Securing Storage Devices Flashcards
What is Network Attached Storage (NAS)?
What do they implement to ensure high availability?
What should you always do with NAS?
Storage devices that connect directly to your organization’s network.
Often look like a big rack of hard drives.
NAS systems often implement RAID arrays to ensure high availability.
Always use data encryption, proper authentication, and log NAS access.
What is a Storage Area Network (SAN)?
Network designed specifically to perform block storage functions that may consist of NAS devices.
What kind of drives use Hardware Based Encryption?
What do they do and how?
Self-Encrypting Drives (SED)
Storage devices that performs whole disk encryption by using embedded hardware.
Very fast but very expensive so not common to see.
What is Software Encryption?
What are the names of the two primary types?
Where is the encryption key stored?
Drives can be encrypted using this software that is build into the OS.
File Vault (Macintosh) BitLocker (Windows)
The encryption key is stored in a chip on the motherboards Trusted Platform Module (TPM)
What is a Trusted Platform Module (TPM)?
Software based encryption built into Windows and Mac.
The TPM is a microchip built into the systems motherboard. Each motherboard has a unique encryption key in the TPM so you can not move an encrypted hard drive to another system w/o decrypting it with the original key first.
If your motherboard does not have TPM, you can use an external USB drive as a key. Don’t lose that USB drive!
Both BitLocker and File Vault use AES
What is Advanced Encryption Standard (AES) and what bit keys does it use?
Symmetric key encryption using 128, 192, 256 bit keys.
Has never been cracked. Used by the US government.
What is a Hardware Security Module (HSM), and what is it used for?
A physical anti-tamper device that acts as a secure crypto-processor during the encryption process.
It can be an internal card, a rack mounted system, or an “internet of things” device.
Used for digital signing as well.
