Security and Storage Mediums
From Computing and Software Wiki
|  (→Floppy Disks) |  (→USB Keys) | ||
| (38 intermediate revisions not shown) | |||
| Line 7: | Line 7: | ||
| * Relatively Cheap and Efficient | * Relatively Cheap and Efficient | ||
| - | == Floppy Disks == | + | == Example Storage Devices == | 
| - | The introduction of Floppy Disks was one of the first widely accepted form of use of an external device to act as a storage medium. Althought "Floppy" Disks are fairly rigid in composure, the name actually comes from the very first released disk, 8-inch - IBM 23FD[[http://en.wikipedia.org/wiki/Floppy_disk#Origins.2C_the_8-inch_disk]], in 1971. This disk had a capacity of approximately 79.7 KB, and was, as the name implies, soft and floppy in nature. | + | === Floppy Disks === | 
| + | [[Image:Floppy_Disk_Drive_8_inch.jpg|thumb|150px|right| | ||
| + | '''Size Comparison between 3.5" Floppy (Left) and 8" Floppy (Right)''']] | ||
| + | The introduction of Floppy Disks was one of the first widely accepted form of use of an external device to act as a storage medium. Althought "Floppy" Disks are fairly rigid in composure, the name actually comes from the very first released disk, 8-inch - IBM 23FD[[http://en.wikipedia.org/wiki/Floppy_disk#Origins.2C_the_8-inch_disk]], in 1971. This disk had a capacity of approximately 79.7 KB, and was, as the name implies, soft and floppy in nature. With evolution of technology, and the drive to advance, in 1987 the most widely used form of Floppy Disc (the 3.5" High Density Disk) hit the market as the fast, easy, affordable way to transfer small amounts of data. | ||
| - | + | As for the security used to protect Floppy Disks, the only real measure was a toggle switch, used to set the disk from full access, to read only. This only really accomplishs protection against unintentional modifications to data on a disk, and did not take any malicious intent, or other kinds of integrity, confidentiality, or availability violations into account. | |
| - | ==  | + | === Compact Discs === | 
| + | [[Image:CDC.png|thumb|150px|right| | ||
| + | '''Typical CD''']] | ||
| + | With the introduction of Compact Discs (more commonly known as CDs) the first real, mainstream alternative to Floppy disks made its appearance. The very first Compact Disc that was created for commercial use was produced at a Philips factory in Langenhagen, Germany on August 17, 1982. [[http://en.wikipedia.org/wiki/Compact_discs#History]] A standard CD today can hold between 74-80 minutes of audio, or 650-700 MB of data.[[http://en.wikipedia.org/wiki/Compact_Disc]] By using "burning" technology, where data would be essentially carved into the data tracks, allowed for a fairly secure storage of data by making it read only. However later on after the release of CD-Rs (Recordable CDs) brought CD-RWs into the mix (ReWritable CDs) which allowed users to reburn data onto the medium, making it easier to update/modify/erase data at will. While this did help the medium in terms of cases where repeated transportation of data is needed, it overall makes the data on discs less secure, since it could be modified or important information could be lost if a disc was lost in transit to a person with malicious intent. Another adopted way of protection the data on a disc is to use copy protection techniques in order to hinder and prevent people from making 1:1 copies of a CD. Some of these techniques include: | ||
| + | * Dummy Files (Illegal file headers) | ||
| + | * Illegal Sectors (Error Detection Code, using checksums) | ||
| + | * Illegal Sub-Channels (Left over data filled) | ||
| - | ==  | + | === Digital Video Discs === | 
| + | [[Image:BDVD.jpg|thumb|150px|right|'''Typical DVD''']] | ||
| + | In 1993 the storage format war was back in full force. Two mediums in question, the MultiMedia Compact Disc and the Super Density Disc, each backed by a large group of big names. The war waged on until eventually the parties behind the MultiMedia Compact Disc succumbed and made a deal with the companies backing the Super Density Disc. When all was said and done the Digital Video Disc (DVD) was born, hitting the market in December 1995 [[http://en.wikipedia.org/wiki/Dvd#History]]. Essentially adopting the same ideas that backed CDs, DVDs utilized a laser technology that used a lower end of the spectrum, this way the format could hold much more data than the standard CD. As for security the same issues regarding data integrity and copy protection are about, but with much more advanced techniques. Two of the most popular, and most secure to date include: | ||
