http://www.bracode.store

CONTENTS

1. Executive Summary

2. Need for Data Security

3. Solution:

4. Conclusion

1. EXECUTIVE SUMMARY

The advantages of networked data storage technologies such as Network Attached Storage (NAS) are well established, but toring an organization’s data on a network creates significant security risks.

Technologies like NAS and backup tapes that aggregate data for storage can improve scalability, manageability and access to critical data, while substantially reducing the total cost of storage. Additionally, storage networks can simplify the process for enterprises seeking to implement comprehensive disaster recovery programs.However, data in networked storage environments is significantly more vulnerable to unauthorized access, theft or misuse than data stored in more traditional, direct-attached storage.

Aggregated storage is not designed to compartmentalize the data it contains, and data from different departments or divisions becomes co-mingled. Data replication, backup, off-site mirroring, and other disaster recovery techniques increase the risk of unauthorized access from people both inside andoutside the enterprise. Partner access through firewalls and other legitimate business needs also create undesirable security risks. With storage networks, a single security breach can threaten the data assets of an entire organization.

Technologies such as firewalls, Intrusion Detection Systems (IDS), and Virtual Private Networks (VPN) seek to secure data assets by protecting the perimeter of the network. While important in their own right, these targeted approaches do not adequately secure storage. Consequently, they leave data at the core dangerously open to both internal and external attacks Once these barriers are breached — via stolen passwords, uncaught viruses, or simple misconfiguration — data assets are fully exposed.

2. NEED FOR DATA SECURITY

Corporate information is one of the most valuable assets for an enterprise. Proper security measures are needed to prevent unauthorized access and misuse of these data, and often time required for regulatory compliance.

nwStor’s Encryption appliance is a data encryption and control solution – offering comprehensive security to organizations of all sizes offering protection capabilities both for local and remote sites with unprecedented efficiency and cost effectiveness

3. SOLUTION: iSAV STORAGE SECURITY APPLIANCES

nwStor empowers you to secure your data across your organization without compromising ongoing operations. iSav storage security appliance combines storage encryption, file access control, user authentication, and secure logging to provide protection for your sensitive data on your storage devices including cloud storage.

Your company’s sensitive data located in the network file servers and NAS devices will be securely locked up by iSav with the highest industrial encryption standard, AES-256 encryption The data security level is further elevated by assigning a unique encryption key for each file. The data encryption and decryption process will be done by hardware efficiently and transparently,With all encryption keys and data further encrypted and saved in Cloud and key management server, iSav can be recovered anywhere in the world should there be a disaster event at the local site

iSav is hardware based data encryption system. The deployment of iSav is as simple as the installation of a network router. A signal unit can centrally manage and secure all files stored in NAS devices and file servers across the company’s network while allowing authorized users to access data(write, read and delete) as usual. All file encryption and decryption will be handled by iSav transparently as the data are passing through iSav.

iSav can be deployed in the data path between clients or hosts and the storage device, either inline or attached to a switch.

iSav doesn’t store data – it simply accepts data from the client/host, encrypts it using the AES algorithm, and sends it on to storage. When an authorized user or application requests data, iSav authenticates the user or application, retrieves the ata from storage, decrypts it and presents it back — all at wire speed. iSav works within file-based (NAS) networked storage environments. Security of the stored data is ensured while user or application workflow is not changed.

Figure 1 illustrates a simple, high-availability deployment in a file server (NAS) environment.

By encrypting data, and routing all access through secure hardware, iSav makes it easier for organizations to control and track data access. Encryption effectively blocks all back doors to data -protecting sensitive information on disk or tape against theft or misuse. Even if an unauthorized person gains access to the media, all they’ll see are meaningless characters Implemented correctly, encryption is a powerful tool that dramatically simplifies data security.

But all encryption is not created equal. There are a number of capabilities organizations should consider when evaluating encryption technologies:

3.1 PERFORMANCE

One of the many advantages of using dedicated hardware for encryption is exceptional performance.

Strong encryption is computationally expensive, and traditional, software-based encryption methods are notoriously slow, as well as cumbersome to implement. In contrast, iSav appliances can be deployed into an existing infrastructure in a matter of hours, without ever taking the data offline. Further, iSav encrypts and decrypts at over 4 gigabits per second, easily keeping up with Gigabit Ethernet storage networks. Using unique functionality, iSav delivers a port to port latency as low as 50-100 microseconds.

iSav can be placed in a broad variety of locations within the network, depending on the desired security and throughput requirements. Because many storage networks do not consistently maximize the 2Gig pipe, it is quite feasible for one iSav to handle many hosts and many storage devices simultaneously.

iSav appliances can be deployed in active-active clusters for availability and failover, and additional appliances can be added to address higher throughput requirements.

3.2 TRANSPARENCY

iSav was designed to secure data while protecting existing infrastructure investments.

The system integrates seamlessly with databases, mail servers, storage management, backup and other applications layered upon various operating systems in all storage environments.

Because iSav speaks CIFS and NFS Channel natively, no software or agents are required for either the application hosts or clients, making the appliance easy to install and support. iSav also works with existing security technologies like firewalls.authentication schemes, IPS, and VPNs.

Compared with Software solution

Software or database encryption solutions are operating system dependent. They must be integrated into each client or application, and it’s important to consider that security may be compromised when application or operating systems are upgraded. Because iSav speaks the native protocols of the storage environment, it works with all operating systems, applications and versions, providing much greater security, and flexibility.

3.3 SECURITY

While performance and easy implementation are important, perhaps the most crucial consideration for the encryption and access control solution is the security of the system itself.

AES 256-bit Encryption Standara

iSav utilizes hardware AES-256 encryption as the encryption standard, which is very strong encryption standard adopted by the U.S. Government for top secret documents protection. iSav has a built-in hardware random number generator(RNG) to ensure that all the keys generated are true random.

Unique Key per File

Each file is encrypted by a unique key to guarantee the highest security. This increases the difficult for any ndividual to break the encrypted stolen files.

Delete Sensitive Data Securely and Permanently

Once an encrypted file is deleted, iSav will erase the corresponding encryption key to ensure the deleted file will be irretrievable.

3.4 DISASTER RECOVERY

All encryption keys, configuration data, and metadata are encrypted and backed up to cloud storage, so iSav can be recovered globally in case of disaster.

Before sending data to cloud storage, every file stored in Cloud will be securely protected by very strong encryption standard so that no data center administrator will be able to access your sensitive data.

3.5 KEY MANAGEMENT

When encrypting data that may be stored for months or years, secure, effective key management is crucial. Key management has always been a weakness in traditional encryption systems requiring users or administrators to keep track of this important and highly sensitive information. Further, keys were often stored in cleartext on open operating systems, leading to a much higher likelihood of compromise.

iSav changes this legacy with an innovative, layered key management system that removes the complexity commonly associated with encryption, yet ensures that the keys are fully protected and data can be restored, regardless of location.

Data is encrypted at the file level with a File Key, which ensures that even identical documents will result in different ciphertext.

Further, each Cryptainer vault has its own encryption key, so aggregated storage can be cryptographically partitioned. Finally, these keys are wrapped in an additional layer of AES-256 encryption so they can be securely backed up outside iSav.

Figure 2 illustrates the automated archiving of encryption keys into the key server and backup to cloud storage or NAS.

3.6 ADDITIONAL SECURITY CAPABILITIES

Authentication and Assess Control: Authentication plays a key role in the security provided by iSav, ensuring only authorized users and applications have access to stored data.n/m administrator authentication is to avoid a single security administrator from abusing his/her administrator privilege, iSav has an option of a quorum of n over m administrators to login in order to activate and configure iSav.

User authentication is to authenticate themselves before they can access their data in order to prevent unauthorized access.to data that are not meant for them.

Secure Log Provide Audit Trial: iSav provides secure log for audit trail purposes. It records every event, action, or file access and tracks who, when, what, and how protected data were being accessed. This includes all successful and unsuccessful actions performed by administrators or users. The log cannot be modified or erased

Easy Management System: iSav provides with many useful tools to assist system manager to handle with maintenance task such as remote secure web management interface and email notification.

Cost Effective Centralized Solution: Signal iSav can secure files of multiple file servers and NAS devices, so it is cost effective without being dependent on a particular storage vendor. And it also secures files from different applications centrally.

4. CONCLUSION

As organizations seek to save money and improve access to data by implementing aggregated storage technologies such as file servers (NAS) and replicating this data for backup and disaster recovery, they have opened the door to much greater risks. Identity theft is costing companies and government organizations billions of dollars, and new privacy initiatives are mandating greater attention to the security of stored data.

While some common existing security technologies play an important role, they do not adequately meet the needs of storage security. Software-based storage security solutions are slow, limited in scope, and are not fully secure.

nwStor offers a comprehensive solution to the storage security problem, enabling organizations to build defense in depth.|nwStor iSav is a powerful, scalable, network appliance that is designed specifically for the task of securing stored data. iSav enables organizations to reap the full benefits of networked storage, while ensuring that the data remains private and secure.

comChat是一款企业即时消息(EIM)应用，旨在消除第三方EIM应用的使用，如Whatsapp、微信和LINE。 (改善员工沟通，减少Lotus Note用户的数量。)

必邻是一款强大的寻物应用，玩、赚两不误！精准的定位可以让你随时了解你与物品之间的距离，可以设置多个动作进行监控保护。一旦丢失，必邻社群有成千上万的人，当有成员接近目标时，系统自动发送消息通知你。物品也能快速找回。

