We think you have liked this presentation. If you wish to download it, please recommend it to your friends in any social system. Share buttons are a little bit lower. Thank you!
Presentation is loading. Please wait.
Published byDonte Herron
Modified over 2 years ago
1 Copyright © 2011 M. E. Kabay. All rights reserved. Securing Data at Rest CSH5 Chapter 36 Securing Stored Data David J. Johnson, Nicholas Takacs, & Jennifer Hadley
2 Copyright © 2011 M. E. Kabay. All rights reserved. Topics Introduction to Securing Stored Data Fiber Channel Weakness & Exploits NFS Weakness & Exploits CIFS Exploits Encryption & Data Storage Data Disposal CSH5 Chapter 36 covers nonvolatile media: magnetic disks, CDs, DVDs, flash drives. Does not include RAM (or ROM, PROM, EPROM).
3 Copyright © 2011 M. E. Kabay. All rights reserved. Introduction to Securing Stored Data Security Basics for Storage Administrators Best Practices DAS, NAS & SAN Out-of-Band & In-Band Storage Management File System Access Controls Backup & Restore Controls Protecting Management Interfaces
4 Copyright © 2011 M. E. Kabay. All rights reserved. Security Basics for Storage Administrators Data storage security often ignored by security planners Relegated to infrastructure design Particularly strong conflicts between availability and other aspects of Parkerian Hexad Should be considered with other central elements of overall security planning Differentiated security appropriate Data classification helpful (see CSH5 Chapter 67, Developing Classification Policies for Data) Backup copies particularly important to protect (see CSH5 Chapter 57, Data Backups & Archives)
5 Copyright © 2011 M. E. Kabay. All rights reserved. Best Practices (1) Audit & risk assessment on storage infrastructure Authentication across storage network RBAC (role-based access controls) & need-to-know assignment of rights Data encryption & data classification Strong security features & practices from storage vendors Securing SAN (storage area network) at switch (or fabric) level Policies for safely discarding media, devices Evaluating retention policies
6 Copyright © 2011 M. E. Kabay. All rights reserved. Best Practices (2) Making retention policies comply with functional, legal & regulatory requirements Isolating storage management NW from organization-wide functional NW Access-log monitoring Employee & contractor background checks Physical controls to restrict access to data centers, lock cabinets & racks, lock servers, protect building/site perimeter (see CSH5 Chapters 22 & 23 on information infrastructure) Secure backup-medium handling, tracking
7 Copyright © 2011 M. E. Kabay. All rights reserved. DAS, NAS & SANs 3 main methods for storing data Direct attached storage (DAS) Part of or directly connected to computer Peripheral Component Interconnect (PCI), Small Computer System Interface (SCSI) or other standard Network attached storage (NAS) Specialized systems with DAS, dedicated processors & pared-down operating systems Generally connected to TCP/IP NWs Network File System (NFS) for Unix Server Message Block (SMB) or Common Internet File System (CIFS) for Windows Storage area networks (SANs) – see next slide
8 Copyright © 2011 M. E. Kabay. All rights reserved. SANs Storage Area Networks: centralized disks accessible to many servers Can add disks easily Facilitate centralized backups Often integrate RAID Redundant Arrays of Independent Disks Different levels from RAID 0 to RAID 6 Allows for data duplication, performance improvements Connections TCP/IP Fiber Channels (see later in these notes) RAID: Some people define acronym using Inexpensive or Drives
9 Copyright © 2011 M. E. Kabay. All rights reserved. Out-of-Band & In-Band Storage Management In-band management Same NW as data transfers Cleartext signaling DoS attacks on management interfaces Access to excessive information about devices & controllers Set/Reset commands available for abuse Out-of-band management Separate NW for control functions Must ensure restricted access – only administrators Ideally, use secure channels
10 Copyright © 2011 M. E. Kabay. All rights reserved. File System Access Controls Operating systems include file systems File systems generally provide for access controls Data ownership Access control lists (ACLs) But security through file system assumes proper user I&A For more information on these topics, see CSH5 Chapters 24 – Operating System Security 25 – Local Area Networks 28 – Identification & Authentication 67 – Developing Classification Policies for Data
