SDL Episode53

From Paul's Security Weekly
Jump to: navigation, search

Secure Digital Life #53

Recorded on February 20, 2018 at G-Unit Studios in Rhode Island!

Episode Audio

Coming soon!

Hosts

  • Doug White
    Cybersecurity professor, President of Secure Technology, and Security Weekly network host.
  • Russell Beauchemin
    Cybersecurity & Network Security Program Advisor and Director of Instructional Support & Learning Innovation at Roger Williams University.
  • Topic: Stinkin' Backups

    • We don't need no stinkin' backups.
    • How does cloud backup work?

    - Services like idrive, carbonite, crashplan all use drives somewhere to store your information.

    1. Item 1: Are these drives safe to use? Well, they are likely backed up and resilient so I would say yes
    2. Item 2: How secure is my data on these drives? That not so much. You don't really know, other than what they tell you who has access.

    - That said, you can encrypt your data, password protect, and otherwise lock it. Be warned, if you lock your data down, they can't recover it if you lose the keys.

    1. Item 3: Can malware attack the cloud drives from my machine.

    - Yes. It can jump into your backups and encrypt them as well (ransomware) - Yes. Malware which has corrupted your local drive may copy the corruption (or the backup may do that for you) onto your cloud backup

    1. Item 4: So, what to do? Out of band backups are a must for your critical data.
    • So, what about RAID? I keep hearing that RAID will protect you from harm.


    • RAID is a better way of managing drives (JBOD as well)
    • RAID has many different forms and can be complicated to set up and maintain but it's super hip to put RAID on motherboards now.
    • RAID uses a separate control system from your operating system to manage drive hardware in some manner
    • RAID has a "level" that describes what it does specifically
    • RAID 0 == striping. This means you need at least 2 disks and part of the data is written to each disk. RAID 0 is for read speed and is the opposite of data security. RAID 0 adds to your risk of data loss, it does not reduce it.
    • RAID 1 == mirroring. This means you need at least 2 disks and the data on disk 0 is duplicated on disk 1 by the raid controller. This is useful in the event of a hardware failure but RAID 1 was primarily designed for increased write speeds. Corrupted data on disk 0 will be duplicated on disk 1.
    • RAID 10 == a combination of striping and mirroring. One of the best RAIDs it combines the two so you need 4 drives. Each mirrored set is also striped. This means you get performance advantage and hardware failure resiliance in one package.
    • RAID 5 == This requires at least 3 drives and uses striping with parity which means that the failure of any of the 3 drives can be rebuilt with the parity information from the other two drives.
    • RAID 6 == This is even more sophisticated and requires at least 3 drives and any 2 drives can fail and you can still rebuild from the parity information on the remaining drive.
    • RAID 6 is very robust but takes a LOT of space on the drives for the parity information.
    • In all the cases, RAID is NOT a backup of your data. It is a backup of your hardware. The only thing RAID can do for you is about performance and recovery from hardware failure.
    • So: CIA -- Confidentiality, Integrity, and Availablity
    • In all cases, you don't want your data compromised so ensure that your backups are safe somewhere. Depending on what you store, you may need more or less SLA (explain) from the provider to ensure the C of your data.
      • Integrity -- this means your data is healthy. Malware may encrypt, delete, corrupt, or even change in some subtle way your data. Imagine my piece of malware: Let's call it

    "Steve from Long Island" or SLI. So SLI is a piece of malware that targets SQL databases and looks for numerics. Every time it finds one it divides the number by 10 and writes it back into the database. Every paycheck draws from the database field "RATE". So if hours times RATE is really hours/10 * rate/10 and you print 3000 checks on Thursday night, Friday is going to be a bad day. Backups need to protect for the I component too. In the case of SLI, RAID won't protect you and neither will the cloud (talk about Jing An) if the malware and corrupted data is copied into your cloud automatically. That's where you need out of band.

    • Availability -- This is the one RAID helps with. If your drive array fails in a JBOD or a NJBOD JBOD you are going to be down. You can't print paychecks at all until you get a new piece of hardware.
    • The bottom line of backups:
      • any one thing is likely not enough. You need out of band, RAID or some sort of hardware resiliance plan, and you need to protect your data. Does the cloud help, sure.

    Hardware failure, data loss due to rm -rf *, that sort of thing, awesome. Even if you just accidentally delete that picture of Aunt May in a bikini, you can get it back. But none of this is going protect you from Integrity issues or malware. So, you need to think about what you can lose and how you are going to get it back when the end arrives.


    Next time: Doug and RUSS evaluate some backup products. If you have favorites, let us know.