Understanding the Basic Security Concepts of Media

Understanding the Basic Security Concepts of Media

If an attack is launched against the signal on the wire, hackers may be able to copy information as the bits flow across the wire. This may not be as dangerous if the data is encrypted, but depending on the communication medium, it may be possible for hackers to at least steal the service. Being familiar with the basic security concepts of media will help you recognize attacks and how to keep them from happening.

Coax

Coaxial cable was the first type of cable used to network computers and was instrumental in forming the basis of the Ethernet standard. Coaxial cables are made of a thick copper core with an outer metallic shield used to reduce interference. Often, the shield is made of woven cooper mesh or aluminum. The cable is then surrounded by a plastic covering, called a sheath . Although coaxial cables are no longer deployed, they may still be found in legacy environments. Here are the two main types of coax cables used:

• 10Base2 Also known as thinnet , 10Base2 has a communication speed of 10Mbps, uses baseband signaling, and is limited in length to 185 meters per segment. It uses BNC connectors to attach segments to each other. Terminators are required at both ends of each segment to prevent signal echo.

• 10Base5 Also known as thicknet , 10Base5 has a communication speed of 10Mbps, uses baseband signaling, and is limited in length to 500 meters per segment. 10Base5 uses attachment unit interface (AUI) external transceivers connected to each NIC by a vampire tap that allows access to the network by piercing the cable.

Coax cables have no physical transmission security and are very simple to tap without interrupting regular transmissions or being noticed. The electric signal, conducted by a single core wire, can easily be tapped by piercing the sheath. It would then be possible to eavesdrop on the conversations of all hosts attached to the segment because coax cabling implements broadband transmission technology and assumes many hosts connected to the same wire. Another security concern of coax cable is reliability. Because no focal point is involved, a faulty cable can bring the whole network down. Missing terminators or improperly functioning transceivers can cause poor network performance and transmission errors. If you are using coax cable, be sure to have proper cable testing equipment available and periodically scan the network for unfamiliar devices.

UTP/STP

Twisted-pair cable is used in most of today's network topologies. Twisted-pair cabling is either unshielded (UTP) or shielded (STP). Plenum cable is also available; this is a grade that complies with fire codes. The outer casing is more fire resistant than regular twisted pair cable. Ethernet networks have typically used UTP, and STP is mostly used for AppleTalk and Token Ring networks.

UTP is popular because it is inexpensive and easy to install. There are seven types of UTP cable, the most popular being Category 5 (or Cat5). Before Cat5, Cat3-type cable was used on Ethernet networks, and some networks may still have it in place. Cat3 is the lowest category that meets standards for a 10BaseT network. Here are the speeds and cable lengths for both:

• Cat3 Speed capability of 10Mbps, with cable segments up to 100 meters

• Cat5 Speed capability of 1Gbps, with cable segments up to 100 meters

UTP is eight wires twisted into four pairs. The design cancels much of the overflow and interference from one wire to the next , but UTP is subject to interference from outside electromagnetic sources and is prone to radio frequency interference (RFI) and electromagnetic interference (EMI) as well as crosstalk.

STP is different from UTP in that it has shielding surrounding the cable's wires. Some STP has shielding around the individual wires, which helps prevent crosstalk. STP is more resistant to EMI and is considered a bit more secure because the shielding makes wire tapping more difficult.

Both UTP and STP are possible to tap, although it is physically a little trickier than tapping coax cable because of the physical structure of STP and UTP cable. With UTP and STP, a more inherent danger lies in the fact that it is easy to add devices to the network via open ports on unsecured hubs and switches. These devices should be secured from unauthorized access, and cables should be clearly marked so a visual inspection can let you know whether something is awry. Also, software programs are available that can help detect unauthorized devices.

Fiber

Fiber was designed for transmissions at higher speeds over longer distances. It uses light pulses for signal transmission, making it immune to RFI, EMI, and eavesdropping. Fiber optic has a plastic or glass center, surrounded by another layer of plastic or glass with a protective outer coating. Data-transmission speed ranges from 100Mbps to 2Gbps and can be sent a distance of 2 kilometers per segment.

On the downside, fiber is still quite expensive compared to more traditional cabling, it is more difficult to install, and fixing breaks can be costly.

As far as security is concerned , fiber cabling eliminates the signal tapping that is possible with coax. It is impossible to tap fiber without interrupting the service and using specially constructed equipment. This makes it more difficult to eavesdrop or steal service.

Removable Media

Removable media poses a security risk to a company for the following reasons:

• The theft of classified or confidential information can destroy the business if this information ends up in the hands of competitors .

• The reputation of the business may become permanently damaged if information belonging to customers or vendors is posted publicly .

