Upload
milton-grant
View
213
Download
0
Embed Size (px)
Citation preview
Data ProtectionData Protection
Chapter 9Chapter 9
Copyright Pearson Prentice Hall Copyright Pearson Prentice Hall 20132013
Explain the necessity for backup.
Describe backup scope and methods.
Describe the different RAID levels.
Explain the need for data storage policies.
Explain database protections.
Explain the need for database access controls, auditing, and encryption.
Describe the difference between data leakage and data theft.
Explain data deletion, destruction, and disposal.
Explain digital rights management (DRM) and how it can prevent data loss.
2Copyright Pearson Prentice Hall 2013Copyright Pearson Prentice Hall 2013
3 Copyright Pearson Prentice Hall 2013Copyright Pearson Prentice Hall 2013
In prior chapters we focused on ◦ Protecting data as it passed over networks (Chapter
3)
◦ Hardening hosts that store data (Chapter 7)
◦ Securing applications that process data (Chapter 8)
This chapter will emphasize the protection of stored data
4 Copyright Pearson Prentice Hall 2013Copyright Pearson Prentice Hall 2013
9.1 Introduction9.1 Introduction
9.2 Data Protection: Backup9.2 Data Protection: Backup
9.3 Backup Media and RAID9.3 Backup Media and RAID
9.4 Data Storage Policies9.4 Data Storage Policies
9.5 Database Security9.5 Database Security
9.6 Data Loss Prevention9.6 Data Loss Prevention
5Copyright Pearson Prentice Hall 2013Copyright Pearson Prentice Hall 2013
Data are the principal element of any Information system
Businesses gather enormous amounts of data◦ Information is then extracted for decision making
◦ Data are a valuable assets that are core components of a larger corporate strategy
◦ Source code, intellectual property, user data, etc. must all be protected
6 Copyright Pearson Prentice Hall 2013Copyright Pearson Prentice Hall 2013
Series of attacks against Sony Corp.◦ Lost data for 100+ million user accounts
◦ Shut down the PlayStation Network
Subsequent SQL injection attack◦ 1 million usernames and passwords stolen
◦ Passwords stored as plaintext
◦ Included names, e-mail addresses, phone numbers, dates of birth, music coupons, layout of the database, and maps of Sony’s internal corporate network
7 Copyright Pearson Prentice Hall 2013Copyright Pearson Prentice Hall 2013
This chapter will primarily focus on securing data while it is being stored
More specifically:◦ How backup can prevent accidental data loss
◦ How to securely store data in a database
◦ How to prevent data from being taken out of the corporation
◦ How to securely dispose of data
8 Copyright Pearson Prentice Hall 2013Copyright Pearson Prentice Hall 2013
9.1 Introduction9.1 Introduction
9.2 Data Protection: Backup9.2 Data Protection: Backup
9.3 Backup Media and RAID9.3 Backup Media and RAID
9.4 Data Storage Policies9.4 Data Storage Policies
9.5 Database Security9.5 Database Security
9.6 Data Loss Prevention9.6 Data Loss Prevention
9Copyright Pearson Prentice Hall 2013Copyright Pearson Prentice Hall 2013
Importance◦ In an incident, you may lose all data that is not
backed up
Threats That Are Addressed by Backup◦ Mechanical hard drive failure or damage in a fire
or flood
◦ Data on lost or stolen computers is not available to the organization
◦ Malware can reformat the hard drive or do other data destruction
10 Copyright Pearson Prentice Hall 2013Copyright Pearson Prentice Hall 2013
Scope of Backup◦ Fraction of information on the hard drive that is
backed up
File/Directory Data Backup◦ Select data files and directories to be backed up
(Do not forget items on the desktop!)