| + | * [http://en.wikipedia.org/wiki/SecuROM SecuROM] (using encoded Q-channels) | ||
| + | * [http://en.wikipedia.org/wiki/SafeDisc SafeDisc] (odd data formats + weak sectors) | ||
| - | == Security  | + | === USB Keys === | 
| + | [[Image:usb-key.jpg|thumb|150px|right| | ||
| + | '''Standard USB Key''']] | ||
| + | USB Keys can be currently argued as the most used storage medium on the market. The simplistic design takes a page from the world of Floppy Disks, with simple read/write plug and play capabilities. With simplicity, however, brings up security concerns. With USB technology being the primary source of physical data transfer, companies and even public computers where a variety of people could gain access, are a high risk area for malicious activity. The most obvious solution is to just eliminate the ability to use USB ports, but that is not always a practical solution. A company must establish a portable storage security policy to address these issues: | ||
| + | |||
| + | * Define who is permitted to use portable data storage devices and what types of data are permitted to be stored on these devices.  | ||
| + | * Establish rules for vendors and visitors who want to attach devices during presentations or visits to the organization.  | ||
| + | * Establish virus and spyware protection standards for employees who use home or off-premise computers.  | ||
| + | * Establish password and data encryption standards for portable storage devices.  | ||
| + | * Establish a reporting procedure for notifying a responsible party in the event that a portable data storage device is lost or stolen (If something were to be lost or stolen, it could lead to identity theft if the data contained on the device could allow for it. [http://www.cas.mcmaster.ca/wiki/index.php/Identity_Theft]) | ||
| + | |||
| + | == References == | ||
| + | [http://www.net-security.org/article.php?id=798&p=2 ''Security Risks Associated With Portable Storage Devices''] <br> | ||
| + | [http://www.pcworld.com/article/id,134981-page,1/article.html ''Demand for Personal Storage Devices to Grow''] | ||
| + | |||
| + | == See Also == | ||
| + | [[http://www.cas.mcmaster.ca/wiki/index.php/Information_security_awareness Information Security Awareness]]<br> | ||
| + | [[http://www.cas.mcmaster.ca/wiki/index.php/Identity_Theft Identity Theft]]<br> | ||
| + | [[http://www.cas.mcmaster.ca/wiki/index.php/Social_engineering Social Engineering]]<br> | ||
| == External Links == | == External Links == | ||
| Line 24: | Line 55: | ||
| [http://en.wikipedia.org/wiki/SecuROM SecuROM]<br> | [http://en.wikipedia.org/wiki/SecuROM SecuROM]<br> | ||
| [http://en.wikipedia.org/wiki/SafeDisc SafeDisc]<br> | [http://en.wikipedia.org/wiki/SafeDisc SafeDisc]<br> | ||
| - | + | <br> | |
| - | [ | + | --[[User:Cavaliaj|Cavaliaj]] 22:06, 1 December 2007 (EST) | 
Current revision as of 17:55, 6 December 2007
Storage mediums today, whether they be in the form of CDs, DVDs, USB Keys, or another form, are one of the primary methods of transferring information on a small scale. Since the introduction of floppy disks in 1971, storage mediums have been accepted by society as an integral part of the technological age and in turn, advances are made frequently in order to furthur fulfill the end-users needs.
| Contents | 
Benefits of Storage Devices
- Data Protection
- Ease of Use
- Easy to Transport Information
- Relatively Cheap and Efficient
Example Storage Devices
Floppy Disks
The introduction of Floppy Disks was one of the first widely accepted form of use of an external device to act as a storage medium. Althought "Floppy" Disks are fairly rigid in composure, the name actually comes from the very first released disk, 8-inch - IBM 23FD[[1]], in 1971. This disk had a capacity of approximately 79.7 KB, and was, as the name implies, soft and floppy in nature. With evolution of technology, and the drive to advance, in 1987 the most widely used form of Floppy Disc (the 3.5" High Density Disk) hit the market as the fast, easy, affordable way to transfer small amounts of data.
