Storage Security

shiroi_kami writes "What does Information Security mean to you? To many, it means firewalls and encryption. To some, it means intrusion detection systems. Chances are the words "file servers" weren't high on your list, but they probably should be. After all, information security is about information, and when it's not flying across the network it's got to be stored somewhere, right? In fact, the security of the storage mechanism is often overlooked, which makes it an attractive target for attackers. In their new book, Storage Security, the authors take a comprehensive look at this often-ignored subject. Update: 03/26 05:44 GMT by T : Please note, this review was written by David Bianco under the handle shiroi_kami as an Amazon.com review, and also appears at InfosecBooks.com. Apologies to David for the misplaced and delayed attribution. Storage Security: Protecting, SANs, NAS and DAS author John Chirillo, Scott Blaul pages 408 publisher John Wiley & Sons rating 9.8 reviewer David Bianco ISBN 0764516884 summary A storage security handbook that examines strengths and weaknesses, describes architectural security concerns and considerations, and identifies ways to implement and design more secure storage systems.

Storage Security is not about turning on the right configuration options on your XYZ brand server appliance. It's about applying solid, methodical security practices to your storage systems, regardless of whether they are disks directly attached to a single computer, Network Attached Storage or part of a Storage Area Network. The authors address the full security cycle, too, starting with evaluating the security of proposed new storage solutions. Comparative data in hand, the book shows you how to narrow the field to a single solution that offers the best balance between functionality and security.

And once the system is selected, you can't stop there. You've got to decide on appropriate security policies for the new storage system, draft and implement a backup and restore plan, deal with disaster recovery and take care of a host of other issues. In short, this is a good guide to an entire range of considerations necessary to select, deploy and manage a secure storage solution.

The book's evaluation methodology is particularly valuable. Each type of storage (directly attached, NAS and SAN) is covered in a chapter of its own. Within each chapter, the authors address specific technologies used to implement that type of storage. For example, the direct-attach chapter discusses such common storage technologies as SCSI and IDE, moderately exotic systems like USB and Firewire drives, and some more advanced solutions like HiPPI and SSA. Each technology is then placed in a matrix and scored in 11 different categories, including popularity and industry acceptance, built-in data protection features, typical fault tolerance and physical security characteristics.

The authors assign each rating on a scale of 1 (poor) to 5 (the best). This gives a good general indication of how each technology measures up, but they tend to rely on a straight average of the ratings when determining the best technology. Although it's true that the average allows you to make a quick ballpark comparison, there are many other factors to consider as well, such as the suitability for your particular environment and the way in which your users need to access their data. The matrixes are quite useful, but just remember that you can't always boil things down to a simple numerical score.

Probably the biggest problem with this book is that it's pretty dry. As a reference book, the writing style is fine, since it's easy to find what you're looking for, and the chapters are concise. It's difficult to read from cover-to-cover, though, which is a shame because that's what you should probably do the first time through. Take it in small doses, a chapter or so at a time, and you should be fine.

Storage Security is about just what you'd think: the security of your data as it's being stored on your server(s). It's not a detailed look at the configuration of any one product, but rather a comprehensive, theory-based approach to managing the security of your storage subsystem from evaluation to purchase to daily operations. If you manage a small or mid-size network, you may or may not need this book. If you have a larger network, though, or have significant data-storage needs, this deserves a space on your shelf.

You can purchase Storage Security: Protecting, SANs, NAS and DAS from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Duct Tape

Duct tape your storage devices.

Protect Freedom!
Buy Tom Ridge Brand Duct Tape, it's minty fresh!

Encrypted File System

This is something I've wondered about, and this reminded me.

Is there any operating system that supports encrypting the storage at the file system level. In other words, is there any operating system where I can specify that I want a particular path encrypted, and then copy files over, edit files, etc without worrying about having to decrypt, recrypt manually all the time?

Even a weak encryption would satisfy me.

Re:Encrypted File System

[mericet]

There are a few product to do just that, such as bestcrypt .

Re:Encrypted File System

[nakhla]

Yes, Windows 2000/XP Professional and Windows Server 2003 all support this feature. Encryption/decryption is done transparently so there is no additional user intervention required.

Also, with PGP you can create PGP disks that are essentially files that are loopback-mounted as an encrypted drive. Any files you copy to this virtual drive are automatically encrypted with your PGP keys.

Re:Encrypted File System

[olip]

Encrypted HD can't be safe, can it ?
Fo example, if it's a PKI, the private key has to be somewhere in the computer (BIOS, HD, ROM, etc.) for the OS to be able to decrypt. So it is very vulnerable.
The computer is a deterministic system, it fully contains all the information needed for automated processing ; usually security is ensured by the externalization of some part of data (password, private key, fingerprint) considered as needed for some processing.
I mean, you wont type your password everytime your OS reads from the HD ;-)
BTW NTFS is a first step in the direction you suggest.

