3.10. Employing Removable Storage

Computer systems have become modular over the last few years, and one of the benefits is removable media. Removable storage (commonly known as removable media) refers to any type of storage device (such as a floppy drive, magnetic tape cartridge, or CD-ROM) that can be removed from the system. Disk drives that once cost thousands of dollars now cost hundreds or even less. What once took up a whole room can easily be put in a coat pocket.

It's important to remember that removable media is subject to viruses, physical damage, and theft. If a CD-ROM is stepped on or scratched, it probably won't work properly. If it's stolen, it won't be available, and the information it contained will be gone forever. That information could include customer lists, IP addresses, databases, financial spreadsheets, or anything else of a sensitive nature.

The following sections discuss the most common types of removable media in use today and the physical and operational measures necessary to safeguard them.

3.10.1. CD-R/DVD-R

The CD Recordable (CD-R) is a relatively new technology that allows CDs to be made or burned on a computer system. CD-Rs operate like regular CDs, and they can be burned quickly. Most new computer systems come standard with a CD-R burner or CD-R drive. You can quickly back up data to or restore data from the CD-R.

CD-Rs are susceptible to computer viruses, and an infected file on the computer that is transferred to the CD-R will infect another system when the file is downloaded. All files need to be scanned for viruses before being written to or read from a CD-R. Data theft is also easy with a CD-R; an attacker can get on a system that has a CD-R and copy data from hard disks or servers. Some older CD-Rs are susceptible to erasure by sustained exposure to sunlight, so it's generally a good idea to keep CD-Rs out of environments that are high in ultraviolet (UV) light.

Whether the removable media you use is tape, CD-R, hard drives, or other media, you should bear in mind that one of the biggest vulnerabilities you face is the theft of that media and the data it holds. The best protection you have is to keep a close watch over the media; make sure it's securely and safely locked up when not in use.

3.10.2. Diskettes

Most computer systems provide the capability to accept floppy and other types of diskettes. Diskettes have properties similar to hard drives, although they usually store smaller amounts of data. They're one of the primary carriers of computer viruses, and they can be used to make copies of small files from hard disks.

Diskette drives are rugged and can take all kinds of physical abuse. However, if the media in the drive is scratched, the data will be lost. Diskettes are also sensitive to erasure by magnetic fields.

3.10.3. Flash Cards

Flash cards, also referred to as memory sticks, are small memory cards that can be used to store information. A system that has a flash card interface usually treats flash cards like a hard drive. Flash cards can carry viruses, and they can be used to steal small amounts of information from systems that support them.

Flash cards are coming down in price and are becoming standard on many computer systems. Most PDA devices accept flash cards, making them susceptible to viruses that are targeted at PDAs.

3.10.4. Hard Drives

Hard drives today are small and can store a great deal of data. Usually, hard drives can be quickly removed from systems, and portable hard drives can be easily attached. Software that creates an exact copy, or image, of a drive can be used to download a system onto a hard drive in minutes. Many of the hard drives available today use USB or parallel ports to connect, and most operating systems will install them automatically using Plug and Play technology.

An attacker can attach a USB hard drive and then copy files from a workstation; this can happen in a matter of minutes with little possibility of detection. Another aspect of hard drive security involves the physical theft or removal of the drives. If a drive containing key information is stolen, it may be difficult to replace unless a recent backup has been performed. Hard drives are also susceptible to viruses because they're the primary storage devices for most computers. Additionally, hard drives are susceptible to vibration damage—dropping a hard drive will usually result in premature failure of the unit.

3.10.5. Network Attached Storage

Not all removable media needs to be directly connected to the workstation. There is growing acceptance of network attached storage in businesses today for such purposes as backups, archives, and just allowing storage to grow. Most network attached storage (NAS) devices are simply computers dedicated to the task of storing files for users on the network. The users connect to the NAS units typically through Network File System (NFS) or Server Message Blocks (SMB) communication with network file servers.

An excellent whitepaper on using NAS to address file storage growth can be found at http://www.sun.com/storagetek/white-papers/IDC_NAS_FINAL_112906.pdf.

3.10.6. Smart Cards

Smart cards are generally used for access control and security purposes. The card itself usually contains a small amount of memory that can be used to store permissions and access information.

Smart cards are difficult to counterfeit, but they're easy to steal. Once a thief has a smart card, they have all the access the card allows. To prevent this, many organizations don't put any identifying marks on their smart cards, making it harder for someone to utilize them. A password or PIN is required to activate many modern smart cards, and encryption is employed to protect the contents.

Many European countries are beginning to use smart cards instead of magnetic-strip credit cards because they offer additional security and can contain more information.

When you think of a smart card, always remember that this tool can be used for authentication as well as storage. Not only can the card identify you, it can hold relevant information as well. As an analogy, think of a smart card as a debit card that has an updated total of your bank account balance on it as opposed to a credit card that has only your account number.

3.10.7. Tape

One of the oldest forms of removable media is magnetic tape. Magnetic tapes come in a variety of types and sizes. Older tapes were reel-to-reel and were bulky and sensitive to environmental factors such as heat and moisture. Newer tapes are cartridge or cassette oriented and are smaller and much more durable. With some of the new tape technologies, you can store on a single tape what once would have required a 10-foot-by-10-foot tape vault.

Magnetic tapes have become very fast, and they can hold enormous amounts of data. They're commonly used to back up systems and archive old data. The major concern with tape involves physical security—a tape is easy to remove from the premises undetected.

Tape can be restored to another system, and all the contents will be available for review and alteration. It's relatively easy to edit a document, put it back on the tape, and then restore the bogus file back to the original computer system. This, of course, creates an integrity issue that may be difficult to detect.

Tapes can also become infected with viruses, and they can infect a system during the data recovery process. Files going onto a tape drive should be scanned to ensure that they're virus free.

One of the biggest issues when using tape has always been trying to figure out the best way to rotate sets of backups.

3.10.8. Thumb Drives

Thumb drives and flash cards come from the same family. In fact, thumb drives are nothing more than USB flash cards that allow you to store a large quantity of data on something that easily fits into your pocket. Because of their size and versatility, thumb drives have become the de facto standard for removable media, and they have replaced diskettes and other storage in many settings.

Being nothing more than storage media, thumb drives are susceptible to holding the same malware as other forms of removable media.