building a RAID system - 8 drives - drive-net - tapes
Robert G. Brown
rgb at phy.duke.edu
Thu Oct 9 21:31:13 EDT 2003
On Thu, 9 Oct 2003, Alvin Oga wrote:
> yes and a "bunch of disks" (raid5) survives the loss of one dropped disk
> and is relatively secure from prying eyes ....
> - ceo gets one disk
> - cfo gets one disk
> - hr gets one disk
> - eng gets one disk
> - sys admin gets one disk
> ( combine all[-1] disks together to recreate the (raid5) TB data )
> - a single (raid5) disk by itself is basically worthless
Secure from prying eyes, maybe (as in casually secure). "Secure" as in
your secret plans for world domination or the details of your
flourishing cocaine business are safe from the feds, not at all, unless
the information is encrypted.
Each disk has about one fourth of the information. English is about 3:1
compressible (really more; this is using simple symbolic compression).
A good cryptanalyst could probably recover "most" of what is on the
disks from any one disk, depending on what kind of data is there.
Numbers, possibly not, but written communications, quite possibly.
Especially if it falls in the hands of somebody who really wants it and
has LOTS of good cryptanalysts.
> tape backups are insecure ...
> - lose a tape ( bad tape, lost tape ) and and all its data is lost
> - anybody can read the entire contents of the full backup
Unless it is encrypted. Without strong encryption there is no
data-level security. With it there is. Maybe. Depending on what is
"strong" to you and what is strong to, say, the NSA, whether your
systems and network is secure, depending on whether you have dual
isolation power inside a faraday cage with dobermans at the door.
However, there can be as much or as little physical security for the
tape as you care to put there. Tape in a locked safe, tape in an
Disks are far more fragile than tapes -- drop a disk one meter onto the
ground and chances are quite good that it is toast and will at best cost
hundreds of dollars and a trip to specialized facilities to remount and
mostly recover. Drop a tape one meter onto the ground and chance are
quite good that it is perfectly fine, and even if it isn't (because e.g.
the case cracked) ordinary humans can generally remount the tape in a
new case without needing a clean room and special tools. Tapes are
cheap -- you can afford to send almost three tapes compared to one disk.
I get the feeling that you just don't like tapes, Alvin...;-)
> ( one could tar up one disk per tape, instead of tar'ing the
> ( whole raid5 subsystem, to provide the
> ( same functionality as a raid5 offsite disk backup
> c ya
> and hopefully .. the old disks are not MFM drives..
> or ata-133 in a new sata system :-)
> Beowulf mailing list, Beowulf at beowulf.org
> To change your subscription (digest mode or unsubscribe) visit http://www.beowulf.org/mailman/listinfo/beowulf
Robert G. Brown http://www.phy.duke.edu/~rgb/
Duke University Dept. of Physics, Box 90305
Durham, N.C. 27708-0305
Phone: 1-919-660-2567 Fax: 919-660-2525 email:rgb at phy.duke.edu
Beowulf mailing list, Beowulf at beowulf.org
To change your subscription (digest mode or unsubscribe) visit http://www.beowulf.org/mailman/listinfo/beowulf
More information about the Beowulf