This article can also be found in the Premium Editorial Download "Information Security magazine: Best-of-breed: Security Products of the Year: 2006."
Download it now to read this article plus other related content.
|Safeguarding Archive Data|
Before discussing the security of archive data, let's define the term "archive." We're talking about an electronic filing cabinet that is specifically designed for logical retrieval of information, based on its context. The context might include the creator of the data, its purpose or what project it's attached to, but rarely has anything to do with where the data was stored. When looking for a file in a filing cabinet, you don't ask for the third folder in the fifth drawer of the fourth cabinet. You say, "Get me the Jansen file."
In comparison, a backup system is designed to restore damaged or deleted data based on where it was stored. It's used when the file cabinet catches fire, or when the Jansen file disappears. But you don't restore the Jansen file, you restore the third folder in the fifth drawer of the fourth cabinet--you must know the location of the file to restore it. However, if you ask the archive system to restore a file that was deleted yesterday, it would ask you who created it, or what the file is about.
Now that we've got our definitions straight, we can move on to the security issues. Disks or tapes for the archive system may be saved for many years, and, like the backup system, the archive system contains very valuable information. So shouldn't we encrypt its tapes as well? We probably will soon, but we have to be careful.
With a backup tape that's going to expire and be overwritten in a few months, we can afford to have format changes with the encryption system. With an archive system, we've got to be able to read these tapes for many years. The problem is that all of the current encryption systems are incompatible. If your encryption vendor went out of business, you'd have no backup plan for your long-term archives. If the day comes when you can switch vendors and still read your tapes, encryption of archives will make more sense. For now, it's probably safest to simply follow very strong physical security practices to ensure that you don't lose control of any tapes.
--W. Curtis Preston
Educate administrators about storage vulnerabilities
Once you've awakened your storage administrators to the need for security, you need to educate them about the concepts of authentication and authorization, as well as the evils of plaintext communication. Then, help them understand the vulnerabilities in their storage systems:
- Plaintext out-of-band management interfaces
- Plaintext in-band communication
- Hostname-based authentication for the UNIX network file system (NFS) and Windows Common Internet File System (CIFS)
- Plaintext authentication for NFS/CIFS
- World Wide Name-based authentication
- Plaintext backup tapes
- Hostname-based authentication for backup servers
- Admin-based authentication for backup admins
This was first published in February 2006