11 Copyright © 2011 M. E. Kabay. All rights reserved. Backup & Restore Controls (1) Backup/restore systems critical for BC & DR Typically written to tertiary storage Tape, cassettes, optical media Offsite storage (often run by supplier) Electronic transfer Recovery site Electronic storage service Offsite storage needs Secure: authorized personnel only Geographically distant (not subject to same disaster) Audit security, hiring policies
12 Copyright © 2011 M. E. Kabay. All rights reserved. Backup & Restore Controls (2) Media longevity Verify longevity > archival requirements Interpolation of spoofed BU system Writes would be to unauthorized drive Insertion of spoofed data storage system Could request RESTORE to unauthorized system Authentication of systems essential Manual: login to authenticate BU request Auto: certificate exchange Data encryption valuable See CSH5 Chapter 57 Data Backups & Archives for more information on these topics
13 Copyright © 2011 M. E. Kabay. All rights reserved. Protecting Management Interfaces Management Interfaces (MI) among greatest threats to security Admin access to entire data store Manipulate data, update acct security, rearrange architecture 2-factor authentication a minimum Complex password requirements Regular PW changes or one-time PW token Separation of duties Storage managers security managers Audit logs to detect policy violations Use log-analysis software (manual inspection inadequate)
14 Copyright © 2011 M. E. Kabay. All rights reserved. Fiber Channel Weakness & Exploits Introduction to Fiber Channel Man-in-the-Middle Attacks Session Hijacking Name Server Corruption
15 Copyright © 2011 M. E. Kabay. All rights reserved. Introduction to Fiber (Fibre) Channel ANSI/INCTS* T11 Committee standard Optical fiber cabling; or Twisted-pair copper wiring Weaknesses All traffic is unencrypted No native support for authentication or data integrity checks Vulnerabilities Attackers can use IP-based attacks Cleartext traffic can be sniffed Message insertion (MITM) possible *American National Standards Committee accredited International Committee for Information Technology Standards
16 Copyright © 2011 M. E. Kabay. All rights reserved. Man-in-the-Middle Attacks Method Attacker intercepts communications Copies or changes data Inserts modified frame (like a packet) back into data stream Exploits weakness in protocol Sequence ID & sequence count are predictable Thus attacker can predict next values & insert spoofed frame before authentic frame is sent
17 Copyright © 2011 M. E. Kabay. All rights reserved. Session Hijacking Sequence ID & sequence count used to trick receiver into treating attacker as original sender So hijacked session allows complete control Mitigation requires authentication to be added to protocol
18 Copyright © 2011 M. E. Kabay. All rights reserved. Name Server Corruption Similar to DNS spoofing in IP Every fiber channel registers name WWN (World Wide Name) service Fabric Login (FLOGI) Port Login (PLOGI) Corruption typically occurs during PLOGI Attacker registers bad host using spoofed address No authentication process So real host connection denied Traffic misdirected to rogue host
19 Copyright © 2011 M. E. Kabay. All rights reserved. NFS Weakness & Exploits Introduction to NFS User & File Permissions Trusted Hosts Buffer Overflows NFS Security
20 Copyright © 2011 M. E. Kabay. All rights reserved. Introduction to NFS Network File Systems User on client machine accesses NW-based resources as if local to user Built on RPCs (remote procedure calls) Generally used in high-bandwidth systems LANs & other NW with nonsensitive data NFS does not inherently provide encryption Dangerous to use with exposed NW connected to Internet Following slides introduce key security issues
21 Copyright © 2011 M. E. Kabay. All rights reserved. User & File Permissions Access rights granted by host ID So any user on authorized host has access to NW resources Some admins therefore impose read-only rights to all shared data But then shared drives are not as useful for collaboration If volumes mounted with RW capability Then all users on same host share all files by default Restrictions have to be imposed file-by-file Becomes unscalable as #files & #users grow