Re:Encrypted File System

[paulhar]

Unfortunately the words "weak encryption" can definately be attributed to Windows EFS encryption.

Every time you open the file it's decrypted in place, so while the file is "open" it's in an unencrypted state.

A few scenarios to consider:

A) Application A always running. While the application is running, the data file in unencrypted on disk so anyone with the appropriate permissions can read it. Exchange is a good example of this - how often do you shut it off?

B) What happens when you have a powercut. If the file was unencrypted guess what state it'll stay in until you manually poke it?

C) If it's data like word documents then this is the chain of events: open encrypted file, (it decrypts in the background), you change the file, you save it, windows creates a NEW file and writes the changes to it, office deletes the old file, office renames the NEW file to the name of the old file, windows encrypts the changed file, and office etc rename the encrypted version back to the original filename. But the blocks for the decrypted one are on disk for anyone with the appropriate undelete tools to use.

Still, better than nothing?

Re:Encrypted File System

[wfberg]

AFAIK linux doesn't have an encrypted FS, nor have I heard about anything under development. If any FS hackers are reading this, this would be a handy project if you're looking for something to do.

• Loopback-Encrypted-Filesystem-HOWTO
  
• secure notebook (runs windows in vmware, so even swapfile and hibernate file are encrypted!)
  

Re:Encrypted File System

[stilwebm]

There are patches for the Linux Kernel that use loopback devices and the international patches (CryptoAPI) to encrypt filesystems transparently. They also require CryptoAPI enabled losetup, mount, and umount binaries. Linux Encrypted File System Howto

A similar arrangement is available to OpenBSD. OpenBSD Encrypted Virtual Filesystem Mini-HOWTO

Re:Encrypted File System

[giminy]

MacOS supports it too. You can create AES encrypted disk images and mount them. And of course so does linux (and I'd guess *bsd). You can make a file and mount it encrypted through the loopback device.

Re:Encrypted File System

[Beetjebrak]

Would a smartcard system not solve this problem? Smartcard reading will bring some overhead, but it needn't be done every time a file is accessed, just once during the user session. Store the key in RAM and make sure that particular bit of RAM never gets swapped to disk. That way the key remains outside the computer, and gets permanently erased when the user logs out or the screensaver kicks in. The user only gets their desktop back from the screensaver after they plug their smartcard back in and enter their password. Combined with S/Key passwords this could be pretty secure... though I'm no expert, so comments more than welcome!

Re:Encrypted File System

[rleyton]

Here's how it's done.

Very handy indeed.

Re:Encrypted File System

[Sloppy]

The loopback device approach just encrypts at a device level, rather than the filesystem level. While that is cool, it isn't quite what the original poster was asking about. While it's good for your personal porn collection on your (effectively) single-user PC, it's not very useful in a multiuser situation, where you don't want everything on the filesystem to have the same key.

It would be nice to have actual filesystems (not just devices) that have crypto really designed into them.

physical securty has been around for a long time

This is nothing new. Administrators and other have known for a long thime that no machine is secure if someone has access to the physical machine. If someone can open your box up, reboot it, attach new devices to its private subnet, etc. then it is not secure.

Why anyone thinks this should be different for storage systems is beyond me. If someone can break in and steal your data, or attach new devices to the data transfer channel, or whatever, then your data isn't secure. That the authors think this comes as a revelation to anyone means either they are really stupid or they think administrators are really stupid.

Get your machines installed in a location with good physical security. That's really all there is to it.

Why?

[netwiz]

Why is this something you'd need a book for? It comes down to the basics.

One, never allow physical access to what you're trying to secure.

Two, _never_ allow physical access to what you're trying to secure.

Three and so on: log all security events, break users into groups for simplification of manageability, set permissions properly, protect network shares and device access, and be aware of the content that's being secured (what it is, how it's used, etc.)

Beyond that, there's not much else to consider. However, from the review it looks like they go beyond security issues to stuff like, "what hardware is best for my particular application." Sure, it's a big consideration. For example, you wouldn't want a two million row database running off a Network Appliance over NFS across switched fast ethernet, but there's enough free information out there that making decisions like that should be trivial. Furthermore, if you're doing system specifications w/o knowing about the technologies you have to choose from, I sure hope you're not an employee of the place for which you're building a system, because they're not going to like you very much when it dies on a regular basis.

Not having actually read the book, I may be way off base, but from the title and the review above, I don't see how it would be all that helpful except maybe as a primer to a junior-level engineer.

Re:Why?