◦ Not good for programs
11 Copyright Pearson Prentice Hall 2013Copyright Pearson Prentice Hall 2013
12 Copyright Pearson Prentice Hall 2013Copyright Pearson Prentice Hall 2013
Image Backup◦ Everything, including programs and settings
◦ Image backup is very slow
◦ Data files change the most rapidly, so doing several file/directory data backups for each image backup may be appropriate
Shadowing◦ A backup copy of each file being worked on is
written every few minutes to the hard drive, or to another location
13 Copyright Pearson Prentice Hall 2013Copyright Pearson Prentice Hall 2013
14 Copyright Pearson Prentice Hall 2013Copyright Pearson Prentice Hall 2013
Full backups◦ All files and directories
◦ Slow, so it is typically done weekly
Incremental Backups◦ Only records changes since the last backup
◦ Fast, so usually done daily
◦ Do incremental backups until the next full backup
15 Copyright Pearson Prentice Hall 2013Copyright Pearson Prentice Hall 2013
Restoration Order◦ Restore the full backup first
◦ Then restore incremental backups in the order created
◦ (Otherwise, newer files will be overwritten)
Generations◦ Save several generations of full backups
◦ Usually do not save incremental backups after the next full backup
16 Copyright Pearson Prentice Hall 2013Copyright Pearson Prentice Hall 2013
17
Local backup on individual PCs difficult to enforce.
Centralized backup provides backup labor and enforcement.
Local backup on individual PCs difficult to enforce.
Centralized backup provides backup labor and enforcement.
Copyright Pearson Prentice Hall 2013Copyright Pearson Prentice Hall 2013
Continuous Data Protection (CDP)◦ Used when a firm has two server locations
◦ Each location backs up the other in real time
◦ Other site can take over very quickly in case of a disaster, with little data loss
◦ Requires expensive high–speed transmission link between the sites
18 Copyright Pearson Prentice Hall 2013Copyright Pearson Prentice Hall 2013
19
PCs back up one another.Data is stored redundantly.
Security issues must be addressed.
PCs back up one another.Data is stored redundantly.
Security issues must be addressed.
Copyright Pearson Prentice Hall 2013Copyright Pearson Prentice Hall 2013
9.1 Introduction9.1 Introduction
9.2 Data Protection: Backup9.2 Data Protection: Backup
9.3 Backup Media and RAID9.3 Backup Media and RAID
9.4 Data Storage Policies9.4 Data Storage Policies
9.5 Database Security9.5 Database Security
9.6 Data Loss Prevention9.6 Data Loss Prevention
20Copyright Pearson Prentice Hall 2013Copyright Pearson Prentice Hall 2013
Servers Normally Use Magnetic Tape◦ Slow but inexpensive per bit stored
Second hard drive on computer◦ Very fast backup
◦ But lost if computer is stolen or burns in a fire
◦ Backup up on tape occasionally for archival (long-term storage)
21 Copyright Pearson Prentice Hall 2013Copyright Pearson Prentice Hall 2013
Clients Normally Use Optical disks (DVDs)◦ Attraction is that almost all users have optical disk
burners
◦ Dual-layer DVDs offer about 8 GB of capacity This often is not enough User may have to insert additional disks to do
backup
◦ Backup up to a second client PC hard drive; then occasionally back up onto optical disks
◦ The life of information on optical disks is unknown
22 Copyright Pearson Prentice Hall 2013Copyright Pearson Prentice Hall 2013
RAID—Redundant Array of Independent Disks◦ Multiple hard drives within a single system
Increased reliability and performance◦ A single hard drive failure won’t necessarily
precipitate data loss
◦ Multiple disks can be written to simultaneously
RAID Levels—ways of configuring multi-disk arrays
23 Copyright Pearson Prentice Hall 2013Copyright Pearson Prentice Hall 2013
24 Copyright Pearson Prentice Hall 2013Copyright Pearson Prentice Hall 2013
