Five must-have storage security testing tools

What problem you will solve with this tip: You know that your storage systems need to be secured and there are plenty of tools to find general security vulnerabilities. But, what about tools that look specifically at storage security vulnerabilities? There are a handful of these tools that you probably haven't heard about but need to get to know. In this tip, information security expert Kevin Beaver will introduce you to these tools and explain how they are used, so you can build up a storage security testing toolkit.

Whether storage is within the scope of your organization's information security testing or even on your radar at all, it's important that you're testing your storage-related systems to see where you're vulnerable. External attackers and rogue insiders know that storage systems can be broken into, and the only way to keep up is to find the holes ahead of -- or at least in step with -- the bad guys. I covered the methodology as well as various security tools and techniques in

Requires Free Membership to View

this tip on hacking storage and this tip on rooting through unstructured information. Now, it's time to drill down further into a set of tools specifically designed to test storage security.

Storage security articles
The problem with unstructured information

Protect your data from hidden threats

Thirteen data retention mistakes to avoid
I came across the following tools when reading Himanshu Dwivedi's excellent book Securing Storage (Addison Wesley). They're a must-have for any storage professional so let's take a look.

StorScan is a Windows-based command line tool (as shown below) that will scan your network for live storage systems running SSH, telnet, TFTP, HTTP/HTTPS, SNMP, CIFS, NFS, iSNS, iSCSI and NDMP. These are essentially the main TCP ports that signify a storage area network (SAN) or network attached storage (NAS) host.

StorScan has two scanning options: single host (-h) or entire subnet (-k)

StorScan focuses on just the basics. You can use any other port scanner, such as SuperScan, and may wish to once you've identified your storage hosts. That way, you can see if other services are running on the systems that need to be probed and prodded further.

CHAP Password Tester is a Windows-based command line tool as shown below that will take iSCSI SAN authentication information you've captured using a network analyzer (such as Wireshark [formerly Ethereal] or, my favorite, EtherPeek) and perform a dictionary crack on the password.

CHAP Password Tester walks you through the password cracking process

You'll need access to the network session in order to sniff CHAP information off the wire but this is easily accomplished by plugging into a span/mirror/monitor port on your Ethernet switch or by using an ARP poisoning tool such as Cain. Just be careful with the latter since ARP poisoning can bring down your network.

GrabiQNs is a Windows-based command line tool that allows you to extract iSCSI Qualified Names (iQNs) from an Ethereal (Wireshark) capture as shown below. This can be used to demonstrate the iQN spoofability weakness on iSCSI networks.

GrabiQNs' basic interface for extracting iQN authorization values from a network analysis session

NASanon is a Windows-based command line tool that will scan a NAS share via CIFS to see if anonymous connections are allowed as shown in the following figure. This could be scripted to perform an analysis of your NAS environment.

Using NASanon for an easy way to see if anonymous share connections are possible

CIFSShareBF is a Windows-based command line tool for guessing CIFS share passwords as shown in the following figure.

CIFSShareBF can be used to guess weak CIFS share passwords

These aren't the be-all end-all storage security testing tools (you've got to look at the entire picture from applications to operating systems and beyond. That said, Dwivedi and the guys at iSec Partners are definitely onto something good here. Hopefully they'll continue their storage security tool development and end up with a broad range of tools like what Foundstone and similar security research/consulting firms have amassed over the years.

I'm a big believer that you've got to have good tools to find the most security vulnerabilities. With storage security coming into the spotlight, these are the very tools you need to be using to keep up and to keep your storage environment secure.

Do you know…

Kerberos' place in NAS authentication

About the author: Kevin Beaver is an independent information security consultant, speaker, and expert witness with Atlanta-based Principle Logic, LLC. He has more than 18 years of experience in IT and specializes in performing information security assessments revolving around compliance and IT governance. Kevin has written six books including Hacking For Dummies and Hacking Wireless Networks For Dummies (Wiley) as well as The Practical Guide to HIPAA Privacy and Security Compliance (Auerbach). He can be reached at kbeaver@ principlelogic.com.

This was first published in October 2006

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.