Data Protection Chapter 9 Copyright Pearson Prentice Hall 2013

Data ProtectionData Protection

Chapter 9Chapter 9

Copyright Pearson Prentice Hall Copyright Pearson Prentice Hall 20132013

Explain the necessity for backup.

Describe backup scope and methods.

Describe the different RAID levels.

Explain the need for data storage policies.

Explain database protections.

Explain the need for database access controls, auditing, and encryption.

Describe the difference between data leakage and data theft.

Explain data deletion, destruction, and disposal.

Explain digital rights management (DRM) and how it can prevent data loss.

2Copyright Pearson Prentice Hall 2013Copyright Pearson Prentice Hall 2013

3 Copyright Pearson Prentice Hall 2013Copyright Pearson Prentice Hall 2013

In prior chapters we focused on ◦ Protecting data as it passed over networks (Chapter

3)

◦ Hardening hosts that store data (Chapter 7)

◦ Securing applications that process data (Chapter 8)

This chapter will emphasize the protection of stored data


9.1 Introduction9.1 Introduction

9.2 Data Protection: Backup9.2 Data Protection: Backup

9.3 Backup Media and RAID9.3 Backup Media and RAID

9.4 Data Storage Policies9.4 Data Storage Policies

9.5 Database Security9.5 Database Security

9.6 Data Loss Prevention9.6 Data Loss Prevention


Data are the principal element of any Information system

Businesses gather enormous amounts of data◦ Information is then extracted for decision making

◦ Data are a valuable assets that are core components of a larger corporate strategy

◦ Source code, intellectual property, user data, etc. must all be protected


Series of attacks against Sony Corp.◦ Lost data for 100+ million user accounts

◦ Shut down the PlayStation Network

Subsequent SQL injection attack◦ 1 million usernames and passwords stolen

◦ Passwords stored as plaintext

◦ Included names, e-mail addresses, phone numbers, dates of birth, music coupons, layout of the database, and maps of Sony’s internal corporate network


This chapter will primarily focus on securing data while it is being stored

More specifically:◦ How backup can prevent accidental data loss

◦ How to securely store data in a database

◦ How to prevent data from being taken out of the corporation

◦ How to securely dispose of data









Importance◦ In an incident, you may lose all data that is not

backed up

Threats That Are Addressed by Backup◦ Mechanical hard drive failure or damage in a fire

or flood

◦ Data on lost or stolen computers is not available to the organization

◦ Malware can reformat the hard drive or do other data destruction


Scope of Backup◦ Fraction of information on the hard drive that is

backed up

File/Directory Data Backup◦ Select data files and directories to be backed up

(Do not forget items on the desktop!)

◦ Not good for programs



Image Backup◦ Everything, including programs and settings

◦ Image backup is very slow

◦ Data files change the most rapidly, so doing several file/directory data backups for each image backup may be appropriate

Shadowing◦ A backup copy of each file being worked on is

written every few minutes to the hard drive, or to another location



Full backups◦ All files and directories

◦ Slow, so it is typically done weekly

Incremental Backups◦ Only records changes since the last backup

◦ Fast, so usually done daily

◦ Do incremental backups until the next full backup


Restoration Order◦ Restore the full backup first

◦ Then restore incremental backups in the order created

◦ (Otherwise, newer files will be overwritten)

Generations◦ Save several generations of full backups

◦ Usually do not save incremental backups after the next full backup


17

Local backup on individual PCs difficult to enforce.

Centralized backup provides backup labor and enforcement.

Local backup on individual PCs difficult to enforce.

Centralized backup provides backup labor and enforcement.

Copyright Pearson Prentice Hall 2013Copyright Pearson Prentice Hall 2013

Continuous Data Protection (CDP)◦ Used when a firm has two server locations

◦ Each location backs up the other in real time

◦ Other site can take over very quickly in case of a disaster, with little data loss

◦ Requires expensive high–speed transmission link between the sites


19

PCs back up one another.Data is stored redundantly.

Security issues must be addressed.

PCs back up one another.Data is stored redundantly.

Security issues must be addressed.









Servers Normally Use Magnetic Tape◦ Slow but inexpensive per bit stored

Second hard drive on computer◦ Very fast backup

◦ But lost if computer is stolen or burns in a fire

◦ Backup up on tape occasionally for archival (long-term storage)


Clients Normally Use Optical disks (DVDs)◦ Attraction is that almost all users have optical disk

burners

◦ Dual-layer DVDs offer about 8 GB of capacity This often is not enough User may have to insert additional disks to do

backup

◦ Backup up to a second client PC hard drive; then occasionally back up onto optical disks

◦ The life of information on optical disks is unknown


RAID—Redundant Array of Independent Disks◦ Multiple hard drives within a single system

Increased reliability and performance◦ A single hard drive failure won’t necessarily

precipitate data loss

◦ Multiple disks can be written to simultaneously

RAID Levels—ways of configuring multi-disk arrays



25

Shipping Boxes Storing Data


Striping—writing data simultaneously across multiple disks◦ Very fast, but no reliability

◦ One disk failure will cause complete data loss

Mirroring—creating an exact copy of a disk at the same time◦ Data transfer speeds remain nominal

◦ Virtually no data loss, but more costly to buy additional hard drives














Backup Creation Policies◦ Understand current system and

future needs

◦ Create policies for different types of data and computer

◦ What should be backed up, how frequently, how frequently to test restorations, etc.

