here - Pearson

Download Report

Transcript here - Pearson

Data Protection
Chapter 9
Copyright Pearson Prentice Hall 2013

Explain the necessity for backup.

Describe backup scope and methods.

Describe the different RAID levels.

Explain the need for data storage policies.

Explain database protections.

Explain the need for database access controls, auditing, and
encryption.

Describe the difference between data leakage and data theft.

Explain data deletion, destruction, and disposal.

2
Explain digital rights management (DRM) and how it can
prevent data loss.
Copyright Pearson Prentice Hall 2013
3
Copyright Pearson Prentice Hall 2013

In prior chapters we focused on
◦ Protecting data as it passed over networks (Chapter 3)
◦ Hardening hosts that store data (Chapter 7)
◦ Securing applications that process data (Chapter 8)

4
This chapter will emphasize the protection of
stored data
Copyright Pearson Prentice Hall 2013
9.1 Introduction
9.2 Data Protection: Backup
9.3 Backup Media and RAID
9.4 Data Storage Policies
9.5 Database Security
9.6 Data Loss Prevention
5
Copyright Pearson Prentice Hall 2013


Data are the principal element of any
Information system
Businesses gather enormous amounts of data
◦ Information is then extracted for decision making
◦ Data are a valuable assets that are core components
of a larger corporate strategy
◦ Source code, intellectual property, user data, etc.
must all be protected
6
Copyright Pearson Prentice Hall 2013

Series of attacks against Sony Corp.
◦ Lost data for 100+ million user accounts
◦ Shut down the PlayStation Network

Subsequent SQL injection attack
◦ 1 million usernames and passwords stolen
◦ Passwords stored as plaintext
◦ Included names, e-mail addresses, phone numbers,
dates of birth, music coupons, layout of the
database, and maps of Sony’s internal corporate
network
7
Copyright Pearson Prentice Hall 2013


8
This chapter will primarily focus on securing
data while it is being stored
More specifically:
◦
How backup can prevent accidental data loss
◦
How to securely store data in a database
◦
How to prevent data from being taken out of the
corporation
◦
How to securely dispose of data
Copyright Pearson Prentice Hall 2013
9.1 Introduction
9.2 Data Protection: Backup
9.3 Backup Media and RAID
9.4 Data Storage Policies
9.5 Database Security
9.6 Data Loss Prevention
9
Copyright Pearson Prentice Hall 2013

Importance
◦ In an incident, you may lose all data that is not
backed up

Threats That Are Addressed by Backup
◦ Mechanical hard drive failure or damage in a fire or
flood
◦ Data on lost or stolen computers is not available to
the organization
◦ Malware can reformat the hard drive or do other
data destruction
10
Copyright Pearson Prentice Hall 2013

Scope of Backup
◦ Fraction of information on the hard drive that is
backed up

File/Directory Data Backup
◦ Select data files and directories to be backed up
 (Do not forget items on the desktop!)
◦ Not good for programs
11
Copyright Pearson Prentice Hall 2013
12
Copyright Pearson Prentice Hall 2013

Image Backup
◦ Everything, including programs and settings
◦ Image backup is very slow
◦ Data files change the most rapidly, so doing several
file/directory data backups for each image backup
may be appropriate

Shadowing
◦ A backup copy of each file being worked on is
written every few minutes to the hard drive, or to
another location
13
Copyright Pearson Prentice Hall 2013
14
Copyright Pearson Prentice Hall 2013

Full backups
◦ All files and directories
◦ Slow, so it is typically done weekly

Incremental Backups
◦ Only records changes since the last backup
◦ Fast, so usually done daily
◦ Do incremental backups until the next full backup
15
Copyright Pearson Prentice Hall 2013

Restoration Order
◦ Restore the full backup first
◦ Then restore incremental backups in the order
created
◦ (Otherwise, newer files will be overwritten)

Generations
◦ Save several generations of full backups
◦ Usually do not save incremental backups after the
next full backup
16
Copyright Pearson Prentice Hall 2013
Local backup on individual PCs difficult to enforce.
Centralized backup provides backup labor and
enforcement.
17
Copyright Pearson Prentice Hall 2013

Continuous Data Protection (CDP)
◦ Used when a firm has two server locations
◦ Each location backs up the other in real time
◦ Other site can take over very quickly in case of a
disaster, with little data loss
◦ Requires expensive high–speed transmission link
between the sites
18
Copyright Pearson Prentice Hall 2013
PCs back up one another.
Data is stored redundantly.
Security issues must be addressed.
19
Copyright Pearson Prentice Hall 2013
9.1 Introduction
9.2 Data Protection: Backup
9.3 Backup Media and RAID
9.4 Data Storage Policies
9.5 Database Security
9.6 Data Loss Prevention
20
Copyright Pearson Prentice Hall 2013

