Boyle ccs4 Inppt 09

Chapter 9
© 2015 Pearson Education Ltd.

 Explain the necessity for backup.
 Describe backup scope and methods.
 Describe the different RAID (redundant array of independent
disks) levels.
 Explain the need for data storage policies.
 Explain database protections.
 Explain the need for database access controls, auditing, and
encryption.
 Describe the difference between data leakage and data theft.
 Explain data deletion, destruction, and disposal.
 Explain digital rights management (DRM) and how it can
prevent data loss.
9-2
9-3
 In prior chapters we focused on
◦ Protecting data as it passed over networks (Chapter 3)
◦ Hardening hosts that store data (Chapter 7)
◦ Securing applications that process data (Chapter 8)
 This chapter will emphasize the protection of

stored data
9-4
9.1 Introduction
9.2 Data Protection: Backup
9.3 Backup Media and RAID
9.4 Data Storage Policies
9.5 Database Security
9.6 Data Loss Prevention
9-5
 Data are the principal elements of any
information system
 Businesses gather enormous amounts of data
◦ Information is then extracted for decision making
◦ Data are valuable assets that are core components
of a larger corporate strategy
◦ Source code, intellectual property, user data, etc.
must all be protected
9-6
 Series of attacks against Sony Corporation
◦ Lost data for 100+ million user accounts
◦ Shut down the PlayStation Network
 Subsequent SQL injection attack

◦ 1 million usernames and passwords stolen
◦ Passwords stored as plaintext
◦ Included names, email addresses, phone numbers,
dates of birth, music coupons, layout of the
database, and maps of Sony’s internal corporate
network
9-7
 This chapter will primarily focus on securing
data while it is being stored
 More specifically:
◦ How backup can prevent accidental data loss
◦ How to securely store data in a database
◦ How to prevent data from being taken out of the
corporation
◦ How to securely dispose of data
9-8
9.1 Introduction
9-9
 Importance
◦ In an incident, you may lose all data that is not
backed up
 Threats That Are Addressed by Backup

◦ Mechanical hard drive failure or damage in a fire or
flood
◦ Data on lost or stolen computers is not available to
the organization
◦ Malware can reformat the hard drive or do other
data destruction
9-10
 Scope of Backup
◦ Fraction of information on the hard drive that is
backed up
 File/Directory Data Backup

◦ Select data files and directories to be backed up
 (Do not forget items on the desktop!)
◦ Not good for programs
9-11
9-12
 Image Backup
◦ Everything, including programs and settings
◦ Image backup is very slow
◦ Data files change the most rapidly, so doing several
file/directory data backups for each image backup
may be appropriate
 Shadowing
◦ A backup copy of each file being worked on is
written every few minutes to the hard drive, or to
another location
9-13
9-14
 Full backups
◦ All files and directories
◦ Slow, so it is typically done weekly
 Incremental Backups
◦ Only records changes since the last backup
◦ Fast, so usually done daily
◦ Do incremental backups until the next full backup
9-15
 Restoration Order
◦ Restore the full backup first
◦ Then restore incremental backups in the order
created
◦ Otherwise, newer files will be overwritten
 Generations
◦ Save several generations of full backups
◦ Do not usually save incremental backups after the
next full backup
9-16
Local backup on individual PCs is difficult to
enforce.
Centralized backup provides backup labor and
enforcement.
9-17
 Continuous Data Protection (CDP)
◦ Used when a firm has two server locations
◦ Each location backs up the other in real time
◦ Other site can take over very quickly in case of a
disaster, with little data loss
◦ Requires expensive high–speed transmission link
between the sites
9-18
PCs back up one another.
Data is stored redundantly.
Security issues must be addressed.
9-19
9.1 Introduction
9-20
 Servers Normally Use Magnetic Tape
◦ Slow but inexpensive per bit stored
 Second hard drive on computer