25
Shipping Boxes Storing Data
Copyright Pearson Prentice Hall 2013Copyright Pearson Prentice Hall 2013
Striping—writing data simultaneously across multiple disks◦ Very fast, but no reliability
◦ One disk failure will cause complete data loss
Mirroring—creating an exact copy of a disk at the same time◦ Data transfer speeds remain nominal
◦ Virtually no data loss, but more costly to buy additional hard drives
26 Copyright Pearson Prentice Hall 2013Copyright Pearson Prentice Hall 2013
27 Copyright Pearson Prentice Hall 2013Copyright Pearson Prentice Hall 2013
28 Copyright Pearson Prentice Hall 2013Copyright Pearson Prentice Hall 2013
29 Copyright Pearson Prentice Hall 2013Copyright Pearson Prentice Hall 2013
30 Copyright Pearson Prentice Hall 2013Copyright Pearson Prentice Hall 2013
31 Copyright Pearson Prentice Hall 2013Copyright Pearson Prentice Hall 2013
9.1 Introduction9.1 Introduction
9.2 Data Protection: Backup9.2 Data Protection: Backup
9.3 Backup Media and RAID9.3 Backup Media and RAID
9.4 Data Storage Policies9.4 Data Storage Policies
9.5 Database Security9.5 Database Security
9.6 Data Loss Prevention9.6 Data Loss Prevention
32Copyright Pearson Prentice Hall 2013Copyright Pearson Prentice Hall 2013
Backup Creation Policies◦ Understand current system and
future needs
◦ Create policies for different types of data and computer
◦ What should be backed up, how frequently, how frequently to test restorations, etc.
Restoration Policies◦ Do restoration tests frequently
33 Copyright Pearson Prentice Hall 2013Copyright Pearson Prentice Hall 2013
Media Storage Location Policies◦ Store media at a different site
◦ Store backup media in a fireproof and waterproof safe until it can be moved offsite
Encryption Policies◦ Encrypt backup media before moving them so
that confidential information will not be exposed if the tape is stolen or lost
34 Copyright Pearson Prentice Hall 2013Copyright Pearson Prentice Hall 2013
Strongly Access Control Policies for Backup Media◦ Checkouts are rare and therefore suspicious
◦ Checking out media can result in their loss and the damages that come with this loss
◦ The manager of the person requesting the checkout should approve the checkout
35 Copyright Pearson Prentice Hall 2013Copyright Pearson Prentice Hall 2013
Data Retention Policies◦ There are strong legal
requirements for how long certain types of data must be kept
◦ The legal department must get involved in retention policies.
Auditing Policy Compliance◦ All policies should be audited
◦ Includes tracing what happened in samples of data
36 Copyright Pearson Prentice Hall 2013Copyright Pearson Prentice Hall 2013
Benefits of Retention◦ Major part of corporate memory
◦ Often need to retrieve old mail for current purposes
Dangers of Retention◦ Legal discovery process
◦ Defendant must supply relevant e-mails
◦ Potentially very damaging information
◦ Always expensive
◦ Even if very expensive to retrieve, firms must pay whatever is necessary to do so
37 Copyright Pearson Prentice Hall 2013Copyright Pearson Prentice Hall 2013
Accidental Retention◦ Even if firms delete e-mail from mail servers
◦ May be stored on backup tapes
◦ Users will often store copies on their own computers
38 Copyright Pearson Prentice Hall 2013Copyright Pearson Prentice Hall 2013
Legal Archiving Requirements◦ Many laws require retention
Securities and Exchange Commission Many labor laws Involuntary terminations Public information about job openings Medical problem complaints that may relate to
toxic chemicals
◦ Laws vary in duration of storage requirements
◦ Fines or summary judgments if fail to retain and produce required e-mails
39 Copyright Pearson Prentice Hall 2013Copyright Pearson Prentice Hall 2013
