Lesson 3: Removable Media

Lesson 3: Removable Media

Removable storage media, such as magnetic tape, CD-ROMs, various types of floppy disks, and even hard disks, are involved in security considerations for two different reasons:

• Removable media can be used to copy confidential information from your company servers and remove it from the facility without the opportunity for the information to be filtered or audited by a network gateway.

• Removable media are often used to store data for backup or archival purposes.

---

After this lesson, you will be able to

• Understand the security ramifications of using removable media

• List the various types of removable media and explain how they are typically used

• Describe how the various types of removable media can be protected

Estimated lesson time: 30 minutes

---

You must understand what steps you can take to prevent people from using removable media to carry data out of the office. As a storage solution for confidential data, you should know how to protect the information on the media, how best to store the media to keep the information intact, and how to effectively erase the media when necessary.

The following sections examine characteristics of the most commonly used removable media.

Magnetic Tape

Because of its low cost, its ability to hold a great deal of data, and its reasonably high speed, magnetic tape has been the storage medium of choice for system backup operations for decades. Many organizations also use magnetic tape for archiving data, and, prior to the widespread acceptance of CD-ROMs, tape was sometimes used for software distribution as well.

As a backup medium, magnetic tapes are an inexpensive, reliable, and compact storage medium. Today's tapes can survive rough handling and extreme conditions better than hard disks because they contain no electronics, and they are more durable than CD-ROMs, because the surface that holds the actual data is protected inside a plastic case. Easily storable, magnetic tape also makes an excellent archival medium.

Magnetic tapes and tape drives are available in a variety of sizes and formats, as shown in Table 9-1.

Table 9-1. Magnetic Tape Technologies

Type	Tape Width	Cartridge Size	Capacity (Uncompressed)	Speed
Quarter-inch cartridge (QIC)	.25 inch	4 × 6 × 0.625 inches (data cartridge); 3.25 2.5 0.6 inches (minicartridge)	Up to 20 GB	2 to 120 MB/min
Digital audio tape (DAT)	4 mm	2.875 × 2.0625 × 0.375 inches	Up to 20 GB	3 to 144 MB/min
8 mm	8 mm	3.7 × 2.44 × 0.59 inches	Up to 60 GB	Up to 180 MB/min
Digital linear tape (DLT)	.50 inch	4.16 × 4.15 × 1 inches	Up to 40 GB	Up to 360 MB/min
Linear tape open (LTO), Ultrium media	.50 inch	4.0 × 4.16 × 0.87 inches	Up to 100 GB	Up to 1920 MB/min

Generally speaking, QIC drives are used for backing up stand-alone computers and DAT for basic network backups. DLT, 8mm, and LTO are higher end technologies in both performance and price, and they are used for networks that require larger tape capacities and higher data transfer speeds.

Protecting Magnetic Tape Data

Unlike most other computer storage media, magnetic tape drives are not random access devices and do not function in the same way as hard disks, CD-ROMs, and other technologies. You can't simply copy files to the tape using standard file management tools. You must use a special program that is designed to write to the tape drive. Although there are simple command-line tools that can accomplish this, in most cases, network administrators use a specialized network backup product to write data to tapes.

Virtually all backup software products provide the ability to password protect backup jobs, so that only someone with the password can perform a restore from a particular tape using the backup software. This provides minimal protection against someone with access to the backup software restoring the data from a tape for their own purposes. However, this password protection is a function of the backup software only. It is still possible to read the raw data from the tape using hardware and software designed for this purpose, and to then extract the data from it. For complete security, you should encrypt the data written to the tape, so that even in its raw form, an intruder cannot access the information.

Of course, removable media are also easier to secure physically than computers or hard disks. If you keep your backup and archive tapes in a locked vault, you might not feel the need to password protect or encrypt them.

Erasing Magnetic Tapes

Because magnetic tapes are not random access devices, erasing the data stored on them is relatively difficult. In most cases, the erase function built into a backup software application does nothing but delete the tape header, leaving the actual data intact. This causes the backup software to see the tape as blank, and the next backup job written to the tape overwrites the previous information. However, it is still possible to retrieve the raw data from the tape and access the information stored there.

Even running a powerful magnet or bulk eraser over a tape is not a sure method of deleting all of the data stored there. With the appropriate equipment, a knowledgeable technician can retrieve at least part of the information from a tape that has supposedly been erased in this way.

