Security Basics mailing list archives
RE: SAN Vulnerabilities
From: Dan Lynch <DLynch () placer ca gov>
Date: Fri, 17 Dec 2010 10:30:14 -0800
Can you expand on (1) what sort of misconfiguration, and (2) what sort of risk? Dan Lynch, CISSP Information Technology Analyst County of Placer Auburn, CA
-----Original Message----- From: William Reyor [mailto:opticfiber () gmail com] Sent: Friday, December 17, 2010 10:25 AM To: Dan Lynch Cc: mjd; security-basics () securityfocus com Subject: Re: SAN Vulnerabilities A misconfuguration on the SAN can put your data at risk. I'd avoid it if possible. Sent from my ATmega128 On Dec 17, 2010, at 12:58 PM, Dan Lynch <DLynch () placer ca gov> wrote:I'm very interested in this line of analysis as well.High-value / high-risk segregation issues come up here all the time. I'm not a SAN expert either, but this same question has come up in security evaluations. As I've understood (and I could be very wrong here), much of the risk is associated with IP-based transport. But using fibre-channel HBAs for transport represents less risk. Could anyone with more experience speak to this issue?Thanks Dan Lynch, CISSP Information Technology Analyst County of Placer Auburn, CA-----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of mjd Sent: Thursday, December 16, 2010 4:23 PM To: security-basics () securityfocus com Subject: SAN Vulnerabilities We are evaluating a proposal wherein our Web Server Adminswould liketo use our internal SAN to host data for our externalwebsites. Ourexternal websites are on our outfacing DMZ which meansthey could besubject to all sorts of attack. Our internal SAN hosts some very sensitive health care data so I'm reluctant to allow this since it puts our most protected data physically very close to our most vulnerable segment. They have given me assurance that they have locked downthe SAN to thepoint wherein one server accessing cannot access any otherdisk unlessit is explicitly mounted. I do not have heavy experiencewith SANS,but based on their explanation, the SAN switch can be likened to a firewall in that it blocks any communication notexplicitly allowed.When drawing this out on a board, it just doesn't lookright. We'rephysically connecting servers in our External DMZ to our SAN which hosts very sensitive data. Any advice on this situation? Are we overreacting to thisand shouldwe trust in the security boundaries created by the SAN switch/controller? Are there vulnerabilities out therethat allow anattacker to take control of the whole SAN? Thanks in advance! mjd -------------------------------------------------------------- ---------- Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946; e13b6be442f727d1 -------------------------------------------------------------- ------------------------------------------------------------------------ ----------Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL andwho needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946; e13b6be442f727d1-------------------------------------------------------------- ----------
------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- SAN Vulnerabilities mjd (Dec 17)
- RE: SAN Vulnerabilities Dan Lynch (Dec 17)
- Re: SAN Vulnerabilities William Reyor (Dec 17)
- RE: SAN Vulnerabilities Dan Lynch (Dec 17)
- Re: SAN Vulnerabilities William Reyor (Dec 17)
- RE: SAN Vulnerabilities Hahn, Ron (Dec 17)
- <Possible follow-ups>
- Re: SAN Vulnerabilities mjd (Dec 28)
- RE: SAN Vulnerabilities Dan Lynch (Dec 28)
- RE: SAN Vulnerabilities Dan Lynch (Dec 17)