States of Data

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Course
Time
8 hours 25 minutes
Difficulty
Advanced
CEU/CPE
9
Video Transcription
00:00
>> When we talk about classification of data,
00:00
is that the classification scheme is going to
00:00
mandate a set of security controls and means of
00:00
protection and those means of protection need to
00:00
be administered to the data
00:00
in all of the states in which data can exist.
00:00
The states in which data can exist,
00:00
we can have data at rest,
00:00
data in process, and data in transit.
00:00
If we talk about data at rest,
00:00
this is data that's being stored,
00:00
stored on a hard drive,
00:00
in network share,
00:00
a thumb drive but it's at rest.
00:00
It's not being manipulated,
00:00
it's not being transferred.
00:00
When we have data that's in
00:00
storage or that's being stored,
00:00
we often protected with encryption.
00:00
Many times we just encrypt using
00:00
the File System Encryption
00:00
based on the operating system we're using.
00:00
For instance, Windows gives us
00:00
a file encryption system called EFS.
00:00
You can use a crypt with Linux
00:00
and Unix systems but with Windows EFS.
00:00
The idea here is that a decent file level encryption,
00:00
and that generally protects my resources from
00:00
unauthorized disclosure throughout the network
00:00
and on my local system.
00:00
The problem with that, however,
00:00
is if the value of my data is high enough,
00:00
then an attacker might just steal my hard drive.
00:00
Now, here's the implication of that.
00:00
Encrypted file system is a Window's convention.
00:00
In my system when I boot into Windows, EFS applies.
00:00
But if someone were to steal my hard drive,
00:00
take it home, put that hard drive in
00:00
their Linux box, boot into Linux,
00:00
and access the drive,
00:00
then those EFS permissions are
00:00
not going to apply correctly and I
00:00
may be able to determine
00:00
more information than I should about individual files.
00:00
It doesn't mean I'm going to be able to open up and read
00:00
them like there's no problem,
00:00
but it does mean things like
00:00
file properties and file titles.
00:00
There's going to be more information
00:00
displayed than should be.
00:00
If the value of my data's high enough,
00:00
just using file level encryption is not enough.
00:00
What I may actually choose to do
00:00
is to encrypt the entire hard drive.
00:00
If I encrypt the entire hard drive,
00:00
one option is to store the key to
00:00
decrypt the hard drive on my motherboard,
00:00
and that's exactly what the TPM chips for,
00:00
the Trusted Platform Module.
00:00
The Trusted Platform Module is membership on
00:00
the board that stores the key to unlock your hard drive.
00:00
If the hard drive is removed from
00:00
your system and loaded into another machine,
00:00
that hard drives and accessible
00:00
because the key can't be located.
00:00
If you've ever used BitLocker before,
00:00
that's what BitLocker does.
00:00
There are other alternatives for your key
00:00
than just storing it on the motherboard.
00:00
You could store it in Active Directory.
00:00
You can store it on a thumb drive or some other location.
00:00
But specifically the TPM chip
00:00
was developed for that purpose.
00:00
Now, we also have to think about data in process
00:00
and that's a little bit trickier
00:00
because even though you store files encrypted,
00:00
when you open it up to manipulate the file,
00:00
it gets decrypted and loaded into RAM.
00:00
Then you do your manipulation,
00:00
you save the file, it gets re-encrypted.
00:00
Now, there really isn't an easy way to
00:00
encrypt data while it's being
00:00
manipulated to encrypt data in RAM.
00:00
That's incredibly expensive and very resource intensive.
00:00
We really don't have that capability on the mainstream.
00:00
However, for extremely high value data,
00:00
if we think about digital currency,
00:00
there's something called Homomorphic
00:00
Encryption that can provide
00:00
that encryption property for
00:00
data while it's being manipulated.
00:00
But again, that goes to very high value assets.
00:00
As a general rule,
00:00
we don't have that capability right
00:00
now that's really affordable mainstream.
00:00
Then the last state of data is data in motion.
00:00
Data that's being transmitted across the networks,
00:00
it's being uploaded, downloaded,
00:00
move from location to location.
00:00
The greatest problem we face here is that
00:00
our protocols that we use to transport
00:00
data on the network are not designed to be secure.
00:00
If you look at the TCPIP suite,
00:00
this was developed in the '60s for use for the government
00:00
to transmit data across secure physical links.
00:00
Now, if the links are physically secure.
00:00
We don't need Protocol Security.
00:00
But the links aren't physically secured
00:00
today and they really
00:00
weren't all that physically secure then,
00:00
but they were working on
00:00
the knowledge and information that was available.
00:00
The idea is we have TCPIP,
00:00
which is a protocol more
00:00
designed for function than first secure function.
00:00
So IP doesn't provide encryption for data.
00:00
Now, I'm talking about IP version 4.
00:00
IP version 6 is designed to be secure,
00:00
but most organizations haven't transferred over to IPv6.
00:00
IPv6 is one of those things that is
00:00
coming down the line any day now.
00:00
It's a matter of fact, I've heard IPv6 is
00:00
coming since I first got into ATI.
00:00
Maybe not then, but at least for
00:00
the last 1015 years, IPv6 is coming.
00:00
Whether IPv6 comes and people
00:00
adopted really at this stage in the game,
00:00
I doubted, but the premise
00:00
that we need protocols security is incredibly valid.
00:00
Now, with IP version 6,
00:00
there was a security framework incorporated into
00:00
IP version 6 called IPSec, IP security.
00:00
IPSec can be reversed,
00:00
ported are made backwards
00:00
compatible to work with IP version 4.
00:00
The basic idea is your protocols are
00:00
not going to be secure if you're
00:00
just using IP version 4,
00:00
so we have to do is we have to add transport security.
00:00
We can do that through SSL and TLS.
00:00
Now, if you're not familiar with
00:00
these as Secure Sockets Layer,
00:00
Transport Layer Security, those provide
00:00
the same functionality for
00:00
encryption often have web traffic.
00:00
We can add IPSec,
00:00
and we can also use another protocol called SSH,
00:00
which is Secure Shell, but bottom line,
00:00
to protect data in transit,
00:00
we need to add secure transport protocols.
00:00
That's the difference between building
00:00
a secure protocol like IPv6.
00:00
The difference between that and having IPv4
00:00
that's weak and having to duck
00:00
taped security on top of it.
00:00
We're always going to get better security when
00:00
we integrate security into the design.
00:00
But so often we build
00:00
a protocol or software application for function,
00:00
not for secure function.
00:00
Don't forget the various states of data at rest,
00:00
in process, in transit.
00:00
Our classification scheme is going to
00:00
mandate a specific degree of protection and we
00:00
may have to make sure that we protect data
00:00
equally in all of the states in which it can exist.
Up Next