Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Data Protection Chapter 9 Copyright Pearson Prentice Hall 2013 Explain the necessity for backup. Describe backup scope and methods. Describe the different RAID levels. Explain the need for data storage policies. Explain database protections. Explain the need for database access controls, auditing, and encryption. Describe the difference between data leakage and data theft. Explain data deletion, destruction, and disposal. 2 Explain digital rights management (DRM) and how it can prevent data loss. Copyright Pearson Prentice Hall 2013 3 Copyright Pearson Prentice Hall 2013 In prior chapters we focused on ◦ Protecting data as it passed over networks (Chapter 3) ◦ Hardening hosts that store data (Chapter 7) ◦ Securing applications that process data (Chapter 8) 4 This chapter will emphasize the protection of stored data Copyright Pearson Prentice Hall 2013 9.1 Introduction 9.2 Data Protection: Backup 9.3 Backup Media and RAID 9.4 Data Storage Policies 9.5 Database Security 9.6 Data Loss Prevention 5 Copyright Pearson Prentice Hall 2013 Data are the principal element of any Information system Businesses gather enormous amounts of data ◦ Information is then extracted for decision making ◦ Data are a valuable assets that are core components of a larger corporate strategy ◦ Source code, intellectual property, user data, etc. must all be protected 6 Copyright Pearson Prentice Hall 2013 Series of attacks against Sony Corp. ◦ Lost data for 100+ million user accounts ◦ Shut down the PlayStation Network Subsequent SQL injection attack ◦ 1 million usernames and passwords stolen ◦ Passwords stored as plaintext ◦ Included names, e-mail addresses, phone numbers, dates of birth, music coupons, layout of the database, and maps of Sony’s internal corporate network 7 Copyright Pearson Prentice Hall 2013 8 This chapter will primarily focus on securing data while it is being stored More specifically: ◦ How backup can prevent accidental data loss ◦ How to securely store data in a database ◦ How to prevent data from being taken out of the corporation ◦ How to securely dispose of data Copyright Pearson Prentice Hall 2013 9.1 Introduction 9.2 Data Protection: Backup 9.3 Backup Media and RAID 9.4 Data Storage Policies 9.5 Database Security 9.6 Data Loss Prevention 9 Copyright Pearson Prentice Hall 2013 Importance ◦ In an incident, you may lose all data that is not backed up Threats That Are Addressed by Backup ◦ Mechanical hard drive failure or damage in a fire or flood ◦ Data on lost or stolen computers is not available to the organization ◦ Malware can reformat the hard drive or do other data destruction 10 Copyright Pearson Prentice Hall 2013 Scope of Backup ◦ Fraction of information on the hard drive that is backed up File/Directory Data Backup ◦ Select data files and directories to be backed up (Do not forget items on the desktop!) ◦ Not good for programs 11 Copyright Pearson Prentice Hall 2013 12 Copyright Pearson Prentice Hall 2013 Image Backup ◦ Everything, including programs and settings ◦ Image backup is very slow ◦ Data files change the most rapidly, so doing several file/directory data backups for each image backup may be appropriate Shadowing ◦ A backup copy of each file being worked on is written every few minutes to the hard drive, or to another location 13 Copyright Pearson Prentice Hall 2013 14 Copyright Pearson Prentice Hall 2013 Full backups ◦ All files and directories ◦ Slow, so it is typically done weekly Incremental Backups ◦ Only records changes since the last backup ◦ Fast, so usually done daily ◦ Do incremental backups until the next full backup 15 Copyright Pearson Prentice Hall 2013 Restoration Order ◦ Restore the full backup first ◦ Then restore incremental backups in the order created ◦ (Otherwise, newer files will be overwritten) Generations ◦ Save several generations of full backups ◦ Usually do not save incremental backups after the next full backup 16 Copyright Pearson Prentice Hall 2013 Local backup on individual PCs difficult to enforce. Centralized backup provides backup labor and enforcement. 17 Copyright Pearson Prentice Hall 2013 Continuous Data Protection (CDP) ◦ Used when a firm has two server locations ◦ Each location backs up the other in real time ◦ Other site can take over very quickly in case of a disaster, with little data loss ◦ Requires expensive high–speed transmission link between the sites 18 Copyright Pearson Prentice Hall 2013 PCs back up one another. Data is stored redundantly. Security issues must be addressed. 