U.S. Federal Rules of Civil Procedure◦ Specify rules for all U.S. federal civil trials
◦ Specifically address electronically stored information
◦ Initial discovery meeting Defendant must be able to specify what
information is available Comes shortly after a civil lawsuit begins Unless carefully thought through beforehand,
will fail
40 Copyright Pearson Prentice Hall 2013Copyright Pearson Prentice Hall 2013
U.S. Federal Rules of Civil Procedure◦ Holds on destruction
Must be put in place if it is foreseeable that a lawsuit will soon begin
Must have strong hold procedures to place holds on all electronically stored information
Archiving Policies and Processes◦ Must have them
◦ Must reflect a firm’s legal environment
◦ Must be drawn up with the firm’s legal department
41 Copyright Pearson Prentice Hall 2013Copyright Pearson Prentice Hall 2013
Message Authentication◦ Spoofed messages can frame employees or the
firm itself
◦ Need message authentication to prevent spoofed sender addresses
User Training◦ Never put anything in a message that you would
not want seen in court, printed in the newspaper, or read by your boss
42 Copyright Pearson Prentice Hall 2013Copyright Pearson Prentice Hall 2013
Spreadsheet Security
◦ Spreadsheets are widely used and the subject of many compliance regulations
◦ Need for security testing
◦ Spreadsheet vault server to implement controls
43 Copyright Pearson Prentice Hall 2013Copyright Pearson Prentice Hall 2013
44
1.The vault server stores
spreadsheets and strongly controls access to them.AuthenticationAuthorizations
Auditing
1.The vault server stores
spreadsheets and strongly controls access to them.AuthenticationAuthorizations
Auditing
2.Spreadsheets record each
change for auditing purposes
2.Spreadsheets record each
change for auditing purposes
Copyright Pearson Prentice Hall 2013Copyright Pearson Prentice Hall 2013
45
3.Cryptographic Protections for Transmissions
3.Cryptographic Protections for Transmissions
4.Strong Client
Security
4.Strong Client
Security
Copyright Pearson Prentice Hall 2013Copyright Pearson Prentice Hall 2013
9.1 Introduction9.1 Introduction
9.2 Data Protection: Backup9.2 Data Protection: Backup
9.3 Backup Media and RAID9.3 Backup Media and RAID
9.4 Data Storage Policies9.4 Data Storage Policies
9.5 Database Security9.5 Database Security
9.6 Data Loss Prevention9.6 Data Loss Prevention
46Copyright Pearson Prentice Hall 2013Copyright Pearson Prentice Hall 2013
Databases◦ Often used in mission-critical applications
◦ Require additional security precautions
◦ Relational databases: tables (relations) with rows (records) and columns (attributes)
◦ As discussed earlier, avoid SQL injection attacks
47 Copyright Pearson Prentice Hall 2013Copyright Pearson Prentice Hall 2013
48 Copyright Pearson Prentice Hall 2013Copyright Pearson Prentice Hall 2013
Databases◦ Restrict Access to Data
Restrict users to certain columns (attributes) in each row For instance, deny access to salary column to most
users
Limit access control to rows For instance, only rows containing data about people in
the user’s own department
49 Copyright Pearson Prentice Hall 2013Copyright Pearson Prentice Hall 2013
50 Copyright Pearson Prentice Hall 2013Copyright Pearson Prentice Hall 2013
Databases◦ Restrict granularity (level of detail)
Prevent access to individual data
Allow trend analysts to deal only with sums and averages for aggregates such as departments
◦ Restrict information about the structure of the database itself (data model) Knowledge about the data model can make SQL
injection much easier
51 Copyright Pearson Prentice Hall 2013Copyright Pearson Prentice Hall 2013
Database Access Control◦ Restrict access to databases via database management
systems (e.g., Microsoft SQL Server, MySQL, IBM DB2, Oracle, etc.)
