Can a SAN or NAS environment really be hacked if it's behind a firewall?
Storage devices are serving up multiple network segments and creating a virtual bridge that basically negates any sort of firewall put in place. This can provide a conduit into the storage environment, especially when a system is attacked and taken control of in the DMZ or public segment. The storage back end can then be fully accessible to the attacker because there is a path for the attack.
Don't assume that your systems are automatically protected. The only way to know for sure is to test for these vulnerabilities using good tools and ethical hacking techniques.
Listen to the Storage Security FAQ audiocast here.
Go to the beginning of the Storage Security FAQ Guide.
14 Mar 2007