Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Scribd
Upload
152 views

Module+9 - Data Security

Uploaded by

Murad Sultanzadeh
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
152 views

Module+9 - Data Security

Uploaded by

Murad Sultanzadeh
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 33

Data Security

Introduction

In this module, you learn about security and protecting your data with a Data
Domain system.

Upon completing this module, you will be able to:


 Describe Data Domain Retention Lock functionality
 Configure Retention Lock compliance
 Execute data sanitization
 Encrypt data at rest

© Copyright 2019 Dell Inc. Page 1


Data Domain Retention Lock

Data Domain Retention Lock

Introduction

As data ages, Dell EMC recommends moving this data to archive storage where it
can be accessed, but no longer occupies valuable storage space.

Unlike backup data, a secondary copy of data for shorter-term recovery purposes,
archive data is a primary copy of data that is retained for several years. In many
environments, corporate governance and/or compliance regulatory standards can
mandate that some or all this data be retained “as-is.” In other words, the integrity
of the archive data must be maintained for specific time periods before it can be
deleted.

The Data Domain Retention Lock feature provides unchangeable file locking and
secure data retention capabilities to meet both governance and compliance
standards. Data Domain Retention Lock ensures that archive data is retained for
the length of the policy with data integrity and security.

This lesson presents an overview of Data Domain Retention Lock, its configuration
and use.

This lesson covers the following topics:


 Overview, capability, and configurations

Page 2 © Copyright 2019 Dell Inc.


Data Domain Retention Lock

 Security officer role and privilege


 File locking protocol

© Copyright 2019 Dell Inc. Page 3


Data Domain Retention Lock

Data Domain Retention Lock Overview

Data Domain Retention Lock is a licensed software feature. Retention Lock


enables storage administrators and compliance officers to meet data retention
requirements for archive data stored on a Data Domain system. For files committed
to be retained, Data Domain Retention Lock software works with the retention
policy set by the application to prevent locked files from being modified, or deleted
during the retention period. The retention period can be set for up to 70 years. It
protects against data management accidents, user errors, and any malicious
activity that might compromise the integrity of the retained data. The retention
period of a retention-locked file can be extended, but not reduced.

After the retention period expires, files can be deleted, but cannot be modified.
Files that are written to a Data Domain system, but not committed to be retained,
can be modified or deleted at any time.

DD Retention Lock comes in two separately licensed editions: DD Retention Lock


Governance and DD Retention Lock Compliance.

DD Retention Lock Governance edition maintains the integrity of the archive data
with the assumption that any actions taken by the system administrator are valid as
far as the data integrity of the archive data is concerned.

DD Retention Lock Compliance edition is designed to meet strict regulatory


compliance standards such of those of the United States Securities and Exchange
Commission. When DD Retention Lock Compliance is deployed, it requires extra

Page 4 © Copyright 2019 Dell Inc.


Data Domain Retention Lock

authorization by a Security Officer for system functions. The extra authorization is


to safeguard against any actions that could compromise data integrity.

© Copyright 2019 Dell Inc. Page 5


Data Domain Retention Lock

Data Domain Retention Lock Capabilities

The capabilities that are built into Data Domain Retention Lock are based on
governance and compliance archive data requirements.

Governance archive data requirements: Governance standards are considered


to be lenient in nature. Governance standards give flexible control of retention
policies, but not at the expense of maintaining the integrity of the data during the
retention period.

The storage system has to securely retain archive data per corporate governance
standards and must meet the following requirements:
 Allow archive files to be committed for a specific period during which the
contents of the secured file cannot be deleted or modified.
 Allow for deletion of the retained data after the retention period expires.
 Allow for ease of integration with existing archiving application infrastructure
through CIFS and NFS.
 Provide flexible policies such as extending the retention period of a secured file,
revert of locked state of the archived file and so on.
 Ability to replicate both the retained archive files and retention period attribute to
a destination site to meet the disaster recovery (DR) needs for archived data.

Page 6 © Copyright 2019 Dell Inc.