22 Copyright © 2011 M. E. Kabay. All rights reserved. Trusted Hosts Hosts do not authenticate themselves So rogue host could request NFS volume mount Access, modify data without authorization Could also compromise DNS server Upload bad data to point to rogue host Then connections would go to spoofed host And users on bad host would be authorized to mount volumes, access data
23 Copyright © 2011 M. E. Kabay. All rights reserved. Buffer Overflows Classic programming error Inputs not checked before processing So long inputs overflow input buffers and overwrite areas of stack Data can be interpreted as parameters or commands (see CSH5 Chapter 38, Writing Secure Code) NFS server does not check length of directory-removal request So overflow can include malicious instructions Executed with root privilege
24 Copyright © 2011 M. E. Kabay. All rights reserved. NFS Security Recent implementations include Kerberos Authentication scheme Can validate users & hosts But buffer overflow exploits continue to be developed Should not assume that NFS can be adequately secured on its own
25 Copyright © 2011 M. E. Kabay. All rights reserved. CIFS Exploits Overview Common Internet File System Internet-enabled Server Message Block (SMB) protocol Significant improvements over SMB Encryption Secure authentication But problems remain Topics discussed in next slides Authentication Rogue or Counterfeit Hosts
26 Copyright © 2011 M. E. Kabay. All rights reserved. CIFS Authentication Authentication schemes Passwords Challenge-response But all unencrypted Recent improvements use Kerberos Some provide share-level security model Instead of user-level security model So only one set of credentials Shared by all users on host Same weaknesses as all other shared accounts Vulnerable to dictionary & brute-force attacks on credentials Chosen plaintext attacks Online & offline dictionary attacks
27 Copyright © 2011 M. E. Kabay. All rights reserved. CIFS Rogue/Counterfeit Hosts MITM & trusted host attacks apply to CIFS CIFS clients may be tricked into supplying PW instead of using challenge-response Support MITM attacks CIFS must enable session- and message-authentication measures Otherwise open to MITM / spoofing attacks CIFS share vulnerabilities similar to NFS share weaknesses But enabling CIFS authentication helps Be sure to check configuration
28 Copyright © 2011 M. E. Kabay. All rights reserved. Encryption & Data Storage Introduction to Data Storage Encryption Recoverability File Encryption Volume Encryption & Encrypted File Systems Full Disk Encryption Vulnerability of Volume, File System & Full Disk Encryption Database Encryption
29 Copyright © 2011 M. E. Kabay. All rights reserved. Intro to Data Storage Encryption Encrypting data-in-motion common Encrypting data-at-rest equally important Breaches of stored data more common than interception of data in transit Considerations Choose appropriate algorithm & key length Aim at delaying brute-force decryption long enough to make data useless See CSH5 Chapters for more information: 7 Encryption 37 PKI & Certificate Authorities
30 Copyright © 2011 M. E. Kabay. All rights reserved. Recoverability Ciphertext without key is lost Must plan for loss of encryption key by primary user Key escrow essential Store key with trusted party Remove key from escrow under controlled conditions when required Public Key Cryptosystem (PKC) Allows additional decryption keys (ADKs) Either key can decrypt data E.g., Prof Kabay encrypts PGP disk volumes using own public key and that of Prof Peter G. Stephenson (by arrangement)
31 Copyright © 2011 M. E. Kabay. All rights reserved. File Encryption Individual files may be encrypted But puts onus on user to decide in every case Operating system files cannot be encrypted by users Thus may expose sensitive data Application code files not executable without decryption Not practical to decrypt file-by-file So proprietary code may be exposed Much better to use whole-disk encryption
32 Copyright © 2011 M. E. Kabay. All rights reserved. Volume Encryption & Encrypted File Systems Volume encryption & encrypting file systems better for encrypting / decrypting data than file encryption Automatic encryption of all files in volume, partition or directory (folder) Both systems decrypt dynamically Driver-level code decrypts blocks on way to RAM and back Never decrypt entire file So no copy of cleartext for whole file anywhere on disk or in memory But system files usually not encrypted If user stores copy of sensitive file in unencrypted area, may compromise security
