Loading
Notes
Study Reminders
Support
Text Version

Data Storage Security

Set your study reminders

We will email you at these times to remind you to study.
  • Monday

    -

    7am

    +

    Tuesday

    -

    7am

    +

    Wednesday

    -

    7am

    +

    Thursday

    -

    7am

    +

    Friday

    -

    7am

    +

    Saturday

    -

    7am

    +

    Sunday

    -

    7am

    +

Storage security has more moving part than eve especially considering the convergence of IP and storage networking technologies in this section we'll talk about how to secure data at rest on storage area networks nas and local system the types of storage that we'll cover will include ephemeral long-term disk and raw disk we'll walk through the various landscapes and storage threats and will cover the types of storage encryption technology categories which include things such as full disk encryption file encryption database-level encryption cloud storage encryption and laptop and mobile device and server technology-based encryption ephemeral storage is temporary in nature it typically only lasts for the life of a given operating system or VM instant it's very suitable for things like temporary files and caching where long-term storage isn't really required OpenStack and amazon ec2 support ephemeral disk types for temporary storage this allows them to dynamically reassign those resources on demand long-term disk is traditional disk storage that's intact for the life of the physical disk or until an operator assesses or erases that information now raw disk refers to unformatted disk in computing the term raw disk is typically used to refer to hard disk access at a raw binary level beneath the file system level and using a partition data record such as a master boot record a notable example in this context is a virtualization platform and a feature of certain virtualization software is that they have the ability to access a hard disk at the raw level virtualization software may typically function via the usage of a virtual drive format like ovf but some users may want the virtualization software to be able to run an operating system that's been installed let's say on another disk or another disk partition in order to do this the virtualization software must allow raw disk access to that disk or disk partition and then subsequently allow that entire operating system to boot within the virtualization window a major element of the iso 27040 standard is focused on the identification of security controls for different types of storage systems and different types of storage system architectures which include recommendations to help secure das or direct access storage it includes broad coverage of security for storage networking technologies and topologies with an emphasis on storage area networks or sans which include fibre channel iscsi fiber channel over ethernet etc and nas technologies or network attacks attached storage and then traditional nfs smb identifying important security issues and it provides guidance as well for storage management security for block-based storage systems with fiber channel and ip interfaces which is the converge storage I mentioned earlier is also provided iso 27040 provides research and best practices for the network attacks to attach storage as well as the san storage it also includes best practices for object-based storage and content addressable storage recommendations for storage security include measures such as sanitization data confidentiality and data reductions technologies such as iscsi fiber channel over ip and fiber channel over ethernet as well as nas encapsulate storage communication protocols such as schezi fiber channel smb and cifs blocks inside of ethernet frames and in some cases, it encapsulates them in ip packets traditional sand technologies were technically not internet accessible because they weren't ip or ethernet enabled for data center and storage architects however there are distinct advantages in converging over ethernet and ip this reduces administrative complexity and costs and it allows for common networking and fabric technologies to be leveraged and it provides more flexibility in deployment now as with most things ease of access and uses usually has the potential to compromise security and converged network storage is no exception authentication authorization access controls and confidentiality controls must be closely examined when considering converged storage networks, for instance, you might want to look at end-to-end switch authentication for fiber channel and iscsi networks should they be incorporated into an ip or ethernet encapsulation from an authorization perspective storage ports, for instance, can perform things like device masking and they can allocate storage access based on authenticated initiators now from a storage access controlstandpoint you can still implement technologies such as zoning and fiber channel even when it's over IP and you can implement vans or virtual sans and fiber channel to provide segregation of traffic based on the node identity as well it's interesting to note that all the traditional fiber channel security controls can and should be implemented even though it can be encapsulated in ethernet or over IP it's really all the more reason to implement these traditional access controls in iscsi discovery domains, for instance, you can limit the scope of discovery based on an endnode's identity additionally IPV lands in the IP domain can allow for port-based or packet-based isolation technologies that secure ips such as IPsec can also be employed for further protection although there are performance considerations to take into account when using this approach encryption can take place at many levels within a computing infrastructure there are pros and cons to consider really with each approach some application developers choose to encrypt let's say at the application level meaning that they'll use code in the application to encrypt and decrypt information