• Information in the hands of an intruder can give her enough ammunition to mount successful attacks at any given time.

The most likely reason for a company to have removable media is for offsite storage of backups . The data should be protected by at least a password and possibly encryption. It is also common in military environments to have removable storage media that is locked in a proper safe or container at the end of the day.

Tape

Tape devices use magnetic storage media and are extremely popular backup technologies because of the amount of data that can fit on a small amount of space. Tape backups are widely used to back up system configurations, mission-critical systems, and system account information, which means they often may contain system Registry information, network user account databases, sensitive customer information, and files.

Several types of magnetic media can be used to back up important data, including the following:

• 4mm DAT (Digital Audio Tape) DAT technology involves 4mm tape that employs helical scan recording.

• 8mm DAT This 8mm tape technology is similar to 4mm DAT but with greater capacities .

• QIC (Quarter Inch Cartridge) QIC cartridges look much like audiotape cassettes.

• Travan The Travan standard, developed by Imation, was introduced 1997. It has built-in tape alignment and tensioning, thereby reducing the amount of hardware needed in the drive itself. Bulk erasing (degaussing) renders the cartridge unusable.

• AIT (Advanced Intelligent Tape) Developed by Sony, AIT is an 8mm technology that includes stronger, thinner media that is more stable and has better coatings than previously available.

• DLT (Digital Linear Tape) DLT is an adaptation of reel-to-reel magnetic recording, where the tape cartridge performs as one reel and the tape drive as the other.

• Super DLT (Digital Linear Tape) The next generation of Digital Linear Tape. The expected capacity is up to 1.2TB of uncompressed data.

When using any of these types of tape, be sure it fits the storage requirements of your company and check the specifications of the drive before ordering tapes. Many come in different variations; for example, not all QIC and Travan tapes can be used in all QIC and Travan drives . They may fit into the drive, but if the tape isn't designed for the drive, the drive won't record on the media. Another consideration is shelf life. If a DLT has a shelf life of 40 years, and 25 years from now you have to retrieve data, will there be equipment that can still read that type of data? With technology advancing rapidly , chance are that unless accommodations are made to be sure that the equipment is available to read the media, you will be out of luck.

To minimize chances of theft, tapes must be stored in a secure environment, and employees who are not responsible for doing backups should not know where the tapes are stored. In smaller companies, fireproof safes can be used to store the tapes. In larger environments, tape libraries can be implemented for remote tape rotation and backup device administration. Tapes that are going out of rotation and into an archive should be stored offsite, in safety deposit boxes or similar secure environments. Offsite storage ensures business continuity in unforeseeable or unfortunate situations.

Backup Strategies and Security Concerns for Tape Media

Several backup methods can be employed in disaster-recovery strategies, and they are not specific to tape devices. The most popular backup strategies are as follows :

• Full backup Copies all selected files and resets the archive bit. This method allows you to restore using just one tape. In case of theft, this poses the most risk since all data is on one tape.

• Incremental backup Contains all the information that was modified since the last incremental backup and resets the archive bit. If there is a need to restore, the number of tapes will include the last full backup and all incremental tapes. For example, if the server dies on Thursday, four tapes will be needed: the full from Friday and the incremental tapes from Monday, Tuesday, and Wednesday. If any incremental tape is stolen, it may or may not be of value to the offender, but it still represents risk to the company.

• Differential backup Copies all information changed since the last full backup, regardless of if or when the last differential backup was made because it doesn't reset the archive bit. If there is a need to restore, the number of tapes will include the last full backup and one differential tapes. For example, if the server dies on Thursday, two tapes will be needed, the full from Friday and the differential from Wednesday. Theft of a differential tape is more risky than an incremental as larger chunks of sequential data may be stored on tape the further away from the last full backup it gets.

• Copy backup Very similar to full backup in that it copies all selected files but doesn't reset the archive bit. From the security perspective, the loss of a tape with a copy backup is the same as losing a tape with a full backup.

In addition to these backup strategies, companies employ tape rotation and retention policies. The various methods of tape rotation include the grandfather, Tower of Hanoi, and 10-tape rotation. Backup tapes should be tested regularly. Many companies think they are backing up their data, and find out that the tapes are blank, or the tape heads have become worn or dirty and now they can't restore their data. After the backups are complete, they must be clearly marked or labeled so they can be properly safeguarded.

Backup is just one small part of the overall disaster recovery planning. Despite obvious security threats, backups must be done on a regular basis on every server or computer, based on whether physical failure would cause any amount of inconvenience.

An incremental backup resets the archive bit, a differential does not.

