News Stay informed about the latest enterprise technology news and product updates.

Unsecure SANs invitation for hackers

It's not only the management of storage area networks (SANs) that make managers cringe. It's also the security implications. According to one security expert, SANs could provide an easy way in for a hacker.

Storage Area Networks (SANs) may be the future of networked storage, but the networking technology could be an open invitation for hackers to access your data.

According to Himanshu Dwivedi, managing security architect at @stake, Inc., and a speaker at the Storage Management 2002 conference held in Chicago last week, SANs are a gateway for hackers to tap in to a businesses' network.

Where the vulnerabilities reside

Himanshu Dwivedi, managing security architect at @stake, Inc., broke down some of the holes in a network that can give a hacker "keys to your kingdom." Here are the main points of weakness.

Sequence ID

What to look for: For each frame transmitted in a sequence, SEQ_CNT is incremented by 1. An attacker might be able to guess the SEQ_ID and hijack a session.

Joining the fabric

What to look for: A man-in-the-middle attack. An attacker sends out a modified frame to xFFFFFF with the 24-bit address of the legitimate switch. The fabric assumes the attacker is the legitimate FC switch.

Disruption of flow control

What to look for: Before devices can send data to each other, they must login to establish credit with each other. Injecting a high or low credit value disrupts the flow.


What to look for: An attack to a switch could potentially send frames to different parts of the network.


What to look for: World wide names (WWN) can easily be changed on an HBA. WWNs can be spoofed to access different zones.

The weakest link: The Fibre Channel connection.

"Hackers will try to gain access through the path of least resistance," said Dwivedi. "We are seeing the same problems in the Fibre Channel that you saw in the IP networked based world in the late 80's."

One of the things storage administrators do have going for them notes Dwivedi is that they know exactly how their networks are configured.

"Ninety-nine percent of unauthorized users get into the network because of bad configuration, not by some elite, super method," said Dwivedi. "The biggest problem a hacker has is figuring out what your SAN looks like.

There are some short-term solutions that were recommended by Dwivedi. He says there are two major areas where administrators can shore up their SANs. The first is by segmentation. This means a logical segmentation of management traffic from data traffic. Most hackers, Dwivedi said will logically be going after a company's most prized data.

The second is in the switch configuration. Under this umbrella, there are three areas to secure the network; Simple Name Server hard and soft zoning, port binding and port type controls.

Aside from these solutions, users break it down to a more simple solution.

"The main thing about security is just being proactive," said Ray Drake from Lincoln Electric System in Lincoln, Neb.

Drake, who manages a 200-server data center is also in the middle of a major SAN implementation and security audit with an outside consulting firm.

"We are in the middle of a SAN implementation but at the same time we are also in the fifth or sixth month of a security analysis. Once we complete that, we'll have a better idea where the holes are," said Drake.

Dwivedi also recommends that storage professionals consider the amount of layers internal and external users see.

"You have to make it difficult for the hackers. Six or seven layers may not be enough a single compromised server may open the gateway to a SAN," said Dwivedi. "One to two layers is also not enough for the internal network."

Maybe the best advice Dwivedi offered was to remind users, if they aren't using a part of their network, disable it. This he says will limit your exposure to certain types of hackers.

For more information:

Have a question about storage security? Ask expert Vijay Ahuja to help you stay hack-free.

Article: What tools for checking NT security are there?

Article: Storage security round-up

Featured Topic: How safe is your data?

Himanshu Dwivedi's company, @stake, Inc.

Dig Deeper on SAN technology and arrays

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.