SAN Security by Obscurity
SAN environments pose a number of security risks.
August 3, 2003
Many IT managers are unaware of the security risks associated with their Storage Area Networks (SANs). According to Himanshu Dwivedi, managing security architect of @stake, a digital-security consulting firm, "Fibre Channel networks lack authentication, encryption, and authorization normally found in IP networks."
@stake has been analyzing storage security problems for years and helps companies analyze and configure their IT security infrastructures. According to @stake, most companies feel secure with their SAN security; however, a growing number of SANs connected to the Internet are increasingly exposed to potential security breaches. Dwivedi said, "90 percent of all SANs have been set up with soft-zoning, a technique that relies on World Wide Name to determine LUN access. However, World Wide Names can be changed on the fly if you can gain access to the host bus adapter device driver."
An intruder might attempt to break SAN security by first gaining access to the networking level of a computer. At this level, the intruder could use a command-line utility to spoof the World Wide Name (WWN) that the computer's host bus adapter (HBA) uses. An intruder can determine the current WWN by issuing an Ipconfig command. Then, the intruder could guess the next sequential WWN, which generally is an 8-character name and a simple numbering sequence. Each LUN has an associated WWN. After the intruder determines the next WWN, the intruder could use the HBA driver command to change to the spoofed WWN and access all SAN data.
Microsoft and HP have been actively promoting the use of SANs in conjunction with Microsoft Exchange Server. In such a configuration, the Exchange Server has both an IP-based network adapter card and an HBA in the same box. The IP NIC lets you connect to the Internet for Microsoft Outlook Web Access (OWA) support and also lets you connect clients to Exchange Server. The HBA enables direct connectivity of the Exchange Server to the SAN. If Microsoft and HP are successful in selling Exchange on SANs, the number of potential SAN security breaches will increase. Although such an Exchange-on-SAN security breach is theoretically possible, there aren't any publicly documented cases of such an attack happening. Claude Lorenson, product manager for Microsoft's storage division, said, "An attack against SAN data is more difficult than an attack against Direct Attached Storage--DAS." In the case of Exchange-on-SAN configurations, an intruder would have to break the security of Windows, Microsoft IIS, or Exchange, then breach HBA driver security. Lorenson said, "While SAN security is outside the realm of the Windows Server OS, we have worked hard to ensure that someone cannot gain unauthorized access to the network level of a computer. Nonetheless, we would recommend that SAN users implement hard-zoning on their SANs."
Dwivedi said, "Hard-zoning based on ports is the best solution. You can assign specific ports to a WWN. All spoofing attacks would be rendered useless, because they [intruders] would be restricted to the physical ports."
A recent IDC market study states that second quarter 2003 was the first time that more storage capacity was sold on Network Attached Storage (NAS) and SAN devices than on DAS devices. As the number of networked storage devices increases, SAN vendors can no longer rely on the obscurity of their environments to ensure security. Fortunately, SAN fabric switch vendors are actively working on enhanced security features in their future SAN products. These products will offer flexible configurations, interoperability between SAN products, and authenticated access between SAN devices.
About the Author
You May Also Like