and a pro with this type of approach essentially is that you have complete flexibility in what and how the developer wants to encrypt the data which could be the management and leverage of encryption algorithms of their choosing now when encrypting at the application layer there tends to be a lack of standardization and approach and best practices and it always is something to consider when doing this at the application layer data can also be encrypted at the database level using this approach the database kernel can manage the encryption process in a way that's transparent to the application without changing the way it interacts benefits to this approach are that data encryption can be applied at the column or table space level and it also tends to be fairly performant especially with databases that can offload encryption activities to underlying hardware when considering database encryption it's important to understand that there should be a separation of duties in terms of key management in place between those that are managing the data and those that are governing the data it's a best practice for instance to have someone on a separate security team perform the key rotation and key management that doesn't manage the data now file and folder level encryption is an option for structured data, it's generally not a good idea or supported to encrypt database files using file and folder level encryption can be configured at the block level for nas devices and at the network level as well for instance application to database communications can be encrypted using JDBC over tls and you can also make sure that when you use this particular approach that you are segmenting your ip networks as well it's a good idea especially if a hacker has established a foothold onto a box in your internal network as they might have the capability to sniff internal traffic to capture that sensitive information so jdbc over tls encryption can be very helpful encryption at the hardware level is another option now this can happen in the disk or the san by itself by way of the host bus adapters and or via physical drives using said or self-encrypted drives now we'll cover said in more detail shortly as far as end workstations and mobile devices are concerned another option is full disk encryption which requires a password or other authenticator at boot up this protects stolen laptops in that hard drive information is encrypted and if an attacker removes the drive and attaches it to another system it'll essentially be unreadable drawbacks to this approach are the performance is usually impacted for the end user and recovering lost passwords is a real bear mobile devices such as smartphones now support encryption and remote wipe and this provides additional protection in scenarios where and when devices are lost or stolen it's also important when servers workstations laptops and devices are retired that they're properly sanitized by way of cryptographic erasure now what we mean by this is thatthis ensures that data remnants are unreadable and unusable after being decommissioned this is a big time saver because for instance the united states government requires that you go through three different formats of a drive low level formats before it's considered to be clean if you encrypt that data then we can do that much quicker and then ensure the security of the information when we decommission it much like managing physical locks and their associated keys encryption is your only it's really only as effective as your key management processes now we use a cryptographic key for one purpose only so it's best practice not to reuse those keys ephemeral keys should be used for data and fly it and long-lived keys should be used for data at rest we should keep data encryption and other keys separate and use randomly chosen keys to use the entire key space avoid weak keys need to have sufficient entropy and randomness and then finally we can also use hsms or hardware security modules to separate and manage and contain those keys in a separate manner and facilitate separation of duties, okay so there's a technology that is called tpm or the trusted platform module and what tpm is it's both the name of a published specification and it details essentially a secure crypto processor that can store cryptographic keys that protect information now this resides on the motherboard of a computer now this is called the tpm chip or tpm security device the tpm spec is the work of the tcg the trusted computing group now per this diagram you see the there are essentially four components within a tpm system chip the first is the secure i o system the second component is the cryptographic processor itself and the third is persistent memory for key operations and the fourth is versatile memory which is writable and is used for attestation identity keys and storage keys the trusted platform module offers facilities for the secure generation of crypto keys and limitation of their use in addition to a random number generator it includes capabilities such as remote attestation and sealed storage remote access station creates a nearly unforgeable hash key summary of the hardware and software configuration so the program encrypting the data determines the extent of the summary this allows a third party to verify that the software hasn't been changed in any way binding encrypts data using the tpm endorsement key it's a unique rsa key that's burned into the chip during the chip's production ceiling encrypts data in a similar manner to binding but in addition, specifies a state in which the tpm must be in order for the data to be decrypted or unsealed software can use a tpm to authenticate hardware devices since each tpm chip has a unique secret rsa key burned in as it's produced it's capable of performing platform authentication generally pushing the security down to the hardware level in conjunction withsoftware provides more protection than software only solution however even where a tpm is used the key would still