[AusNOG] Data Retention Solution Security Measures

Mister Pink misterpink at gmail.com
Mon Mar 6 12:15:28 EST 2017 

Hi Paul, true but I'm simply surveying controls in place and there is an
additional text box for additional comments.

In terms of the above approach, it sounds a little over engineered for me
and only addresses a narrow use case, ie an attacker has already
compromised your server, but is then unable to escalate his privilege
enough to mount the drive as readable.

It's practicality as one of a series of other controls probably depends on
the number of warrants you need to satisfy, and the amount of data you
collect because you would be unable to index the data,  in addition it
raises the question of backup? - What if you pull a HDD out that has been
offline for 2 years and it's seized?

E



On 6 March 2017 at 00:52, Paul Wilkins <paulwilkins369 at gmail.com> wrote:

> Eric,
> I see lots of options for securing the DR data, and defense in depth is
> obviously all to the good. What I don't see is an option for disabling
> reads on 1) the file systems, 2) the media. There is no operational or
> otherwise justification for this data to be online - ever - until you get a
> warrant. It should be possible eg. in Selinux to disable read ioctls so
> your data is encrypt, dump, and forget.
>
> Kind regards
>
> Paul Wilkins
>
> On 5 March 2017 at 14:56, Mister Pink <misterpink at gmail.com> wrote:
>
>> Hi All,
>>
>> As part of un upcoming talk at AusCert in May entitled 'Look Who's
>> Talking', I am conducting some research into the technical application of
>> the data retention legislation across the Industry in Australia.
>>
>> Much has been said about the security issues surrounding the retention of
>> this data, most notably that it is a potential  'Honey Pot' for hackers, so
>> I am interested to understand the level of security controls that carriers
>> have or are planning on deploying to protect the resulting data.
>>
>> If you have 10 minutes, I would really appreciate it if you could fill
>> in, or alternatively forward this survey to the person within your
>> organisation responsible for your DR Solution, and in return I will share
>> my analysis with the respondents.
>>
>> https://goo.gl/forms/FKmptlZ4g4ra4jOC2
>>
>> All responses will be in confidence.
>>
>> Many thanks in advance
>>
>>
>> Eric Pinkerton
>>
>>
>>
>> _______________________________________________
>> AusNOG mailing list
>> AusNOG at lists.ausnog.net
>> http://lists.ausnog.net/mailman/listinfo/ausnog
>>
>>
>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20170306/a556a064/attachment.html>

More information about the AusNOG mailing list