◦ Very fast backup
◦ Lost if computer is stolen or burns in a fire
◦ Backup on tape occasionally for archival (long-term)
storage
9-21
 Clients Normally Use Optical Disks (DVDs)
◦ Attraction is that almost all users have optical disk
burners
◦ Dual-layer DVDs offer about 8 GB of capacity
 This is often not enough
 User may have to insert additional disks to do
backup
◦ Backup to a second client PC hard drive; then
occasionally backup onto optical disks
◦ The life of information on optical disks is unknown
9-22
 RAID – Redundant Array of Independent Disks
◦ Multiple hard drives within a single system
 Increased reliability and performance

◦ A single hard drive failure won’t necessarily
precipitate data loss
◦ Multiple disks can be written to simultaneously
 RAID Levels – Ways of configuring multi-disk

arrays
9-23
9-24
Shipping boxes Storing Data
9-25
9-26
 Striping – Writing data simultaneously across
multiple disks
◦ Very fast, but no reliability
◦ One disk failure will cause complete data loss
 Mirroring – Creating an exact copy of a disk

at the same time
◦ Data transfer speeds remain nominal
◦ Virtually no data loss, but more costly to buy
additional hard drives
9-27
9-28
9-29
9-30
9-31
9.1 Introduction
9-32
 Backup Creation Policies
◦ Understand current system and future needs
◦ Create policies for different types of data and
computers
◦ What should be backed up, how frequently, how
frequently to test restorations, etc.
 Restoration Policies
◦ Do restoration tests frequently
9-33
 Media Storage Location Policies
◦ Store media at a different site
◦ Store backup media in a fireproof and waterproof
safe until it can be moved offsite
 Encryption Policies
◦ Encrypt backup media before moving them, so
confidential information will not be exposed if the
tape is stolen or lost
9-34
 Strong Access Control Policies for Backup
Media
◦ Checkouts are rare and therefore suspicious
◦ Checking out media can result in their loss and the
damages that come with loss
◦ The manager of the person requesting the checkout
should approve the checkout
9-35
 Data Retention Policies
◦ There are strong legal requirements for how long
certain types of data must be kept
◦ The legal department must get involved in retention
policies
 Auditing Policy Compliance

◦ All policies should be audited
◦ Includes tracing what happened in samples of data
9-36
 Benefits of Retention
◦ Major part of corporate memory
◦ Can retrieve old e-mail for current purposes
 Dangers of Retention
◦ Legal discovery process
◦ Defendant must supply relevant e-mails
◦ Potentially very damaging information
◦ Always expensive
◦ Even though very expensive to retrieve, firms must
pay whatever is necessary to do so
9-37
 Accidental Retention
◦ Even if firms delete e-mail from mail servers, may
be stored on backup tapes
◦ Users will often store copies on their own
computers
9-38
 Legal Archiving Requirements
◦ Many laws require retention
 Securities and Exchange Commission
 Labor laws
 Involuntary terminations
 Public information about job openings
 Medical problem complaints that may relate to
toxic chemicals
◦ Laws vary in duration of storage requirements
◦ Fines or summary judgments if failure to retain and
produce required e-mails
9-39
 U.S. Federal Rules of Civil Procedure
◦ Specify rules for all U.S. Federal civil trials
◦ Specifically address electronically stored
information
◦ Initial discovery meeting
 Defendant must be able to specify what
information is available
 Comes shortly after a civil lawsuit begins
 Unless carefully thought through before hand, will
fail
9-40
 U.S. Federal Rules of Civil Procedure
◦ Holds on destruction
 Must be put in place if it is foreseeable that a
lawsuit will soon begin
 Must have strong hold procedures to place holds
on all electronically stored information
 Archiving Policies and Processes
◦ Must have them
◦ Must reflect a firm’s legal environment
◦ Must be drawn up by the firm’s legal department
9-41
 Message Authentication
◦ Spoofed messages can frame employees or the firm
itself
◦ Need message authentication to prevent spoofed
sender addresses
 User Training
◦ Never put anything in a message that you would not
want seen in court, printed in the newspaper, or
read by your boss
9-42
 Spreadsheet Security
◦ Spreadsheets are widely used and are the subject of
many compliance regulations
◦ Need for security testing
◦ Spreadsheet vault server to implement controls
9-43
2.
Spreadsheets record each
change for auditing purposes
1.
The vault server stores spreadsheets
and strongly controls access to them.
Authentication
Authorizations
Auditing
9-44
3.
Cryptographic
protections for
transmissions
4.
Strong client
security
9-45
9.1 Introduction
9-46
 Databases
◦ Often used in mission-critical applications
◦ Require additional security precautions
◦ Relational databases: Tables (relations) with rows
(records) and columns (attributes)
◦ As discussed earlier, avoid SQL injection attacks
9-47
9-48
 Databases
◦ Restrict Access to Data
 Restrict users to certain columns (attributes) in
each row
 For instance, deny access to salary column to most users
 Limit access control to rows