The only sure method of erasing the data from a magnetic tape is using one of the permanent data deletion programs on the market. These programs perform multiple overwrites on the tape to ensure that all vestiges of the data stored there are eradicated. Some backup software packages have a secure erase feature built in; in other cases you might need a third-party product.

Preventing Tape Abuse

Magnetic tape drives are not a common accessory on the average computer, so limiting access to them is not that difficult. In a business environment, usually only specific servers are equipped with tape drives, and these computers should always be secured to prevent unauthorized individuals from using the tape drives for their own purposes.

Writable CD-ROMs

Compact Disc-Recordable (CD-R) and Compact Disc-Rewritable (CD-RW) drives have become almost ubiquitous in the home computer market, and they are commonly found on business computers as well. Although they lack the great capacity of the higher end magnetic tape formats, CDs are suitable for small-scale backups and archive projects.

Standard CD-ROMs are made by pressing a pattern of pits and lands in the substrate of the disc material. CD-Rs and CD-RWs are somewhat different. They use the same patterns to encode the data, but instead of creating a physical impression on the disk, a CD-R or CD-RW drive works by using a laser to create the data pattern in a layer of photosensitive dye incorporated into the disk. On a CD-R, the changes that the laser makes to the dye are permanent, whereas in a CD-RW, the changes can be reversed, making it possible to erase the disk and write new data on it.

When a drive reads a CD-R or CD-RW, a laser located below the disc shines upward through the dye layer and bounces off a layer of reflective material, which is a coating of a metallic alloy (or sometimes even gold or platinum) on the top (or label side) of the disk. It is true that the bottom side of a CD is the "business end" of the disk, because that's where the laser is, but a scratch in the reflective top surface is far more likely to cause read problems than a scratch on the bottom, because the focal point of the laser is the top surface, where the reflective material is located.

Archiving Data

As an archival medium, the value of a CD-R or CD-RW depends on the type of dye used to create the photosensitive layer in the disk and the state of the reflective coating on the top surface. There are a number of different compounds that manufacturers use for the dye, including cyanine, phthalocyanine, metallized azo, and formazen. These dyes have different effective life ratings provided by the manufacturers, which are obviously not the result of empirical studies, as they often speak of CD-Rs and CD-RWs being able to hold data for 75 or 100 years or more. It is reasonably safe to assume that when shopping for blank CD-R and CD-RW discs, you get what you pay for. If you are planning to archive data on these discs and you want to maintain the data indefinitely, you should definitely pay a little more for high-quality discs rather than using a bargain brand.

The photosensitivity of the dye and the relative fragility of the reflective surface on CD-R and CD-RW discs also means that you must be careful how you store the media. You should not expose the disks to sunlight for extended periods, and you should always store them in paper sleeves to protect the surface. If you can purchase discs with an additional protective coating on the top surface, you should do so.

For sensitive data, you should take the same precautions with CD-Rs and CD-RWs that you would with magnetic tapes. You can password protect the data on a CD by putting the files into a protected compressed archive, or by encrypting the data if greater security is needed.

Preventing CD-R/CD-RW Abuse

The best way to prevent people from burning their own CD-Rs and CD-RWs that include the company's confidential information is to restrict access to the drives. Many computer manufacturers today provide CD-R or CD-RW drives in their systems for a minimal cost over the same system with a read-only CD-ROM drive. You should avoid purchasing computers like these, except for users that have a legitimate need to burn their own CDs. Whenever possible, the computers containing CD burners should be secured to prevent other users from accessing them. Placing the computers behind locked doors, password protecting the basic input/output system (BIOS), and instructing users on the need to lock down the computers whenever they are left unattended are all methods you can use to minimize the risk of your data being illicitly burned on CDs.

Erasing CD-Rs and CD-RWs

Obviously, only CD-RWs can be erased and used again, but like magnetic tapes and other media, CD burning software usually has a dual-function erase feature, providing quick erase and full erase options. The quick erase function, as with a tape, deletes only the index on the disk, leaving the actual data to be overwritten later when you use the disk again. A full erase overwrites every bit of data on the disk, but that doesn't necessarily mean that it is totally unrecoverable. Differences in laser track alignment, like differences in head alignment on a magnetic medium, can leave vestiges of the data behind after an erasure. A determined individual with the correct equipment might be able to recover this data, at least in part.

The surest way of erasing the data on a CD-RW, and the only way on a CD-R, is to physically destroy the disk, but even this can be problematic. Removing the reflective surface from the top of the disk certainly prevents it from being read. Scratching the surface heavily with a sharp object, such as a nail, and breaking the disk into pieces is usually sufficient for most purposes. Some people have devised more elaborate methods, for example, using belt or drum sanders to completely remove the surface. Remember, however, that although removing the reflective surface might prevent the disk from being read, the dye pattern inside the disk is still left intact. Theoretically, at least, someone could reapply a new reflective surface and recover the data from the disk.

Breaking a disk into many pieces is also an effective means of destroying the data in most cases. Some heavy-duty shredders are strong enough to handle CDs and effectively break them into a great many pieces. Someone with sufficient time and patience could try to reassemble the jigsaw puzzle of broken pieces, however, so this method is by no means foolproof.

Heating CDs in an oven or incinerating them can certainly destroy them beyond all hope of recovery, but this method is not recommended because the fumes emitted by the burning polycarbonate can be toxic to humans and are certainly not good for the environment. Placing a CD-R or CD-RW into a microwave oven for a five-second burst on the highest setting is reputed to render it unreadable, and it also provides an entertaining show of sparks that etch a pattern into the reflective surface. This method is not recommended either, however, because of fumes and possible damage to the microwave from arcing.

Hard Disks

Although hard disks have historically been considered permanent computer components, in recent years they have become a viable removable medium as well. Ever-increasing capacities and consistently lower prices have made the hard disk the most economical storage medium available, and the hard disk arrays now found in many computers make them much more portable than they used to be. As a result, you can now consider using a hard disk as a backup medium, but you should also be aware of the possibility that hard disks can conceivably be removed from the office.

A hard disk array is essentially a framework containing a backplane that connects the drives in the array to the computer's interface. Once you install the array in a computer (or buy a computer equipped with one) you can then purchase standard hard disks and plug them into the array. In some cases, you might have to purchase a caddy that contains each hard disk as well. Some hard disk arrays are even hot pluggable, meaning that you can insert them into the array and remove them without shutting down the computer.

Unlike the other removable media discussed earlier, a hard disk that is removed from a computer includes the drive mechanism as well as the storage medium itself. This makes the removable hard disk unit much more fragile than a tape cartridge or a CD, because you have exposed electronics and read/write heads that are in close proximity to the platters containing the data. Dropping a CD or tape on the floor probably will not do any damage, but a hard disk will almost certainly break if dropped.

This is not to say, however, that the data will be irretrievably lost. Even if the drive mechanism is broken, there are companies that specialize in reclaiming data from damaged hard disks. The service can be expensive, but if it means the difference between saving and losing your data, the expense might be worthwhile.

Protecting the data on a removable hard disk with passwords and encryption and erasing that data securely is no different than it is on a permanently mounted hard disk. As with magnetic tapes, hard disks typically erase data by removing the appropriate entries from the drive index, leaving the actual data itself in place on the drive platters. Recovering this so-called deleted data is easier on a hard disk than on most other media because there are several commercially available utilities that enable you to read the raw data stored on the drive. Even data that is actually erased from the drive can sometimes be recovered, due to variations in the positioning of the drive heads on the platters. Fortunately, there are also a large number of applications that enable you to permanently delete files from the drive by repeatedly overwriting them with other data until all vestiges of the information are removed.

To completely erase all of the data on a hard disk, you can also perform a low-level format, which is the closest thing to starting with a completely new, empty disk. However, before performing a low-level format on a modern Integrated Drive Electronics (IDE) or Small Computer System Interface (SCSI) drive, you should consult the manufacturer and use the software they supply and recommend.

To prevent users from carrying removable disks and the data they contain out of the facility, you should limit the use of hard disk arrays to servers and other computers that can be physically secured.

Floppy Disks

Floppy disk drives are still standard equipment on most computers, even though their functions are all but superfluous. With their small capacity and slow speed, floppy disks are not a suitable medium for backups or archives, and the introduction of the bootable CD-ROM has even made them unnecessary for booting the computer in the event of hard disk failure. However, floppy disks do provide a convenient medium that individuals can use to copy data from a computer's hard disk and carry it out of the facility.

The most foolproof method for preventing users from copying data to floppy disks is to simply disable them or remove them from the computers completely. There are various security products on the market that can lock down a floppy disk drive, either physically, with a lock and key, or with software.

Rendering a floppy disk unusable is rather easy. The plastic cases protecting the actual storage medium are easily broken, and doing so makes it impossible for the drive to accept them. However, the medium itself, a flexible disk of plastic material impregnated with magnetic particles, is made of stronger stuff. As with all magnetic media, exposing the disk to a powerful magnet erases most of the data, but could still leave recoverable artifacts. In addition, although the medium inside a floppy disk is notoriously prone to damage, due to its flexibility, completely destroying the data stored so that it cannot be retrieved by any means can be a problem. It is not practical to burn the disk, because of its fumes. Magnetizing and then shredding the disk is the most practical alternative. Cutting the medium up into small enough pieces makes it unlikely that someone would devote the time needed to reassemble them.

Flashcards

A flashcard is a small data storage device conforming to any one of several manufacturers' standards, including Compact Flash, Smart Media, and Memory Stick. The nature of the devices vary, ranging from postage-stamp sized memory cards to tiny hard disks that plug into a portable computer's PC Card slot. Most of these storage media are used for digital devices other than computers, such as MP3 audio players and digital cameras, but it is often possible to access the storage medium with a computer by using an adapter of some kind.

Depending on the technology and the application for which they are used, flashcards can have capacities from a few kilobytes up to a gigabyte or more. Media like these, with high capacity and small size, are prime candidates for abuse by users trying to smuggle confidential data out of a secured facility. These media are not yet a major security problem, because they are an emerging technology and computers are not yet equipped to use them without additional support hardware.

As a backup or archival medium, flashcard media are not yet in general use, and they are not likely to be unless their prices are reduced dramatically. In cost per megabyte, flashcards are currently among the most expensive storage media on the market. As of yet, there is no standard for the protection of data stored on a flashcard. The devices for which they are designed do not protect the data in any way, but when the use of these devices becomes more common on computers, a means for password protecting or encrypting the data will likely be devised.

Smart Cards

A smart card is a credit-card sized device that contains a small amount of memory for storage and for software, and sometimes an integrated circuit, enabling it to perform some basic processing functions. Unlike the other media discussed in this lesson, smart cards are not designed as a storage device on which users keep their data. Smart cards are always associated with a specific application and they are designed to perform specific functions.

Smart cards are used for a variety of different applications. The card can hold a person's medical history, or a digital certificate used to authenticate a person's identity, or be used for "electronic cash" in retail businesses. In virtually all cases, the information on the card is secured using encryption, and the overall purpose of the card is usually security related.

Because a card can be lost or stolen, security applications never rely on smart cards alone; they always use a password or a personal identification number (PIN) along with the card to identify a particular user. The user is expected to keep the password or PIN secure, and not store it with the card itself.

Exercise: Identifying Removable Storage Media Types

Match the removable storage media in the left column with the appropriate description in the right column.

Flashcards Magnetic tape Smart cards CD-R Floppy disks

Typically contains encrypted data used to authenticate a user's identity Can only be erased by physical destruction No longer used for backups and data archiving, due to low capacity New storage technologies using very small form factors Traditional medium used for backups

Lesson Review

The following questions are intended to reinforce key information presented in this lesson. If you are unable to answer a question, review the lesson and then try the question again. Answers to the questions can be found in Appendix A, "Questions and Answers."

1. Which of the following magnetic tape formats has the greatest storage capacity?

   1. DAT

   2. LTO

   3. DLT

   4. QIC

2. What is the term used to describe a hard disk that you can remove from the computer without shutting the system down?

3. Which of the following removable media is typically used to carry users' digital certificates?

   1. Flashcards

   2. Smart cards

   3. CD-Rs

   4. Floppy disks

Lesson Summary

• Magnetic tape is the traditional storage medium of choice for backups and data archiving. Data stored on tapes can be secured using passwords or encryption, and the data can be completely and permanently erased if needed.

• CD-Rs and CD-RWs have become the most popular general-use removable storage media in recent years, due to their low cost and relatively high capacity. Data on CD-Rs and CD-RWs can be secured, and CD-RWs can be securely erased. CD-Rs must be physically destroyed to erase their data, and there is no practical destruction method at this time that is completely foolproof.

• The low cost and high capacity of hard disks have made them a viable solution for backups and archiving, now that drive arrays that allow quick removal of the device are common. Hard disks are relatively fragile compared to other storage media, however.

• Floppy disks are no longer a popular storage medium because of their slow speed and low capacity. In most cases, floppy disk drives can be removed from computers if an administrator wants to prevent users from copying confidential data.

• Flashcards are new technologies that store data in extremely compact form factors, making them a potential source of concern for security administrators.

• Smart cards are specialized data storage devices that are primarily used for authentication. They are encrypted to keep the information on them secure.