Restoration Policies◦ Do restoration tests frequently


Media Storage Location Policies◦ Store media at a different site

◦ Store backup media in a fireproof and waterproof safe until it can be moved offsite

Encryption Policies◦ Encrypt backup media before moving them so

that confidential information will not be exposed if the tape is stolen or lost


Strongly Access Control Policies for Backup Media◦ Checkouts are rare and therefore suspicious

◦ Checking out media can result in their loss and the damages that come with this loss

◦ The manager of the person requesting the checkout should approve the checkout


Data Retention Policies◦ There are strong legal

requirements for how long certain types of data must be kept

◦ The legal department must get involved in retention policies.

Auditing Policy Compliance◦ All policies should be audited

◦ Includes tracing what happened in samples of data


Benefits of Retention◦ Major part of corporate memory

◦ Often need to retrieve old mail for current purposes

Dangers of Retention◦ Legal discovery process

◦ Defendant must supply relevant e-mails

◦ Potentially very damaging information

◦ Always expensive

◦ Even if very expensive to retrieve, firms must pay whatever is necessary to do so


Accidental Retention◦ Even if firms delete e-mail from mail servers

◦ May be stored on backup tapes

◦ Users will often store copies on their own computers


Legal Archiving Requirements◦ Many laws require retention

Securities and Exchange Commission Many labor laws Involuntary terminations Public information about job openings Medical problem complaints that may relate to

toxic chemicals

◦ Laws vary in duration of storage requirements

◦ Fines or summary judgments if fail to retain and produce required e-mails


U.S. Federal Rules of Civil Procedure◦ Specify rules for all U.S. federal civil trials

◦ Specifically address electronically stored information

◦ Initial discovery meeting Defendant must be able to specify what

information is available Comes shortly after a civil lawsuit begins Unless carefully thought through beforehand,

will fail


U.S. Federal Rules of Civil Procedure◦ Holds on destruction

Must be put in place if it is foreseeable that a lawsuit will soon begin

Must have strong hold procedures to place holds on all electronically stored information

Archiving Policies and Processes◦ Must have them

◦ Must reflect a firm’s legal environment

◦ Must be drawn up with the firm’s legal department


Message Authentication◦ Spoofed messages can frame employees or the

firm itself

◦ Need message authentication to prevent spoofed sender addresses

User Training◦ Never put anything in a message that you would

not want seen in court, printed in the newspaper, or read by your boss


Spreadsheet Security

◦ Spreadsheets are widely used and the subject of many compliance regulations

◦ Need for security testing

◦ Spreadsheet vault server to implement controls


44

1.The vault server stores

spreadsheets and strongly controls access to them.AuthenticationAuthorizations

Auditing

1.The vault server stores

spreadsheets and strongly controls access to them.AuthenticationAuthorizations

Auditing

2.Spreadsheets record each

change for auditing purposes

2.Spreadsheets record each

change for auditing purposes


45

3.Cryptographic Protections for Transmissions

3.Cryptographic Protections for Transmissions

4.Strong Client

Security

4.Strong Client

Security









Databases◦ Often used in mission-critical applications

◦ Require additional security precautions

◦ Relational databases: tables (relations) with rows (records) and columns (attributes)

◦ As discussed earlier, avoid SQL injection attacks



Databases◦ Restrict Access to Data

Restrict users to certain columns (attributes) in each row For instance, deny access to salary column to most

users

Limit access control to rows For instance, only rows containing data about people in

the user’s own department



Databases◦ Restrict granularity (level of detail)

Prevent access to individual data

Allow trend analysts to deal only with sums and averages for aggregates such as departments

◦ Restrict information about the structure of the database itself (data model) Knowledge about the data model can make SQL

injection much easier


Database Access Control◦ Restrict access to databases via database management

systems (e.g., Microsoft SQL Server, MySQL, IBM DB2, Oracle, etc.)

