyone thinks this should be different for storage systems is beyond me. If someone can break in and steal your data, or attach new devices to the data transfer channel, or whatever, then your data isn't secure. That the authors think this comes as a revelation to anyone means either they are really stupid or they think administrators are really stupid.

    Get your machines installed in a location with good physical security. That's really all there is to it.

  4. Blah by Anonymous Coward · · Score: 2, Redundant

    "Security is a process, not a product"

  5. Why? by netwiz · · Score: 4, Insightful

    Why is this something you'd need a book for? It comes down to the basics.

    One, never allow physical access to what you're trying to secure.

    Two, _never_ allow physical access to what you're trying to secure.

    Three and so on: log all security events, break users into groups for simplification of manageability, set permissions properly, protect network shares and device access, and be aware of the content that's being secured (what it is, how it's used, etc.)

    Beyond that, there's not much else to consider. However, from the review it looks like they go beyond security issues to stuff like, "what hardware is best for my particular application." Sure, it's a big consideration. For example, you wouldn't want a two million row database running off a Network Appliance over NFS across switched fast ethernet, but there's enough free information out there that making decisions like that should be trivial. Furthermore, if you're doing system specifications w/o knowing about the technologies you have to choose from, I sure hope you're not an employee of the place for which you're building a system, because they're not going to like you very much when it dies on a regular basis.

    Not having actually read the book, I may be way off base, but from the title and the review above, I don't see how it would be all that helpful except maybe as a primer to a junior-level engineer.

    1. Re:Why? by AftanGustur · · Score: 3, Funny


      Why is this something you'd need a book for? It comes down to the basics.

      One, never allow physical access to what you're trying to secure.
      Two, _never_ allow physical access to what you're trying to secure.

      And then, one day, you come to work and realise that you :

      Three: Your IP center burned last night.
      Four: Your IP center burned last night.

      Five: Your backups were in the center.
      Six: Your backups were in the center.

      --
      echo '[q]sa[ln0=aln80~Psnlbx]16isb572CCB9AE9DB03273snlbxq' |dc
    2. Re:Why? by Hanashi · · Score: 4, Informative
      [Disclaimer: I wrote the review in question.]

      Actually, there's a lot more to security than just keeping your data secret. Information Security practice is based on three pillars: Confidentiality, Integrity and Availability (AKA "CIA", which sounds like an oxymoron, doesn't it?). There's a lot more to it than just keeping people away from the physical storage medium.

      Maybe I should have made this more clear, but the nicest thing about this book is that they cover *all* the security bases, not just the ones most people think of. They show how to evaluate technologies or specific solutions on the "I" and the "A" as well. That's why I think this book is so useful. It points out areas of security that many people often overlook.

      --
      Check out my eclectic infosec blog at InfoSecPotpou
  6. IEEE SAN security standard by Anonymous Coward · · Score: 5, Informative

    IEEE is working on a standard (IEEE P1619) which will allow encryption to shared media (SANs I guess). They've set up a working group.

    They're looking at (from the website):

    • Cryptographic algorithms for storage
    • Cryptanalysis of existing and proposed systems and protocols
    • Key management for storage
    • Attacks on storage area networks and storage systems and countermeasures
    • Standardization approaches
    • Deployment of secure storage mechanisms
    • Defining and defending trust boundaries in storage
    • Relating storage security to system and network security.

    Something to look at in the future. Hopefully it'll be more secure than WEP. :)

  7. What about temp files? by burgburgburg · · Score: 4, Insightful
    Even if your final documents are stored under the encrypted path, you have to worry about temp files that might have been created that are "stored" elsewhere.

    MS products, in particular, like to create a large number of temp files and there is no way of configuring where they are kept. I'm not sure if OSS alternatives have this configuration ability.

    And of course, you also have to worry about elements of documents in memory (which can be recovered).

    1. Re:What about temp files? by homer_ca · · Score: 3, Informative

      LoopAES for Linux can encrypt your swap partition and your root partition (all it needs a small unencrypted /boot partition). Unfortunately, there is a big overhead in CPU usage. I tried CryptoAPI for the 2.2 kernels, and on my K6-2 400 Mhz file server it dropped transfer rate to 1.2MB/s. Assuming linear CPU scaling, you'd need about a 2 Ghz just to keep up with 100Mb fast ethernet.

    2. Re:What about temp files? by GGardner · · Score: 3, Interesting

      Don't forget about swap or paging space, either.

  8. There's always a front-door by airrage · · Score: 4, Interesting

    I've had this similar thinking before, because the information in and of itself is not important, from a technical perspective, it's the mechanism to access that needs to be secure. Hence, a SAN with a fibre-channel fabric would seem secure (a client needs an HBA card), but hook it up to a MS File server, SQL Server, or Oracle, and suddenly all the same exploits apply.

    I would suggest it's not the type of nails used, it's the design of the front door. I could be wrong.

    Peace, Out!

    ~Airrage ;)

    --
    "This isn't a study in computer science, its a study in human behavior"
  9. Re:Slightly off topic but... by razvedchik · · Score: 2, Interesting

    When we talk about "Information Assurance," it's based on 3 principles:
    Confidentiality--Nobody reads your data unless they're allowed to (think top-secret information)
    Integrity--Nobody can change your data unless they're allowed to (think bank account balance)
    Availability--When you need the data, it's there (backups, redundancy, etc.)

