Windows 10 RAID for Photographers

These techniques should work under Windows Vista, 7, 8, 8.1, or 10. I'm just using 10 as it is the most up to date as of the time I'm writing this (May 2017). Specifically, Windows 10 1703 / Creators Update.

This is a draft, if you'd like to see me continue, just let me know in the comments!

Introduction

A photographer has unique storage needs. They tend to need to maintain an archive of data that can be in the terabytes. They also are working with an active data set (from a current shoot) that's in the 10's of gigabytes.

This article will walk through how a photograph can use RAID 5 to meet those needs.

What is RAID?

First, What is RAID? Go check out Wikipedia at https://en.wikipedia.org/wiki/RAID for a nice article. The basic idea is that hard drives fail. So, spread your data across more than one so that you don't lose everything if one dies. different levels of RAID provide different levels of protection. In this article I'll focus on level 5 (called RAID 5) which provides a great balance of cost, performance, and value.

RAID 5 take three (or more) drives and puts them into a pool called an array. Some fancy math is done so that your data and "parity information" is stored across all three drives. Then, if any one drive fails, the computer can use the parity information to recreate the missing data. This happens on the fly; you may not even notice that a drive has failed. You replace that drive, and the computer rebuilds the data that was on it. Once the array is healthy again, any drive could fail without impacting your work.

I support desktop machines at a business about an hour from my house. I've got RAID 1 (a cheaper option) in those desktops. When a drive fails, the end user doesn't notice. During my monthly visits, I detect and fix the failed drives. They don't even know that they averted disaster.

What is required?

For RAID 5, you need 3 hard drives. Most desktop computers can easily handle that. If you are lucky enough to live by a Frye's, Micro Center, or similar, they'll be happy to help you out. You may need things like this:

• Amazon Link to Drive
• Amazon Link to SATA Cables
• Amazon Link to SATA Power Splitter

Expect to spend about $300 for "value" drives.

How?

Physically connect the new drives to power and SATA ports in your computer. (I'm using a Virtual Machine with small disks. Your large drives and physical machine will be similar)

This has a great writeup on configuring RAID under the new Windows 10 Storage Spaces:

https://www.pcsteps.com/738-software-raid-windows-storage-pools/

Ransomware

TBD

Conclusion

TBD

Standing up a Security Operations Center

I see people struggle with starting a Security Operations Center. It is a daunting task that is frequently bestowed by management with a high priority, lots of money for blinkenlights but almost none for training.

Here's the first thing to know:

• People > Process > Technology

People are more important that Process which is more important that Technology (or Tools). Yes, all three are required. Yes, tools make us more efficient, but you've gotta have great people to start. Remember that when you're budgeting.

So, you're about to spend a bunch of money on software, appliances, and other tools to get you better controls. So, remember this:

• Prevention -> Detection -> Response

What's that mean? Of course you want to prevent as much "evil" in your environment as possible. But, prevention fails. Get your management on board with that as early as possible. Otherwise, the question becomes "How many times can I fail before you fire me?"

Once prevention fails, you have to rely on Detection. So your IDS tells you that someone is pwned. Then what? Respond! That's where your Incident Response kicks in.

Standing up all this is very difficult and you probably don't have the man-power already to do it right. You'll need Engineers to get everything installed and functional. Not easy work. But, then you'll quickly need Analysts to go through all the data generated by these systems; understand & prioritize it. Then, those Analysts get to do the really fun stuff: Incident Response and Forensics.

Training

Formal Training is so incredibly important. I suggest:

• SEC401: Security Essentials Bootcamp Style
• SEC511: Continuous Monitoring and Security Operations
• SEC504: Hacker Tools, Techniques, Exploits, and Incident Handling
• FOR500: Windows Forensic Analysis
• FOR508: Advanced Digital Forensics, Incident Response, and Threat Hunting

Books

Before you get too into this, you need your framework. What are your guiding principles. I highly suggest the "MITRE SOC Book", Ten Strategies of a World-Class Cybersecurity Operations Center by Carson Zimmerman. This is a wonderful, free resource. This helped jump start the SOC building process at one place I worked.

Cisco press has their Security Operations Center: Building, Operating, and Maintaining your SOC book. It was helpful. A good compliment to the MITRE one.

Syngress has Designing and Building Security Operations Center from David Nathans. Something you want on your shelf, too!

I've had the pleasure of hearing both Carson and David speak. These guys know their stuff and have distilled much of it into paper so you can learn from their mistakes.

SANS SEC511 Wish List

I'm getting ready to do a Mentor Sessions of SANS SEC511. Here's the link to my class: https://www.sans.org/mentor/class/sec511-cincinnati-01jun2017-mark-jeanmougin

There are lots of things you'll learn about that you may want to try at home. Here is an Amazon WishList of things that I've purchased that helped for the class.

Happy Hunting!

MJ