Article

Unsecure SANs invitation for hackers

Mark Lewis

Storage Area Networks (SANs) may be the future of networked storage, but the networking technology could be an open invitation for hackers to access your data.

According to Himanshu Dwivedi, managing security architect at @stake, Inc., and a speaker at the SearchStorage.com Storage Management 2002 conference held in Chicago last week, SANs are a gateway for hackers to tap in to a businesses' network.

Where the vulnerabilities reside

Himanshu Dwivedi, managing security architect at @stake, Inc., broke down some of the holes in a network that can give a hacker "keys to your kingdom." Here are the main points of weakness.

Sequence ID

What to look for: For each frame transmitted in a sequence, SEQ_CNT is incremented by 1. An attacker might be able to guess the SEQ_ID and hijack a session.

Joining the fabric

What to look for: A man-in-the-middle attack. An attacker sends out a modified frame to xFFFFFF with the 24-bit address

Requires Free Membership to View

of the legitimate switch. The fabric assumes the attacker is the legitimate FC switch.

Disruption of flow control

What to look for: Before devices can send data to each other, they must login to establish credit with each other. Injecting a high or low credit value disrupts the flow.

Switches

What to look for: An attack to a switch could potentially send frames to different parts of the network.

HBAs

What to look for: World wide names (WWN) can easily be changed on an HBA. WWNs can be spoofed to access different zones.

The weakest link: The Fibre Channel connection.

"Hackers will try to gain access through the path of least resistance," said Dwivedi. "We are seeing the same problems in the Fibre Channel that you saw in the IP networked based world in the late 80's."

One of the things storage administrators do have going for them notes Dwivedi is that they know exactly how their networks are configured.

"Ninety-nine percent of unauthorized users get into the network because of bad configuration, not by some elite, super method," said Dwivedi. "The biggest problem a hacker has is figuring out what your SAN looks like.

There are some short-term solutions that were recommended by Dwivedi. He says there are two major areas where administrators can shore up their SANs. The first is by segmentation. This means a logical segmentation of management traffic from data traffic. Most hackers, Dwivedi said will logically be going after a company's most prized data.

The second is in the switch configuration. Under this umbrella, there are three areas to secure the network; Simple Name Server hard and soft zoning, port binding and port type controls.

Aside from these solutions, users break it down to a more simple solution.

"The main thing about security is just being proactive," said Ray Drake from Lincoln Electric System in Lincoln, Neb.

Drake, who manages a 200-server data center is also in the middle of a major SAN implementation and security audit with an outside consulting firm.

"We are in the middle of a SAN implementation but at the same time we are also in the fifth or sixth month of a security analysis. Once we complete that, we'll have a better idea where the holes are," said Drake.

Dwivedi also recommends that storage professionals consider the amount of layers internal and external users see.

"You have to make it difficult for the hackers. Six or seven layers may not be enough a single compromised server may open the gateway to a SAN," said Dwivedi. "One to two layers is also not enough for the internal network."

Maybe the best advice Dwivedi offered was to remind users, if they aren't using a part of their network, disable it. This he says will limit your exposure to certain types of hackers.

For more information:

Have a question about storage security? Ask expert Vijay Ahuja to help you stay hack-free.

Article: What tools for checking NT security are there?

Article: Storage security round-up

Featured Topic: How safe is your data?

Himanshu Dwivedi's company, @stake, Inc.

Related Topics: SAN management, VIEW ALL TOPICS

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: