Recap & Intro
In Methodology & Terminology 101, and 102 the goals and objectives for both attackers and defenders were outlined. If this was a sport we’ve covered the positions and how to score, but not the ball its self. Unlike any physical sport, data changes and morphs from one state to another as it flows through a system. Data is in one of the following states at any given time: At Rest, In Use, or In Transit. If data were to exist in the physical world as it does in machines, it might be like water. As an icecap, a river, or a cloud transitions between all three states to form the water cycle system, data is the water itself transforming between solid, liquid, and gas.
States of Data
Data is in a static state when written to a medium, like ink on paper is at rest. In systems, data is saved to your hard disk drive, USB sticks, or even your choice of cloud provider so long as it’s not being actively read, or modified.
Data at Rest protections can be mapped to the CIA triad through encryption, hashing, and backups. By ensuring only authorized users have access to the decryption key, our data at rest can be safe from disclosure. Through validating the hash of our data at rest, we know if it has been altered. In the event our data at rest is destroyed we have the option to reset it back to a good known state through the use of backups of that data taken previously.
Actively being read or processed, on in queue for the processor stack. It’s more akin to the voice in your head when you’re reading or writing than the ink on paper referenced in data at rest. When we open a word document, the computer reads the data at rest, and loads it into memory where it becomes data in use and we can modify it or actually read it in a userfriendly way. Until we save that word document it stays in use, once we save and close it the data is at rest again as 1’s and 0’s on a hard drive.
Data in Use is substantially harder to protect and map to the CIA triad, following are a few techniques used to protect it. Error handling can defend your data from buffer overflows that may effect your availability by preventing incorrect data trying to be processed as part of your program. ASLR or adress space layout randomization works to store data in use in a random spot eachtime throughout your memoryspace to protects its confidentiality, making it harder to use a static attack since it first has to locate it. Older versions of the Windows OS were known to be extremely vulnerable since you could always count on where certain pieces of the OS would be loaded in memory to manipulate. Running your process (e.g. data in use) in an isolated environment (e.g. sandbox, virtual machines, or virtual secure mode) to prevent other processes from interfering with it could protect its integrity. Unlike data at rest though, there’s obvious bleed over in how all of these technologies effect other pieces of the CIA triad.
From me to you. While data may move about internal to an individual computer so long as it stays within it, it’s generally not considered in transit. It’s when the data leaves the computer, through a USB cable, Ethernet Cable, WiFi adapter, Bluetooth or otherwise it gains the classification as in transit. To keep with the metaphor, data in transit is considered the process of orally discussing what to write with another person, where two parties share a language (i.e. protocol) through a medium (i.e. port).
Data in Transit is probably the most seamless to protect, frequently giving the user the least overhead. Data in transit relies on various types of cryptography, like hashing the message before sending and rehashing it on the other end to ensure integrity. Sending the entire message encrypted with a shared key ensuring confidentiality, or using protocols that request acknowledgement (e.g. TCP) of packets to ensure availability. TLS (formerly SSL) is found all over the web protecting data in transit, this website included through performing ‘handshakes’ to establish shared secrets so they can communicate securely. On a sidenote, that’s why there’s a lock before the URL at the top of your screen, to show that TLS is in use.
With States of Data, the DAD-A Triad, and the CIA Triad wrapped up that brings this short three part series to an end. So long as you can relate what you’re doing back to these concepts, you’re a step ahead of a lot of people for understanding the why of cyber security that should be guiding your spending and actions. You might even be able to make a convincing sales pitch to the C-suite on what new toy or tech they need.