红帽全球峰会20.2. 数据处理
良好的实践建议,在组织控制外或发布机构控制前,操作员必须清理云系统介质(数字和非数字)。根据信息的特定安全域和敏感度,Sanitization 方法应实施适当的强度和完整性级别。
注意
NIST Special Publication 800-53 Revision 4 使用本主题的特定视图:
The sanitization process removes information from the media such that the information cannot be retrieved or reconstructed. Sanitization techniques, including clearing, purging, cryptographic erase, and destruction, prevent the disclosure of information to unauthorized individuals when such media is reused or released for disposal.
The sanitization process removes information from the media such that the information cannot be retrieved or reconstructed. Sanitization techniques, including clearing, purging, cryptographic erase, and destruction, prevent the disclosure of information to unauthorized individuals when such media is reused or released for disposal.在开发常规数据处理和清理指南时,云操作员应考虑以下事项(根据 NIST 推荐的安全控制):
- 跟踪、记录和验证介质清理和处理操作。
- 测试清理设备和流程以验证适当的性能。
- 在将此类设备连接到云基础架构之前,清理可移植的可移动存储设备。
- 销毁无法清理的云系统介质。
因此,OpenStack 部署需要解决以下做法(例如,其他部署):
- 保护数据纠删代码
- 实例内存清理
- 块存储卷数据
- 计算实例临时存储
- 裸机服务器清理
20.2.1. 不安全地清除数据
复制链接链接已复制到粘贴板!
在 OpenStack 中,可能会删除一些数据,但无法象上述 NIST 标准上下文中那样安全地清除。这通常适用于存储在数据库中的最大或全部定义元数据和信息。这可能会使用用于自动 vacuuming 和定期可用空间的数据库和/或系统配置来修复。
20.2.2. 实例内存清理
复制链接链接已复制到粘贴板!
特定于各种虚拟机监控程序是实例内存的处理。此行为在计算中不定义,但通常预期虚拟机监控程序在删除实例时能够尽力清理内存,在实例创建时或两者都具有最佳工作。
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}