Measures to keep your data safe against human error and actions with malicious intent are vital.
Therefore in addition to security possibilities such as HTTPS logon, two factor authentication and renewal of the Linux operating system to Debian 10, Ardis Technologies extended its auditing and encryption possibilities.
The audit functionality is integrated in the scale out AVFS single file system. When enabled auditing information is generated as part of the file system’s metadata activity. The advantage is that it is both real time and it limits its output to relevant metadata of the file system.
Analysing audit files
A standard audit file is generated. Such file lists which user at which desktop accesses which filesystem file and path, what sort of access in which directory. It also list the users connect and disconnect behaviour. A file can be created, read, written, moved/copied and deleted. These commands are listed. It is recorded with day and time. Such files can be checked and analysed for patterns and behaviour at any moment afterwards. Most of the auditing is required to solve a security issue which has been caused accidently. However there will be situations where faul play is suspected and then sometimes the deed has been done and the guilty one is gone.
Real time auditing
Therefore the auditing also allows instant real time monitoring of which users have access, what sort of access at which desktop to which file in which directory and to which volume the user connects and disconnects. Because the amount of real time information can be overwhelming a few filter option examples such as for a desktop, a path and a file type are included in the manual. Other filters can be configured.
Where does the auditing program run?
The program is part of the AVFS file system, for DDP’s it runs on the DDP and for AVFS it runs on the HA Dual AVFSHead and requires V5.03.005 software with Debian 10 as Linux operating system. With the integration into AVFS it is straightforward to limit the amount of data to just the relevant metadata on a standard time scale of 5 seconds. The commands are READ, WRITE, DELETE, MOUNT, UNMOUNT, RENAME. A copy of a file for example is then a CREATE, READ, WRITE sequence while a MOVE in AVFS is mostly a RENAME with the data itself not moving.
How does it show up?
Proper auditing must have a real time possibility. Therefore a graphical user interface is not the best solution and the command line interface should be used.
In the Terminal window a copy process of file cp1.mov from fv to fv/drama looks like this:
2021-05-25 15:02:32.799029007 CONNECT iqn.mini MOUNT volume ‘fv’ to iqn.mini(172.16.5.4) user ‘jan’… 2021-05-25 15:13:06.139037187 CREATE iqn.mini |drama/cp1.mov 2021-05-25 15:13:06.205854374 READ iqn.mini |/cp1.mov 2021-05-25 15:13:08.142345253 WRITE iqn.mini |drama/cp1.mov
Organisations with security recommendations
Organisations such as the Motion Pictures Association of America and the Content Delivery and Security Association, have published ‘best security practices’ documents for production, post production and music recording studios.
In line encryption
Another measure which can be taken is data encryption. Encryption can be done off line or in real time. Off line encryption can be done by using a utility who takes files or folders as input and generate encrypted output. The encrypted material with the key can then be send out for example. With in line encryption the data is encrypted while written to disk and a key is needed to decrypt it for play out. For in line encryption a group of spindles and or SSDs must have the encryption functionality. They can be combined in one system with groups of spindles and or SSDs without the encryption option.