Data Domain Retention Lock

Security Officer Role and Security Privilege

As discussed in the Basic Administration module, a security privilege can be


assigned to user accounts:
 In the System Manager, when user accounts are created
 In the CLI, when user accounts are added

A user assigned the security privilege is called a security officer. The security
officer can run a command through the CLI called the runtime authorization policy.

Updating or extending retention periods and renaming MTree, requires the use of
the runtime authorization policy. When enabled, runtime authorization policy is
invoked on the system for the length of time the security officer is logged in to the
current session.

Runtime authorization policy requires the security officer to provide credentials, as


part of a dual authorization with an administrator, to set up and modify retention
lock compliance features and data encryption features.

The security officer is the only user that is permitted to change the
security officer password. Contact support if the password is lost or
forgotten.

© Copyright 2019 Dell Inc. Page 7


Data Domain Retention Lock

Data Domain Retention Lock Activity Flow

The general flow of activities with DD Retention Lock is as follows:


1. Enable DD Retention Lock Governance, Compliance, or both on the Data
Domain system. (You must have a valid license for DD Retention lock
Governance and/or Compliance)
2. Enable MTree for governance or compliance retention locking using the System
Manger or CLI commands.
3. Commit files to be retention locked on the Data Domain system using client-side
commands by an appropriately configured archiving or backup application,
manually, or using scripts.
4. Optionally, extend file retention times or delete files with expired retention
periods using client-side commands.

Page 8 © Copyright 2019 Dell Inc.


Data Domain Retention Lock

File Locking Protocol

After an archive file has been migrated to a Data Domain system, the archiving
application must set and communicate the retention period attribute to the Data
Domain system. The archiving application sends the retention period attribute over
standard industry protocols.

The retention period attribute the archiving application uses is the last access time -
the atime. DD Retention Lock provides granular management of retention periods
on a file-by-file basis. As part of the configuration and administrative setup process
of DD Retention Lock, a minimum and maximum time-based retention period for
each MTree is established. This setting ensures that the atime retention expiration
date for an archive file is not set below the minimum, or above the maximum,
retention period.

The archiving application must set the atime value, and DD Retention Lock must
enforce it, to avoid any modification or deletion of locked files. For example,
Symantec Enterprise Vault retains records for a user-specified amount of time.
When Enterprise Vault retention is in effect, these documents cannot be modified
or deleted on the Data Domain system. When that time expires, Enterprise Vault
can be set to automatically dispose of those records.

Locked files cannot be modified on the Data Domain system even after the
retention period for the file expires. Files can be copied to another system and then
be modified. Archive data retained on the Data Domain system after the retention

© Copyright 2019 Dell Inc. Page 9


Data Domain Retention Lock

period expires is not deleted automatically. An archiving application must delete the
remaining files, or they must be removed manually.

Page 10 © Copyright 2019 Dell Inc.


Data Domain Retention Lock

Configuring Data Domain Retention Lock Governance Edition

You can configure DD Retention Lock Governance using the System Manager or
by using CLI commands. System Manager provides the capability to modify the
minimum and maximum retention period for selected MTrees.

To configure retention lock:


1. Select Data Management > MTree.
2. Select the MTree you want to edit with DD Retention Lock.
3. Click the Summary tab, and scroll down to the Retention Lock area
4. Click Edit.
5. Enable retention lock in the Modify DD Retention Lock dialog box.
6. Enter the retention period, or select Default.
7. Click OK.

© Copyright 2019 Dell Inc. Page 11


Data Domain Retention Lock

Configuring Data Domain Retention Lock Compliance Edition

The DD Retention Lock Compliance edition meets the strict requirements of


regulatory standards for electronic records, such as SEC 17a-4(f)and other
standards that are practiced worldwide.

DD Retention Lock Compliance Edition ensures that all files locked by an archiving
application, for a time-based retention period, cannot be deleted or overwritten until
the retention period expires. Data is archived using multiple hardening procedures
by requiring dual sign-on for certain administrative actions. Before engaging DD
Retention Lock Compliance edition, the System Administrator must create a
Security Officer role. The System Administrator can create the first Security Officer,
but only the Security Officer can create other Security Officers on the system.