19 Copyright Pearson Prentice Hall 2013 9.1 Introduction 9.2 Data Protection: Backup 9.3 Backup Media and RAID 9.4 Data Storage Policies 9.5 Database Security 9.6 Data Loss Prevention 20 Copyright Pearson Prentice Hall 2013 Servers Normally Use Magnetic Tape ◦ Slow but inexpensive per bit stored Second hard drive on computer ◦ Very fast backup ◦ But lost if computer is stolen or burns in a fire ◦ Backup up on tape occasionally for archival (longterm storage) 21 Copyright Pearson Prentice Hall 2013 Clients Normally Use Optical disks (DVDs) ◦ Attraction is that almost all users have optical disk burners ◦ Dual-layer DVDs offer about 8 GB of capacity This often is not enough User may have to insert additional disks to do backup ◦ Backup up to a second client PC hard drive; then occasionally back up onto optical disks ◦ The life of information on optical disks is unknown 22 Copyright Pearson Prentice Hall 2013 RAID—Redundant Array of Independent Disks ◦ Multiple hard drives within a single system Increased reliability and performance ◦ A single hard drive failure won’t necessarily precipitate data loss ◦ Multiple disks can be written to simultaneously 23 RAID Levels—ways of configuring multi-disk arrays Copyright Pearson Prentice Hall 2013 24 Copyright Pearson Prentice Hall 2013 Shipping Boxes 25 Storing Data Copyright Pearson Prentice Hall 2013 26 Copyright Pearson Prentice Hall 2013 Striping—writing data simultaneously across multiple disks ◦ Very fast, but no reliability ◦ One disk failure will cause complete data loss Mirroring—creating an exact copy of a disk at the same time ◦ Data transfer speeds remain nominal ◦ Virtually no data loss, but more costly to buy additional hard drives 27 Copyright Pearson Prentice Hall 2013 28 Copyright Pearson Prentice Hall 2013 29 Copyright Pearson Prentice Hall 2013 30 Copyright Pearson Prentice Hall 2013 31 Copyright Pearson Prentice Hall 2013 9.1 Introduction 9.2 Data Protection: Backup 9.3 Backup Media and RAID 9.4 Data Storage Policies 9.5 Database Security 9.6 Data Loss Prevention 32 Copyright Pearson Prentice Hall 2013 Backup Creation Policies ◦ Understand current system and future needs ◦ Create policies for different types of data and computer ◦ What should be backed up, how frequently, how frequently to test restorations, etc. Restoration Policies ◦ Do restoration tests frequently 33 Copyright Pearson Prentice Hall 2013 Media Storage Location Policies ◦ Store media at a different site ◦ Store backup media in a fireproof and waterproof safe until it can be moved offsite Encryption Policies ◦ Encrypt backup media before moving them so that confidential information will not be exposed if the tape is stolen or lost 34 Copyright Pearson Prentice Hall 2013 Strongly Access Control Policies for Backup Media ◦ Checkouts are rare and therefore suspicious ◦ Checking out media can result in their loss and the damages that come with this loss ◦ The manager of the person requesting the checkout should approve the checkout 35 Copyright Pearson Prentice Hall 2013 Data Retention Policies ◦ There are strong legal requirements for how long certain types of data must be kept ◦ The legal department must get involved in retention policies. Auditing Policy Compliance ◦ All policies should be audited ◦ Includes tracing what happened in samples of data 36 Copyright Pearson Prentice Hall 2013 Benefits of Retention ◦ Major part of corporate memory ◦ Often need to retrieve old mail for current purposes Dangers of Retention ◦ Legal discovery process ◦ Defendant must supply relevant e-mails ◦ Potentially very damaging information ◦ Always expensive ◦ Even if very expensive to retrieve, firms must pay whatever is necessary to do so 37 Copyright Pearson Prentice Hall 2013 Accidental Retention ◦ Even if firms delete e-mail from mail servers ◦ May be stored on backup tapes ◦ Users will often store copies on their own computers 38 Copyright Pearson Prentice Hall 2013 Legal Archiving Requirements ◦ Many laws require retention Securities and Exchange Commission Many labor laws Involuntary terminations Public information about job openings Medical problem complaints that may relate to toxic chemicals ◦ Laws vary in duration of storage requirements ◦ Fines or summary judgments if fail to retain and produce required e-mails 39 Copyright Pearson Prentice Hall 2013 U.S. Federal Rules of Civil Procedure ◦ Specify rules for all U.S. federal civil trials ◦ Specifically address electronically stored information ◦ Initial discovery meeting Defendant must be able to specify what information is available Comes shortly after a civil lawsuit begins Unless carefully thought through beforehand, will fail 40 Copyright Pearson Prentice Hall 2013 U.S. Federal