RE: RAID 5 drive replacement schedule

["Murda Mcloud" <murdamcloud () bigpond com>]

Now the calculations done by Robin Harris@CNET may be up for conjecture
here;

http://blogs.zdnet.com/storage/?p=162

However, I found it to be thought provoking. 

I know that this thread has become two threads in one but I'm glad I asked
the question and I'm glad I asked in the way I did because the ensuing
debate has been welcome on my part. Stimulates the little grey cells...
Thanks everyone.




> > -----Original Message-----
> > From: Rivest, Philippe [mailto:PRivest () transforce ca]
> > Sent: Saturday, June 21, 2008 4:11 AM
> > To: Adriel Desautels
> > Cc: Murda Mcloud; security-basics () securityfocus com
> > Subject: RE: RAID 5 drive replacement schedule
> >
> > I do think we are saying just about the same thing. But I may of not be
> > clear
> > so let me restate.
> >
> > Raid 5 is an IT field & technologie, and adds to the security by making 1
> > failed drive NOT impact availability. That's all I meant. No decision or
> > security implication should be done before or after that (unless theres
> > an
> > incident). No security team should be implicated in the drive replacement
> > as
> > this is normal IT operation.
> >
> > Raid 5 helps security in keeping the data accessible in the event of a
> > failed
> > drive.
> >
> > Side note:
> > For my CAI is always security related and justified. Make it high or low
> > availability it is security and has to be justified.
> >
> >
> > Merci / Thanks
> > Philippe Rivest, CEH
> > Vérificateur interne en sécurité de l'information
> > Courriel: Privest () transforce ca
> > Téléphone: (514) 331-4417
> > www.transforce.ca
> >
> >
> > -----Message d'origine-----
> > De : Adriel Desautels [mailto:adriel () netragard com]
> > Envoyé : 20 juin 2008 14:00
> > À : Rivest, Philippe
> > Cc : Murda Mcloud; security-basics () securityfocus com
> > Objet : Re: RAID 5 drive replacement schedule
> >
> > Philippe,
> >     I disagree with you and I think that the definition of security
> > that
> > you provided is partial, but thats just my opinion. Availability is a
> > vague term that can, but does not always have a role in security.
> > Determining what the proper schedule is for a drive replacement policy
> > is something that can be done by IT without the security team. Deciding
> > how to dispose of the drives on the other hand is security.
> >
> >
> > Regards,
> >     Adriel T. Desautels
> >     Chief Technology Officer
> >     Netragard, LLC.
> >     Office : 617-934-0269
> >     Mobile : 617-633-3821
> >     http://www.linkedin.com/pub/1/118/a45
> >
> >     Join the Netragard, LLC. Linked In Group:
> >     http://www.linkedin.com/e/gis/48683/0B98E1705142
> >
> > ---------------------------------------------------------------
> > Netragard, LLC - http://www.netragard.com  -  "We make IT Safe"
> > Penetration Testing, Vulnerability Assessments, Website Security
> >
> > Netragard Whitepaper Downloads:
> > -------------------------------
> > Choosing the right provider : http://tinyurl.com/2ahk3j
> > Three Things you must know  : http://tinyurl.com/26pjsn
> >
> >
> > Rivest, Philippe wrote:
> > > Adriel & Murda
> > >
> > > It is a security issue the way you store your data. In regards to the
> > raid
> > > technologies, raid 5 improves the availability of the data by making
> > sure
> > > that a single drive failed will not impact the availability of the
> > data.
> > > Remember that security is
> > > 1- Confidentiality
> > > 2- Availability
> > > 3- Integrity
> > >
> > > The main goal of a Raid 5 is to help #2. You are referring to the
> > disposal
> > of
> > > the HD which is the issue of confidentiality and that is not what Murda
> > was
> > > aiming at. If it is, go for encryption, degaussing, destruction and
> > just
> > > plain format (if the data is not confidential).
> > >
> > > As I explained to him offline, the MTTF and MTBF is about the same for
> > 2 HD
> > > bought/constructed at about the same time. How ever, those are not
> > absolute
> > > numbers that state that, if one drive fails the other one is about to
> > go
> > too.
> > > It's more an estimated value against which you should have some
> > > confidence/hope, your drive should not fail before X hours (it could go
> > > before but the average is X).
> > >
> > > In a raid 5, Drive A, B and C are online and working (they are the same
> > drive
> > > bought at the same time). Drive A fails, you should NOT change drive B
> > & C
> > > unless they are failing also. If you do, the cost of your raid 5 will
> > be
> > > greater then what it should be (the replacing of the parts are going to
> > cost
> > > a lot). Change drive A and hope drives B & C will last longer.
> > >
> > >
> > > The only issue is that 2 drives fail at the same time, which is very
> > > improbable. And if it does, you should be going for your back ups.
> > >
> > >
> > > I do hope this clarified the questions and that I wasn't to unclear
> > with my
> > > details!
> > >
> > > Merci / Thanks
> > > Philippe Rivest, CEH
> > > Vérificateur interne en sécurité de l'information
> > > Courriel: Privest () transforce ca
> > > Téléphone: (514) 331-4417
> > > www.transforce.ca
> > >
> > >
> > > -----Message d'origine-----
> > > De : listbounce () securityfocus com [mailto:listbounce () securityfocus com]
> > De
> > la
> > > part de Adriel Desautels
> > > Envoyé : 20 juin 2008 11:27
> > > À : Murda Mcloud
> > > Cc : security-basics () securityfocus com
> > > Objet : Re: RAID 5 drive replacement schedule
> > >
> > > Murda,
> > >    The real answer to your question is that it is very, very
> > improbable
> > > that all of the drives in the array will fail at the same time. Most
> > > drives are good for a certain period of years, after which point you
> > are
> > > getting "extra time".
> > >
> > >    That is not a security issue though. That is an IT related issue.
> > The
> > > security issue comes into play when you dispose of your drives. Do you
> > > shred them, just throw them in the dumpster, how do you dispose of
> > them?
> > > Regards,
> > >    Adriel T. Desautels
> > >    Chief Technology Officer
> > >    Netragard, LLC.
> > >    Office : 617-934-0269
> > >    Mobile : 617-633-3821
> > >    http://www.linkedin.com/pub/1/118/a45
> > >
> > >    Join the Netragard, LLC. Linked In Group:
> > >    http://www.linkedin.com/e/gis/48683/0B98E1705142
> > >
> > > ---------------------------------------------------------------
> > > Netragard, LLC - http://www.netragard.com  -  "We make IT Safe"
> > > Penetration Testing, Vulnerability Assessments, Website Security
> > >
> > > Netragard Whitepaper Downloads:
> > > -------------------------------
> > > Choosing the right provider : http://tinyurl.com/2ahk3j
> > > Three Things you must know  : http://tinyurl.com/26pjsn
> > >
> > >
> > > Murda Mcloud wrote:
> > > > In my mind, this a security related question as it has to do with
> > ensuring
> > > > availability.
> > > >
> > > > Does anyone have links towards any whitepapers etc that suggest
> > replacement
> > > > of disks in a RAID 5 array as part of a maintenance cycle?
> > > >
> > > > If all the drives in an array are the same age and one fails; does
> > this
> > > mean
> > > > the others are more likely to fail. I'd imagine so as they have had
> > the
> > > same
> > > > amount of usage.