data storage, backup, and security module 4. questions from last week?
TRANSCRIPT
Data Storage, Backup, and
SecurityModule 4
Questions from last week?
Previous questions:Where does one store encrypted information and the
key? Public key cryptography, such as that used by SSH, is asymmetrical; that is, the source and target systems do not share
a secret. From the ssh(1) man page:
Public key authentication works as follows: The scheme is based on public-key cryptography, using cryptosystems where encryption and decryption are done using separate keys, and it is unfeasible to derive the decryption key from the encryption key. The idea is that each user creates a public/private key pair for authentication purposes. The server knows the public key, and only the user knows the private key. ssh implements public key authentication protocol automatically, using one of the DSA, ECDSA or RSA algorithms. Protocol 1 is restricted to using only RSA keys, but protocol 2 may use any. The HISTORY section of ssl(8) contains a brief discussion of the DSA and RSA algorithms.
The file ~/.ssh/authorized_keys lists the public keys that are permitted for logging in. When the user logs in, the ssh program tells the server which key pair it would like to use for authentication. The client proves that it has access to the private key and the server checks that the corresponding public key is authorized to accept the account.
The user creates his/her key pair by running ssh-keygen(1). This stores the private key in ~/.ssh/identity (protocol 1), ~/.ssh/id_dsa (protocol 2 DSA), ~/.ssh/id_ecdsa (protocol 2 ECDSA), or ~/.ssh/id_rsa (protocol 2 RSA) and stores the public key in ~/.ssh/identity.pub (protocol 1), ~/.ssh/id_dsa.pub (protocol 2 DSA), ~/.ssh/id_ecdsa.pub (protocol 2 ECDSA), or ~/.ssh/id_rsa.pub (protocol 2 RSA) in the user's home directory. The user should then copy the public key to ~/.ssh/authorized_keys in his/her home directory on the remote machine. The authorized_keys file corresponds to the conventional ~/.rhosts file, and has one key per line, though the lines can be very long. After this, the user can log in without giving the password.
Previous questions: How secure is cloud storage?
Per Chance Reschke, Research Consultant with UW-IT:
First, it’s important to define “cloud”. If the question is about Amazon S3 or the Microsoft and Google equivalents, then I think the following is true:
It is very unlikely that another user of the storage service will be able to access your data simply by virtue of storing their data in the same system. Unauthorized access is much more likely to occur as a result of weaknesses in the source system. For instance, if the PC you use to upload data to S3 has been compromised, then it’s possible that unauthorized people have access to everything stored on your PC, including encryption keys. It’s also likely that keystroke capture software has been installed. As a result, the crackers can easily masquerade as you and access data you’ve stored on S3 just as easily as you can. It is important to recognize, however, that there’s nothing special about S3 in this regard — the crackers also have access to everything stored on your PC as well as every other system you access from your PC.
Two factor authentication can minimize the risks associated with this sort of compromise.
In light of the recent revelations regarding NSA data collection practices, I leave it to the reader to decide how widely commercial cloud providers share privileged access to their systems with government entities.
Learner Objectives1. Understand why storage, backup, and security of research
data are important2. Understand storage, backup, and security methods for
research data3. Understand an approach to creating a data storage, backup,
and security plan for a project4. Understand how to talk to your IT department about storage,
backup and security5. Learn about UW-specific resources to help with storage,
backup and security
Data Lifecycle
Storage, Backup & Security
• They are fundamental and interrelated components of a data management strategy.
• Together they ensure the ongoing integrity of research data.• Project planning and data management must deal with all
three.• Funding agencies may look at an applicant’s storage, backup
and security strategies as an indicator of merit, reliability, veracity, etc.
StorageThere are (broadly) two classes of storage:
• Those managed by others
• Those you manage yourself
Storage and Risk• Internal or local/external hard drives
– These WILL fail or become obsolete. Or both.– Have a backup plan and test it.– Label correctly.
• Networked storage – Local/lab: unlikely to have long-term tech or business plan, likely operated
on a shoestring, high personnel turnover– Commercial/cloud: google, MS, UWIT
• Comparison: http://cloud-services-review.toptenreviews.com/
Think laptop/workstation +remote/cloud services to help avoid catastrophe and hassles.
Storage• Remote storage services:
– Data sharing is not data storage.– Read terms of service (privacy, service
termination, country of storage, space limitation and “trimming,” etc.).
– Consult your PI or institutional policies on file-sharing services (and more).• http://security.uwmedicine.org/guidance/polic
y/default.asp• http://www.washington.edu/itconnect/work/a
ppropriate-use/
Backup• Allows you to restore your data if it is lost.
– Hardware or software malfunction– Environmental disaster (fire, flood)– Theft– Unauthorized access
Does your operating system and/or network administrator already have existing backup protocols and tools in place?
o Protect yourself, your research, & your reputation and ask.
Backup
Backup & RestorationWhat would be required in the event of loss?
• just data?• software and data?• customized scripts?
Work with your tech people to figure out what to backup, and what kind of backup:
• full (take time to backup, lots of storage)• incremental (only what has changed since last backup,) fast and requires less
storage space
How often will you backup? Daily, weekly, monthly…• Backup and Restore for Windows• Time Machine for Mac• Third-party or open source
Other Considerations• File formats
– http://www.data-archive.ac.uk/create-manage/format/formats-table
• Data migration– Automatic and transparent when using cloud services
• Responsibility assignments– ID who’s responsible in your lab/department, etc.– If it’s your IT department, get to know them! Regular
communication and established relationships go a long way when there’s a problem.
