View Single Post
Old 25th February 2012
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,977
Default

FAT for reducing write load:

1. Is FAT an option? No.

2. Would FAT, being non-journaled, add value? No. FFS is not journaled, either.

3. Would FAT be a good choice? No. FAT lacks the capability to have sockets, device nodes, hard and symbolic links, and access controls.

Solid state devices and write I/O

1. Do I need to worry about reducing write load? No. Not with devices that have wear leveling capability. Several wear leveling technologies are in common use and should be a standard capability of all solid state storage devices marketed within the last seven or eight years.

2. Is wear leveling a physical security risk, since a write may not actually overlay a sector? There is a risk, yes. It is similar to the risk that sectors marked bad on a modern magnetic hard drives might be readable in a laboratory, though the drive electronics will not read them and an OS has no access.

Network Security

1. Are there any special concerns about network users with access to USB devices? No. On OpenBSD, USB mass storage devices are treated as any other disk drive. Access is controlled through a blend of mount options and filesystem access controls, which the admin is responsible for managing. Bad management can have security implications, but this is no different than any other disk device.

Portable Devices and Portable Media

1. Should I treat laptops, netbooks, smartphones, digital cameras, external drives, USB sticks, SD cards, XD cards, diskettes, Compact Flash cards, CDs, DVDs, and Blue-Ray discs containing personal or private information as if they have the same sorts of physical security requirements? Yes.

2. Is there network security I should be especially concerned about when traveling with portable computing systems -- netbooks, smartphones, tablets, laptops? Yes. Network connections may provide information in-the-clear or even attack vectors against your systems, servers, and applications.

3. What about a read-only device -- so that I keep no personal or confidential information on it? For example, traveling with a LiveCD or LiveUSB, or a "clean" netbook with nothing on it but a freshly installed OS. You must still be cognizant of network connections you make, the security of the services you access, and any local information caches. You must know what local information might be written by a "live" environment, such as swap partitions and temporary file stores.

4. There's a lot to think about. Can I learn all I need to know from this forum? Yes, there is a lot to think about, and learn. Unfortunately, no, this forum will never be able to teach you everything you need to know. Like the universe, the knowledge you need to make informed decisions is ever expanding. Also, this forum is focused on a very small segment of the wide world of information security. And information security is an ever changing world, with new threats and new mitigations appearing constantly.

2. Should I encrypt personal or private information? That is up to you, and your personal or business requirements. It may also have legal implications for you, depending upon where you are and where you travel.
Reply With Quote