Servers Normally Use Magnetic Tape
◦ Slow but inexpensive per bit stored

Second hard drive on computer
◦ Very fast backup
◦ But lost if computer is stolen or burns in a fire
◦ Backup up on tape occasionally for archival (longterm storage)
21
Copyright Pearson Prentice Hall 2013

Clients Normally Use Optical disks (DVDs)
◦ Attraction is that almost all users have optical disk
burners
◦ Dual-layer DVDs offer about 8 GB of capacity
 This often is not enough
 User may have to insert additional disks to do
backup
◦ Backup up to a second client PC hard drive; then
occasionally back up onto optical disks
◦ The life of information on optical disks is unknown
22
Copyright Pearson Prentice Hall 2013

RAID—Redundant Array of Independent Disks
◦ Multiple hard drives within a single system

Increased reliability and performance
◦ A single hard drive failure won’t necessarily
precipitate data loss
◦ Multiple disks can be written to simultaneously

23
RAID Levels—ways of configuring multi-disk
arrays
Copyright Pearson Prentice Hall 2013
24
Copyright Pearson Prentice Hall 2013
Shipping Boxes
25
Storing Data
Copyright Pearson Prentice Hall 2013
26
Copyright Pearson Prentice Hall 2013

Striping—writing data simultaneously across
multiple disks
◦ Very fast, but no reliability
◦ One disk failure will cause complete data loss

Mirroring—creating an exact copy of a disk at
the same time
◦ Data transfer speeds remain nominal
◦ Virtually no data loss, but more costly to buy
additional hard drives
27
Copyright Pearson Prentice Hall 2013
28
Copyright Pearson Prentice Hall 2013
29
Copyright Pearson Prentice Hall 2013
30
Copyright Pearson Prentice Hall 2013
31
Copyright Pearson Prentice Hall 2013
9.1 Introduction
9.2 Data Protection: Backup
9.3 Backup Media and RAID
9.4 Data Storage Policies
9.5 Database Security
9.6 Data Loss Prevention
32
Copyright Pearson Prentice Hall 2013

Backup Creation Policies
◦ Understand current system and
future needs
◦ Create policies for different types of data and
computer
◦ What should be backed up, how frequently, how
frequently to test restorations, etc.

Restoration Policies
◦ Do restoration tests frequently
33
Copyright Pearson Prentice Hall 2013

Media Storage Location
Policies
◦ Store media at a different site
◦ Store backup media in a fireproof and waterproof
safe until it can be moved offsite

Encryption Policies
◦ Encrypt backup media before moving them so that
confidential information will not be exposed if the
tape is stolen or lost
34
Copyright Pearson Prentice Hall 2013

Strongly Access Control Policies for Backup
Media
◦ Checkouts are rare and therefore suspicious
◦ Checking out media can result in their loss and the
damages that come with this loss
◦ The manager of the person requesting the checkout
should approve the checkout
35
Copyright Pearson Prentice Hall 2013

Data Retention Policies
◦ There are strong legal
requirements for how long
certain types of data must be kept
◦ The legal department must get involved in retention
policies.

Auditing Policy Compliance
◦ All policies should be audited
◦ Includes tracing what happened in samples of data
36
Copyright Pearson Prentice Hall 2013

Benefits of Retention
◦ Major part of corporate memory
◦ Often need to retrieve old mail for current purposes

Dangers of Retention
◦ Legal discovery process
◦ Defendant must supply relevant e-mails
◦ Potentially very damaging information
◦ Always expensive
◦ Even if very expensive to retrieve, firms must pay
whatever is necessary to do so
37
Copyright Pearson Prentice Hall 2013

Accidental Retention
◦ Even if firms delete e-mail from mail servers
◦ May be stored on backup tapes
◦ Users will often store copies on their own
computers
38
Copyright Pearson Prentice Hall 2013

Legal Archiving Requirements
◦ Many laws require retention
 Securities and Exchange Commission
 Many labor laws
 Involuntary terminations
 Public information about job openings
 Medical problem complaints that may relate to
toxic chemicals
◦ Laws vary in duration of storage requirements
◦ Fines or summary judgments if fail to retain and
produce required e-mails
39
Copyright Pearson Prentice Hall 2013

U.S. Federal Rules of Civil Procedure
◦ Specify rules for all U.S. federal civil trials
◦ Specifically address electronically stored
information
◦ Initial discovery meeting
 Defendant must be able to specify what
information is available
 Comes shortly after a civil lawsuit begins
 Unless carefully thought through beforehand, will
fail
40
Copyright Pearson Prentice Hall 2013