– http://nnlm.gov/pnr/dragonfly/2012/07/16/how-to-talk-to-your-it-department/
Levels of SecuritySafeguard your data from malicious or accidental access to your system.
• Access: limiting physical access• Systems: protecting your hardware and software• Data Integrity: ensuring your data is not manipulated in
an unauthorized way
Does your network administrator have security services that meet your needs?
Security: Access• Limit the availability of your data
– User ID/passwords• how strong is your password? https://
www-ssl.intel.com/content/www/us/en/forms/passwordwin.html
• password managers can be helpful– Role-based access rights
• access based on role of user– Limitations of wireless devices
• safeguard your mobile devices with passwords, PINs, etc.
Security: Systems• Protect the hardware and software systems
you use.– Anti-virus software– Up-to-date versions of software and storage
media– Firewalls– Intrusion detection software– Limit physical access
Security: Data Integrity
• Protect the integrity of your data at the file level– Encryption, coding + key– Electronic signatures, if official signatures on
documents are necessary– Watermarking, embed digital markers for
authorship verification (used commonly on media and images)
– Two-factor authentication• http://lifehacker.com/5938565/heres-everywher
e-you-should-enable-two+factor-authentication-right-now
UW-Specific Information: Backup
and archivingUW online storage options: http://www.washington.edu/itconnect/wares/online-storage/
– UW’s SkyDrive Pro: http://www.washington.edu/itconnect/wares/online-storage/skydrive-pro/ (OK for HIPPA and FERPA protected data)
– Google Drive - Create, store, share and collaborate on documents, spreadsheets and presentations online, http://www.washington.edu/itconnect/connect/email/google-apps/ 25GB
– lolo archive: http://depts.washington.edu/uwtscat/archivestorage, Two parts to lolo, one for active files (lolo Collaboration), one for archiving (lolo archive)
– http://www.washington.edu/itconnect/wares/online-storage/u-drive-central-file-storage-for-users, U Drive, Retrieving Backups of Your Files. The U Drive service provides access to previous versions of your files providing one version a day for a week, one version a week for a month, and one version a month for a year. 10GB
– UW Libraries ResearchWorks: for depositing theses, dissertations, and the data that accompanies them, as well as any other research/data ready to be archived. http://digital.lib.washington.edu/rw-archive.html
– Centralized data backup: http://depts.washington.edu/uwtscat/databackuparchive
UW online storage quotas: http://www.washington.edu/itconnect/wares/online-storage/storage-quotas/
UW: Securing your computer
http://www.washington.edu/itconnect/security/securing-computer/
http://www.washington.edu/itconnect/work/appropriate-use/
Information Security and Privacy Laws and Regulations, from UW’s Chief Information Security Officer,http://ciso.washington.edu/laws/
Security needs of various data types, as per UW: UW Data classification: http://passcouncil.washington.edu/uw-data-classification/
Risk advisories and best practices:
http://ciso.washington.edu/resources/risk-advisories/
From a recent UW email:
As a UW employee, you are responsible for protecting UW data and using UW computing resources appropriately.
• Be mindful of the laws and policies governing the use of UW computing and networking resources, as well as for respecting copyright. See uw.edu/itconnect/work/appropriate-use/
• Learn more about protecting UW data by viewing the short online training "Security and Privacy 101." This video outlines the steps you should take to safeguard information on UW information systems, computers and devices, as well as on your personally owned devices. See ciso.washington.edu/resources/online-training/#security101 – great walk-through of UW policies and general security best practices.
• Know the rules on security and privacy; part of your responsibility includes knowing and adhering to the applicable UW rules, policies and standards. See passcouncil.washington.edu/psg/
References• Storing Your Data, UK Data Archive,
http://www.data-archive.ac.uk/create-manage/storage/store-data• Backing Up Data from the UK Data Archive,
http://data-archive.ac.uk/create-manage/storage/back-up• Baylor University Example of a campus IT Backup Page,
http://www.baylor.edu/its/index.php?id=40552• U. of Edinburgh Information Services.
http://www.ed.ac.uk/schools-departments/information-services/services/research-support/data-library/research-data-mgmt/storage-backup
• How to start and keep a laboratory notebook, Jennifer Thomson, Professor, Department of Molecular and Cell Biology, University of Cape Town, South Africa, http://www.iphandbook.org/handbook/ch08/p02/
• RCR Data Acquisition and Management, http://ori.dhhs.gov/education/products/columbia_wbt/rcr_data/foundation/index.html#3_B
• Wisconsin Alumni Research Foundation, Lab Book Guidelines, http://www.warf.org/inventors/index.jsp?cid=18
References• http://data-archive.ac.uk/create-manage/storage• http://datalib.edina.ac.uk/mantra/storageandsecurity.html• http://en.wikipedia.org/wiki/Backup• http://www.tech-faq.com/full-backup.html• http://www.tech-faq.com/incremental-backup.html• http://www.tech-faq.com/differential-backup.html• http://www.pcworld.com/article/170688/7_backup_strategi
es.html• http://workawesome.com/general/data-backup-and-sync-1/• http://www.guidingtech.com/574/windows-backup-restore-
guide/• http://www.theverge.com/2013/1/15/3876790/eyebeam-hu
rricane-sandy-digital-archive-rescue• http://www.computerhowtoguide.com/2012/03/why-extern
al-hard-drive-is-important.html• http://www.library.umass.edu/services/services-for-faculty/
preserving-your-digital-materials/• http://www.webopedia.com/TERM/D/data_migration.html