Internal and External Vectors

 < Day Day Up > 

In biology, a vector is the way that a disease agent accesses a host. Sneezing is a vector, as are the surfaces in a bathroom. The vector for the Black Death in the Middle Ages was fleas carried by rats, and mosquitoes are a vector for yellow fever.

The same is true of computer attacks. Several vectors can be employed to attack systems. Storage systems have some vectors in common with other parts of a computer infrastructure and a few unique ones as well.

Generally speaking, attacks come from either an inside source or an outside one. In a recent study by the Computer Security Institute and the Federal Bureau of Investigation, internal attacks against systems were listed as the second most common type of attacks reported.[1] Because these attacks tend to be underreported or categorized as something other than computer intrusion, it is safe to say that internal threats are very dangerous and prevalent. Attacks against storage systems are more likely to be from internal vectors, owing to the difficulty of getting to the storage infrastructure from the outside. Many layers of network, host, and application security have to be breached before a typical SAN can be attacked. Fibre Channel networks in particular require an external source to have high degrees of access and uncommon skills to mount an effective attack.

[1] 2003 CSI/FBI Computer Crime and Security Survey.

Besides the ability to mount attacks, insiders have the capability to do much more damage. They have superior knowledge of and access to sensitive information, such as passwords. Insiders can also cover their tracks better because they are knowledgeable of a company's security policies, practices, and capabilities.

That is not to say that external hackers aren't capable of attacking a storage network. iSCSI, being Internet based, is especially vulnerable to attack. The complete lack of authentication in a Fibre Channel network ensures that if a host is breached, the storage devices are wide open to attack. It is only a general lack of knowledge of FC SANs that keeps storage system hacking from becoming a more widespread problem.

Security Through Obscurity

Some systems are more secure because they are not well known. This is known as security through obscurity. The skills necessary to deploy and manage a SAN, especially a Fibre Channel one, are not at all common. SANs are still something of a specialty, and this has acted to protect SAN systems despite gaping holes in security.

This type of protection never lasts. As technology becomes more commonplace, so do the skills to attack it. With the advent of IP SANs and Fibre Channel SANs targeted to the small- and medium-size business market, IT professionals can no longer rely on SAN security by virtue of a lack of knowledge.


To attack a system from the outside, the attacker first needs to penetrate the perimeter network defenses. The intruder then needs to gain access to a host with sufficient privileges to access the applications and tools used to manage and access the storage system. There are several methods for doing this, including making use of a flaw in a running system process or application.

Despite the difficulty of all this, it is possible to launch an attack from outside a storage network. It is also conceivable that an actual attack will emanate from a different computer on the network that is acting as a relay. This is old hat for many hackers.

Unintentional Security Breaches

Another type of threat that is often overlooked is unintentional attacks. These are almost always insider mistakes. Perhaps a Fibre Channel switch is not zoned properly, and a new host is allowed to format a disk containing data from a different host or application. Maybe an iSCSI disk array is placed on the network without a firewall, and curious people snoop around, causing corruption of the data.

Well-meaning but poorly trained IT professionals are often a major reason why systems are damaged by insiders. Someone who thinks he can configure a Fibre Channel switch but doesn't really understand the management interface can cause as much damage as, or even more damage than, the most malicious attacker. Security systems are like locks on doors they keep honest people honest.


     < Day Day Up > 


    Data Protection and Information Lifecycle Management
    Data Protection and Information Lifecycle Management
    ISBN: 0131927574
    EAN: 2147483647
    Year: 2005
    Pages: 122

    flylib.com © 2008-2017.
    If you may any questions please contact us: flylib@qtcs.net