The last line of defense for the storage security system

We've all seen reports of hacking in the systems of some big companies, in general, hackers start from getting root access, once you get root access, you can say any file, as long as the intruder want, they can be taken away, which leads to two questions:

· Should the data path be more secure?

· What should we do if the data path should be more secure?

Should the data path be more secure?

Seems a little crazy, people told me that there was no storage security requirement, that it was network and operating system security, that it was not important to protect the file system and data paths, and their reason was that storage security was too difficult to manage, and of course I asked them what they thought and they didn't give me a direct answer. I think people are concerned about the complexity of disk drive key management, but this is just one aspect of storage security. Disk encryption can easily cause damage once the disk is removed from the system. Disk encryption does not prevent anyone from accessing data in your system, just like when disk drives are written and decrypted, and the argument that only the network and operating systems need security is flawed and untenable.

If hackers want to enter your system, you have to take multiple levels of security to prevent illegal access and reduce the scope of damage, if you have valuable data, when hackers breached the system, their success will be enormous.

How to enhance security

I think storage security needs to start with the file system, and defenses from multiple tiers, including some large systems, possibly Fibre Channel networks, but I think the security of storage must start with the file system, and the current framework is secured by user (UID), group (GID), and access control lists (ACLS) To meet all security requirements. Once someone gets root access, the game is over, all files are like the naked people standing on the street, of course, users can choose to encrypt the data, but do not set a standard for each file encryption, Key management is also a problem, from MVS to Linux, to Windows or other systems, The file system you use may also be different, and management is also a problem, such as having access to a file that has been dismissed, or an employee forgetting to encrypt the key after four weeks of vacation. I use the TrueCrypt encryption disk partition, the key is more than 20 characters, but if I accidentally deleted the key, how can I get the files on my computer? Frankly speaking, if no one knows my key, the difficulty is very big, the only way is to crack the hard drive, the time and money spent is not everyone can afford.

In my opinion, the answer is SELinux (Security enhanced Linux, secure enhanced Linux) and MLS (multi-level security, multilevel safety), the history of proprietary security enhancement operating systems is dirty, from Cray The Unicos to secure Solaris,secure irix and a long list of MLS operating systems offered by other security vendors on the machine are not commercially successful, none of which has been widely recognised by the marketplace, and only a handful have been recognized by the business world, Here are a few reasons I can think of:

1, operating system and specific hardware in the current market environment does not meet the requirements, because performance requirements beyond the manufacturer's ability to provide.

2, the operating system only supports a limited set of features, local file system performance can not meet the needs of applications and backup, HSM applications can not work.

3. Except for a few government websites, people don't care about security.

4, the management cost is too high, each operating system needs specialized training.

These are some of the reasons, but I think perhaps the most important reason is that MLS systems are too difficult for users to use in the past, they can no longer share files in a consistent way because each file has a security level that is specific to the user, and even if two users are of the same level, they may not be able to share files as before. Because administrators can set many other security constraints. Logging on as a root user does not mean you can see all the files (if set correctly), and it is not possible to make changes to the system without logging in. If the hacker has access to the system's superuser privileges, he may gain access to all files from the normal file to the system log file, meaning that the hacker can eliminate his guilt.

Solve Trouble

My advice is to use SELinux, which has become the foundation of all systems, and more people are using it, and now it can work with NFS, CIFS, shared file systems, and Nas filesystems, and the operating system should support this level, which will require changing the way people do business, Manufacturers need to make some changes, standards agencies will adopt a new framework to access, how administrators and users exchange files, how the system management will change, the file system also needs to make some changes to support the new security requirements, for the shared file system, the change will be very large, need authentication.

What about network access to NFS and CIFS file systems? I expect that they will probably have additional authentication to support these new security frameworks and new standards, SELinux is not a panacea for all security issues, but it must be a big step in the right direction to solve some of the problems that are difficult to solve in the current rampant hacker environment.

If someone goes into the system, SELinux helps protect the security of the data, of course, if the SELinux is improperly configured, or using very simple passwords such as abc123 or simpler, all efforts are in vain because hackers usually try to log in as each user, from the recent Sony, In the news media and the intrusion of government websites around the world, we should adjust the direction, stop just attach importance to perimeter security, we must attach importance to end-to-end security, need to set more powerful password, really will selinux use up, Strong passwords and strong certifications must address the ability of employees to forget their identity authentication information to be able to log on to the system.

None of this is easy, but an insecure external-facing machine will cause intruders to access countless internal machines, and we have to implement more robust authentication and data access control in the operating system, and I believe SELinux is a good start in this direction.