be vulnerable while a software application that has obtained it from the tpm for instance is using it to perform the encryption decryption operations as this has been illustrated in the case of a cold boot attack this problem is essentially eliminated if the key used in the tpm isn't accessible on a bus that's external to programs and the decryption and encryption is done in the tpm so that's a best practice disk encryption can also include things like full disk encryption applications now these include apps such as truecrypt or secure dock and you have the dm crypt feature of modern linux kernels and then of course you have bitlocker drive encryption for windows operating systems you can use this technology to protect the keys used to encrypt the computer's hard disks and they can leverage tpm as a secure pathway a number of third-party full disk encryption products also support the tpm chip truecrypt however decided not to use it so password protection is supported access to keys is protected provided certain authentication and if the authentication mechanism is implemented in the software the axis typically is prone to what wecall dictionary attacks and since the TPM is implemented in a dedicated hardware module a dictionary attack prevention mechanism was built in at the tpm and this effectively prevents guessing or automated dictionary attacks while still allowing the user a sufficient and reasonable number of tries with this hardware-based dictionary attack prevention the user can opt for shorter or weaker passwords which are more memorable without this level of key protection only passwords with high complexity would provide sufficient protection sed stands for self-encrypting drives and in this model cryptographic processing actually takes place on the chips that are co-located in the drive itself the symmetric encryption key is maintained independently from the CPU which is a little different than the TPM model thus it removes computing memory as apotential attack vector disk sanitization can take place with seds meaning that they can do the encryption natively and they can self-generate new media encryption keys when they put the drive into a new state and the old data essentially becomes irretrievable by means of the sanitization process so for instance for example if i had an unencrypted disk drive that requires sanitizing to conform with dod standards you have to override it three times a one terabyte setup disk would take many hours to complete the process although the use of faster solid state drives and technologies improves the situation it still takes up quite a bit of time recent hardware models circumvent booting other devices and allowing access by using a dual master boot record system whereby the master boot record for the os and data files is all encrypted with a special boot record that requires to be booted and all the data requested or intercepted in the said firmware essentially will not allow decryption to take place unless the system has been booted from the special self-encrypting drive operating system which is a separate instance that's loaded in parallel in the master boot record of the encrypted part of the drive now this works by having a separate partition which is hidden from view it contains proprietary operating system for the encryption management system, this means that no other boot methods will allow access to the drive typical self-encrypting drives once unlocked will remain unlocked as long as power is provided so there have been numerous attacks however published on what is takes place when moving the drive to another computer without cutting power additionally it may be possible to reboot the computer into an attacker controlled os without cutting the power to the drive now obviously this is kind of tricky and it's kind of a corner case but it's important to understand that it's not a foolproof fail-safe technologyalthough it does provide good controls in summary the types of storage which include a femoral long-term disc and raw disc mean that the landscape of the storage threats that we're faced with are diverse and especially as we converge storage over IP as we put iscsi as we put fiber channel over ethernet and we encapsulate them in ethernet frames and we encapsulate them in IP then the attack landscape becomes greater other types of encryption we talked about are full disk database encryption cloud storage encryption and laptop and mobile encryption and we also covered the best management our best practices relative to key management for these environments.
As data breaches become more commonplace and as data becomes more distributed across cloud and mobile devices encryption of data has become a top priority for organizations and individuals any encryption is only as good as the protection of its keys let's talk about encryption key management procedures and best practices the scope of keys that need to be managed include keys for cloud access such as ssh keys for amazon machine images database encryption keys file encryption keys application encryption keys and digital certificates there are even keys that encrypt other keys that need to be managed so how many keys are we talking about well let's say you have 50 databases 10 different file repositories numerous websites and several hundred server operating system instances well what about desktops and laptops and what about mobile devices now you're talking about real numbers now what adds to the complexity is the key management's an ongoing process there's truly no set it and forget it if you truly want to be secure keys should be periodically changed and rotated additionally separation of duty should be enforced when managing keys as a general rule the admins administering the systems should be managing the keys for those systems and vice versa or shouldn't be and what about key recovery well another point of complication that needs to be addressed the kmip or key management interoperability protocol is the communication protocol that