RE: RAID 5 drive replacement schedule

["Petter Bruland" <pbruland () fcglv com>]

Security or not...

Does your array support a hot-spare or stand-by disk? Then that would be the best way to go. Once a drive fails, it 
will alert based on syslog/eventlog/3rd party app etc that a drive is bad, and rebuild the bad drive's data on the 
hot-spare/stand-by disk.

If that isn't an option, and you are expecting a failure any day, I'd just keep an eye on the array health and make 
sure you have one or two spare drives on hand.

** I've never done this, but I believe you can slowly replace all drives, and then have a working full RAID-5 disk set 
as a backup?  I have had bad luck with older drives that used to be 24/7, then taken offline and back online.

Those are my 2 cents.... And in today's exchange rate, that's not much.

-Petter



-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Adriel Desautels
Sent: Friday, June 20, 2008 11:00 AM
To: Rivest, Philippe
Cc: Murda Mcloud; security-basics () securityfocus com
Subject: Re: RAID 5 drive replacement schedule

Philippe,
        I disagree with you and I think that the definition of security that you provided is partial, but thats just my 
opinion. Availability is a vague term that can, but does not always have a role in security. 
Determining what the proper schedule is for a drive replacement policy is something that can be done by IT without the 
security team. Deciding how to dispose of the drives on the other hand is security.


Regards,
        Adriel T. Desautels
        Chief Technology Officer
        Netragard, LLC.
        Office : 617-934-0269
        Mobile : 617-633-3821
        http://www.linkedin.com/pub/1/118/a45

        Join the Netragard, LLC. Linked In Group:
        http://www.linkedin.com/e/gis/48683/0B98E1705142

---------------------------------------------------------------
Netragard, LLC - http://www.netragard.com  -  "We make IT Safe"
Penetration Testing, Vulnerability Assessments, Website Security

Netragard Whitepaper Downloads:
-------------------------------
Choosing the right provider : http://tinyurl.com/2ahk3j Three Things you must know  : http://tinyurl.com/26pjsn


Rivest, Philippe wrote:
> Adriel & Murda
>
> It is a security issue the way you store your data. In regards to the 
> raid technologies, raid 5 improves the availability of the data by 
> making sure that a single drive failed will not impact the availability of the data.
>
> Remember that security is
> 1- Confidentiality
> 2- Availability
> 3- Integrity
>
> The main goal of a Raid 5 is to help #2. You are referring to the 
> disposal of the HD which is the issue of confidentiality and that is 
> not what Murda was aiming at. If it is, go for encryption, degaussing, 
> destruction and just plain format (if the data is not confidential).
>
> As I explained to him offline, the MTTF and MTBF is about the same for 
> 2 HD bought/constructed at about the same time. How ever, those are 
> not absolute numbers that state that, if one drive fails the other one is about to go too.
> It's more an estimated value against which you should have some 
> confidence/hope, your drive should not fail before X hours (it could 
> go before but the average is X).
>
> In a raid 5, Drive A, B and C are online and working (they are the 
> same drive bought at the same time). Drive A fails, you should NOT 
> change drive B & C unless they are failing also. If you do, the cost 
> of your raid 5 will be greater then what it should be (the replacing 
> of the parts are going to cost a lot). Change drive A and hope drives B & C will last longer.
>
>
> The only issue is that 2 drives fail at the same time, which is very 
> improbable. And if it does, you should be going for your back ups.
>
>
> I do hope this clarified the questions and that I wasn't to unclear 
> with my details!
>
> Merci / Thanks
> Philippe Rivest, CEH
> Vérificateur interne en sécurité de l'information
> Courriel: Privest () transforce ca
> Téléphone: (514) 331-4417
> www.transforce.ca
>
>
> -----Message d'origine-----
> De : listbounce () securityfocus com 
> [mailto:listbounce () securityfocus com] De la part de Adriel Desautels 
> Envoyé : 20 juin 2008 11:27 À : Murda Mcloud Cc : 
> security-basics () securityfocus com Objet : Re: RAID 5 drive replacement 
> schedule
>
> Murda,
>       The real answer to your question is that it is very, very improbable 
> that all of the drives in the array will fail at the same time. Most 
> drives are good for a certain period of years, after which point you 
> are getting "extra time".
>
>       That is not a security issue though. That is an IT related issue. The
>
> security issue comes into play when you dispose of your drives. Do you 
> shred them, just throw them in the dumpster, how do you dispose of them?
>
>       
> Regards,
>       Adriel T. Desautels
>       Chief Technology Officer
>       Netragard, LLC.
>       Office : 617-934-0269
>       Mobile : 617-633-3821
>       http://www.linkedin.com/pub/1/118/a45
>
>       Join the Netragard, LLC. Linked In Group:
>       http://www.linkedin.com/e/gis/48683/0B98E1705142
>
> ---------------------------------------------------------------
> Netragard, LLC - http://www.netragard.com  -  "We make IT Safe"
> Penetration Testing, Vulnerability Assessments, Website Security
>
> Netragard Whitepaper Downloads:
> -------------------------------
> Choosing the right provider : http://tinyurl.com/2ahk3j Three Things 
> you must know  : http://tinyurl.com/26pjsn
>
>
> Murda Mcloud wrote:
> > In my mind, this a security related question as it has to do with 
> > ensuring availability.
> >
> > Does anyone have links towards any whitepapers etc that suggest 
> > replacement of disks in a RAID 5 array as part of a maintenance cycle?
> >
> > If all the drives in an array are the same age and one fails; does 
> > this
> mean
> > the others are more likely to fail. I'd imagine so as they have had 
> > the
> same
> > amount of usage.
> >
> >
> >
> >
> >
> >