Protecting the data

Steve Riley posts on a topic he discussed at Tech-Ed – protecting the data, because everything else is just plumbing.

He has a point – after all, the thing most needing securing on your system is your data – the hardware, OS and tools can all be replaced at nominal cost (generally by buying a new machine, and installing from the original disks if you have them, or buying replacements), compared to the cost of replacing the data (and dealing with lost customer confidence, regulatory action, etc).

However, technological security boundaries are generally designed to prevent users from knobbling the system and its applications, rather than preventing the users from knobbling their own files. This does provide some protection between users, so user A can’t kill user B’s files unless they previously agreed to share.

But it doesn’t protect against user A killing user A’s files.

Whatever would?

Perfect backups – maintaining every bit that had ever been on the system – are a little extreme, even if you could achieve that state physically, with huge storage requirements.

“Previous Version” (aka Shadow Copy) support goes a long way to providing for a functional “time warp” file system, where users can recover their own data from corruption – this functionality is in Windows XP, Server 2003 and Windows Vista (presumably also in Windows Server 2008, but no plans are solidified until the OS ships).

So, that’s recovery – but what about prevention? Other than today’s outdated-by-the-time-you-download-them antivirus programs, what good security measures do we have to protect the user from the unexpected consequences of processes running in their own security context?

Education, awareness and training count highly in that area – by convincing your users that they should be aware that the data they work with is a valuable commodity, and should be handled with some caution.

But there’s really little you can do from a technological standpoint to distinguish between a user’s request to modify or delete a file, and a virus acting on that user’s behalf.

Business rules are great for enforcing ‘common sense’ on your data at work, but who wants to set “business rules” up for home use? What about all those ‘unsupported applications’ – the Excel spreadsheets replete with macros, the Access databases built by the sales team, any scripts put together for a specific purpose, and then used year after year without any thought to modification for reliability?

Consider reliability and the application of common sense to be a part of security, and remind your users that it is within their skill to do the same. Even when every piece of software deployed in your business is controlled by Group Policy, and every technological measure has been applied, you still need to give your users the tools, the education, and the reasons, to keep your systems’ data secure.

4 Responses to Protecting the data

  • Cheong says:

    Is there a way to do something like setting “sticky bit” on *nix system that works on folder level, so users cannot “accidentally delete files” unless he/she explicitly cleared the bit first?

  • alunj says:

    Well, here’s where Vista helps you.
    You can set the NTFS permissions so that a user cannot delete their own file.
    However, this doesn’t quite address the problem – instead of deleting a file, what if I simply choose to open it, and fill it with zeroes? Is that functionally different from deleting the file?
    What about simply replacing the data you have on file with completely fabricated information?
    Whatever technology you put into place, even if users have only exactly the rights necessary to do their job, they also have exactly the rights necessary to screw up their data.
    That’s why I like to see the users as an integral part of any security solution – and why I think users have to be informed as to the choices of their actions, and guided towards the most usual (and ideally the safest) action as the easiest choice.

  • Karl Levinson says:

    Steve is right that too often backups and encryption are forgotten. And it’s true that the FILES on the computer that aren’t data are plumbing.

    But the other part of the plumbing, e.g. the free disk space and network bandwidth that can be used to sell DoS zombie attacks, spam relays and pubstro FTP servers, are I think still attacked as much as the user data is.

    Also, drive encryption and backups only protect the data at rest. I understand that recent attacks have monitored running processes and/or memory to glean useful user data being sent out through Internet Explorer. So I hope it’s clear to all the readers that Steve isn’t advocating that they can start spending less time on the other traditional countermeasures.

  • alunj says:

    Plumbing that is unavailable for its intended users will generally get fixed. The problem is when ‘excess’ plumbing – or that which is perceived as excess – gets used by others. After all, what’s the damage to a business if its spare capacity is being used to run a porn site? Can you get funding to address that if it’s not actually interfering with your operations? Only if you can make the case that there is a significant risk that these uninvited users of your plumbing will some day cause you to be unable to use it.
    I think Steve was advocating protecting your data at rest and in transit. Plumbing can’t be trusted.

Leave a Reply

Your email address will not be published. Required fields are marked *