RE: RAID 5 drive replacement schedule

["Rivest, Philippe" <PRivest () transforce ca>]

I think we have made it clear that CIA is a security concern & issue if and
only if the data owner thinks C,I,A (one or many) are important for the data
or the system.

<Hence, availability is a security concern only if you do need it.> 

Little story to add to this discussion

In one of my previous job, they only cared about confidentiality. So we had
list of password (admin) on excel spreadsheet, protected by a super password
(I know), we had very poor ACL control and we lacked many expertise or upper
management approval. Data owner existed and were marginally ignored for
integrity or availability concern.

Im telling you this because, IT & security didn't accept the data owners as
OWNER of the data. IT & security played a big part in the ownership
(decision) of the level of protection to information. Hence, not reflecting
TRUE business needs. That meant more money, less protection and many hours of
reworking the actual security model.

If you have a situation like I had, availability wouldn't be a concern to
your IT shop. How ever, data owner would probably disagree with you on a few
files! (As the excel password spreadsheet was important for day to day
activity for IT & SQL team).

CIA is always important if it is needed. You can gauge the level you would
need for each system. Be sure how ever not to fall into the *I'm IT or
security and I do not think availability is important*. 

Hope this helped or added to the discussion.


Merci / Thanks
Philippe Rivest, CEH
Vérificateur interne en sécurité de l'information
Courriel: Privest () transforce ca
Téléphone: (514) 331-4417
www.transforce.ca

Merci / Thanks
Philippe Rivest, CEH
Vérificateur interne en sécurité de l'information
Courriel: Privest () transforce ca
Téléphone: (514) 331-4417
www.transforce.ca


-----Message d'origine-----
De : Mellow Marquis [mailto:mellowmarquis () gmail com] 
Envoyé : 24 juin 2008 21:41
À : Adriel Desautels
Cc : Murda Mcloud; Rivest, Philippe; security-basics () securityfocus com
Objet : Re: RAID 5 drive replacement schedule

I agree with whoever said that this does relate to 'Availability' and
therefore is a security issue. A few years ago, I had a Novell network
with intermittent problems on client PCs.
After ruling out everything else, I checked the RAID array and found
one disk with some bad sectors.

Things weren't so bad that the disk had died, but the array wasn't
smart enough to know that some critical files were slightly corrupted
which all users needed to access. Once the drive was replaced and the
array rebuilt, the problem was fixed.

It always surprises me the number of people who assume that drive
redundancy in an array assures data integrity because I do not believe
this to always be the case.

With the proliferation of SANs and NAS these days, I think this will
become more of an issue which many admins will not be able to properly
diagnose.

