Sunday, December 07, 2014

Does A 6Gbps SATA Interface Actually Matter

As we've been told all our lives, bigger is better.  But as we also know, what we've always been told isn't necessarily right any more (and often wasn't ever right).  So, with that in mind, I present the 6Gbps SATA Interface!

First, for those who get confused by the nomenclature and numbering used in computing, a Byte (B) is a collection of 8 bits (b), a Kilobyte (KB) is 1,000 Bytes, a Megabyte (MB) is 1,000,000 Bytes (or 1,000 KB) and a Gigabyte (GB) is 1,000,000,000 Bytes (or 1,000 MB or 1 million KB).(1)

So, with that information at hand, we can do a few calculations to see what 6Gbps really means.  An added complication is the way that the data is encoded across the SATA interface using something called 8b/10b Encoding (and here's a link for the nerdy types) which results in a slight loss in data throughput across the SATA.  The end result of this data encoding means that a SATA 1.5Gbps (187.50MB/s) interface will deliver a total of 1.2Gbps (150MBps) of data.

SATA RevisionInterface Speed GbpsInterface Speed MBpsData Throughput GbpsData Throughput MBps
1.0  1.5Gbps  187.5MBps  1.2Gbps  150MBps
2.0  3.0Gbps  375.0MBps  2.4 Gbps  300MBps
3.0  6.0Gbps  750.0MBps  4.8Gbps  600MBps
3.1  6.0Gbps  750.0MBps  4.8Gbps  600MBps
3.216.0Gbps2000.0MBps12.8Gbps1600MBps

Right, now that we know the actual maximum data throughput of a bunch of different SATA standards, what we need to do is to look for drives that we can attach to these SATA interfaces and see how fast they can go compares to the data throughput speed of the SATA interfaces.

Drive ManufDrive ModelDrive CapacityMax/Sustained Read MBps
SeagateDesktop SSHD ST4000DX001   4TB 146MBps (from all zones)
SeagateDesktop SSHD ST4000DX001   4TB 190MBps (from NAND)
SeagateDesktop NAS HDD ST4000VN000   4TB 180MBps
SeagateLaptop SSHD ST1000LM014   1TB 100MBps
SamsungSSD Pro 840 MZ-7PD512  500GB 540/520MBps (Read/Write)
SamsungSSD 840 Evo MZ-7TE1T0  1TB 540/520MBps (Read/Write)
SamsungXP941 Gen 2 X4 M.2 SSD  512GB1170/950MBps (Read/Write)
PlextorM6E Gen 2 X2 M.2 SSD  512GB 705/638MBps (Read/Write)

As you can quite clearly see, all of the regular Hard Drives (and even the Hybrid SSD/HDDs) are pretty much around the same maximum or sustained transfer rate of somewhere under 200Mbps, which means that plugging one into anything faster than a SATA 3.0Gbps controller will give no performance improvement whatsoever.

This changes when we start to look at SSDs.  The regular Samsung SSDs will deliver up to 540MBps of read performance which is well in excess of the throughput of a 3.0Gbps SATA interface - to get the full performance from any modern SSD you will need to have a SATA 3.0 (6.0Gbps) to connect it to.  This goes for many current SSDs that all deliver up to around 550MBps from Samsung, Intel, Crucial, Transcend and others.

Things, however, start to really get interesting when we look at the newer M.2 (SATA Rev 3.2) devices.  These can deliver data across an older SATA 3.0 interface, or a PCIEx2 or PCIEx4 interface, depending on the configuration of the drive (and socket).  Currently, the Asrock Z97 Extreme6 is the only motherboard to support the X4 transfer rates, however more boards are sure to hit the market soon.  The Plextor M6E drive delivers just under 50% faster transfers using its PCIEx2 interface than can be achieved using the SATA specification, and impressively the Samsung XP941 512GB M.2 drive on an Asrock Z97 Extreme6 delivers over 1GBps in read performance!

So, basically, if you have any form of spinning metal disk, be it a hybrid or not, there's no need to upgrade to a 6Gbps SATA controller, though if you have one on your motherboard, it won't hurt to use it.  If, however, you have one of the current fast crop of SSD drives, then you will need to connect this to a 6Gbps SATA port to realise the full speed of the device.

If speed is your bag, baby, then a 6Gbps SATA port is not enough and you'll need to look at the newer M.2 X4 devices on a controller that will allow it to run at full speed and right now, the only onboard controller that will handle this is on the Asrock Z97 Extreme6 motherboard.  Plug in adapters that will support this spec include the BPlus M2P4S and the PEX16X-LTSSD-ADP adapter.  There may be others out there and Google may well help locate them! :)


Regards,

The Outspoken Wookie

Wednesday, December 03, 2014

BEASTly POODLEs

There have been a number of vulnerabilities detected in various security protocols over the past year or two including BEAST Attack, Heartbleed Bug and POODLE Attack.  At least 2/3 of these have names that give some indication of their severity and the remaining 1/3 leaves you with a rather interesting visual image.  But be ye not distracted by the names - they are all things that need to be addressed in various ways.

Information about the Browser Exploit Against SSL/TLS (BEAST) Attack was released in September 2011 and involved attacking the lack of security in particular implementations of TLS 1.0 traffic.  This vulnerability has been pretty much mitigated today (Dec, 2014), however there are still some older, non-updated systems out there that are vulnerable to this attack.  The table below lists the earliest version of the products that have mitigated the BEAST Attack (and yes, Apple took an inordinately long time to patch for this vulnerability):

Apple iOSiOS 7.0
Apple OS-XOS-X 10.9 (Mavericks)
Google ChromeVersion 16
Microsoft WindowsMS12-006 on Windows 7/Server 2008 R2 and older
Mozilla FirefoxVersion 10

Following on from the BEAST Attack were the CRIME and BREACH attacks which, too, have been mitigated in current browsers and are a low-grade threat at worst these days.

The Heartbleed bug, publicly announced in April, 2014, affected anything running OpenSSL.  The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users.  Yup, it is pretty nasty but this, too, is pretty much completely mitigated by the various vendors using this code.

For an easy to understand explanation of the Heartbleed bug, have a read of this XKCD comic.  To see if your website is affected by the Heartbleed bug, have a look at https://lastpass.com/heartbleed/ (Heartbleed bug only) and https://www.ssllabs.com/ssltest/index.html (Heartbleed and more).  Any site that you go to that uses the "https" protocol can be checked to ensure it is running a version of OpenSSL that is not vulnerable to this attack.  If the site *still* has not been updated, I'd suggest speaking with the vendor, outing them in social media and removing your account and changing any passwords and/or information that was stored in that site.

And now we come to what at first glance may be the fluffiest of all these vulnerabilities - the POODLE Attack.  Basically, there's the ability in browsers to request a lower level of security from the server if the browser doesn't support the version the server prefers.  This is called a security renegotation.  The POODLE Attack uses a recently discovered flaw in the now obsoleted and in the process of fast becoming deprecated SSL 3.0 protocol mixed with a renegotiation attack (forcing the server to drop from TLS 1.x to SSL 3.0).  The simple fix is to disable SSL 3.0 on all your web servers, however there are still some applications that use SSL 3.0 (again, speak with the vendor, expose in social media and seriously question your continued trusting of a vendor using 18 year old technology that's been superseded 3 times).

To read more on the POODLE Attack and how to ensure you're doing everything you can to protect against it, have a read of https://scotthelme.co.uk/sslv3-goes-to-the-dogs-poodle-kills-off-protocol/ and then go to https://www.poodlescan.com/ and https://www.ssllabs.com/ssltest/index.html to confirm your server mitigations have been invoked.  There's also a funky little tool from Nartac Software called IISCrypto that can help you properly configure your Windows IIS to mitigate against POODLE and other vulnerabilities.

The table below lists the earliest version of the products that have mitigated the POODLE Attack:

Apple iOSiOS 8.1
Apple OS-XOS-X Security Update 2014-005 (Mavericks & Mountain Lion)
Google AndroidChrome - still waiting
Google AndroidSamsung Browser - still waiting
Google ChromeVersion 39
Microsoft WindowsTemporary Fix it released, also shows Group Policy fix
Mozilla FirefoxVersion 34

If you want to see if your client (browser) is susceptible to the POODLE Attack, go to https://www.poodletest.com/.  If your browser is vulnerable, don't trust it to keep your data secure.


Regards,

The Outspoken Wookie