 For instance, only rows containing data about people in
the user’s own department
9-49
9-50
 Databases
◦ Restrict granularity (level of detail)
 Prevent access to individual data
 Allow trend analysts to deal only with sums and
averages for aggregates, such as departments
◦ Restrict information about the structure of the
database itself (data model)
 Knowledge about the data model can make SQL
injection much easier
9-51
 Database Access Control
◦ Restrict access to databases via database management
systems (e.g., Microsoft SQL Server, MySQL, IBM DB2,
Oracle, etc.)
◦ Rename administrator account, disable guest/public
accounts, lowest possible permissions necessary
 SQL Injection Attacks

◦ Data must be sanitized to remove unacceptable characters
◦ Stored procedures can be used to sanitize and validate
incoming data
9-52
1. Windows
authentication
2. SQL Server
authentication
3. Password
policy options
9-53
 Database Auditing
◦ Collect information about users’ interactions with
databases
◦ Policy driven, reflecting legal and regulatory obligations
 What should be audited?

◦ Logins, changes to the database, warnings, exceptions, and
special access
9-54
 Trigger - Code that is automatically run when
changes are made to a database
 Data Definition Language (DDL) trigger
◦ Used to produce automatic responses if the structure of the
database has been altered (e.g., create new table, drop a
table, alter properties of an existing table)
 Data Manipulation Language (DML) trigger

◦ Used to produce automatic responses if the data has been
altered (e.g., data are inserted, updated, or deleted)
9-55
CREATE TRIGGER EmployeeSalaryChange
ON Employees
FOR UPDATE
AS
DECLARE @EmailBody varchar(1000)
DECLARE @FirstName varchar(20)
DECLARE @LastName varchar(20)
DECLARE @OldSalary int
DECLARE @NewSalary int
IF UPDATE (Salary)
SELECT @FirstName = First_Name,

@LastName = Last_Name,
@OldSalary = Salary
FROM deleted d
SELECT @NewSalary = Salary

FROM inserted
SET @body = 'I just wanted to let you know that @FirstName ' ' @LastName '
changed their salary from' @OldSalary ' to ' @NewSalary
EXEC master..xp_sendmail
@recipients = 'randy.boyle@utah.edu',
@subject = 'Somebody changed their salary',
@message = @body
GO
9-56
9-57
 Encryption
◦ Makes data unreadable to someone who does not
have the key
◦ Prevents theft of private or trade secret information
◦ May reduce legal liability if lost or stolen data is
encrypted
 What to Encrypt
◦ Files and directories
◦ Entire disk
9-58
 Key Escrow
◦ Loss of the key is disastrous
 Not like losing a password that can be reset
◦ Key escrow stores a copy of the key in a safe place
◦ Bad if managed by user
 May not do it
 May not be able to find it
 If fired, may refuse to give it back, locking up all
data on the computer
◦ Central key escrow on a corporate server is better
9-59
 Strong Login Authentication Is Needed
◦ Encryption is transparent to logged in users
 Once a user is logged in, he or she can see all
encrypted data
◦ Protect with strong password or biometrics
 Ensure that the password is not lost
 File-Sharing Problems
◦ File sharing may be more difficult because files
usually have to be decrypted before sending them
to another computer
9-60
9.1 Introduction
9-61
 Data Loss Prevention (DLP)
◦ A set of policies, procedures, and systems
designed to prevent sensitive data from being
released to unauthorized persons
 Data Collection
◦ Most companies collect more data than they can
adequately protect
9-62
 Personally Identifiable Information (PII)
◦ Private employee or customer information that
can be used to uniquely identify a person
◦ PII includes: Names (full name), personal
identification numbers (SSN), addresses (street or
e-mail), personal characteristics (photos), and
linking information (date of birth)
 Data Masking
◦ Obscuring data such that it cannot identify a
specific person, but remains useful
9-63
 Spiders (crawlers) - Navigate the web gathering,
organizing, and indexing web content
 Web Scraper - Tool that extracts predefined data