U.S. Federal Rules of Civil Procedure
◦ Holds on destruction
 Must be put in place if it is foreseeable that a
lawsuit will soon begin
 Must have strong hold procedures to place holds
on all electronically stored information

Archiving Policies and Processes
◦ Must have them
◦ Must reflect a firm’s legal environment
◦ Must be drawn up with the firm’s legal department
41
Copyright Pearson Prentice Hall 2013

Message Authentication
◦ Spoofed messages can frame employees or the firm
itself
◦ Need message authentication to prevent spoofed
sender addresses

User Training
◦ Never put anything in a message that you would not
want seen in court, printed in the newspaper, or
read by your boss
42
Copyright Pearson Prentice Hall 2013

Spreadsheet Security
◦ Spreadsheets are widely used and the subject of
many compliance regulations
◦ Need for security testing
◦ Spreadsheet vault server to implement controls
43
Copyright Pearson Prentice Hall 2013
2.
Spreadsheets record each
change for auditing purposes
1.
The vault server stores spreadsheets
and strongly controls access to them.
Authentication
Authorizations
Auditing
44
Copyright Pearson Prentice Hall 2013
3.
Cryptographic
Protections for
Transmissions
4.
Strong Client
Security
45
Copyright Pearson Prentice Hall 2013
9.1 Introduction
9.2 Data Protection: Backup
9.3 Backup Media and RAID
9.4 Data Storage Policies
9.5 Database Security
9.6 Data Loss Prevention
46
Copyright Pearson Prentice Hall 2013

Databases
◦ Often used in mission-critical applications
◦ Require additional security precautions
◦ Relational databases: tables (relations) with rows
(records) and columns (attributes)
◦ As discussed earlier, avoid SQL injection attacks
47
Copyright Pearson Prentice Hall 2013
48
Copyright Pearson Prentice Hall 2013

Databases
◦ Restrict Access to Data
 Restrict users to certain columns (attributes) in
each row
 For instance, deny access to salary column to most users
 Limit access control to rows
 For instance, only rows containing data about people in
the user’s own department
49
Copyright Pearson Prentice Hall 2013
50
Copyright Pearson Prentice Hall 2013

Databases
◦ Restrict granularity (level of detail)
 Prevent access to individual data
 Allow trend analysts to deal only with sums and
averages for aggregates such as departments
◦ Restrict information about the structure of the
database itself (data model)
 Knowledge about the data model can make SQL
injection much easier
51
Copyright Pearson Prentice Hall 2013

Database Access Control
◦ Restrict access to databases via database management
systems (e.g., Microsoft SQL Server, MySQL, IBM DB2,
Oracle, etc.)
◦ Rename administrator account, disable guest/public
accounts, lowest possible permissions necessary

SQL Injection Attacks
◦ Data must be sanitized to remove unacceptable characters
◦ Stored procedures can be used to sanitize and validate
incoming data
52
Copyright Pearson Prentice Hall 2013
1. Windows
authentication
2. SQL Server
authentication
3. Password
policy options
53
Copyright Pearson Prentice Hall 2013

Database Auditing
◦ Collect information about users’ interactions with
databases
◦ Policy driven, reflecting legal and regulatory obligations

What should be audited?
◦ Logins, changes to the database, warnings, exceptions, and
special access
54
Copyright Pearson Prentice Hall 2013


Trigger—code that is automatically run when
changes are made to a database
Data Definition Language (DDL) trigger
◦ Used to produce automatic responses if the structure of the
database has been altered (e.g., create new table, drop a
table, alter properties of an existing table)

Data Manipulation Language (DML) trigger
◦ Used to produce automatic responses if the data has been
altered (e.g., data are inserted, updated, or deleted)
55
Copyright Pearson Prentice Hall 2013
CREATE TRIGGER EmployeeSalaryChange
ON Employees
FOR UPDATE
AS
DECLARE @EmailBody varchar(1000)
DECLARE @FirstName varchar(20)
DECLARE @LastName varchar(20)
DECLARE @OldSalary int
DECLARE @NewSalary int
IF UPDATE (Salary)
SELECT @FirstName = First_Name,
@LastName = Last_Name,
@OldSalary = Salary
FROM deleted d
SELECT @NewSalary = Salary
FROM inserted
SET @body = 'I just wanted to let you know that @FirstName ' '
@LastName ' changed their salary from' @OldSalary ' to ' @NewSalary
EXEC master..xp_sendmail
@recipients = '[email protected]',
@subject = 'Somebody changed their salary',
@message = @body
GO
56
Copyright Pearson Prentice Hall 2013
57
Copyright Pearson Prentice Hall 2013

Encryption
◦ Makes data unreadable to
someone who does not have the key
◦ Prevents theft of private or trade secret information
◦ May reduce legal liability if lost or stolen data is
encrypted

