DAS Security | Data Protection and Information Lifecycle Management

< Day Day Up >

Direct access storage is so tightly coupled with the host computer that there is little one can do to add security to the storage. The level of trust between a DAS device and its host is, by design, very high, and almost any additional security would inhibit their ability to operate together. The best security for data on a DAS device is good application and server security. Security applications such as antivirus software will protect data as well as applications and the operating system itself. Setting access controls properly, usually by denying users access to anything but their own data, is a good way to protect data at a file system level.

It Hurts When You Get Hit with Your Own Hammer

One common security problem with DAS systems centers on utilities. System administrators have many utilities that allow them to configure, manage, and change disk and file system attributes. Some come with the operating system or are purchased from an ISV; others are supplied by the storage vendor.

With the convenience of these tools comes an access path for the intruder. If these tools are themselves in an insecure location, it is easy enough for an intruder to use them to do great damage to the data on disks. Access to these tools can be controlled by limiting access to the directories that they are kept in. If an attacker can overcome the access controls on the operating system, however, this will not provide any protection. Instead, remove them from a host. Keeping tools on a CD-ROM that can be physically secured in a locked cabinet will make it less likely that they will be turned on the system administrator.

< Day Day Up >