- Marquis

On Tue, Jun 24, 2008 at 11:59 PM, Adriel Desautels <adriel () netragard com>
wrote:
> Murda,
>        It means that the king didn't have the proper controls in place.
>
> Regards,
>        Adriel T. Desautels
>        Chief Technology Officer
>        Netragard, LLC.
>        Office : 617-934-0269
>        Mobile : 617-633-3821
>        http://www.linkedin.com/pub/1/118/a45
>
>        Join the Netragard, LLC. Linked In Group:
>        http://www.linkedin.com/e/gis/48683/0B98E1705142
>
> ---------------------------------------------------------------
> Netragard, LLC - http://www.netragard.com  -  "We make IT Safe"
> Penetration Testing, Vulnerability Assessments, Website Security
>
> Netragard Whitepaper Downloads:
> -------------------------------
> Choosing the right provider : http://tinyurl.com/2ahk3j
> Three Things you must know  : http://tinyurl.com/26pjsn
>
>
> Murda Mcloud wrote:
> > Now the calculations done by Robin Harris@CNET may be up for conjecture
> > here;
> >
> > http://blogs.zdnet.com/storage/?p=162
> >
> > However, I found it to be thought provoking.
> > I know that this thread has become two threads in one but I'm glad I asked
> > the question and I'm glad I asked in the way I did because the ensuing
> > debate has been welcome on my part. Stimulates the little grey cells...
> > Thanks everyone.
> >
> >
> >
> >
> > > > -----Original Message-----
> > > > From: Rivest, Philippe [mailto:PRivest () transforce ca]
> > > > Sent: Saturday, June 21, 2008 4:11 AM
> > > > To: Adriel Desautels
> > > > Cc: Murda Mcloud; security-basics () securityfocus com
> > > > Subject: RE: RAID 5 drive replacement schedule
> > > >
> > > > I do think we are saying just about the same thing. But I may of not be
> > > > clear
> > > > so let me restate.
> > > >
> > > > Raid 5 is an IT field & technologie, and adds to the security by making
1
> > > > failed drive NOT impact availability. That's all I meant. No decision or
> > > > security implication should be done before or after that (unless theres
> > > > an
> > > > incident). No security team should be implicated in the drive
replacement
> > > > as
> > > > this is normal IT operation.
> > > >
> > > > Raid 5 helps security in keeping the data accessible in the event of a
> > > > failed
> > > > drive.
> > > >
> > > > Side note:
> > > > For my CAI is always security related and justified. Make it high or low
> > > > availability it is security and has to be justified.
> > > >
> > > >
> > > > Merci / Thanks
> > > > Philippe Rivest, CEH
> > > > Vérificateur interne en sécurité de l'information
> > > > Courriel: Privest () transforce ca
> > > > Téléphone: (514) 331-4417
> > > > www.transforce.ca
> > > >
> > > >
> > > > -----Message d'origine-----
> > > > De : Adriel Desautels [mailto:adriel () netragard com]
> > > > Envoyé : 20 juin 2008 14:00
> > > > À : Rivest, Philippe
> > > > Cc : Murda Mcloud; security-basics () securityfocus com
> > > > Objet : Re: RAID 5 drive replacement schedule
> > > >
> > > > Philippe,
> > > >        I disagree with you and I think that the definition of security
> > > > that
> > > > you provided is partial, but thats just my opinion. Availability is a
> > > > vague term that can, but does not always have a role in security.
> > > > Determining what the proper schedule is for a drive replacement policy
> > > > is something that can be done by IT without the security team. Deciding
> > > > how to dispose of the drives on the other hand is security.
> > > >
> > > >
> > > > Regards,
> > > >        Adriel T. Desautels
> > > >        Chief Technology Officer
> > > >        Netragard, LLC.
> > > >        Office : 617-934-0269
> > > >        Mobile : 617-633-3821
> > > >        http://www.linkedin.com/pub/1/118/a45
> > > >
> > > >        Join the Netragard, LLC. Linked In Group:
> > > >        http://www.linkedin.com/e/gis/48683/0B98E1705142
> > > >
> > > > ---------------------------------------------------------------
> > > > Netragard, LLC - http://www.netragard.com  -  "We make IT Safe"
> > > > Penetration Testing, Vulnerability Assessments, Website Security
> > > >
> > > > Netragard Whitepaper Downloads:
> > > > -------------------------------
> > > > Choosing the right provider : http://tinyurl.com/2ahk3j
> > > > Three Things you must know  : http://tinyurl.com/26pjsn
> > > >
> > > >
> > > > Rivest, Philippe wrote:
> > > > > Adriel & Murda
> > > > >
> > > > > It is a security issue the way you store your data. In regards to the
> > > >
> > > > raid
> > > > > technologies, raid 5 improves the availability of the data by making
> > > >
> > > > sure