33 Copyright © 2011 M. E. Kabay. All rights reserved. Full Disk Encryption Encrypt entire hard drive By far preferred mode of encryption for normal use Especially important for laptop computers Leaves only small boot portion of disk in clear Simply enter special PW at bootup Benefits Complete protection in case of loss or unauthorized access if system is locked or off Including protection of swap files Completely transparent to (naïve) users Only modest performance penalties Slightly longer startup & shutdown Full compliance with legal & regulatory requirements for protection of sensitive data
34 Copyright © 2011 M. E. Kabay. All rights reserved. Vulnerability of Volume, File System & Full Disk Encryption System equally vulnerable to attacker once authorized user has started system Must stress to users that encryption does NOT protect against penetration of live system Must configure usual access controls May also configure timeout on encryption Disables access after defined period of inactivity User need merely reenter passphrase or provide token E.g., 60 minute inactivity for automatic dismount of PGP volumes
35 Copyright © 2011 M. E. Kabay. All rights reserved. Database Encryption (1) DBs often contain critical, sensitive data Can protect by placing on encrypted volumes May also encrypt fields & tables Offers flexibility in protecting specific classes of data against unauthorized access by users authorized for DB usage; e.g., Managers/supervisors might access more of customer record than clerks Current care-givers might access more of patient record than accounting staff But application / DB designs constrain use of encryption (see next slide)
36 Copyright © 2011 M. E. Kabay. All rights reserved. DB Encryption (2) Recommendations on DB encryption (James C. Foster writing in SearchSecurity.com) 1.Do not encrypt foreign keys or super keys Used for structural linkages among tables Therefore should not contain PII or sensitive data 2.Encryption keys must be tightly protected Provide complete access to all data 3.Full DB encryption may affect performance High-volume R/W activity may require wire-speed data access for effective processing Consider encryption only sensitive data Can you get me that decryption key?!?
37 Copyright © 2011 M. E. Kabay. All rights reserved. DB Encryption (3) Improving vendor-provided options Microsoft SQL Server 2005 offers improved encryption management Oracle 10g Release 2 Transparent Data Encryption (TDE) DB Admin can specific encryption for specific columns (fields) No programming required Implementation considerations Avoid encrypting key fields May have to redesign DB association if key is sensitive Monitor performance issues
38 Copyright © 2011 M. E. Kabay. All rights reserved. Data Disposal Never discard any magnetic, optical, electronic or paper media containing sensitive data without sanitizing Methods that do NOT delete data File system Delete or Erase commands Formatting DoD standards define secure wipe Repeated erase/random-write cycles Degree adjustable by setting number of cycles Magnetic, optical, paper media should be physically destroyed For more details, see CSH5 Chapter 57 Data Backups & Archives
39 Copyright © 2011 M. E. Kabay. All rights reserved. DISCUSSION
© SafeNet Confidential and Proprietary Administering SafeNet StorageSecure Smart Card Module 3: Lesson 5 SafeNet StorageSecure Storage Security Course.
SEC835 Practical aspects of security implementation Part 1.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 1: Introduction to Scaling Networks Scaling Networks.
TCP/IP Protocol Suite 1 Chapter 18 Upon completion you will be able to: Remote Login: Telnet Understand how TELNET works Understand the role of NVT in.
FedEx Ship Manager® at fedex.com Shipping Administration
Chapter 6 Data Design. 2 Design Phase Description Systems Design is the third of five phases in the systems development life cycle (SDLC) Begin the physical.
7-Access Control Fundamentals Dr. John P. Abraham Professor UTPA.
13 Copyright © 2005, Oracle. All rights reserved. Monitoring and Improving Performance.
File System Security Robert “Bobby” Roy And Chris “Sparky” Arnold.
Troubleshooting Startup Problems Lesson 6. Objectives 2.
Hands-On Microsoft Windows Server 2003 Administration Chapter 6 Managing Printers, Publishing, Auditing, and Desk Resources.
