Christopher,

Thanks for your response, but I guess I'm still missing something.

If a "black hat" had low-level access to the drive, knew the internals of OnTap's file system enough to find the MFT, and understood whatever, if any, encryption/hashing algorthim is used on the individual files/blocks, could he/she replace selected ones with modified versions?

I realize that we're probably talking NSC-level sophication, but is it technically possible?

Our Legal department's contention is that data can't be "reburnt" to the optical disk (which may or may not be true), while magnetic can.

We have holes that you could drive a bus through, but they are fixated on this trivial detail.

Thanks,

Scott

Scott, I understand the legal departments position on it.

With intimate knowledge of the inner workings, physical access, the ability to take the media offline and manipulate it, and even copy and replace.

Given those circumstances - we could then indeed end up replacing data which resides on optical disk.

However, from an operational and auditing perspective when we're talking about working with volumes which are treated with SnapLock - we tend to have additional boundaries to work with.

Optical disk - treated as it is, is more or less hardware utilized by some technology, at which point you need to only exploit the technology utilizing the media.

Working within the realm of SnapLockC, we have a number of hardware and software components to work with, which have their own checks and balances to deal with.

From a compliance and auditing perspective with filers you would be able to report on a downtime event, the length of the impact, the impact it had and any subsequent changes as a result of that downtime. Then within the SnapLock volume(s) itself, there are a number of methods of accounting, checksums, hashing, etc - letting you have a traceable event to tie back to any potential for modification (Though given the circumstance of an attempt at modification, I'd be more concerned with the storage outage of an active WORM filesystem, compared with a writable destination which may be referenced at times.)

That is one of the differences of Magnetic WORM vs Optical WORMS, is that most opticals are treated like a black-box: in that it is something you don't even think about or look at until there is a problem. Part of the reasoning behind that, is it often so complicated and difficult to try to report or act against it, it truly is a black box.

In this particular implementation of a Magnetic WORM - we have all the assurance of an Optical medium, but with the intelligence to audit and hold accountable directly the medium, so we'll know when data is coming out of its retention (5yr, 7yr, 30yr or unlimited, etc) - in a matter which isn't hidden and secluded behind smoke and mirrors.

With that, the perception of magnetic WORM's isn't the pariah that most legal departments view it as, infact even more of an advanced form of the prior optical medium without the limitations within the space - while also shielding it through technical advancements and sophistication so as to protect it from the vulnerabilities which do exist in optical WORM's but are usually seen as 'unlikely'.

Hopefully this was beneficial to the effort you're looking to accomplish.

My opinions and technical guidance reflect my security background and experience of other black and white hats in industry.

Thanks Scott and good luck!

Christopher Kusek