◦ Rename administrator account, disable guest/public accounts, lowest possible permissions necessary

SQL Injection Attacks◦ Data must be sanitized to remove unacceptable

characters

◦ Stored procedures can be used to sanitize and validate incoming data


53

1. Windows authentication

2. SQL Server authentication

3. Password policy options


Database Auditing◦ Collect information about users’ interactions with

databases

◦ Policy driven, reflecting legal and regulatory obligations

What should be audited?◦ Logins, changes to the database, warnings, exceptions,

and special access


Trigger—code that is automatically run when changes are made to a database

Data Definition Language (DDL) trigger◦ Used to produce automatic responses if the structure of

the database has been altered (e.g., create new table, drop a table, alter properties of an existing table)

Data Manipulation Language (DML) trigger◦ Used to produce automatic responses if the data has

been altered (e.g., data are inserted, updated, or deleted)


56

CREATE TRIGGER EmployeeSalaryChange ON Employees FOR UPDATEAS DECLARE @EmailBody varchar(1000) DECLARE @FirstName varchar(20) DECLARE @LastName varchar(20) DECLARE @OldSalary int DECLARE @NewSalary int

IF UPDATE (Salary)

SELECT @FirstName = First_Name, @LastName = Last_Name, @OldSalary = SalaryFROM deleted d

SELECT @NewSalary = SalaryFROM inserted

SET @body = 'I just wanted to let you know that @FirstName ' ' @LastName ' changed their salary from' @OldSalary ' to ' @NewSalary

EXEC master..xp_sendmail@recipients = '[email protected]',@subject = 'Somebody changed their salary',@message = @body

GO



Encryption◦ Makes data unreadable to

someone who does not have the key

◦ Prevents theft of private or trade secret information

◦ May reduce legal liability if lost or stolen data is encrypted

What to Encrypt◦ Files and directories

◦ The entire disk


Key Escrow◦ Loss of the key is disastrous

Not like losing a password that can be reset

◦ Key escrow stores a copy of the key in a safe place

◦ Bad if managed by user May not do it May not be able to find it If fired, may refuse to give it, locking up all data

on the computer

◦ Central key escrow on a corporate server is better


Strong Login Authentication Is Needed◦ Encryption is transparent to logged-in users

Once a user is logged in, he or she can see all encrypted data

◦ Protect with strong password or biometrics Ensure that the password is not lost

File-Sharing Problems◦ File sharing may be more difficult because files

usually have to be decrypted before sending them to another computer









Data Loss Prevention (DLP)

◦ A set of policies, procedures, and systems designed to prevent sensitive data from being released to unauthorized persons

Data Collection◦ Most companies collect more data than they can

adequately protect


Personally Identifiable Information (PII)◦ Private employee or customer information that

can be used to uniquely identify a person

◦ PII includes: names (full name), personal identification numbers (SSN), addresses (street or e-mail), personal characteristics (photo), and linking information (date of birth)

Data Masking◦ Obscuring data such that it cannot identify a

specific person, but remains practically useful


Spiders (crawlers)—navigate the Web gathering, organizing, and indexing web content

Web scraper—tool that extracts predefined data from specified web pages

Can aggregate extracted data from multiple websites

Mashup—combining data from various sites or applications



66

Latanya Sweeney, k-anonymity: a model for protecting privacy. International Journal on Uncertainty, Fuzziness and Knowledge-based Systems, 10 (5), 2002; 557-570.


67

60°

60° X°

X = 60°

Zipcode

Birth date Gender

Person = 87% chance of being identified

Equilateral triangle

If you know the name of the triangle is “equilateral” and two of the three angles are 60 °, then you know the third angle is also 60 °.

If you know the name of the triangle is “equilateral” and two of the three angles are 60 °, then you know the third angle is also 60 °.

If you know a person’s zip code, date of birth, and gender, then there is an 87% chance you can correctly identify that person.

If you know a person’s zip code, date of birth, and gender, then there is an 87% chance you can correctly identify that person.

Geometry Information


Document Restrictions◦ Attempt to restrict what users can do to

documents, in order to reduce security threats

◦ Embryonic

Digital Rights Management (DRM)◦ Prevent unauthorized copying,

printing, etc.

◦ May not be able to see parts of documents


Data Extrusion Management◦ Attempts to prevent restricted

data files from leaving the firm without permission

◦ Watermark with invisible restriction indicators Can be notified if sent via e-mail attachments or

FTP If each document is given a different watermark,

can forensically identify the source of a document leak

◦ Traffic analysis to look for unusually large numbers of outgoing files sent by a user



Removable Media Controls◦ Forbid the attachment of USB RAM drives and

other portable media

◦ Reduces user abilities to make copies

Perspective◦ Have proven difficult to enforce

◦ Often reduces functionality in uncomfortable ways

◦ Companies have been reluctant to use them



Social Networking◦ Do not discuss work on personal blogs

Don’t talk about new marketing campaigns Don’t post negative comments about products

◦ Be cautious about information posted on professional networks Competitors can use employee lists to hire away

key employees


Data Destruction Is Necessary◦ Backup media are not needed beyond

their retention dates If a computer is to be discarded If the computer is to be sold or given to another

user

◦ Drive-wiping software for hard drives Reformatting the hard drive is not enough

◦ Shredding for CDs and DVDs



76

Copyright © 2013 Pearson Education, Inc. Copyright © 2013 Pearson Education, Inc. Publishing as Prentice HallPublishing as Prentice Hall

Documents

Data Protection Chapter 9 Copyright Pearson Prentice Hall 2013