Question

In: Computer Science

A storage array dials a support center automatically whenever an error is detected. The vendor’s representative...

A storage array dials a support center automatically whenever an error is detected. The vendor’s representative at the support center can log on to the service processor of the storage array through the Internet to perform diagnostics and repair. Apply the security concerns in this environment and provide security methods that can be implemented to mitigate any malicious attacks through this gateway.

Solutions

Expert Solution

security concerns :

  

SAN Management

Integrity of SAN can be compromised, whether intentionally or accidentally if
unintended and unauthorized individuals have access to certain elements of SAN
management. Some of the inappropriate accesses to SAN configurations are:

· Exposed network administration passwords allowing unauthorized individuals
to access SAN in the role of administrator.
· Changes to zoning information allowing access to storage and read/write to
data
· Changes to security and access control policies allowing unauthorized servers
or switches to gain access to SAN. 19

These elements of management communications such as passwords must be secured on
some interfaces between the security management function and a switch fabric. Because
security management impacts the security policy and configuration of the entire SAN
fabric, administrator access controls can be used to work in conjunction with security
management functions. In addition, administrator-level fabric password access provides
primary control over security configurations.

Possible Attacks

Since there are a lot of discussions already available on Operating Systems (OS), and
applications’ vulnerabilities already been discussed, let me cover several SAN specific
attacks that might occur. These attacks could be:

· Man-in-the-middle type of attacks
· SNMP vulnerabilities

Man-in-the-middle Type Attacks:

Man-in-the-middle attack is defined by Paul McFedries on his website The Word Spy as
“A computer security breach in which a malicious user intercepts- and possibly alters –
data traveling along a network.” 21 Due to the fact that insiders pose the greatest threat to
data security, 22 this type of inside attack is far more dangerous than outside attacks and
should not be overlooked by any organizations.
Incidents reported by Cryptec Secure Communications on Enterprise Security showed
that:
· “85% of computer crimes originate inside the network” (Intranet Security)
· According to a 2001 Information Security Magazine Survey, insider breaches of
security are rampant and dangerous. Of those surveyed:
o 58% experienced abuse of computer access controls
o 24% experienced intentional disclosure of proprietary data
· According to the FBI, the average cost of an insider breach is $2.4 million while
the average cost of a break-in from the Internet is $27,000.” 23
There are several possible man-in-the-middle types of attacks to SAN such as:

1. World Wide Name (WWN) attack on the HBA
2. Management Admin attack – admin password unencrypted via telnet. Solution to
use isolated subnet for management or do local management only

The World Wide Name (WWN) attack happens when a machine with different HBA and
WWN id assigned is accessing unauthorized storage resources through the SAN fabric.
Whether it happens intentionally or accidentally, it can compromise the confidentiality,
availability and integrity of the data.

SAN Management attack can occur when unauthorized individuals in the network is able
to obtain elements of management communications such as Administrator password
using some type of sniffer software such as dsniff, that can be used to grab passwords in
the network.

Several steps can be taken as protection against this type of attack, such as using SAN
management software that encrypts password from some interfaces like Management
Console, to a switch fabric. Management Console can also be placed in an isolated,
dedicated network to protect it from ‘Man-in-the-middle’ type attack


Related Solutions

Create a program that has an array of length 100 which will automatically be filled with...
Create a program that has an array of length 100 which will automatically be filled with randomly generated numbers between 1 and 100 each time the program is run. Have the program ask the user to enter a number between 1 and 100. Check to see if that number is one of the values in the array. If it is display “We found your number XX at position YY in the array” If the number is not in the array...
Q1. If detective controls signal error flags, why shouldn’t this type of controls automatically make a...
Q1. If detective controls signal error flags, why shouldn’t this type of controls automatically make a correction in the identified errors? Why are corrective controls necessary? Q2. Distinguish between the sales order, billing, and accounts receivable departments. Why can’t the sales order or accounts receivable departments prepare the bills? Q3 Why is access control over revenue cycle documents just as important as the physical control devices over cash and inventory?
Whenever I am attempting to write a simple program on C++ I get an error message...
Whenever I am attempting to write a simple program on C++ I get an error message that reads "cout was not declared in this scope". Literally every time. This has become frustrating because I have even written my code the exact same way as some of my classmates who got theirs to compile and run with no sign of this error at all, and yet min gives this answer. I will leave an example of a code where this error...
- Error Checking - Use of Functions - Menu system - Array Processing
C language and that must contain the following: - Error Checking - Use of Functions - Menu system - Array Processing  
Which one is the best? Type I error of Type II error? Support your choice as...
Which one is the best? Type I error of Type II error? Support your choice as an industrial engineer
QUEUEBOX: Using an Array of initial size of five (5) for storage, start with the following...
QUEUEBOX: Using an Array of initial size of five (5) for storage, start with the following generic class declaration for QueueBox: public class QueueBox<E> { private E[] elements = (E[])( new Object[5] ); private int front_idx = 0; private int rear_idx = 0; private int count = 0; } Hint: use the count variable to keep track of how many elements are in the queue (increment count when enqueing and decrement when dequeing). Makes it a lot easier to determine...
QUEUEBOX: Using an Array of initial size of five (5) for storage, start with the following...
QUEUEBOX: Using an Array of initial size of five (5) for storage, start with the following generic class declaration for QueueBox: public class QueueBox<E> { private E[] elements = (E[])( new Object[5] ); private int front_idx = 0; private int rear_idx = 0; private int count = 0; } Hint: use the count variable to keep track of how many elements are in the queue (increment count when enqueing and decrement when dequeing). Makes it a lot easier to determine...
When protecting palletized storage of expanded exposed Group A plastic in a stable array stored up...
When protecting palletized storage of expanded exposed Group A plastic in a stable array stored up to 25 ft high in a 30 ft building, what is the correct column to use in Table 21.3.3(a) (NFPA 13-2019)? And what is an acceptable density (measured in gpm per sq. ft) for the storage? A. A B. B C. C D. D E. E
Write a letter to your representative stating the reasons why he/she should support the use and...
Write a letter to your representative stating the reasons why he/she should support the use and research of renewable resources and should decrease the use of non-renewable resources in industry. Please include at least three specific examples of each renewable and non-renewables, how they are produced, the relative costs of the production, and also environmental impacts of each.
Implement a Bag ADT using Dynamic Array structure as underlying data storage for Bag ADT. RESTRICTIONS:...
Implement a Bag ADT using Dynamic Array structure as underlying data storage for Bag ADT. RESTRICTIONS: Not allowed to use ANY built-in Python data structures and their methods. You must solve by importing the DynamicArray class and using class methods to write solution. Also not allowed to directly access any variables of the DynamicArray class (like self.size, self.capacity and self.data in part 1). All work must be done by only using class methods. Below is the Bag ADT starter code...
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT