The Dragos Platform must have disk encryption enabled on a virtual machines (VMs).
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
| V-270945 | DRAG-OT-000500 | SV-270945r1058006_rule | Medium |
| Description |
| Enabling disk encryption on VMs running the Dragos Platform is a critical security measure to protect sensitive data, ensure compliance with regulations, and provide a robust defense against various threats, including unauthorized access, data breaches, and insider threats. Disk encryption ensures that the data stored on the VM's disk is unreadable to unauthorized users. This is crucial for protecting sensitive information, such as security logs, configurations, and other operational data, from being accessed if the disk is physically stolen or if unauthorized access is obtained. In the event of a security breach, encrypted disks prevent attackers from easily accessing the data stored on the VMs. This is particularly important for mitigating the risks associated with data breaches, including the potential exposure of sensitive operational technology (OT) and industrial control system (ICS) data. VMs can be snapshotted or cloned, creating exact copies of the VM, including its data. Disk encryption ensures that even if a snapshot or clone is made, the data remains protected and cannot be accessed without the appropriate decryption keys. Disk encryption protects data at rest, which is data stored on the disk when the system is not in use. This is a critical aspect of data security, as it ensures that the data remains protected even if the VM is powered off or in a dormant state. For organizations using both on-premises and cloud environments, disk encryption provides a consistent approach to data security. This helps maintain uniform security policies and practices across different infrastructure setups. In multi-tenant environments, where multiple virtual machines run on the same physical hardware, disk encryption ensures that data on one VM cannot be accessed by other tenants or compromised VMs on the same host. |
| STIG | Date |
| Dragos Platform 2.x Security Technical Implementation Guide | 2024-12-23 |
Details
| Check Text (C-74988r1057476_chk) |
| If Dragos is running on an appliance, this check is Not Applicable. Check for disk encryption in a VM. Log into the VM and access the VM using remote access method, such as SSH. Use Built-in Tools or Commands: Linux: 1. Open a terminal window. 2. Use the following command to check if any encrypted partitions exist: lsblk -o NAME,FSTYPE,LABEL,UUID,SIZE,MOUNTPOINT,TYPE 3. Check for partitions with the filesystem type "crypto_LUKS" or similar. 4. Use the following command to list encrypted volumes: cryptsetup luksDump /dev/sdX (Replace /dev/sdX with the appropriate device name) If volumes are not encrypted, this is a finding. |
| Fix Text (F-74889r1058005_fix) |
| If Dragos is running on an appliance, this check is Not Applicable. LUKS (Linux Unified Key Setup): During the installation process, most Linux distributions provide an option to encrypt the disk. Select this option to set up encryption. To encrypt an existing installation, use tools such as cryptsetup to set up encryption manually. Here is a general guide: Execute the following (Replace /dev/sdX with the appropriate device name): sudo cryptsetup luksFormat /dev/sdX sudo cryptsetup open /dev/sdX encrypted_disk sudo mkfs.ext4 /dev/mapper/encrypted_disk sudo mount /dev/mapper/encrypted_disk /mnt |