◦ Rename administrator account, disable guest/public accounts, lowest possible permissions necessary
SQL Injection Attacks◦ Data must be sanitized to remove unacceptable
characters
◦ Stored procedures can be used to sanitize and validate incoming data
52 Copyright Pearson Prentice Hall 2013Copyright Pearson Prentice Hall 2013
53
1. Windows authentication
2. SQL Server authentication
3. Password policy options
Copyright Pearson Prentice Hall 2013Copyright Pearson Prentice Hall 2013
Database Auditing◦ Collect information about users’ interactions with
databases
◦ Policy driven, reflecting legal and regulatory obligations
What should be audited?◦ Logins, changes to the database, warnings, exceptions,
and special access
54 Copyright Pearson Prentice Hall 2013Copyright Pearson Prentice Hall 2013
Trigger—code that is automatically run when changes are made to a database
Data Definition Language (DDL) trigger◦ Used to produce automatic responses if the structure of
the database has been altered (e.g., create new table, drop a table, alter properties of an existing table)
Data Manipulation Language (DML) trigger◦ Used to produce automatic responses if the data has
been altered (e.g., data are inserted, updated, or deleted)
55 Copyright Pearson Prentice Hall 2013Copyright Pearson Prentice Hall 2013
56
CREATE TRIGGER EmployeeSalaryChange ON Employees FOR UPDATEAS DECLARE @EmailBody varchar(1000) DECLARE @FirstName varchar(20) DECLARE @LastName varchar(20) DECLARE @OldSalary int DECLARE @NewSalary int
IF UPDATE (Salary)
SELECT @FirstName = First_Name, @LastName = Last_Name, @OldSalary = SalaryFROM deleted d
SELECT @NewSalary = SalaryFROM inserted
SET @body = 'I just wanted to let you know that @FirstName ' ' @LastName ' changed their salary from' @OldSalary ' to ' @NewSalary
EXEC master..xp_sendmail@recipients = '[email protected]',@subject = 'Somebody changed their salary',@message = @body
GO
Copyright Pearson Prentice Hall 2013Copyright Pearson Prentice Hall 2013
57 Copyright Pearson Prentice Hall 2013Copyright Pearson Prentice Hall 2013
Encryption◦ Makes data unreadable to
someone who does not have the key
◦ Prevents theft of private or trade secret information
◦ May reduce legal liability if lost or stolen data is encrypted
What to Encrypt◦ Files and directories
◦ The entire disk
58 Copyright Pearson Prentice Hall 2013Copyright Pearson Prentice Hall 2013
Key Escrow◦ Loss of the key is disastrous
Not like losing a password that can be reset
◦ Key escrow stores a copy of the key in a safe place
◦ Bad if managed by user May not do it May not be able to find it If fired, may refuse to give it, locking up all data
on the computer
◦ Central key escrow on a corporate server is better
59 Copyright Pearson Prentice Hall 2013Copyright Pearson Prentice Hall 2013
Strong Login Authentication Is Needed◦ Encryption is transparent to logged-in users
Once a user is logged in, he or she can see all encrypted data
◦ Protect with strong password or biometrics Ensure that the password is not lost
File-Sharing Problems◦ File sharing may be more difficult because files
usually have to be decrypted before sending them to another computer
60 Copyright Pearson Prentice Hall 2013Copyright Pearson Prentice Hall 2013
9.1 Introduction9.1 Introduction
9.2 Data Protection: Backup9.2 Data Protection: Backup
9.3 Backup Media and RAID9.3 Backup Media and RAID
9.4 Data Storage Policies9.4 Data Storage Policies
9.5 Database Security9.5 Database Security
9.6 Data Loss Prevention9.6 Data Loss Prevention
61Copyright Pearson Prentice Hall 2013Copyright Pearson Prentice Hall 2013
Data Loss Prevention (DLP)
◦ A set of policies, procedures, and systems designed to prevent sensitive data from being released to unauthorized persons
Data Collection◦ Most companies collect more data than they can
adequately protect
62 Copyright Pearson Prentice Hall 2013Copyright Pearson Prentice Hall 2013
Personally Identifiable Information (PII)◦ Private employee or customer information that
can be used to uniquely identify a person
◦ PII includes: names (full name), personal identification numbers (SSN), addresses (street or e-mail), personal characteristics (photo), and linking information (date of birth)
Data Masking◦ Obscuring data such that it cannot identify a
specific person, but remains practically useful
63 Copyright Pearson Prentice Hall 2013Copyright Pearson Prentice Hall 2013
Spiders (crawlers)—navigate the Web gathering, organizing, and indexing web content
Web scraper—tool that extracts predefined data from specified web pages
Can aggregate extracted data from multiple websites
Mashup—combining data from various sites or applications
64 Copyright Pearson Prentice Hall 2013Copyright Pearson Prentice Hall 2013
65 Copyright Pearson Prentice Hall 2013Copyright Pearson Prentice Hall 2013
66
Latanya Sweeney, k-anonymity: a model for protecting privacy. International Journal on Uncertainty, Fuzziness and Knowledge-based Systems, 10 (5), 2002; 557-570.