Some of the actions requiring dual sign-on include:


 Extending the retention periods for an MTree
 Renaming the MTree
 Deleting the Retention Lock Compliance license from the Data Domain system
 Securing the system clock from illegal updates

Page 12 © Copyright 2019 Dell Inc.


Data Domain Retention Lock

DD Retention Lock Compliance implements an internal security


clock to prevent malicious tampering with the system clock. The
security clock closely monitors and records the system clock. If
there is an accumulated two-week skew within a year between the
security clock and the system clock, the Data Domain file system
(DDFS) is disabled. The file system can only be resumed by a
security officer.

© Copyright 2019 Dell Inc. Page 13


Data Sanitization

Data Sanitization

Introduction

In this lesson, you learn the function of data sanitization and how to run a
command to sanitize data.

This lesson covers the following topics:


 Overview of data sanitization
 System sanitization procedure

Page 14 © Copyright 2019 Dell Inc.


Data Sanitization

Data Sanitization Overview

Data sanitization is sometimes called electronic shredding.

With the data sanitization function, deleted files are overwritten using a DoD/NIST-
compliant algorithm and procedures. No complex setup or system process
disruption is required. Existing data is available during the sanitization process, with
limited disruption to daily operations. Sanitization is the electronic equivalent of
data shredding. Normal file deletion provides residual data that makes it possible to
recover the data. Sanitization removes any trace of deleted files with no residual
remains.

Sanitization supports organizations, typically government organizations, that:


 Are required to delete data that is no longer needed.
 Must remove and destroy Classified Message Incidents (CMI).

CMI is a government term that describes an event where data of a certain


classification is inadvertently copied into another system that is not certified for
data of that classification.
The system sanitize command erases content in the following locations:
 Segments of deleted files unused by other files
 Contaminated metadata

© Copyright 2019 Dell Inc. Page 15


Data Sanitization

 All unused storage space in the file system


 All segments that deleted files use that cannot be globally erased, because
other files may be using some segments

Sanitization can be run only from the CLI.

Page 16 © Copyright 2019 Dell Inc.


Data Sanitization

System Sanitization Procedure

When you issue the system sanitize start command, you are prompted to
consider the length of time that is required to perform this task. The system advises
that it can take longer than the time it takes to reclaim space holding expired data
on the system. If there is a high percentage of space to be sanitized the process
can be several hours or longer.

During sanitization, the system runs through five phases: merge, analysis,
enumeration, copy and zero.

Merge: Performs an index merge to flush all index data to disk.

Analysis: Reviews all data to be sanitized.

Enumeration: Reviews all the files in the logical space and remembers what data
is active.

Copy: Copies live data forward and clears the space that it used to occupy.

Zero: Writes zeroes to the disks in the system.

You can view the progress of these five phases by running the system sanitize
watch command.

Related CLI commands:


 system sanitize abort: Aborts the sanitization process.

© Copyright 2019 Dell Inc. Page 17


Data Sanitization

 system sanitize start: Starts sanitization process immediately.


 system sanitize status: Shows current sanitization status.
 system sanitize watch: Monitors sanitization progress.

Page 18 © Copyright 2019 Dell Inc.


Encryption of Data at Rest

Encryption of Data at Rest

Introduction

In this lesson, you learn about the features, benefits, and function of the Encryption
of Data at Rest feature. You also learn about the purpose of other security features,
such as file system locking and when and how to use this feature. Also, this lesson
covers changing the encryption passphrase and disabling the encryption, file
system locking and unlocking.

This lesson covers the following topics:


 Encryption of data at rest
 Key management
 Inline encryption
 Authorization workflow
 Configuring encryption
 Changing the encryption passphrase
 Disabling encryption
 File system locking and unlocking

© Copyright 2019 Dell Inc. Page 19


Encryption of Data at Rest

Encryption of Data at Rest

Data encryption protects user data if the Data Domain system is stolen, or if the
physical storage media is lost during transit, and eliminates accidental exposure of
a failed drive if it is replaced. Also, if an intruder ever gains access to encrypted
data, the data is unreadable and unusable without the proper cryptographic keys.