> > > > > that a single drive failed will not impact the availability of the
> > > >
> > > > data.
> > > > > Remember that security is
> > > > > 1- Confidentiality
> > > > > 2- Availability
> > > > > 3- Integrity
> > > > >
> > > > > The main goal of a Raid 5 is to help #2. You are referring to the
> > > >
> > > > disposal
> > > > of
> > > > > the HD which is the issue of confidentiality and that is not what Murda
> > > >
> > > > was
> > > > > aiming at. If it is, go for encryption, degaussing, destruction and
> > > >
> > > > just
> > > > > plain format (if the data is not confidential).
> > > > >
> > > > > As I explained to him offline, the MTTF and MTBF is about the same for
> > > >
> > > > 2 HD
> > > > > bought/constructed at about the same time. How ever, those are not
> > > >
> > > > absolute
> > > > > numbers that state that, if one drive fails the other one is about to
> > > >
> > > > go
> > > > too.
> > > > > It's more an estimated value against which you should have some
> > > > > confidence/hope, your drive should not fail before X hours (it could go
> > > > > before but the average is X).
> > > > >
> > > > > In a raid 5, Drive A, B and C are online and working (they are the same
> > > >
> > > > drive
> > > > > bought at the same time). Drive A fails, you should NOT change drive B
> > > >
> > > > & C
> > > > > unless they are failing also. If you do, the cost of your raid 5 will
> > > >
> > > > be
> > > > > greater then what it should be (the replacing of the parts are going to
> > > >
> > > > cost
> > > > > a lot). Change drive A and hope drives B & C will last longer.
> > > > >
> > > > >
> > > > > The only issue is that 2 drives fail at the same time, which is very
> > > > > improbable. And if it does, you should be going for your back ups.
> > > > >
> > > > >
> > > > > I do hope this clarified the questions and that I wasn't to unclear
> > > >
> > > > with my
> > > > > details!
> > > > >
> > > > > Merci / Thanks
> > > > > Philippe Rivest, CEH
> > > > > Vérificateur interne en sécurité de l'information
> > > > > Courriel: Privest () transforce ca
> > > > > Téléphone: (514) 331-4417
> > > > > www.transforce.ca
> > > > >
> > > > >
> > > > > -----Message d'origine-----
> > > > > De : listbounce () securityfocus com [mailto:listbounce () securityfocus com]
> > > >
> > > > De
> > > > la
> > > > > part de Adriel Desautels
> > > > > Envoyé : 20 juin 2008 11:27
> > > > > À : Murda Mcloud
> > > > > Cc : security-basics () securityfocus com
> > > > > Objet : Re: RAID 5 drive replacement schedule
> > > > >
> > > > > Murda,
> > > > >        The real answer to your question is that it is very, very
> > > >
> > > > improbable
> > > > > that all of the drives in the array will fail at the same time. Most
> > > > > drives are good for a certain period of years, after which point you
> > > >
> > > > are
> > > > > getting "extra time".
> > > > >
> > > > >        That is not a security issue though. That is an IT related
issue.
> > > > The
> > > > > security issue comes into play when you dispose of your drives. Do you
> > > > > shred them, just throw them in the dumpster, how do you dispose of
> > > >
> > > > them?
> > > > > Regards,
> > > > >        Adriel T. Desautels
> > > > >        Chief Technology Officer
> > > > >        Netragard, LLC.
> > > > >        Office : 617-934-0269
> > > > >        Mobile : 617-633-3821
> > > > >        http://www.linkedin.com/pub/1/118/a45
> > > > >
> > > > >        Join the Netragard, LLC. Linked In Group:
> > > > >        http://www.linkedin.com/e/gis/48683/0B98E1705142
> > > > >
> > > > > ---------------------------------------------------------------
> > > > > Netragard, LLC - http://www.netragard.com  -  "We make IT Safe"
> > > > > Penetration Testing, Vulnerability Assessments, Website Security
> > > > >
> > > > > Netragard Whitepaper Downloads:
> > > > > -------------------------------
> > > > > Choosing the right provider : http://tinyurl.com/2ahk3j
> > > > > Three Things you must know  : http://tinyurl.com/26pjsn
> > > > >
> > > > >
> > > > > Murda Mcloud wrote:
> > > > > > In my mind, this a security related question as it has to do with
> > > >
> > > > ensuring
> > > > > > availability.
> > > > > >
> > > > > > Does anyone have links towards any whitepapers etc that suggest
> > > >
> > > > replacement
> > > > > > of disks in a RAID 5 array as part of a maintenance cycle?
> > > > > >
> > > > > > If all the drives in an array are the same age and one fails; does
> > > >
> > > > this
> > > > > mean
> > > > > > the others are more likely to fail. I'd imagine so as they have had
> > > >
> > > > the
> > > > > same
> > > > > > amount of usage.