Copyright Pearson Prentice Hall 2013Copyright Pearson Prentice Hall 2013
67
60°
60° X°
X = 60°
Zipcode
Birth date Gender
Person = 87% chance of being identified
Equilateral triangle
If you know the name of the triangle is “equilateral” and two of the three angles are 60 °, then you know the third angle is also 60 °.
If you know the name of the triangle is “equilateral” and two of the three angles are 60 °, then you know the third angle is also 60 °.
If you know a person’s zip code, date of birth, and gender, then there is an 87% chance you can correctly identify that person.
If you know a person’s zip code, date of birth, and gender, then there is an 87% chance you can correctly identify that person.
Geometry Information
Copyright Pearson Prentice Hall 2013Copyright Pearson Prentice Hall 2013
Document Restrictions◦ Attempt to restrict what users can do to
documents, in order to reduce security threats
◦ Embryonic
Digital Rights Management (DRM)◦ Prevent unauthorized copying,
printing, etc.
◦ May not be able to see parts of documents
68 Copyright Pearson Prentice Hall 2013Copyright Pearson Prentice Hall 2013
Data Extrusion Management◦ Attempts to prevent restricted
data files from leaving the firm without permission
◦ Watermark with invisible restriction indicators Can be notified if sent via e-mail attachments or
FTP If each document is given a different watermark,
can forensically identify the source of a document leak
◦ Traffic analysis to look for unusually large numbers of outgoing files sent by a user
69 Copyright Pearson Prentice Hall 2013Copyright Pearson Prentice Hall 2013
70 Copyright Pearson Prentice Hall 2013Copyright Pearson Prentice Hall 2013
Removable Media Controls◦ Forbid the attachment of USB RAM drives and
other portable media
◦ Reduces user abilities to make copies
Perspective◦ Have proven difficult to enforce
◦ Often reduces functionality in uncomfortable ways
◦ Companies have been reluctant to use them
71 Copyright Pearson Prentice Hall 2013Copyright Pearson Prentice Hall 2013
72 Copyright Pearson Prentice Hall 2013Copyright Pearson Prentice Hall 2013
Social Networking◦ Do not discuss work on personal blogs
Don’t talk about new marketing campaigns Don’t post negative comments about products
◦ Be cautious about information posted on professional networks Competitors can use employee lists to hire away
key employees
73 Copyright Pearson Prentice Hall 2013Copyright Pearson Prentice Hall 2013
Data Destruction Is Necessary◦ Backup media are not needed beyond
their retention dates If a computer is to be discarded If the computer is to be sold or given to another
user
◦ Drive-wiping software for hard drives Reformatting the hard drive is not enough
◦ Shredding for CDs and DVDs
74 Copyright Pearson Prentice Hall 2013Copyright Pearson Prentice Hall 2013
75 Copyright Pearson Prentice Hall 2013Copyright Pearson Prentice Hall 2013
76
Copyright © 2013 Pearson Education, Inc. Copyright © 2013 Pearson Education, Inc. Publishing as Prentice HallPublishing as Prentice Hall