If you have an encryption license, you can use the Encryption of Data at Rest
feature on DD Extended Retention-enabled DD systems. Encryption is not enabled
by default.

Encryption of Data at Rest features include:


 Enables data on the Data Domain system to be encrypted, while being saved
and locked, before being moved to another location
 Provides inline data encryption
 Protects data on a Data Domain system from unauthorized access or accidental
exposure
 Requires an encryption software license
 Encrypts all ingested data
 Does not automatically encrypt data that was in the system before encryption
was enabled

Data can be encrypted by enabling an option to encrypt existing data.

Page 20 © Copyright 2019 Dell Inc.


Encryption of Data at Rest

You can use all the supported backup applications that are described in the Backup
Application Matrix with the Encryption of Data at Rest feature.

© Copyright 2019 Dell Inc. Page 21


Encryption of Data at Rest

Key Management

A key manager controls the generation, distribution, and life cycle management of
multiple encryption keys. There are three available key management options: the
Embedded Key Manager, the RSA Data Protection Manager (DPM), or SafeNet
KeySecure Key Manager. Only one key management option can be in effect at a
time. Support for Key Management Interoperability Protocol (KMIP) was introduced
with DD OS 6.1.

When encryption is enabled on a Data Domain system, the Embedded Key


Manager is in effect by default. If you configure the RSA DPM or SafeNet
KeySecure Key Manager, it replaces the Embedded Key Manager and remains in
effect until you disable it. A file system restart is required for a new key manager to
be operational.

If the external Key Manager is configured and enabled, the Data Domain systems
use keys that are provided by the RSA DPM Key Manager Server. If the same
DPM Key Manager manages multiple Data Domain systems, all systems have the
same active key (if they are using the same key class) when the systems are
synced and the file system has been restarted. The Embedded Key Manager
generates its keys internally.

When using Embedded Key Manager, key rotation can be enabled or disabled, if
enabled, type a rotation interval between 1 and 12 months. The RSA DPM Key
Manager rotates keys on a normal basis, depending on the key class.

Page 22 © Copyright 2019 Dell Inc.


Encryption of Data at Rest

KeySecure Key Manager supports external key managers by using Key


Management Interoperability Protocol (KMIP) and centrally manages encryption
keys in a single, centralized platform. Keys are precreated on the Key Manager,
which cannot be enabled on systems with one or more encrypted cloud units.

© Copyright 2019 Dell Inc. Page 23


Encryption of Data at Rest

Inline Encryption

With the encryption software option licensed and enabled, all incoming data is
encrypted inline before it is written to disk. This software-based approach requires
no additional hardware. It includes configurable 128-bit or 256-bit advanced
encryption standard (AES) algorithm with either confidentiality with cipher-block
chaining (CBC) mode, or both confidentiality and message authenticity with
Galois/Counter (GCM) mode. Encryption and decryption to and from the disk is
transparent to all access protocols: DD Boost, NFS, CIFS, NDMP tape server, and
VTL (no administrative action is required for decryption).

For the RSA DPM Key Manager, the Data Domain administrator can select a 128-
bit or 256-bit Advanced Encryption Standard (AES) algorithm for encrypting all data
within the system. SafeNet KeySecure Key Manager only supports AES-256.

Page 24 © Copyright 2019 Dell Inc.


Encryption of Data at Rest

Authorization Workflow

Procedures requiring authorization require dual-authentication by the security


officer and a user in the admin role.

For example, to set encryption, the admin enables the feature and the security
officer enables runtime authorization.

A user in the administrator role interacts with the security officer to perform a
command that requires security officer sign-off.

In a typical scenario, the admin issues the command and the system displays a
message that security officer authorizations must be enabled. The security officer
must enter their credentials on the same console at which the command option was
run. If the system recognizes the credentials, the procedure is authorized. If not, a
Security alert is generated, and the authorization log records the details of each
transaction.

