Security in the Light of Emergency Situations

René Pfeiffer/ May 5, 2012/ High Entropy, Security

Let’s assume you have put proper security measures into place and you have spiced them up with proper policies so that everyone always knows what to do in certain situations. So far, so good. Now let’s combine this solid security framework with something out of the ordinary. Catastrophic storage failures are a very good example. Imagine your shared storage array goes AWOL (including the disk images of your precious virtualised servers). In this case your operating status has gone from „all green“ to „full red alert“. Your staff can’t restart the storage array, so you have to rely on experts in the field of data rescue. Due to the critical nature of the data you yank out the disks, label them and send your storage components by messenger to a laboratory. Since time is crucial your operators bypass all security checks, hand the drives over to the messenger which in turn disappears to deliver them. If this sounds realistic, please read on.

Emergency situations put your security to its limits. In the case of data loss there’s also a lot of adrenaline to go around. Of course you have backups, but you may not have a high availability system. Additionally virtualised servers keep live data that might not be mirrored or stored in the backup yet. Have you thought about this situation in advance? Who has the security clearance to remove storage components from your inner sanctum and bypass every security device? Data rescue experts are a crucial asset to your IT resources, but most certainly they will be external to your organisation. How to you select the most trustworthy partner for data rescue? Do you prefer a company that sends your disks all around the globe and cannot account for everyone having access to your data? You know that digital copies can be made easily in emergency situations. What’s your plan to keep up security under these circumstances?

In case you haven’t thought about these questions, you should probably think about them before you enter „red alert“. Albeit no one wants to use data rescue resources during normal operation, you have to address this issue in advance. Isolated storage components are both a breach in security and a potential data leak if handled in a wrong way. Attacks might even provoke a failure in order to get access to your storage system (performed through a well-timed messenger-in-the-middle attack). All it takes is to send a courier first – unless the data rescue process itself is compromised. Industrial espionage often exploits third-parties that are used for specific tasks or products. Make sure your „web of trust“ still holds in emergencies. This is best ensured by preparation and testing. If fire drills are done on a regular basis, why not do data rescue drills as well?

Share this Post

About René Pfeiffer

System administrator, lecturer, hacker, security consultant, technical writer and DeepSec organisation team member. Has done some particle physics, too. Prefers encrypted messages for the sake of admiring the mathematical algorithms at work.