Five must-have storage security testing tools

Whether storage is within the scope of your organization's information security testing or even on your radar at all, it's important that you're testing your storage-related systems to see where you're vulnerable. External attackers and rogue insiders know that storage systems can be broken into, and the only way to keep up is to find the holes ahead of -- or at least in step with -- the bad guys. I covered the methodology as well as various security tools and techniques in this tip on hacking storage and this tip on rooting through unstructured information. Now, it's time to drill down further into a set of tools specifically designed to test storage security.

Storage security articles The problem with unstructured information Protect your data from hidden threats Thirteen data retention mistakes to avoid

I came across the following tools when reading Himanshu Dwivedi's excellent book Securing Storage (Addison Wesley). They're a must-have for any storage professional so let's take a look.

StorScan is a Windows-based command line tool (as shown below) that will scan your network for live storage systems running SSH, telnet, TFTP, HTTP/HTTPS, SNMP, CIFS, NFS, iSNS, iSCSI and NDMP. These are essentially the main TCP ports that signify a storage area network (SAN) or network attached storage (NAS) host.

StorScan has two scanning options: single host (-h) or entire subnet (-k)

StorScan focuses on just the basics. You can use any other port scanner, such as SuperScan, and may wish to once you've identified your storage hosts. That way, you can see if other services are running on the systems that need to be probed and prodded further.

CHAP Password Tester is a Windows-based command line tool as shown below that will take iSCSI SAN authentication information you've captured using a network analyzer (such as Wireshark [formerly Ethereal] or, my favorite, EtherPeek) and perform a dictionary crack on the password.

CHAP Password Tester walks you through the password cracking process

You'll need access to the network session in order to sniff CHAP information off the wire but this is easily accomplished by plugging into a span/mirror/monitor port on your Ethernet switch or by using an ARP poisoning tool such as Cain. Just be careful with the latter since ARP poisoning can bring down your network.

GrabiQNs is a Windows-based command line tool that allows you to extract iSCSI Qualified Names (iQNs) from an Ethereal (Wireshark) capture as shown below. This can be used to demonstrate the iQN spoofability weakness on iSCSI networks.

GrabiQNs' basic interface for extracting iQN authorization values from a network analysis session

NASanon is a Windows-based command line tool that will scan a NAS share via CIFS to see if anonymous connections are allowed as shown in the following figure. This could be scripted to perform an analysis of your NAS environment.

Using NASanon for an easy way to see if anonymous share connections are possible

CIFSShareBF is a Windows-based command line tool for guessing CIFS share passwords as shown in the following figure.

CIFSShareBF can be used to guess weak CIFS share passwords

These aren't the be-all end-all storage security testing tools (you've got to look at the entire picture from applications to operating systems and beyond. That said, Dwivedi and the guys at iSec Partners are definitely onto something good here. Hopefully they'll continue their storage security tool development and end up with a broad range of tools like what Foundstone and similar security research/consulting firms have amassed over the years.

I'm a big believer that you've got to have good tools to find the most security vulnerabilities. With storage security coming into the spotlight, these are the very tools you need to be using to keep up and to keep your storage environment secure.

Do you know…

Kerberos' place in NAS authentication

About the author: Kevin Beaver is an independent information security consultant, speaker, and expert witness with Atlanta-based Principle Logic, LLC. He has more than 18 years of experience in IT and specializes in performing information security assessments revolving around compliance and IT governance. Kevin has written six books including Hacking For Dummies and Hacking Wireless Networks For Dummies (Wiley) as well as The Practical Guide to HIPAA Privacy and Security Compliance (Auerbach). He can be reached at kbeaver@ principlelogic.com.

Rate this Tip To rate tips, you must be a member of SearchStorage.com. Register now to start rating these tips. Log in if you are already a member. Digg This!     StumbleUpon     Del.icio.us    RELATED CONTENT Data storage management Server virtualization may have big disaster recovery payoff SAN vs. NAS: What's the difference? How to make your storage greener RAID 6 vs. RAID 10 Top 5 storage management tips of 2007 How to mitigate the performance penalties of data encryption software Tutorial: Creating a tiered SAN architecture Avoiding storage-related bottlenecks in virtualized environments Ten reasons storage security is critical How to reduce risk with storage security policies Data management tools Tek-Tools adds path reporting on VMware and VTL HP users sick and tired of fighting storage fires every day Xiotech rings up first sale for self-healing Emprise systems Symantec, Citrix take on VMware in storage management Migrate data without mistakes 10 key considerations for email archiving Storage automation still not a no-brainer Xiotech, Atrato spin out self-healing disk systems Storage Decisions Chicago 2008 Session Downloads Storage Decisions Session Downloads: Storage & Capacity Management Track (Chicago 2008) Data management tools Research Related information New Seminar: Data Protection: Preventing Data Theft and Loss SAN security benefits NAS security The pros and cons of portable storage Risk management: Know your storage risks Hack your storage to test your security RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary application-aware storage  (SearchStorage.com) capacity optimization  (SearchStorage.com) compression artifact  (SearchStorage.com) data classification  (SearchDataManagement.com) data deduplication  (SearchStorage.com) depository  (SearchStorage.com) storage consolidation  (SearchStorage.com) storage provisioning  (SearchStorage.com) storage resource management (SRM)  (SearchStorage.com) wide-area file services  (SearchStorage.com) RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.