Recently exposed is the fact that drives from many manufacturers have been altered, allowing covert programs to execute simply by accessing the hard disk controller. This is the kind of thing alluded to in spy novels. Now it has been exposed as fact by reliable resources.
Until there is a certification process that a disk controller has not been modified, we have to live with the possibility that our systems are being monitored, and that without our ability to identify or defend. It’s the ultimate virus. We install it, we maintain it, and we are motivated to keep it alive.
What can we do to protect our business from assaults by unwanted intruders? Having worked in the world of PCI certifications I know there are some things that can be done, even if you have a virus. Encryption is a good candidate. Encrypting sensitive data before it gets to any sort of persistence is a good thing.
Many systems like to encrypt using the database engine itself. In this case, it may be better to encrypt using an appliance or diskless device, external to the database host server, prior to submitting the data to be saved in any database; even NoSql data storage should be encrypted before arriving on a machine hosting disks.
Perhaps we should consider using PXE boot for some of our servers needing to be hardened. Local ram disks might bridge the gap. SSDs are something you might consider. However, they have a controller emulating that of a hard disk, which may have been altered.
One thing you should count on is that there is some probability that your data is being monitored. You may not know who, or how the monitoring occurs. But with the connected nature of our world, privacy is pretty much a thing of the past.
Am I being paranoid? Is it really possible to mitigate against this intrusion with the current infrastructure? What is the risk of having a disk where outsiders can access your system? Join the conversation. Let me know what you think.
Cheers,
Ben