Every company should determine its own backup policy, depending on the needs and the nature of information to be protected. The policy should be determined by the amount and type of data to be backed up, how far back data might be needed, and whether the back up type can be offline or online storage. Remember, proper planning and testing can help divert potential disaster.

CDR

Recordable or rewritable compact discs (CD-Rs or CD-RWs) have become relatively inexpensive and, as a result, can be used as an alternative to magnetic media for backups.

A writable CD (CD-R) is a solid disk of clear plastic that has etching within it to act as a guide for the laser. Then comes the reflective layer, made of aluminum or gold foil. This is followed by a layer of organic dye. Listed here are the common dyes used today:

• Cyanine (blue-green) is used in many less-expensive CD-Rs. These CDs have a lifespan of between 10 and 75 years.

• Phthalocyanine (golden colored) is the longest- lasting dye, producing CD-R disks that have a shelf life of close to 100 years.

• Formazan (greenish gold) produces CD-Rs with a somewhat better lifetime than cyanine.

• Metallized azo (dark blue) produces CD-Rs a lifetime more toward the higher end of the scale.

If a CD is no longer useful or is not working correctly, it must be made safe to discard. Formal as well as physical processes can be used to do this. The formal processes will be discussed after the section on diskettes. CDs can be destroyed by breaking or scratching them. Some companies now make CD shredders, which would also serve the purpose. The destruction should be done by authorized personnel and the remains disposed of as per company policy.

Hard Drives

The cost of hard drives has come down considerably in the last few years. Besides being cheaper, hard drives can now store over 100GB of data, making them an easy choice for backup or redundant data. Removable hard drives should be handled carefully ; if dropped, they may not work correctly. Proper storage is also a consideration. Be sure they are placed in a secure environment where they are safe from Electro Magnetic Field (EMF), high temperatures , and theft. If you choose to overwrite the data, pay particular attention to the section on proper sanitization .

Diskettes

Floppy disks are still used in many environments. They are magnetic media that store 1.44MB of data. They are sensitive to heat, EMF, and can be easily stolen due to their small size. If they are to be stored, be sure they are in an environment similar to that described for hard drives.

Discarding Information on Removable Media

Before we discuss flashcards and smartcards, let's go over some concepts in regard to the proper way to handle removable media when either the data should be overwritten or is no longer useful or pertinent to the company. The following choices apply to all removable media units:

• Declassification A formal process of assessing the risk involved in discarding particular information. All possible considerations should be assessed. What if this information ends up in the wrong hands? What is the worst that can happen? If no threat is posed, the information can be declassified.

• Sanitization The process of removing the contents from the media as fully as possible, making it extremely difficult to restore it even for data-recovery specialists. The processes employed by sanitization include degaussing and overwriting:

  • Degaussing This method uses an electrical device to reduce the magnetic flux density of the storage media to zero. This method is considered very safe.

  • Overwriting This method is applicable to magnetic storage devices. Be cautious about slack space on hard drives. When data is overwritten, it is still possible to recover data that was there previously.

• Destruction The process of physically destroying the media and the information stored on it. Destruction is the only safe method of completely removing all traces of information stored on a removable media device.

Because CDs and CD-Rs are optical media, sanitization is not applicable to them, so either declassification or destruction should be used. Hard drives and diskettes are magnetic media, and any of the methods can be used.

Flashcards

Flashcards are most often used in digital cameras , MP3 players, and PDAs. These cards store a good amount of information in a relatively small space.

Data transferred via flashcards many times is stored unencrypted. If the device used supports encryption, it would be wise to use it, because these devices are small and easy to steal. Because flashcards may contain traces of classified or confidential information, such as customer data, companies should consider sanitizing or destroying these components when upgrading or discarding the outdated equipment.

Smartcards

Smartcards are devices that contain memory and sometimes embedded chips. They are used in cell phones and mobile devices to store customer ID information, personal data, and employee credentials. They are inserted into a smartcard reader that reads the data embedded on them. There are two basic types of smartcards:

• Stored value This type of card only holds data and is similar to magnetic strip cards used by banks.

• Integrated circuit cards (ICCs) This type of card can perform tasks such as key exchanges.

These cards are not easy to tamper with, but because they are small, they can be easily lost or stolen.

Companies must institute and enforce strict smartcard policies because theft is a big risk associated with the use of this type of device. They should be guarded , and lost or stolen cards should be reported immediately. On the upside, administrators can revoke issued certificates or disable user accounts, making the smartcard basically a piece of useless plastic.

So far, we have covered the basic security concepts of media, which should help you recognize some of the vulnerabilities they present. The area we will cover next is security topology, which deals with how devices are arranged on the network and how they communicate with each other.