红帽全球峰会15.2. 数据分布
最佳实践建议,Operator 在机构控制前,或发布前必须清理云系统介质(数字和非数字),或发布前再发布以进行重复使用。根据特定安全域和敏感度,清理方法应实施适当的强度和完整性。
注意
NIST Special Publication 800-53 Revision 4 在这个主题上使用一个特定的视图:
The sanitization process removes information from the media such that the information cannot be retrieved or reconstructed. Sanitization techniques, including clearing, purging, cryptographic erase, and destruction, prevent the disclosure of information to unauthorized individuals when such media is reused or released for disposal.
The sanitization process removes information from the media such that the information cannot be retrieved or reconstructed. Sanitization techniques, including clearing, purging, cryptographic erase, and destruction, prevent the disclosure of information to unauthorized individuals when such media is reused or released for disposal.在开发常规数据分布和清理指南时(根据 NIST 推荐的安全控制,云操作员应考虑以下内容:
- 跟踪、文档和验证媒体清理和分散操作。
- 测试清理设备和流程以验证正确的性能。
- 在将此类设备连接到云基础架构之前,清理可移植的可移动存储设备。
- 销毁无法清理的云系统介质。
因此,OpenStack 部署需要解决以下实践(其它操作):
- 安全数据擦除
- 实例内存清理
- 块存储卷数据
- 计算实例临时存储
- 裸机服务器清理
15.2.1. 数据不安全删除
复制链接链接已复制到粘贴板!
在 OpenStack 中,可能会删除一些数据,但无法象上述 NIST 标准上下文中那样安全地清除。这通常适用于存储在数据库中的最大或全部定义元数据和信息。这可能会通过数据库和/或系统配置修复,以自动处理和定期释放可用空间。
15.2.2. 实例内存清理
复制链接链接已复制到粘贴板!
特定于各种虚拟机监控程序是实例内存的处理。Compute 中没有定义此行为,尽管虚拟机监控程序通常会在创建实例时对删除实例时清理内存的最佳努力。
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}