defines message formats for the manipulation of cryptographic keys on a key management server keys may be created on a server and then retrieved possibly wrapped by other keys both symmetric and asymmetric keys are supported including the ability to sign certificates kmip also defines messages that can be used to perform a cryptographic operation on a server such as encrypt and decrypt a kmip server stores and controls managed objects such as symmetric and asymmetric keys certificates and user-defined objects clients then use the protocol to access these objects subject to a security model that's implemented by the server's operations are provided to create locate retrieve and update these managed objects each managed object has an immutable value such as a key block that contains a cryptographic key they also contain mutable attributes which can be used to store metadata about the keys some attributes are derived directly from the values such as the cryptographic algorithm and length of a key other attributes are defined in the specification for the management of objects such as the application specific identifier which is usually derived from the tape by identification data additional identifiers can be defined by the server or the client as needed by the application each object is identified by a unique immutable object identifier that's generated by the server and is used to get object values managed objects may also be given a number of mutable but globally unique name attributes which can be used to locate these objects the types of managed objects that are included in kmip include symmetric keys public private keys certificates pgp keys split keys secret data such as passwords opaque data for client and server defined extensions as well the operations provided by kmip include create operations such as to create a new managed objects such as a symmetric key get activities which would be to retrieve an object's value given a unique identifier registration operations which are to store an externally generated key value and to add attributes get attributes and modify attributes as well as manipulation of the attributes of a managed object other functions of a kmip server are to locate in specific to retrieve a list of objects based on the conjunction of predicates re-keying is the process to create a new key that can replace an existing key kmip servers are also used to create key pairs such as asymmetric keys kmip servers also are used to re-certify things like certificates and conduct split and join operations of keys cryptographic operations performed and can be performed as well on the key management server so it's a good practice to implement the nist standard for key protocol management each key has a cryptographic state such as an initial value active values the key can be deactivated or maybe even the key is compromised and this helps us understand where it sits in conformance with the nist lifecycle guidelines the dates of each transformation are recorded which is perfect from an auditing perspective such as for instance the date that a key was activated now dates can be specified into the future so so that keys automatically become unavailable for specific operations as they expire key management is the management of cryptographic keys and encrypt the system now this includes dealing with the generation exchange storage use and even the replacement of these keys it includes key servers such as the keymap servers we talked about user procedures and other relevant protocols the top three critical best practices in key management are one to implement separation of duties this is a widely known control set that's in place to prevent fraud and other mishandling of information separation of duties means that different people control different procedures so that no one person controls multiple procedures when it comes to encryption key management the person or the person who managesencryption keys should not be the same person who has access to the actual encrypted data so dual control is also supported and this means that at least two people or two or more people are required to perform a single process now in the encryption key management realm this means at least two people should be needed to authenticate the access of an encryption key so that no single person has access to the red button split knowledge is a concept that prevents any one person from knowing the complete value of an encryption key or passcode two or more people should know parts of the value and all must be present to create or recreate the encryption key or passcode while split knowledge is not needed tocreate data encryption keys it is needed for the generation of master keys which are in turn used to protect the data encryption keys any encryption keys that are accessed or handled in the clear in any way should be protected using split knowledge the three core controls should always be used when storing or transferring encrypted data a certified hardened security module can be helpful to secure data encryption keys as well and key or master key information so NIST has a standard the fip standard which is 140 validation this certification ensures that your key manager has been tested against government standards and will stand up to the scrutiny in the event of the breach there are two primary types of key systems for storing encrypted data in modern systems they're single key and multiple key systems a single key system uses some type of key to encrypt the data and simple possession of that key is all that's needed to decrypt it if a black hat obtains that key he or she will be able to read your encrypted data now this is the most rudimentary of all key systems therefore the first thing to do with the single the key system is to create a log of keys that were used in the system and when they were used this would ensure the current key and any previous keys that were used to create tapes for instance that you're still using to store data if there's ever any possibility