As for the security used to protect Floppy Disks, the only real measure was a toggle switch, used to set the disk from full access, to read only. This only really accomplishs protection against unintentional modifications to data on a disk, and did not take any malicious intent, or other kinds of integrity, confidentiality, or availability violations into account.
Compact Discs
With the introduction of Compact Discs (more commonly known as CDs) the first real, mainstream alternative to Floppy disks made its appearance. The very first Compact Disc that was created for commercial use was produced at a Philips factory in Langenhagen, Germany on August 17, 1982. [[2]] A standard CD today can hold between 74-80 minutes of audio, or 650-700 MB of data.[[3]] By using "burning" technology, where data would be essentially carved into the data tracks, allowed for a fairly secure storage of data by making it read only. However later on after the release of CD-Rs (Recordable CDs) brought CD-RWs into the mix (ReWritable CDs) which allowed users to reburn data onto the medium, making it easier to update/modify/erase data at will. While this did help the medium in terms of cases where repeated transportation of data is needed, it overall makes the data on discs less secure, since it could be modified or important information could be lost if a disc was lost in transit to a person with malicious intent. Another adopted way of protection the data on a disc is to use copy protection techniques in order to hinder and prevent people from making 1:1 copies of a CD. Some of these techniques include:
- Dummy Files (Illegal file headers)
- Illegal Sectors (Error Detection Code, using checksums)
- Illegal Sub-Channels (Left over data filled)
Digital Video Discs
In 1993 the storage format war was back in full force. Two mediums in question, the MultiMedia Compact Disc and the Super Density Disc, each backed by a large group of big names. The war waged on until eventually the parties behind the MultiMedia Compact Disc succumbed and made a deal with the companies backing the Super Density Disc. When all was said and done the Digital Video Disc (DVD) was born, hitting the market in December 1995 [[4]]. Essentially adopting the same ideas that backed CDs, DVDs utilized a laser technology that used a lower end of the spectrum, this way the format could hold much more data than the standard CD. As for security the same issues regarding data integrity and copy protection are about, but with much more advanced techniques. Two of the most popular, and most secure to date include:
USB Keys
USB Keys can be currently argued as the most used storage medium on the market. The simplistic design takes a page from the world of Floppy Disks, with simple read/write plug and play capabilities. With simplicity, however, brings up security concerns. With USB technology being the primary source of physical data transfer, companies and even public computers where a variety of people could gain access, are a high risk area for malicious activity. The most obvious solution is to just eliminate the ability to use USB ports, but that is not always a practical solution. A company must establish a portable storage security policy to address these issues:
- Define who is permitted to use portable data storage devices and what types of data are permitted to be stored on these devices.
- Establish rules for vendors and visitors who want to attach devices during presentations or visits to the organization.
- Establish virus and spyware protection standards for employees who use home or off-premise computers.
- Establish password and data encryption standards for portable storage devices.
- Establish a reporting procedure for notifying a responsible party in the event that a portable data storage device is lost or stolen (If something were to be lost or stolen, it could lead to identity theft if the data contained on the device could allow for it. [5])
References
Security Risks Associated With Portable Storage Devices 
Demand for Personal Storage Devices to Grow
See Also
[Information Security Awareness]
[Identity Theft]
[Social Engineering]
External Links
CD-Lock
CD and DVD Copy Protection
Floppy Disks
SecuROM
SafeDisc
--Cavaliaj 22:06, 1 December 2007 (EST)





