In: Computer Science
A storage array dials a support center automatically whenever an error is detected. The vendor’s representative at the support center can log on to the service processor of the storage array through the Internet to perform diagnostics and repair. Apply the security concerns in this environment and provide security methods that can be implemented to mitigate any malicious attacks through this gateway.
security concerns :
SAN Management
Integrity of SAN can be compromised, whether intentionally or
accidentally if
unintended and unauthorized individuals have access to certain
elements of SAN
management. Some of the inappropriate accesses to SAN
configurations are:
·
Exposed network administration passwords allowing unauthorized
individuals
to access SAN in the role of administrator.
· Changes to zoning information allowing access to storage and
read/write to
data
· Changes to security and access control policies allowing
unauthorized servers
or switches to gain access to SAN. 19
These
elements of management communications such as passwords must be
secured on
some interfaces between the security management function and a
switch fabric. Because
security management impacts the security policy and configuration
of the entire SAN
fabric, administrator access controls can be used to work in
conjunction with security
management functions. In addition, administrator-level fabric
password access provides
primary control over security configurations.
Possible Attacks
Since
there are a lot of discussions already available on Operating
Systems (OS), and
applications’ vulnerabilities already been discussed, let me cover
several SAN specific
attacks that might occur. These attacks could be:
·
Man-in-the-middle type of attacks
· SNMP vulnerabilities
Man-in-the-middle Type Attacks:
Man-in-the-middle attack is defined by Paul McFedries on his
website The Word Spy as
“A computer security breach in which a malicious user intercepts-
and possibly alters –
data traveling along a network.” 21 Due to the fact that insiders
pose the greatest threat to
data security, 22 this type of inside attack is far more dangerous
than outside attacks and
should not be overlooked by any organizations.
Incidents reported by Cryptec Secure Communications on Enterprise
Security showed
that:
· “85% of computer crimes originate inside the network” (Intranet
Security)
· According to a 2001 Information Security Magazine Survey, insider
breaches of
security are rampant and dangerous. Of those surveyed:
o 58% experienced abuse of computer access controls
o 24% experienced intentional disclosure of proprietary data
· According to the FBI, the average cost of an insider breach is
$2.4 million while
the average cost of a break-in from the Internet is $27,000.”
23
There are several possible man-in-the-middle types of attacks to
SAN such as:
1.
World Wide Name (WWN) attack on the HBA
2. Management Admin attack – admin password unencrypted via telnet.
Solution to
use isolated subnet for management or do local management only
The
World Wide Name (WWN) attack happens when a machine with different
HBA and
WWN id assigned is accessing unauthorized storage resources through
the SAN fabric.
Whether it happens intentionally or accidentally, it can compromise
the confidentiality,
availability and integrity of the data.
SAN
Management attack can occur when unauthorized individuals in the
network is able
to obtain elements of management communications such as
Administrator password
using some type of sniffer software such as dsniff, that can be
used to grab passwords in
the network.
Several steps can be taken as protection against this type of
attack, such as using SAN
management software that encrypts password from some interfaces
like Management
Console, to a switch fabric. Management Console can also be placed
in an isolated,
dedicated network to protect it from ‘Man-in-the-middle’ type
attack