that a key has been compromised change the key immediately and make note of that in the key log the second thing you must do with a single key systemis to place your own process around the storage of the key log do whatever you can to ensure that no a single person can obtain access to the key log for example store the key log separately from your tapes and ensure that at least two people must sign another sign in and another to log in to gain access to the log now multiple key systems are a different type of system altogether these use one set of keys for encrypting the data and another set of keys for authenticating the administrators never actually see the keys used to encrypt the data they only see their username and the key even if an administrator would be able to steal a copy of the database used to store the encryption keys he or she wouldn't be able to use them to read your backup tapes for instance unless they had a system that was authorized to use these keys the concept of key escrow which is also known as a fair cryptosystem is an arrangement in which the keys need to be decrypted or they can be used to encrypt data these keys are held in escrow so that under certain circumstances only an authorized third party may gain access to these keys now these third parties may include businesses who may want to, for instance, access employees private communications or even governments who may wish to be able to see the contents of encrypted communications out-of-band and in-band key exchange are methods to exchange symmetric keys or even asymmetric keys when exchanging keys out of ban this essentially means that another channel hopefully a secure channel is used to exchange the keys for encryption and decryption now an in-band key exchange means that the encryption key is actually sent right alongside the encrypted data now there are ways to do this and the diffie-hellman protocol is a well-defined mechanism that's used all over the web to do just that traditionally secure encrypted communication between two parties required that they first exchange keys by some secure physical channels such as paper key lists transported by trusted courier now the diffie-hellman key exchange method allows two parties that have no prior knowledge of each other to jointly establish a shared secret key over an insecure channel now this key can then be used to encrypt subsequent communications using a symmetric key cipher a cryptographic key is called ephemeral if it is generated for each execution of a key establishment process in some key cases ephemeral keys are used more than once now within a single session where the sender generates only one ephemeral key pair per message and the private key is combined with each recipient's public key is another option now you can contrast this with a static key in cryptography the notion of key stretching refers to techniques used to make a possibly weak key typically a password or passphrase more secure against a brute force attack by increasing the time it takes to test each possible key passwords or passphrases created by humans are often short or predictable enough to allow password cracking key stretching makes it such difficult and very difficult for these attacks to take place key stretching techniques generally work as follows first the initial key is fed into an algorithm that outputs an enhanced key the enhanced key should be of sufficient size to make it unfeasible to break it by brute force at least 128 bits the overall algorithm should be secure in the sense that there should be no known way of taking a shortcut that would make it possible to calculate the enhanced key in less time then by using for instance the key stretching algorithm itself the key stretching process leaves the attacker with two options one either try every possible combination of the enhanced key or else try likely combinations of the initial key now in the latter approach here if the initial key is a password or a passphrase then the attacker would first try every word in a dictionary or common password list and then try all character combinations for longer passwords key stretching does not prevent this approach but the attacker has to spend much more time on each attempt the pbkdf2 standard applies a pseudo-random function such as a cryptographic hash cipher or hmac to the input password or passphrase along with the salt value and repeats the process many times to produce a derived key which can in turn then be used as a cryptographic key in subsequent communications the added computational work makes password cracking much more difficult and is known as key stress key stretching bcrypt is a key derivation function for passwords designed by Niels Provos and David mizeras now this is based on the Blowfish cipher and was presented in 1999 as a standard besides incorporating assault to protect against rainbow table attacks be crypt is an adaptive function over time the iteration count can be increased to make it slower so it remains resistant to brute force search attacks even with increasing computational power now certificates have a close relationship with keys they can contain keys for encryption and decryption purposes in the operation of some cryptosystems usually public key infrastructures involve the use of certificate revocation lists or crls and crls are a list of certificates that have been revoked and therefore entities presenting those revoked certificates should no longer be trusted a crl is generated and published periodically often at a defined interval a crl can also be published immediately after the certificate has been revoked the crl is always issued by the ca which issues the corresponding certificates all certificate revocation lists have a lifetime during which they're valid this time frame is usually 24 hours or less during this validity period it may be consulted by a pki enabled application to verify a certificate prior to use to prevent spoofing or denial of service attacks crls usually carry a digital signature.