from specified webpages
 Can aggregate extracted data from multiple websites
 Mashup - Combining data from various sites or

applications
9-64
9-65
Latanya Sweeney, k-anonymity: a model for protecting privacy. International Journal on
Uncertainty, Fuzziness and Knowledge-based Systems, 10 (5), 2002; 557‒570.
9-66
9-67
 Document Restrictions
◦ Attempt to restrict what users can do to documents
in order to reduce security threats
◦ Embryonic
 Digital Rights Management (DRM)

◦ Prevents unauthorized copying, printing, etc.
◦ May not be able to see parts of documents
9-68
 Data Extrusion Management
◦ Attempts to prevent restricted data files from
leaving the firm without permission
◦ Watermark with invisible restriction indicators
 Can be notified if sent via e-mail attachments or
FTP
 If each document is given a different watermark,
can forensically see the source of a document leak
◦ Traffic analysis to look for unusually large numbers
of outgoing files sent by a user
9-69
9-70
 Removable Media Controls
◦ Forbids the attachment of USB RAM drives and
other portable media
◦ Reduces user abilities to make copies
 Perspective
◦ Have proven difficult to enforce
◦ Often reduces functionality in uncomfortable ways
◦ Companies have been reluctant to use them
9-71
9-72
 Social Networking
◦ Do not discuss work on personal blogs
 Do not talk about new marketing campaigns
 Do not post negative comments about products
◦ Be cautious about information posted on
professional networks
 Competitors can use employee lists to hire away
key employees
9-73
 Data Destruction Is Necessary
◦ Backup media are not needed beyond their
retention dates if…
 a computer is to be discarded
 the computer is to be sold or given to another
user
◦ Drive-wiping software for hard drives
 Reformatting the hard drive is not enough
◦ Shred CDs and DVDs
9-74
9-75
All rights reserved. No part of this publication may be reproduced, stored in a
retrieval system, or transmitted in any form or by any means, electronic,
mechanical, photocopying, recording or otherwise without the prior written
permission of the publisher.

Boyle ccs4 Inppt 09

Încărcat de

Informații document

Titlu original

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

Boyle ccs4 Inppt 09

Încărcat de

Drepturi de autor:

Formate disponibile

Chapter 9

© 2015 Pearson Education Ltd.

 This chapter will emphasize the protection of

 Subsequent SQL injection attack

 Threats That Are Addressed by Backup

 File/Directory Data Backup

 Second hard drive on computer

 Increased reliability and performance

 RAID Levels – Ways of configuring multi-disk

 Mirroring – Creating an exact copy of a disk

 Auditing Policy Compliance

 Limit access control to rows

 SQL Injection Attacks

 What should be audited?

 Data Manipulation Language (DML) trigger

SELECT @FirstName = First_Name,

SELECT @NewSalary = Salary

 Web Scraper - Tool that extracts predefined data

 Mashup - Combining data from various sites or

 Digital Rights Management (DRM)

© 2015 Pearson Education Ltd.

S-ar putea să vă placă și