    --
    I do what the voices on my console tell me to do.
  10. Re:Slightly off topic but... by DJSpray · · Score: 2, Interesting

    No one but me seems to use them, but I've personally seen amazing reliability with magneto-optical (MO) drives and media. In fact, I've never had one of my MO disks fail. I certainly can't say that about other media I've used:

    - casettes (TRS-80 model 1 circa 1977)
    - floppies (actually, 8" floppy disks are very reliable, and they go down from there)
    - various kinds of streaming tape
    - Bernoulli discs of various capacity
    - zip discs of various capacity
    - hard drives of various capacity
    - CD-R and CD-RW of various capacity

    Seriously, consider MO media such as the Fujitsu 1.3 gig discs and drives. Of course this does not address really long-term storage and the issues of lost/failing hardware and standards over decades, but I think this gives you one of the most stable physical formats available for "near-line" storage.

  11. Secure data can sneak out via MS word by GGardner · · Score: 4, Interesting
    Several years ago, I had a dual-boot Linux/Windows machine at work, doing all my real work in Linux. HR would periodically email "important" memos to the whole company as MS word .doc attachments. Note this was before OpenOffice, or any of the other .doc converters were available for Linux. Rather than rebooting, just to read some HR drivel about proper use of the parking lot, I'd often just "strings(1)" the .doc file, and get the gist of what they were saying.

    One particular memo was about the servicing of the water coolers, and went out to the whole company. When I strings'ed the memo, though, at the top was a draft of an employee's termination letter! Oops. Apparently, this was the undo buffer for Word -- the writer of the memo had just written the termination letter, printed it, deleted it from the document, and wrote the water cooler memo in the same instance of word. However, if opened this doc in Word, I couldn't access the hidden info, no matter what I tried.

    Since then, I've always wondered how much other sensitive information has snuck out, via MS Word.

  12. Encrypted Tape Backup Vendor by TarPitt · · Score: 3, Interesting
    May be of interest, but there is a vendor, Cybernetics, that offers a tape drive that encrypts backup media in hardware. See this article.


    Keys are stored in smart cards. Reading backup tapes requires a Cyberntics drive and the correct key. Obviously you need to manage this very well to avoid being SOL during an actual recovery situation.


    Of course, consider how vulnerable your backup media really is. I don't need to hack your network, just show up in an Iron Mountain uniform with forged ID maybe 30 minutes before the real Iron Mountain guy shows up. I then drive off with ALL you data.

    --
    If your children ever found out how lame you are, they'd murder you in your sleep
    1. Re:Encrypted Tape Backup Vendor by Qzukk · · Score: 3, Insightful

      Obviously you need to manage this very well to avoid being SOL during an actual recovery situation.

      Not only is the key needed, the original drive is needed too according to the interex article. Not good for recovering from offsite backups after the place (and the original drive) burns down.

      --
      If I have been able to see further than others, it is because I bought a pair of binoculars.
  13. Backup Media by stan_freedom · · Score: 2, Informative

    I used to work for a Fortune 500 company as a Unix sys admin. One of my projects was to assist in bringing a new Oracle financials system on line. The data on this system was so sensitive that only the executive board was given access, and then only via SecurID cards from specific locations during specific time windows.

    Nightly backup tapes were queued in a fireproof walk-in vault before going offsite at the end of each day. I happened to be strolling by the vault one day and noticed the backup tapes sitting there on a shelf in the vault, right next to the open vault door. I did some checking and found out that the vault was left open during business hours so that the operations folks had easy access to backup media. The vault was in a different department than I/S, on a main hallway, right near the front door of the building. Obviously, I mentioned this to the Operations Manager. The new policy limited access to only a couple of operations supervisors, and instituted a media checkout policy (nothing a little social engineering couldn't thwart, but far better than the previous situation).

    So what's the moral of the story? Make sure your security policy deals with backup media. Don't just assume that your operations department (or the offsite storage provider) is securely managing your media.

  14. Similar book by neoThoth · · Score: 2, Insightful

    I know the author of a similar book that hasn't quite finished up yet. He was concentrating on the SAN's aspect of it since NAS security is pretty much the same FAQ as 'how to setup a file server'.

    Secure SANs was slated to come out last year but hasn't ever been more then a link on Amazon. It dealt with the ugliness of iSCSI and how the 'air gap' security that protected this data for so long is now gone and storage administrators are struggling to learn how the real world works.

    Not to bash storage admins but they've relegated most of their 'security efforts' to LUN masking and other such techniques. Now that SCSI drive commands are traversing networks huge security vulnerabilities are opened up. I read an advanced chapter of the Secure SAN title and the best part was an executive from a prominent NAS company stating that he wasn't worried about the security of the products since "only a handful of ppl in the world could have this conversation".

    Check out the recent efforts at Storage Networking Industry Association who have come as close to working miracles as I've personally seen. They have managed to create some various technial frameworks and security processes that make vendors work together.

    One interesting note about the book featured here is that it also deals with NAS and DAS. NAS and SANS have been fighting it out as IDE and SCSI have. One is cheap and easy the other pricey and very difficult. DAS on the other hand is a joke to me. The ability for one computer to change bits in another's memory DIRECTLY does not sound like a good idea. Hackers have worked for decades to write shell code that allows the ability to change bits in memory and now the storage industry has created a way to get directly in there bypassing all OS security.... yea great idea