2 cissp ® Official Study Guide Eighth Edition

Download 19,3 Mb.

Pdf ko'rish

bet	324/881
Sana	08.04.2023
Hajmi	19,3 Mb.
	#925879

1 ... 320 321 322 323 324 325 326 327 ... 881

Bog'liq
(CISSP) Mike Chapple, James Michael Stewart, Darril Gibson - CISSP Official Study Guide-Sybex (2018)

Storage Media Security
We discussed the security problems that surround primary storage devices in the previous
section. There are three main concerns when it comes to the security of secondary storage
devices; all of them mirror concerns raised for primary storage devices:
■
Data may remain on secondary storage devices even after it has been erased. This
condition is known as
data remanence
. Most technically savvy computer users know
that utilities are available that can retrieve files from a disk even after they have been
deleted. It’s also technically possible to retrieve data from a disk that has been refor-
matted. If you truly want to remove data from a secondary storage device, you must
use a specialized utility designed to destroy all traces of data on the device or damage
or destroy it beyond possible repair (commonly called
sanitizing
).
■
SSDs present a unique problem in relation to sanitization. SSD wear leveling means
that there are often blocks of data that are not marked as “live” but that hold a copy of
the data when it was copied off to lower wear leveled blocks. This means that a tradi-
tional zero wipe is ineffective as a data security measure for SSDs.
■
Secondary storage devices are also prone to theft. Economic loss is not the major factor
(after all, how much does a backup tape or a hard drive cost?), but the loss of confiden-
tial information poses great risks. If someone copies your trade secrets onto a remov-
able media disc and walks out the door with it, it’s worth a lot more than the cost of
the disc itself. For this reason, it is important to use full disk encryption to reduce the
risk of an unauthorized entity gaining access to your data. It is good security practice
to encrypt SSDs prior to storing any data on them due to their wear leveling technology.
This will minimize the chance of any plaintext data residing in dormant blocks. Fortu-
nately, many HDD and SSD devices offer on-device native encryption.

340
Chapter 9
■
Security Vulnerabilities, Threats, and Countermeasures
■
Access to data stored on secondary storage devices is one of the most critical issues
facing computer security professionals. For hard disks, data can often be protected
through a combination of operating system access controls. Removable media pose a
greater challenge, so securing them often requires encryption technologies.
■
As availability is also part of the security triad, it is essential to choose media that
will retain data for the length of the time required. For instance, a backup tape might
degrade before the retention period of the data terminates. Also, the technology used for
secondary storage might become obsolete, making it difficult to restore/read the data.

Download 19,3 Mb.

Do'stlaringiz bilan baham:

1 ... 320 321 322 323 324 325 326 327 ... 881