|Like this CertiGuide? Get it in PDF format!|
Use coupon code "certiguide" to save 20%!
|Also available: 300-question Security+ practice test!|
|Get It Here!|
3.2.4 Removable Media
Removable media refers to data storage
media that is somewhat portable, that is, it is not permanently fixed
to a server or workstation. Removable media is often used for data
transfer between systems, software or database product distribution,
and off-site backups. In this section, we discuss various types of
removable media including tape, CDR, hard drives, diskettes, flash memory
cards and smart cards.
Security Issues with Removable Media
Security considerations to keep in
mind, in the area of removable media, include the following:
- It enables data to be transported outside your
physical network, without being filtered through a device like an internet
gateway, possibly allowing unauthorized removal of data from the site.
- It is used to store data securely, for disaster
recovery backup and archival purposes, with the expectation that the
data can be retrieved from the media at a later date, if needed, so
you should consider the life of the media, and the ease with which data
can be restored.
- Destruction of data on removable media, to ensure
that no data can be retrieved off the media in the future, can be a
Depending on your OS, the OS may
helpfully decrypt data stored on an encrypted file system,
when writing to removable media without notifying you of the
On the subject of data storage, depending
on your security requirements, you may opt to encrypt data on removable
media so that even if it is lost or stolen, unauthorized personnel still
cannot read it.
Removable? Encrypt It!
Removable media is portable which means that the data on it is portable also. Generally anyone with access to the physical media can read the data on it. If the data is confidential, make sure it is encrypted on the media so that even if the media is lost or stolen, the data cannot be obtained.
When using removable media for backup/archival, be sure that you are using media with a life long enough for your purposes, or that you have a plan to periodically restore archived data and re-write it on new removable media.
Also, when dealing with backup/archival, make sure that you regularly test the restore process, to make sure that you can read the data off the removable media, back on to the system.
Finally, it can be difficult to completely destroy data stored on removable media (or any media whatsoever), so care must be taken when disposing of it.
|If you find CertiGuide.com useful, please consider making a small Paypal donation to help the site, using one of the buttons below. You can also donate a custom amount using the far right button (not less than $1 please, or PayPal gets most/all of your money!) In lieu of a larger donation, you may wish to consider buying an inexpensive PDF equivalent of the CertiGuide to Security+ from StudyExam4Less.com. (Use coupon code "certiguide" by December 31, 2004 to save 20%!) Thanks for your support!|
Table Of Contents - Contact Us
CertiGuide for Security+ (http://www.CertiGuide.com/secplus/) on CertiGuide.com
Version 1.0 - Version Date: November 15, 2004
Adapted with permission from a work created by Tcat Houser et al.
CertiGuide.com Version © Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.