NAS' vulnerabilities, namely NFS and the common Internet file system (CIFS)--which allow someone to search another computer for a file--are well known to hackers and those whose job it is to foil their efforts. In contrast, the biggest security issue with Fibre Channel (FC) is many storage administrators feel it's a safe network and only the bad guys are currently aware of its security issues.
Obviously, if a network has no authentication (see "Storage security terms") all other areas of security are moot. There's no point in creating different levels of authorization if any entity can simply lie about its identity. For example, encryption is meaningless if anyone can pretend to have a key. An audit wouldn't reveal much if the system was compromised--the audit might also be compromised. And you have no ability to verify the integrity of your data.
Prior to the advent of FC, each storage network consisted of direct-attached SCSI drives that could only be reached via the SCSI interface to which they were attached. To compromise the data on a disk or tape drive, a hacker first needed to compromise the host. If the attack on the host was successful, the hacker only has access to that host's data. Unless remote shell (rsh) was enabled without a password, a hacker couldn't hack into one host and reach another host's data--each host had to be hacked separately. Therefore, a storage administrator could establish hosts with different security levels on the same LAN because compromising one host didn't equate to compromising all hosts.
However, depending on the configuration, it's possible to access one host's data from another host if both hosts store their data on the same SAN. If one host is compromised and it's able to see the other host's disks via FC, a hacker can access the other host's data. Depending on their motivation, hackers could also compromise the other host via its storage. In fact, there are a bunch of attacks that are possible if one compromised host is able to access another host's storage. These attacks range from stealing data that wasn't intended for the recipient to basic denial of service (DoS) attacks. A disgruntled employee could compromise data by:
- Mounting another system's data drive(s) on the compromised computer and accessing sensitive information such as customer databases, personnel files and engineering drawings
- Mounting another system's data drive(s) on the compromised computer and simply obliterating the contents via commands such as copy, format, dd, delete and rm
- Mounting another system's operating system drive on the compromised computer and viewing password files to run crypt against them
- Mounting another system's operating system drive on the compromised computer and modifying configuration files to get access to the new computer
- Mounting another system's operating system drive on the compromised computer and obliterating and/or corrupting the contents, resulting in a DoS
- Mounting home directories from one server to a compromised server or placing Trojan horses in other users' profile files, resulting in the user performing unknown tasks the next time they log in
Another potential source of data theft is unsecured backup tapes. The integrity of your off-site storage vendor is critically important. In my book, Unix Backup and Recovery, I wrote about the importance of doing random checks on your off-site storage vendor. You can request an onsite visit, and then make up some wild story about this incredibly huge project that requires pulling hundreds of tapes. Tell the vault vendor they're more than welcome to stay with you, but you're going to be in there for hours. Their help isn't really necessary. If they leave you alone in the vault with other customers' tapes, fire them immediately and move all of your tapes to another vault. If they'll leave you with someone else's tapes, they'll leave someone else with your tapes. A hacker only needs to find one hole in your security.