[AftanGustur]

Why is this something you'd need a book for? It comes down to the basics.

One, never allow physical access to what you're trying to secure.
Two, _never_ allow physical access to what you're trying to secure.

And then, one day, you come to work and realise that you :

Three: Your IP center burned last night.
Four: Your IP center burned last night.

Five: Your backups were in the center.
Six: Your backups were in the center.

Re:Why?

[Hanashi]

[Disclaimer: I wrote the review in question.]

Actually, there's a lot more to security than just keeping your data secret. Information Security practice is based on three pillars: Confidentiality, Integrity and Availability (AKA "CIA", which sounds like an oxymoron, doesn't it?). There's a lot more to it than just keeping people away from the physical storage medium.

Maybe I should have made this more clear, but the nicest thing about this book is that they cover *all* the security bases, not just the ones most people think of. They show how to evaluate technologies or specific solutions on the "I" and the "A" as well. That's why I think this book is so useful. It points out areas of security that many people often overlook.

IEEE SAN security standard

IEEE is working on a standard (IEEE P1619) which will allow encryption to shared media (SANs I guess). They've set up a working group.

They're looking at (from the website):

• Cryptographic algorithms for storage
• Cryptanalysis of existing and proposed systems and protocols
• Key management for storage
• Attacks on storage area networks and storage systems and countermeasures
• Standardization approaches
• Deployment of secure storage mechanisms
• Defining and defending trust boundaries in storage
• Relating storage security to system and network security.

Something to look at in the future. Hopefully it'll be more secure than WEP. :)

What about temp files?

[burgburgburg]

Even if your final documents are stored under the encrypted path, you have to worry about temp files that might have been created that are "stored" elsewhere.

MS products, in particular, like to create a large number of temp files and there is no way of configuring where they are kept. I'm not sure if OSS alternatives have this configuration ability.

And of course, you also have to worry about elements of documents in memory (which can be recovered).

Re:What about temp files?

[homer_ca]

LoopAES for Linux can encrypt your swap partition and your root partition (all it needs a small unencrypted /boot partition). Unfortunately, there is a big overhead in CPU usage. I tried CryptoAPI for the 2.2 kernels, and on my K6-2 400 Mhz file server it dropped transfer rate to 1.2MB/s. Assuming linear CPU scaling, you'd need about a 2 Ghz just to keep up with 100Mb fast ethernet.

Re:What about temp files?

[GGardner]

Don't forget about swap or paging space, either.

There's always a front-door

[airrage]

I've had this similar thinking before, because the information in and of itself is not important, from a technical perspective, it's the mechanism to access that needs to be secure. Hence, a SAN with a fibre-channel fabric would seem secure (a client needs an HBA card), but hook it up to a MS File server, SQL Server, or Oracle, and suddenly all the same exploits apply.

I would suggest it's not the type of nails used, it's the design of the front door. I could be wrong.

Peace, Out!

~Airrage ;)

Secure data can sneak out via MS word

[GGardner]

Several years ago, I had a dual-boot Linux/Windows machine at work, doing all my real work in Linux. HR would periodically email "important" memos to the whole company as MS word .doc attachments. Note this was before OpenOffice, or any of the other .doc converters were available for Linux. Rather than rebooting, just to read some HR drivel about proper use of the parking lot, I'd often just "strings(1)" the .doc file, and get the gist of what they were saying.

One particular memo was about the servicing of the water coolers, and went out to the whole company. When I strings'ed the memo, though, at the top was a draft of an employee's termination letter! Oops. Apparently, this was the undo buffer for Word -- the writer of the memo had just written the termination letter, printed it, deleted it from the document, and wrote the water cooler memo in the same instance of word. However, if opened this doc in Word, I couldn't access the hidden info, no matter what I tried.

Since then, I've always wondered how much other sensitive information has snuck out, via MS Word.

Encrypted Tape Backup Vendor

[TarPitt]

May be of interest, but there is a vendor, Cybernetics, that offers a tape drive that encrypts backup media in hardware. See this article.

Keys are stored in smart cards. Reading backup tapes requires a Cyberntics drive and the correct key. Obviously you need to manage this very well to avoid being SOL during an actual recovery situation.

Of course, consider how vulnerable your backup media really is. I don't need to hack your network, just show up in an Iron Mountain uniform with forged ID maybe 30 minutes before the real Iron Mountain guy shows up. I then drive off with ALL you data.

Re:Encrypted Tape Backup Vendor

[Qzukk]

Obviously you need to manage this very well to avoid being SOL during an actual recovery situation.

Not only is the key needed, the original drive is needed too according to the interex article. Not good for recovering from offsite backups after the place (and the original drive) burns down.