CertiGuide to Security+  9  Chapter 3:  Infrastructure Security (Domain 3.0; 20%)

3.5.3.9.2  Databases 1 2 3 4 5 6 7 8 9 10 3.7  Success Questions

Media

You also looked at the various types of media likely to be found on (or near, or involved in some way with…) your network, including:

• Coax, early Ethernet cabling, usually either 10Base5, a thick cable up to 300 feet in length, or 10Base2, a thin cable-TV-like cable up to 183 feet in length; security issues include a lack of reliability and the ease with which coax can be tapped and conversations eavesdropped upon.
  
  
• UTP/STP, unshielded and shielded twisted pair cabling, used for Ethernet and Token Ring communications at speeds from 4mb/sec to 1gb/sec or more; security issues with UTP include the ease of adding devices to a UTP network by plugging a cable into any spare hub or switch port, and vulnerability to eavesdropping by monitoring electromagnetic emissions; if running cable in certain locations like dropped ceilings, you need to use specially-approved cable that meets fire codes, such as plenum cable.
  
  
• Fiber, fiber-optic cabling which transmits data via light pulses rather than electrons, whose advantages include being difficult to tap and immune to RF-based interference or snooping; the main disadvantage is that fiber can be fragile and difficult to work with, a situation which has been improving in recent years.
  
  
• Removable media, all types of data-storage media which can be written to and then removed from the machine and taken to another location; we look at these in detail below; the primary vulnerabilities of removable media center around the lifetimes of media for archival data storage as well as the potential for loss of confidential data when the media gets into the wrong hands; to minimize data privacy issues, you may want to encrypt data stored on removable media.

You reviewed the different types of removable media, which include:

• Tape, one of the oldest media, and also one of the slowest; tape is often used for system backups; it is prone to becoming unreadable due to age/humidity/temperature and even tape stretch, just like your favorite audio cassettes (if you’re old enough to remember such things!), and like all magnetic media is vulnerable to data corruption from magnetic fields such as those from your computer speakers, and may be difficult to FULLY erase.
  
  
• CD-R, which encompasses the original CD-R technology as well as the later rewritable CD-RW technology; different types of CD-R and CD-RW media have vastly differing expected lifetimes, so do your research carefully; security vulnerabilities of CDR include corruption via scratching the media, heat, humidity and direct sunlight; it can also be difficult to fully erase data on a CDR, and some users resort to scratching, breaking and even microwaving CD’s to make them unreadable.
  
  
• Hard drives, which are available in two common types, IDE and SCSI today; IDE is the low-cost leader, although SCSI is the performance leader; hard drives may be either semi-permanently installed inside a machine, or installed in removable carriers that can easily be transported from machine to machine; hard drive security issues include sensitivity to shock from being hit or dropped, corruption due to magnetic fields, the amount of heat generated by the drive, lack of hardware “write” protection for data written to drives; like different kinds of CDR media, different manufacturers and brands of hard drives have vastly differing MTBF, or mean time before failure, ratings.
  
  
• Diskettes, which are relatively low-capacity media, so the risk of loss of substantial amounts of data via diskette is minimal; older “floppy” diskettes were more vulnerable to physical damage than today’s hard-shelled diskettes; like other magnetic media, they are vulnerable to corruption via EMF.
  
  
• Flashcards, which are more properly called “flash memory cards”, use non-volatile memory which doesn’t require a constant power source, to store data; many PDA’s and digital cameras employ flash cards; since flashcards are available in many different formats such as Compact Flash, Smart Media, Memory Stick, MMC and Secure Digital, one concern is compatibility; other security issues include vulnerability of theft of large amounts of data in a small device, lack of support for encryption in some devices that read/write data on flashcards, and limited media life.
  
  
• Smartcards, which are small credit-card devices containing memory and possibly an IC for computations and data encryption, with those that contain an IC costing more than the ones just containing memory; smartcards typically store a small amount of data such as 32K; they may be used for access control (card keys), authentication (generating one time passwords) or storing e-cash (such as some schools’ student ID cards; smartcard security issues include compatibility, vulnerability to theft, the frequent need for multi-factor authentication, to augment smartcard authentication with another type, for security purposes.

3.5.3.9.2  Databases 1 2 3 4 5 6 7 8 9 10 3.7  Success Questions