1 Chapter Overview Password Protection Security Models Firewalls Security Protocols.
1 Senn, Information Technology, 3 rd Edition © 2004 Pearson Prentice Hall James A. Senns Information Technology, 3 rd Edition Chapter 7 Enterprise Databases.
1 Chapter 13 – Network Security Password Protection Security Models Firewalls Security Protocols.
1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
Chapter 8 Security Transparencies © Pearson Education Limited 1995, 2005.
Installing Windows XP Professional Using Attended Installation Slide 1 of 30Session 8 Ver. 1.0 CompTIA A+ Certification: A Comprehensive Approach for all.
MOSS ADAMS LLP | 1 W HAT I S S ENSITIVE D ATA ? Whats the Risk and What Do We Do About It? Weston Nelson Steve Fineberg Steven Gin.
Threads, SMP, and Microkernels Chapter 4 1. Process Resource ownership - process includes a virtual address space to hold the process image Scheduling/execution-
Troubleshooting Windows Vista Security Chapter 4.
Database Security Cmpe 226 Fall 2015 By Akanksha Jain Jerry Mengyuan Zheng.
1 MySQL Access Privilege System. 2 What the Privilege System Does? The primary function of the MySQL privilege system is to authenticate a user connecting.
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
Local Area Networks - Internetworking 1. Internetworking devices 2 Increasing power and complexity Hubs Bridges Switches Routers.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.
ACT User Meeting June Your entitlements window Entitlements, roles and v1 security overview Problems with v1 security Tasks, jobs and v2 security.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
©2008 Prentice Hall Business Publishing, Auditing 12/e, Arens/Beasley/Elder The Impact of Information Technology on the Audit Process Chapter 12.
NETWORKING FUNDAMENTALS. Network+ Guide to Networks, 4e2.
Understand Database Security Concepts Database Administration Fundamentals LESSON 5.1.
This presentation will take a look at to prevent your information from being discovered by and investigator.
1 Database Systems: Design, Implementation, and Management CHAPTER 10 Distributed Database Management System.
Chapter-4 Windows 2000 Professional Win2K Professional provides a very usable interface and was designed for use in the desktop PC. Microsoft server system.
1 Preparing a System Security Plan. 2 Overview Define a Security Plan Pitfalls to avoid Required Documents Contents of the SSP The profile Certification.
1 All Powder Board and Ski Microsoft Access Workbook Chapter 10: Database Administration Jerry Post Copyright © 2007.
Mark A. Magumba Storage Management. What is storage An electronic place where computer may store data and instructions for retrieval The objective of.
Security Issues and Challenges in Cloud Computing Lambu Akhila Reddy CSC 557.
Validation | Slide 1 of 31 August 2006 Validation Supplementary Training Modules on Good Manufacturing Practice WHO Technical Report Series, No. 937, 2006.
1 Configuring your VLAN Presented by Gregory Laffoon.
WebCafé Slide No:1 World Cyber Cafe Association Brings to You Webcafe A Cyber Café Management Software A Software That Will Boost Your Efficiency For Managing.
Copyright line. Maintaining an Active Directory Environment Exam Objectives Backup and Recovery Backup and Recovery Offline Maintenance Offline Maintenance.
INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
Module 3: Managing and Monitoring Dynamic Host Configuration Protocol (DHCP)
Windows Vista Configuration MCTS : NTFS Security Features and File Sharing.
Introduction to SQL Server 2000 Security Dave Watts CTO, Fig Leaf Software
Database Role Activity. DB Role and Privileges Worksheet.
Data Storage Solutions Module 1.2. Data Storage Solutions Upon completion of this module, you will be able to: List the common storage media and solutions.
1 Chapter 12 File Management Systems. 2 Systems Architecture Chapter 12.
NAS vs. SAN 10/2010 Palestinian Land Authority IT Department By Nahreen Ameen 1.
Chapter 12 File Management Systems. Chapter goals Describe the components and functions of a file management system Compare the logical and physical organization.
© 2017 SlidePlayer.com Inc. All rights reserved.