What to Encrypt
◦ Files and directories
◦ The entire disk
58
Copyright Pearson Prentice Hall 2013

Key Escrow
◦ Loss of the key is disastrous
 Not like losing a password that can be reset
◦ Key escrow stores a copy of the key in a safe place
◦ Bad if managed by user
 May not do it
 May not be able to find it
 If fired, may refuse to give it, locking up all data
on the computer
◦ Central key escrow on a corporate server is better
59
Copyright Pearson Prentice Hall 2013

Strong Login Authentication Is Needed
◦ Encryption is transparent to logged-in users
 Once a user is logged in, he or she can see all
encrypted data
◦ Protect with strong password or biometrics
 Ensure that the password is not lost

File-Sharing Problems
◦ File sharing may be more difficult because files
usually have to be decrypted before sending them
to another computer
60
Copyright Pearson Prentice Hall 2013
9.1 Introduction
9.2 Data Protection: Backup
9.3 Backup Media and RAID
9.4 Data Storage Policies
9.5 Database Security
9.6 Data Loss Prevention
61
Copyright Pearson Prentice Hall 2013

Data Loss Prevention (DLP)
◦ A set of policies, procedures, and systems
designed to prevent sensitive data from being
released to unauthorized persons

Data Collection
◦ Most companies collect more data than they can
adequately protect
62
Copyright Pearson Prentice Hall 2013

Personally Identifiable Information (PII)
◦ Private employee or customer information that
can be used to uniquely identify a person
◦ PII includes: names (full name), personal
identification numbers (SSN), addresses (street or
e-mail), personal characteristics (photo), and
linking information (date of birth)

Data Masking
◦ Obscuring data such that it cannot identify a
specific person, but remains practically useful
63
Copyright Pearson Prentice Hall 2013

Spiders (crawlers)—navigate the Web gathering,

Web scraper—tool that extracts predefined data
organizing, and indexing web content
from specified web pages
 Can aggregate extracted data from multiple websites

64
Mashup—combining data from various sites or
applications
Copyright Pearson Prentice Hall 2013
65
Copyright Pearson Prentice Hall 2013
Latanya Sweeney, k-anonymity: a model for protecting privacy. International Journal
on Uncertainty, Fuzziness and Knowledge-based Systems, 10 (5), 2002; 557-570.
66
Copyright Pearson Prentice Hall 2013
Geometry
Information
60°
Zip
code
Equilateral
triangle
60°
X°
X = 60°
If you know the name of the
triangle is “equilateral” and two of
the three angles are 60 °, then you
know the third angle is also 60 °.
67
Birth
date
Gender
Person = 87% chance of
being identified
If you know a person’s zip code,
date of birth, and gender, then there
is an 87% chance you can
correctly identify that person.
Copyright Pearson Prentice Hall 2013

Document Restrictions
◦ Attempt to restrict what users can do to
documents, in order to reduce security threats
◦ Embryonic

Digital Rights Management (DRM)
◦ Prevent unauthorized copying,
printing, etc.
◦ May not be able to see parts
of documents
68
Copyright Pearson Prentice Hall 2013

Data Extrusion Management
◦ Attempts to prevent restricted
data files from leaving the firm
without permission
◦ Watermark with invisible restriction indicators
 Can be notified if sent via e-mail attachments or
FTP
 If each document is given a different watermark,
can forensically identify the source of a document
leak
◦ Traffic analysis to look for unusually large numbers
of outgoing files sent by a user
69
Copyright Pearson Prentice Hall 2013
70
Copyright Pearson Prentice Hall 2013

Removable Media Controls
◦ Forbid the attachment of USB RAM drives and other
portable media
◦ Reduces user abilities to make copies

Perspective
◦ Have proven difficult to enforce
◦ Often reduces functionality in uncomfortable ways
◦ Companies have been reluctant to use them
71
Copyright Pearson Prentice Hall 2013
72
Copyright Pearson Prentice Hall 2013

Social Networking
◦ Do not discuss work on personal blogs
 Don’t talk about new marketing campaigns
 Don’t post negative comments about products
◦ Be cautious about information posted on
professional networks
 Competitors can use employee lists to hire away
key employees
73
Copyright Pearson Prentice Hall 2013

Data Destruction Is Necessary
◦ Backup media are not needed beyond
their retention dates
 If a computer is to be discarded
 If the computer is to be sold or given to another
user
◦ Drive-wiping software for hard drives
 Reformatting the hard drive is not enough
◦ Shredding for CDs and DVDs
74
Copyright Pearson Prentice Hall 2013
75
Copyright Pearson Prentice Hall 2013
76
Copyright © 2013 Pearson Education, Inc.
Publishing as Prentice Hall