● 多人管理：可通过分享物品实现多人共同管理一个物品，带上贵重珠宝也不怕丢。

● 额外奖励：通过简单的安装APP成为寻宝人，加入GPS社群网络获得你的奖励。

必邻寻物APP界面：

http://www.egoserving.com/ 网站域名

内容

• 执行概要
• 数据安全需求
• 解决方案
• 结论

1. 执行概要

网络数据存储技术(如网络附加存储(NAS))的优势已经很好地建立起来了，但是将组织的数据存储在网络上会产生重大的安全风险。

像NAS和备份磁带这样的技术可以聚合用于存储的数据，从而提高可伸缩性、可管理性和对关键数据的访问，同时大大降低存储的总成本。此外，存储网络可以简化企业实现全面灾难恢复程序的过程。

然而，网络存储环境中的数据比传统直接连接存储中的数据更容易受到未经授权的访问、盗窃或误用。

聚合存储的设计目的不是将它所包含的数据分隔开来，来自livisions上不同部门的数据会混合在一起。数据复制、备份、场外镜像和其他灾难恢复技术增加了来自内部和外部人员的未经授权访问的风险外的企业。通过防火墙和其他合法业务需求访问合作伙伴也会产生不受欢迎的安全风险。对于存储网络，一次安全漏洞就可能威胁到整个组织的数据资产。

防火墙、入侵检测系统(IDS)和虚拟专用网(VPN)等技术通过保护网络的周长来保护数据资产。虽然这些有针对性的方法本身很重要，但它们并不能充分保护存储。因此，它们将数据置于危险的核心位置，使其容易受到内部和外部攻击。|一旦这些屏障被攻破——通过窃取的密码、未捕获的病毒或简单的错误配置——数据资产就会完全暴露。

2. 数据安全需求

企业信息是企业最宝贵的资产之一。需要适当的安全措施来防止未经授权的访问和滥用这些数据，通常还需要时间来遵守法规。nwStor的加密设备是一种数据加密和控制解决方案——为各种规模的组织提供全面的安全性，以前所未有的效率和成本效益为本地和远程站点提供保护能力

3. 解决方案:

iSAV存储安全设备nwStor使您能够在不影响正在进行的操作的情况下跨组织保护您的数据。iSav存储安全设备结合了存储加密、文件访问控制、用户身份验证和安全日志记录，为您的存储设备(包括云存储)上的vour敏感数据提供保护。贵公司位于网络文件服务器和NAS设备中的敏感数据将被iSav以最高的行业加密标准AES-256加密进行安全锁存。通过为每个文件分配唯一的加密密钥，进一步提高了数据安全级别。数据加密和解密过程将由硬件高效、透明地完成。所有加密密钥和数据进一步加密并保存在云和密钥管理服务器中，如果本地站点发生灾难事件，iSav可以在世界任何地方恢复。

Sav是一种基于硬件的数据加密系统。iSav的部署就像安装网络路由器一样简单。信号单元可以集中管理和保护存储在公司网络上的NAS设备和文件服务器中的所有文件，同时允许授权用户像往常一样访问数据(写入、读取和删除)。所有文件的加密和解密将由iSav透明地处理，作为数据的传递。通过iSav。iSav可以部署在客户机或主机与存储设备之间的数据路径中，可以内联部署，也可以附加到交换机上。

Sav不存储数据——它只接受来自客户机/主机的数据，使用AES算法对其加密，并将其发送到存储中。当授权用户或应用程序请求数据时，iSav对该用户或应用程序进行身份验证，从存储中检索数据，解密数据，然后以有线速度将其显示出来。isav在基于文件的网络存储环境中工作。在不更改用户或应用程序工作流的情况下，确保存储数据的安全性。

图1演示了文件服务器(NAS)环境中的一个简单的高可用性部署。

通过加密数据和通过安全硬件路由所有访问，iSav使组织更容易控制和跟踪数据访问。加密可以有效地阻止所有数据的后门——保护磁盘或磁带上的敏感信息不被盗窃或误用。即使一个未经授权的人获得了访问媒体的权限，他们看到的也只是毫无意义的字符。如果实现正确，加密是一种强大的工具，可以极大地简化数据安全性。

但并非所有加密都是平等的。在评估加密技术时，组织应该考虑以下几种功能:

3.1性能

使用专用硬件进行加密的众多优点之一是其出色的性能。强加密在计算上非常昂贵，而传统的基于软件的加密方法非常缓慢，而且实现起来非常麻烦。相比之下，iSav设备。可以在几个小时内深入到现有的基础设施中，而无需将数据脱机。此外，iSav的加密和解密速度超过每秒4gb，很容易跟上千兆以太网存储网络的速度。使用独特的功能，iSav提供一个端口到端口的延迟低至50-100微秒，根据所需的安全性和吞吐量要求，iSav可以放置在网络中的各种位置。由于许多存储网络并不总是最大化2Gig管道，因此一个iSav可以同时处理多个主机和多个存储设备。iSav设备可以部署在active-active集群中，用于可用性和故障转移，还可以添加其他设备。处理更高的吞吐量需求。

