Storage Security Basics: Confidentiality and Integrity
In the first part of our Storage Security Basics series, we looked at authentication, authorization, accountability and access control. In this installment, we examine confidentiality and integrity.
If you manage a storage network, one of your primary goals is to ensure that the data is secure. As the administrator, the confidentiality and integrity of information is your responsibility. (Data confidentiality refers to the process of encrypting information to prevent it from being read by users who weren't intended to have access to it. Data integrity means that information has not been changed or modified during transit.)
When it comes to designing a data security strategy, you need to consider where the data is located. For example, is it on the LAN/WAN, SAN or even located on the tape backup set? The location of data will often determine the type of processes and measures you use to secure that information. In this Storage Basics article, we'll explore how the concepts of confidentiality and integrity are applied in each of these areas.
Regardless of the location of the data, one of the first steps in designing a security strategy is to establish the value of data and then classify information according to that value. This dictates the level of security that is applied.
Data classification is based on the principle that not all data is created equal and that highly sensitive data must be more closely guarded than the information that is accessible to the public. The following is an example of some commonly used data classifications:
Once you have established data classifications and assigned data to the appropriate category, you can apply security policies to each of those categories. Data will typically belong to only a single category, but if it's placed in multiple categories, the security policy should dictate that the strongest level of security be used.
Public: Data that has been classified as public is just that it's available to the general public to read or use. One of the characteristics of public data is that it in no way compromises an organization or impacts it in a negative way. Public data can include press releases, company updates, product reviews and so on. Data that has been classified as public will receive little security consideration.
Sensitive (Internal): Sensitive data is where security considerations really begin. Information classified as sensitive is often designed for a particular network group or for a particular set of users. For example, certain data may be intended only for teachers, secretaries or an organizations sales staff. For information classified as sensitive, security measures are required to keep data confidential using some form of access control and encryption. Despite being sensitive, this type of data, should it be compromised, it is not necessarily damaging to the organization on the whole.
Private: All data classified as private will require a strong level of encryption to ensure confidentiality. Private data can include information such as employee records, history, pay scale, evaluations and more. It may also include a level of information on a organization that is not intended for widespread viewing. Information that is classified as private can have a negative impact on an organization should it be compromised. The result may be reduced company confidence or even result in legal action against the company.
Confidential: Confidential data is intended for a specific user or group of users. If confidential data is compromised, it will most certainly have a serious negative impact on an organization. All data classified as confidential must be secured using the highest level of encryption and integrity checking. Data that may be considered confidential includes upcoming business deals, contracts, development prototypes, trade deals, legal proceedings and more.
Top Secret: In most organizations, the highest level of classification is confidential. However, in some high-security environments such as the military, there may be an additional classification. This classification may be called top secret or high confidential and is essentially used to define data that may cause an impact that reaches beyond an individual organization and threaten several companies or even national security. The security mechanisms deployed at this level are tightly controlled and managed only by security experts.
With the value of data established and categories created, you can consider and deploy security mechanisms. These should take into account the various locations at which data can reside. Perhaps the first thing to consider is defining the security required for data traveling through an IP network infrastructure. In this case, a secure and complete SAN solution would include considerations for securing IP communications using familiar security protocols and procedures commonly associated with IP network administration. Options can include VLANs, Secure Socket Layer (SSL) with HTTPS, Secure Shell (SSH) and secure copy (SCP) and, of course, IPSec.
One of the primary purposes of a virtual LAN (VLAN) is to segment a network into separate broadcast domains regardless of the geographical location of the system on the network. Doing so provides a means to isolate and limit broadcast traffic in a switched network environment, which decreases overall network traffic and in the process creating separate LANs on a single switch.
VLAN segmentation does more than control network broadcast traffic. Because VLANs enable the creation of logical network segments, they provide administrators flexibility beyond the restrictions of the physical network design and cable infrastructure. They can simplify administration as the network can be divided into well-organized segments and each segment can be assigned a security level. For instance, the network can be divided between regular network users and managers. Both groups, although sharing a single physical LAN, are placed on a separate logical segment increasing security over a LAN.
Secure Shell (SSH) is a popular, software-based protocol designed to increase network security. It is designed to ensure secure communication over an IP network and includes provisions for authentication, encryption and data integrity. SSH provides a secure multiplatform replacement for Telnet and enables a secure connection between a client and a remote server. When a host computer sends data, SSH will automatically encrypt the communication session. As the data reaches its intended recipient, SSH automatically decrypts it. This encryption and decryption process is essentially invisible to the end user. Encryption can be provided using the International Data Encryption Algorithm (IDEA), Blowfish and the Data Encryption Standard (DES).
SSH is an IETF standard and includes support for a number of operating systems including Linux and Unix, Windows and Macintosh systems.
Secure Copy (SCP) is a program that enables secure file transfers between systems. Traditional file transfer programs such as FTP and Remote Copy Protocol (RCP) send data and passwords in clear text. This means that anyone can intercept and read these file transfers and potentially access sensitive information. Secure Copy ensures that if a file transfer was intercepted, it cannot be read. SCP leverages SSHv2 to provide encryption and authentication services.
In the next Storage Basics article, we discuss other security protocols commonly used in an IP network including SSL and IPSec. In addition, we'll look at the methods and processes used to ensure information confidentiality on one of the most often forgotten or overlooked data locations the backups.
For more storage features, visit Enterprise Storage Forum Special Reports