Rules of Civil Procedure ◦ Holds on destruction Must be put in place if it is foreseeable that a lawsuit will soon begin Must have strong hold procedures to place holds on all electronically stored information Archiving Policies and Processes ◦ Must have them ◦ Must reflect a firm’s legal environment ◦ Must be drawn up with the firm’s legal department 41 Copyright Pearson Prentice Hall 2013 Message Authentication ◦ Spoofed messages can frame employees or the firm itself ◦ Need message authentication to prevent spoofed sender addresses User Training ◦ Never put anything in a message that you would not want seen in court, printed in the newspaper, or read by your boss 42 Copyright Pearson Prentice Hall 2013 Spreadsheet Security ◦ Spreadsheets are widely used and the subject of many compliance regulations ◦ Need for security testing ◦ Spreadsheet vault server to implement controls 43 Copyright Pearson Prentice Hall 2013 2. Spreadsheets record each change for auditing purposes 1. The vault server stores spreadsheets and strongly controls access to them. Authentication Authorizations Auditing 44 Copyright Pearson Prentice Hall 2013 3. Cryptographic Protections for Transmissions 4. Strong Client Security 45 Copyright Pearson Prentice Hall 2013 9.1 Introduction 9.2 Data Protection: Backup 9.3 Backup Media and RAID 9.4 Data Storage Policies 9.5 Database Security 9.6 Data Loss Prevention 46 Copyright Pearson Prentice Hall 2013 Databases ◦ Often used in mission-critical applications ◦ Require additional security precautions ◦ Relational databases: tables (relations) with rows (records) and columns (attributes) ◦ As discussed earlier, avoid SQL injection attacks 47 Copyright Pearson Prentice Hall 2013 48 Copyright Pearson Prentice Hall 2013 Databases ◦ Restrict Access to Data Restrict users to certain columns (attributes) in each row For instance, deny access to salary column to most users Limit access control to rows For instance, only rows containing data about people in the user’s own department 49 Copyright Pearson Prentice Hall 2013 50 Copyright Pearson Prentice Hall 2013 Databases ◦ Restrict granularity (level of detail) Prevent access to individual data Allow trend analysts to deal only with sums and averages for aggregates such as departments ◦ Restrict information about the structure of the database itself (data model) Knowledge about the data model can make SQL injection much easier 51 Copyright Pearson Prentice Hall 2013 Database Access Control ◦ Restrict access to databases via database management systems (e.g., Microsoft SQL Server, MySQL, IBM DB2, Oracle, etc.) ◦ Rename administrator account, disable guest/public accounts, lowest possible permissions necessary SQL Injection Attacks ◦ Data must be sanitized to remove unacceptable characters ◦ Stored procedures can be used to sanitize and validate incoming data 52 Copyright Pearson Prentice Hall 2013 1. Windows authentication 2. SQL Server authentication 3. Password policy options 53 Copyright Pearson Prentice Hall 2013 Database Auditing ◦ Collect information about users’ interactions with databases ◦ Policy driven, reflecting legal and regulatory obligations What should be audited? ◦ Logins, changes to the database, warnings, exceptions, and special access 54 Copyright Pearson Prentice Hall 2013 Trigger—code that is automatically run when changes are made to a database Data Definition Language (DDL) trigger ◦ Used to produce automatic responses if the structure of the database has been altered (e.g., create new table, drop a table, alter properties of an existing table) Data Manipulation Language (DML) trigger ◦ Used to produce automatic responses if the data has been altered (e.g., data are inserted, updated, or deleted) 55 Copyright Pearson Prentice Hall 2013 CREATE TRIGGER EmployeeSalaryChange ON Employees FOR UPDATE AS DECLARE @EmailBody varchar(1000) DECLARE @FirstName varchar(20) DECLARE @LastName varchar(20) DECLARE @OldSalary int DECLARE @NewSalary int IF UPDATE (Salary) SELECT @FirstName = First_Name, @LastName = Last_Name, @OldSalary = Salary FROM deleted d SELECT @NewSalary = Salary FROM inserted SET @body = 'I just wanted to let you know that @FirstName ' ' @LastName ' changed their salary from' @OldSalary ' to ' @NewSalary EXEC master..xp_sendmail @recipients = '[email protected]', @subject = 'Somebody changed their salary', @message = @body GO 56 Copyright Pearson Prentice Hall 2013 57 Copyright Pearson Prentice Hall 2013 Encryption ◦ Makes data unreadable to someone who does not have the key ◦ Prevents theft of private or trade secret information ◦ May reduce legal liability if lost or stolen data is encrypted