CHAPTER 36

SECURING STORED DATA

David J. Johnson, Nicholas Takacs, and Jennifer Hadley

36.1 INTRODUCTION TO SECURING STORED DATA

36.1.1 Security Basics for Storage Administrators

36.1.2 Best Practices

36.1.3 DAS, NAS, and SAN

36.1.4 Out-of-Band and In-Band Storage Management

36.1.5 File System Access Controls

36.1.6 Backup and Restore System Controls

36.1.7 Protecting Management Interfaces

36.2 FIBER CHANNEL WEAKNESS AND EXPLOITS

36.2.1 Man-in-the-Middle Attacks

36.2.2 Session Hijacking

36.2.3 Name Server Corruption

36.2.4 Fiber Channel Security

36.3 NFS WEAKNESS AND EXPLOITS

36.3.1 User and File Permissions

36.3.2 Trusted Hosts

36.3.3 Buffer Overflows

36.3.4 NFS Security

36.4 CIFS EXPLOITS

36.4.1 Authentication

36.4.2 Rogue or Counterfeit Hosts

36.5 ENCRYPTION

36.5.1 Recoverability

36.5.2 File Encryption

36.5.3 Volume Encryption and Encrypted File Systems

36.5.4 Full Disk Encryption

36.5.5 Vulnerability of Volume, File System, and Full Disk Encryption

36.5.6 Database Encryption

36.6 DATA DISPOSAL

36.7 CONCLUDING REMARKS

36.8 FURTHER READING

36.9 NOTES

36.1 INTRODUCTION TO SECURING STORED DATA.

This chapter reviews methods of securing data stored on nonvolatile media. Nonvolatile media include magnetic disks and their (hard) drives, compact discs (CDs), and digital video disks (DVDs) with their optical drives, and flash drives (also known as USB drives, flash disks, and memory keys). Volatile storage devices, which are not covered in this chapter, include random access memory (RAM) ...