<div dir="ltr">Hi Paul, true but I'm simply surveying controls in place and there is an additional text box for additional comments.<div><br></div><div>In terms of the above approach, it sounds a little over engineered for me and only addresses a narrow use case, ie an attacker has already compromised your server, but is then unable to escalate his privilege enough to mount the drive as readable.</div><div><br></div><div>It's practicality as one of a series of other controls probably depends on the number of warrants you need to satisfy, and the amount of data you collect because you would be unable to index the data, in addition it raises the question of backup? - What if you pull a HDD out that has been offline for 2 years and it's seized?</div><div><br>E</div><div><br></div><div><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On 6 March 2017 at 00:52, Paul Wilkins <span dir="ltr"><<a href="mailto:paulwilkins369@gmail.com" target="_blank">paulwilkins369@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div><div><div>Eric,<br></div>I see lots of options for securing the DR data, and defense in depth is obviously all to the good. What I don't see is an option for disabling reads on 1) the file systems, 2) the media. There is no operational or otherwise justification for this data to be online - ever - until you get a warrant. It should be possible eg. in Selinux to disable read ioctls so your data is encrypt, dump, and forget.<br><br></div>Kind regards<br><br></div>Paul Wilkins<br></div><div class="gmail_extra"><br><div class="gmail_quote"><div><div class="h5">On 5 March 2017 at 14:56, Mister Pink <span dir="ltr"><<a href="mailto:misterpink@gmail.com" target="_blank">misterpink@gmail.com</a>></span> wrote:<br></div></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div class="h5"><div dir="ltr"><div>Hi All,</div><div> </div><div>As part of un upcoming talk at AusCert in May entitled 'Look Who's Talking', I am conducting some research into the technical application of the data retention legislation across the Industry in Australia.</div><div><br></div><div>Much has been said about the security issues surrounding the retention of this data, most notably that it is a potential 'Honey Pot' for hackers, so I am interested to understand the level of security controls that carriers have or are planning on deploying to protect the resulting data.</div><div><br></div><div>If you have 10 minutes, I would really appreciate it if you could fill in, or alternatively forward this survey to the person within your organisation responsible for your DR Solution, and in return I will share my analysis with the respondents.</div><div><br></div><div><a href="https://goo.gl/forms/FKmptlZ4g4ra4jOC2" target="_blank">https://goo.gl/forms/FKmptlZ4g<wbr>4ra4jOC2</a><br></div><div><br></div><div>All responses will be in confidence.</div><div><br></div><div>Many thanks in advance</div><div><br></div><div><br></div><div>Eric Pinkerton</div><div><br></div><div><br></div></div>
<br></div></div>______________________________<wbr>_________________<br>
AusNOG mailing list<br>
<a href="mailto:AusNOG@lists.ausnog.net" target="_blank">AusNOG@lists.ausnog.net</a><br>
<a href="http://lists.ausnog.net/mailman/listinfo/ausnog" rel="noreferrer" target="_blank">http://lists.ausnog.net/mailma<wbr>n/listinfo/ausnog</a><br>
<br></blockquote></div><br></div>
<br>______________________________<wbr>_________________<br>
AusNOG mailing list<br>
<a href="mailto:AusNOG@lists.ausnog.net">AusNOG@lists.ausnog.net</a><br>
<a href="http://lists.ausnog.net/mailman/listinfo/ausnog" rel="noreferrer" target="_blank">http://lists.ausnog.net/<wbr>mailman/listinfo/ausnog</a><br>
<br></blockquote></div><br></div>