Seagate 15K.2 Self-Encrypting Drives for Servers, NAS, and SAN Arrays - Page 15

Additional Information - 5 sas hard drive

Get Seagate 15K.2 - Savvio 146.8 GB Hard Drive PDF manuals and user guides
UPC - 715663213772
View all Seagate 15K.2 manuals
Add to My Manuals
Save this manual to your list of manuals

Page 15 highlights

Self-Encrypting Drives for Servers, NAS and SAN Arrays Scenario Three When IP extends the SAN over the Internet or dedicated lines, IPSec security is used on these remote links to protect valuable in-motion data over long distances and to support data replication, SAN data device sharing and ensure backup and business continuity. Secure Sockets Layer (SSL) sessions are used for the WAN links (with ephemeral keys) to help ensure that the link remains secure and that keys are not exposed for long periods of time. Regardless of whether there is physical security protection for the fabric, there is still the need to secure the hard drive's data once the drive leaves the owner's control. Instead of using the session security techniques described above, it may seem that encrypting in the fabric to secure the data on the hard drive is a good long-term solution: the data is encrypted not only on the hard drive, but also as it travels through the fabric. But this approach has a fundamental flaw: Rather than increasing security, it actually decreases security and increases complexity by exposing encryption keys that are long-lived keys, while exposing large amounts of cipher text that were all encrypted with only a single encryption key. If encryption is needed for data in motion, it should be provided by IPSec or FC over IP. Encrypting data on the drive is best performed by the drive itself, for all of the reasons provided by the above sections. Additional Information Additional information about storage security can be found at the Trusted Computing Group: www.trustedcomputinggroup.org and at the Storage Networking Industry Association (SNIA) Storage Security Industry Forum (SSIF): www.snia.org/forums/ssif/ knowledge_center Self-Encrypting Drive whitepapers, webcasts and a performance demo video can be found at: www.SEDSecuritySolutions.com. AMERICAS ASIA / PACIFIC EUROPE, MIDDLE EAST AND AFRICA Seagate Technology LLC 920 Disc Drive, Scotts Valley, California 95066, United States, 831-438-6550 Seagate Technology International Ltd. 7000 Ang Mo Kio Avenue 5, Singapore 569877, 65-6485-3888 Seagate Technology SAS 130-136, rue de Silly, 92773, Boulogne-Billancourt Cedex, France 33 1-4186 10 00 Copyright © 2009 Seagate Technology LLC. All rights reserved. Printed in USA. Seagate, Seagate Technology and the Wave logo are registered trademarks of Seagate Technology LLC in the United States and/or other countries. Momentus is either a trademarks or registered trademark of Seagate Technology LLC or one of its affiliated companies in the United States and/or other countries. All other trademarks or registered trademarks are the property of their respective owners. Seagate reserves the right to change, without notice, product offerings or specifications. TP600.1-0903US, March 2009

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
Self-Encrypting Drives for
Servers, NAS and SAN Arrays
Scenario Three
When IP extends the SAN over the Internet
or dedicated lines, IPSec security is used on
these remote links to protect valuable in-motion
data over long distances and to support data
replication, SAN data device sharing and ensure
backup and business continuity. Secure Sockets
Layer (SSL) sessions are used for the WAN links
(with ephemeral keys) to help ensure that the link
remains secure and that keys are not exposed for
long periods of time.
Regardless of whether there is physical security
protection for the fabric, there is still the need to
secure the hard drive’s data once the drive leaves
the owner’s control. Instead of using the session
security techniques described above, it may seem
that encrypting in the fabric to secure the data
on the hard drive is a good long-term solution:
the data is encrypted not only on the hard drive,
but also as it travels through the fabric. But this
approach has a fundamental flaw: Rather than
increasing security, it actually decreases security
and increases complexity by exposing encryption
keys that are long-lived keys, while exposing large
amounts of cipher text that were all encrypted
with only a single encryption key.
If encryption is needed for data in motion, it
should be provided by IPSec or FC over IP.
Encrypting data on the drive is best performed by
the drive itself, for all of the reasons provided by
the above sections.
Additional Information
Additional information about storage security
can be found at the Trusted Computing Group:
www.trustedcomputinggroup.org
and at the Storage Networking Industry
Association (SNIA) Storage Security Industry
Forum (SSIF):
www.snia.org/forums/ssif/
knowledge_center
Self-Encrypting Drive whitepapers, webcasts
and a performance demo video can be found at:
www.SEDSecuritySolutions.com
.
AMERICAS
Seagate Technology LLC
920 Disc Drive, Scotts Valley, California 95066, United States, 831-438-6550
ASIA/PACIFIC
Seagate Technology International Ltd.
7000 Ang Mo Kio Avenue 5, Singapore 569877, 65-6485-3888
EUROPE, MIDDLE EAST AND AFRICA
Seagate Technology SAS
130–136, rue de Silly, 92773, Boulogne-Billancourt Cedex, France 33 1-4186 10 00
Copyright © 2009 Seagate Technology LLC. All rights reserved. Printed in USA. Seagate, Seagate Technology and the Wave logo are registered trademarks of Seagate Technology LLC in the United States and/or other countries.
Momentus is either a trademarks or registered trademark of Seagate Technology LLC or one of its affiliated companies in the United States and/or other countries. All other trademarks or registered trademarks are the property of their
respective owners. Seagate reserves the right to change, without notice, product offerings or specifications. TP600.1-0903US, March 2009