© Copyright 2019 Dell Inc. Page 25


Encryption of Data at Rest

Configuring Encryption

The DD Encryption tab within the File System section of the Data Domain System
Manager shows the status of system encryption of data at rest.

The status indicates Enabled, Disabled, or Not configured.

To configure encryption:
1. Click Configure
You are prompted for a passphrase. The system generates an encryption key
and uses the passphrase to encrypt the key. One key is used to encrypt all data
that is written to the system. After encryption is enabled, administrators use the
passphrase only when locking or unlocking the file system, or when disabling
encryption.

Unless you can reenter the correct passphrase, you cannot unlock
the file system and access the data. The data will be irretrievably
lost.

2. Enter a passphrase, and then click Next


3. Choose the encryption algorithm, and then click Next.

Page 26 © Copyright 2019 Dell Inc.


Encryption of Data at Rest

Configurable 128-bit or 256-bit Advanced Encryption Standard (AES) algorithm


with either: Confidentiality with Cipher Block Chaining (CBC) mode or Both
confidentiality and message authenticity with Galois/Counter (GCM) mode.
In this configuration window, you can optionally apply encryption to data that
existed on the system before encryption was enabled.
4. Select whether you obtain the encryption key from the Data Domain system or
an external RSA Data Protection Manager. Click Finish. The system must be
restarted for the new configuration to start.

© Copyright 2019 Dell Inc. Page 27


Encryption of Data at Rest

Changing Encryption Passphrase

Only administrative users with security officer credentials can change the
encryption passphrase.

To change the existing encryption passphrase:


 Disable the file system
 Run command system passphrase change

Page 28 © Copyright 2019 Dell Inc.


Encryption of Data at Rest

Disabling Encryption

Only administrative users with security officer credentials can disable encryption.
The CLI command is filesys encryption disable.

In the example on the slide, sysadmin is logged in. Notice that the security
Username and Password is required.

The file system must be restarted to effect this change.

© Copyright 2019 Dell Inc. Page 29


Encryption of Data at Rest

File System Locking Overview

Use file system locking when an encryption-enabled Data Domain system and its
external storage devices (if any) are being transported. Without the encryption that
file system locking provides, a thief with forensic tools could recover the data—
especially if local compression is turned off. This action requires two-user
authentication – a sysadmin and a security officer – to confirm the lock-down
action.

File system locking:


 Requires the user name and password of a security officer account to lock the
file system
 Protects the Data Domain system from unauthorized data access
 Is run only with the file system encryption feature enabled. File system locking
encrypts all user data and the data cannot be decrypted without the key
 A passphrase protects the encryption key, which is stored on disk and is
encrypted by the passphrase. With the system locked, this passphrase cannot
be retrieved
 Allows only an admin, who knows the set passphrase, to unlock an encrypted
file system

Page 30 © Copyright 2019 Dell Inc.


Encryption of Data at Rest

File System Locking and Unlocking Procedure

Before you can lock the file system, encryption must be enabled and the file system
must be disabled.

The procedure to lock the file system is as follows:


1. Select Data Management > File System > DD Encryption and click Lock in
the File System Lock section
2. In the text fields of the Lock File System dialog box, provide the username and
password of a Security Officer account (an authorized user in the Security User
group on that Data Domain system), and the current and a new passphrase
3. Click OK
4. Shut down the system using the system poweroff command
5. Transport the system, or remove the disk being replaced
6. Power on the system and use the procedure to unlock the file system

© Copyright 2019 Dell Inc. Page 31


Encryption of Data at Rest

1. Be sure to take care of the passphrase. If the passphrase is


lost, you will never be able to unlock the file system and
access the data. The data will be irrevocably lost.
2. Do not use the chassis power switch to power off the
system. There is no other method for shutting down the
system to invoke file system locking.

Page 32 © Copyright 2019 Dell Inc.


Summary

© Copyright 2019 Dell Inc. Page 33

You might also like