What to Encrypt ◦ Files and directories ◦ The entire disk 58 Copyright Pearson Prentice Hall 2013 Key Escrow ◦ Loss of the key is disastrous Not like losing a password that can be reset ◦ Key escrow stores a copy of the key in a safe place ◦ Bad if managed by user May not do it May not be able to find it If fired, may refuse to give it, locking up all data on the computer ◦ Central key escrow on a corporate server is better 59 Copyright Pearson Prentice Hall 2013 Strong Login Authentication Is Needed ◦ Encryption is transparent to logged-in users Once a user is logged in, he or she can see all encrypted data ◦ Protect with strong password or biometrics Ensure that the password is not lost File-Sharing Problems ◦ File sharing may be more difficult because files usually have to be decrypted before sending them to another computer 60 Copyright Pearson Prentice Hall 2013 9.1 Introduction 9.2 Data Protection: Backup 9.3 Backup Media and RAID 9.4 Data Storage Policies 9.5 Database Security 9.6 Data Loss Prevention 61 Copyright Pearson Prentice Hall 2013 Data Loss Prevention (DLP) ◦ A set of policies, procedures, and systems designed to prevent sensitive data from being released to unauthorized persons Data Collection ◦ Most companies collect more data than they can adequately protect 62 Copyright Pearson Prentice Hall 2013 Personally Identifiable Information (PII) ◦ Private employee or customer information that can be used to uniquely identify a person ◦ PII includes: names (full name), personal identification numbers (SSN), addresses (street or e-mail), personal characteristics (photo), and linking information (date of birth) Data Masking ◦ Obscuring data such that it cannot identify a specific person, but remains practically useful 63 Copyright Pearson Prentice Hall 2013 Spiders (crawlers)—navigate the Web gathering, Web scraper—tool that extracts predefined data organizing, and indexing web content from specified web pages Can aggregate extracted data from multiple websites 64 Mashup—combining data from various sites or applications Copyright Pearson Prentice Hall 2013 65 Copyright Pearson Prentice Hall 2013 Latanya Sweeney, k-anonymity: a model for protecting privacy. International Journal on Uncertainty, Fuzziness and Knowledge-based Systems, 10 (5), 2002; 557-570. 66 Copyright Pearson Prentice Hall 2013 Geometry Information 60° Zip code Equilateral triangle 60° X° X = 60° If you know the name of the triangle is “equilateral” and two of the three angles are 60 °, then you know the third angle is also 60 °. 67 Birth date Gender Person = 87% chance of being identified If you know a person’s zip code, date of birth, and gender, then there is an 87% chance you can correctly identify that person. Copyright Pearson Prentice Hall 2013 Document Restrictions ◦ Attempt to restrict what users can do to documents, in order to reduce security threats ◦ Embryonic Digital Rights Management (DRM) ◦ Prevent unauthorized copying, printing, etc. ◦ May not be able to see parts of documents 68 Copyright Pearson Prentice Hall 2013 Data Extrusion Management ◦ Attempts to prevent restricted data files from leaving the firm without permission ◦ Watermark with invisible restriction indicators Can be notified if sent via e-mail attachments or FTP If each document is given a different watermark, can forensically identify the source of a document leak ◦ Traffic analysis to look for unusually large numbers of outgoing files sent by a user 69 Copyright Pearson Prentice Hall 2013 70 Copyright Pearson Prentice Hall 2013 Removable Media Controls ◦ Forbid the attachment of USB RAM drives and other portable media ◦ Reduces user abilities to make copies Perspective ◦ Have proven difficult to enforce ◦ Often reduces functionality in uncomfortable ways ◦ Companies have been reluctant to use them 71 Copyright Pearson Prentice Hall 2013 72 Copyright Pearson Prentice Hall 2013 Social Networking ◦ Do not discuss work on personal blogs Don’t talk about new marketing campaigns Don’t post negative comments about products ◦ Be cautious about information posted on professional networks Competitors can use employee lists to hire away key employees 73 Copyright Pearson Prentice Hall 2013 Data Destruction Is Necessary ◦ Backup media are not needed beyond their retention dates If a computer is to be discarded If the computer is to be sold or given to another user ◦ Drive-wiping software for hard drives Reformatting the hard drive is not enough ◦ Shredding for CDs and DVDs 74 Copyright Pearson Prentice Hall 2013 75 Copyright Pearson Prentice Hall 2013 76 Copyright © 2013 Pearson Education, Inc. Publishing as Prentice Hall