3.2透明度

iSav的设计目的是在保护现有基础设施投资的同时保护数据。

该系统与数据库、邮件服务器、存储管理、备份和laverec上的其他应用程序无缝集成，适用于所有存储环境中的各种操作系统。因为iSav本机使用CIFS和NFS通道，所以这两个应用程序主机都不需要软件或代理。或客户端，使设备易于安装和支持。iSav还可以使用现有的安全技术，如防火墙身份验证方案、ip和vpn。

与软件解决方案比较

软件或数据库加密解决方案依赖于操作系统。必须将它们集成到每个客户机或应用程序中，并且必须考虑到，在升级应用程序或操作系统时，安全性可能会受到影响。因为iSav使用存储环境的本机协议，所以它与所有操作系统、应用程序和版本一起工作，提供了更大的安全性和灵活性。

3.3安全

虽然性能和易于实现很重要，但是对于加密和访问控制解决方案来说，可能最重要的考虑因素是系统本身的安全性。AES 256位加密标准iSav采用硬件AES-256加密作为加密标准，这是美国政府为保护绝密文件而采用的一种非常强的加密标准，iSav内置硬件随机数发生器(hardware random number generator, RNG)，确保生成的所有密钥都是真实随机的。

每个文件唯一密钥每个文件都由唯一的密钥加密，以保证最高的安全性。这增加了任何个人破解加密被盗文件的难度。删除加密文件后，iSav将删除相应的加密密钥，以确保删除的文件不可检索

3.4灾难恢复

所有加密密钥、配置数据和元数据都经过加密并备份到云存储，因此在发生灾难时，iSav可以在全局范围内恢复。在将数据发送到云存储之前，存储在Clouc中的每个文件都将受到非常强大的加密标准的安全保护，这样就没有数据中心管理员能够访问您的敏感数据。

3.5密钥管理

对可能存储数月或数年的数据进行加密时，安全有效的密钥管理至关重要。密钥管理一直是传统加密系统的一个弱点，要求用户或管理员跟踪这些重要且高度敏感的信息。此外，密钥通常以明文形式存储在开放操作系统上，从而导致更大的妥协可能性。iSay通过一个创新的、分层的密钥管理系统改变了这一传统，它通常消除了复杂性与加密相关联，但可以确保密钥得到完全保护，并且无论位置如何，都可以恢复数据。数据在文件级使用文件密钥加密，这确保即使是相同的文档也会产生不同的密文。此外，每个Cryptainer vault都有自己的加密密钥，因此可以对聚合存储进行加密分区。最后，这些密钥被封装在一个额外的AES-256加密层中，这样它们就可以在iSav之外安全地备份

图2演示了将加密密钥自动归档到密钥服务器并备份到云存储或NAS

3.6附加安全功能

身份验证和评估控制:身份验证在iSav提供的安全性中扮演关键角色，确保只有authorizec用户和应用程序才能访问存储的数据。n/m管理员身份验证是为了避免单个安全管理员滥用他/她的管理员权限，isav可以选择n/m管理员的法定人数登录，以激活和配置isav。

用户身份验证是在访问数据之前对自己进行身份验证，以防止未经授权访问不适合自己的数据。它记录每个事件、操作或文件访问，并跟踪谁、何时、什么以及如何访问受保护的数据。这包括管理员或用户执行的所有成功和失败的操作。无法修改或删除日志。易于管理的系统:iSav提供了许多有用的工具来帮助系统管理员处理维护任务，如远程安全的web管理界面和电子邮件通知。成本效益集中解决方案:Signal iSav可以对多个文件服务器和NAS设备的文件进行安全保护，不依赖于特定的存储供应商，具有成本效益。和它。还集中保护来自不同应用程序的文件。

4. 结论当组织试图

通过实现聚合存储技术(如文件服务器(NAS))和复制这些数据进行备份和灾难恢复来节省资金和改善对数据的访问时，它们已经为更大的风险打开了大门。身份盗窃给公司和政府机构造成了数十亿美元的损失，新的隐私保护措施要求人们更加关注存储数据的安全性。

虽然一些常见的现有安全技术发挥着重要作用，但它们并不能充分满足存储安全的需求。基于软件的存储安全解决方案速度慢，范围有限，并且不完全安全。nwStor为存储安全问题提供了全面的解决方案，使组织能够进行深度防御。nwStor iSav是一种功能强大、可伸缩的网络设备，专门为保护存储的数据而设计。iSav使组织能够获得网络存储的全部好处，同时确保数据保持私有和安全。