storage security - securing stored data: protecting storage networks and backups
DESCRIPTION
Storage Security - Securing Stored Data: Protecting Storage Networks and Backups. W. Curtis Preston VP Data Protection GlassHouse Technologies [email protected] www.glasshouse.com. Overview. Why are we talking about this? Security Basics for the Storage Administrator - PowerPoint PPT PresentationTRANSCRIPT
© Copyright Storage World Conference 2006. All rights Reserved.
Storage Security - Securing Stored Data: Protecting Storage Networks
and Backups
W. Curtis PrestonVP Data ProtectionGlassHouse [email protected]
© Copyright Storage World Conference 2006. All rights Reserved. 2
Overview
• Why are we talking about this?• Security Basics for the Storage Administrator• Backup Server Vulnerabilities• SAN Vulnerabilities• NAS Vulnerabilities• Management Interface Vulnerabilities• What you can do to secure your stored data
© Copyright Storage World Conference 2006. All rights Reserved. 3
The Good Ol’ Days
apollo
Data
elvis
Data
nina
Data
rissa
Data
The “good old days”
• All disks were behind servers
• No need for “storage security”
• SCSI protocol not designed with security in mind
• No concept or need of authentication or authorization
© Copyright Storage World Conference 2006. All rights Reserved. 4
• Now you can access one server’s storage from another server
• We must begin to address security concerns
• Especially true of NFS/CIFS data and Out-of-band control data is being sent on production LAN.
Storage Networks vs DAS
© Copyright Storage World Conference 2006. All rights Reserved. 5
The challenge• Security and storage people do not often
speak the same language• Storage people don’t get enough security
training to learn the security issues that they should look out for
• Security people don’t get enough storage training to know how networked storage and backup systems affect security
• First result: Inaction• Second result: Publicly acknowledged attack• Third result: You become a jeopardy tile
© Copyright Storage World Conference 2006. All rights Reserved.
Security Basics for the Storage Professional
© Copyright Storage World Conference 2006. All rights Reserved. 7
Security Controls
• Authentication Controls– Are you who you say you are?
• Authorization Controls– Are you allowed to see or modify this?
• Encryption– If you’re given access to something you’re not
supposed to see, you won’t be able to read it.• Auditing
– If bad things happen, we’ll know they happened• Integrity Controls
– Is this the same as when I put it here?
© Copyright Storage World Conference 2006. All rights Reserved. 8
The two phases of an attack
• Enumeration– Can take minutes, days, months, or years– Stop enumeration and you stop the attack
• Penetration– Use data found in enumeration phase to actually attack– Often too late to do anything
Enumeration Phase SuccessStart Finish
Penetration PhaseSuccess
Enumeration
AttackTimeline
Penetration
Figure 1
© Copyright Storage World Conference 2006. All rights Reserved.
Backup System Vulnerabilities
© Copyright Storage World Conference 2006. All rights Reserved. 10
Backup System Vulnerabilities
• Three basic attacks via the backup system– A compromised or rogue backup server– A compromised or rogue client – Stolen media
• A compromised or rogue backup server is all powerful– Backup & restore (access) any data to/from any client– Install back doors anywhere the black hat wants– Destroy evidence of an attack or other malfeasance– Delete/erase all backups– Perform enumeration phase for stolen media attack
• A compromised or rogue client is all powerful within its realm– Restore any data from the past or present– Overwrite recent backups within invalid backups
© Copyright Storage World Conference 2006. All rights Reserved. 11
Stolen Tapes• By design, backup is a plain-text application – to facilitate
restores• All plain-text backup tapes are readable by black hats if
they possess (and know how to use) the appropriate hardware and software
• Backup tapes are handled by humans, and humans make mistakes
• California (SB 1386) and several other states require written notification of exposures to customers. If not possible, it requires notification of media.
• Huge PR loss & potential loss of I.P.• Many tapes cannot be de-gaussed & re-used
© Copyright Storage World Conference 2006. All rights Reserved.
SAN Vulnerabilities
© Copyright Storage World Conference 2006. All rights Reserved. 13
Authentication Methods
• WWN-based zones (worst & most common)– Members specified using WWNs– WWN spoofing is built into HBA driver– Compromised server on the SAN can pretend to be
any other server.• Port-based zones (better)
– Members specified using switch ports– Only attackable with physical access
• Port-binding (best)– Combines WWN-based zoning & port zoning– WWN only authenticated if it’s on the correct port
© Copyright Storage World Conference 2006. All rights Reserved. 14
Authorization Methods
• Soft zones (worst & most common)– Only zone members authorized to list zone members– All authorized communicate directly with WWN– Only slows enumeration phase
• Hardware enforced zones/Hard Zones (best)– Only zone members authorized to list zone members– Only zone members authorized to communicate with
zone members– Only authorization method that offers any
meaningful authorization
© Copyright Storage World Conference 2006. All rights Reserved. 15
LUN Masking
• A LUN represents a virtual or physical device• LUN masking hides, or masks, LUNs from specific
servers • LUNs are usually masked from certain servers
based on the WWNs of those servers• Not an authentication or authorization method,
simply traffic flow control
© Copyright Storage World Conference 2006. All rights Reserved.
NAS Vulnerabilities
© Copyright Storage World Conference 2006. All rights Reserved. 17
NFS Vulnerabilities
• Protocol is clear-text• Authentication based on IP address
and username• Authorization based on user ID,
which can be faked on a rogue server
• Any user can list all shares!
© Copyright Storage World Conference 2006. All rights Reserved. 18
ethereal Sniffing NFS Network
© Copyright Storage World Conference 2006. All rights Reserved. 19
Enumeration of All Shares
• Any user can query an NFS server for shares
© Copyright Storage World Conference 2006. All rights Reserved. 20
CIFS Vulnerabilities
• Encrypts communication traffic• Most weaknesses due to backward compatibility with
older systems• Authentication weaknesses
– Multiple users from any account can access a shared CIFS-enabled device using the correct password
– Little accountability if a password is compromised – Share-level authentication is transmitted in clear-
text • Backward-compatible systems are easily enumerated• Even kerberos-based systems can be penetrated with
enough time
© Copyright Storage World Conference 2006. All rights Reserved. 21
CIFS Enumeration with winfo
C:\>net use \\10.xxx.1.x\IPC$ "" /user:""The command completed successfully.
C:\>winfo 10.xxx.1.1 -nTrying to establish null session...Null session established.DOMAIN INFORMATION: - Primary domain (legacy): XXXXXXX - Account domain: XXXXXLOGGED IN USERS:* xxxxxSHARES: ... * ADMIN$ - Type: Special share reserved for IPC or administrative share - Remark: Remote Admin * C$ - Type: Special share reserved for IPC or administrative share - Remark: Default share
•Using winfo, a null user can get a tonof information..•This works on Samba servers too!
© Copyright Storage World Conference 2006. All rights Reserved. 22
CIFS Enumeration
Once enumerated, it’s a simple matter of a brute force attack
Enum.exe & NBTEnum20.exe can also give you the info…
© Copyright Storage World Conference 2006. All rights Reserved. 23
CIFS Brute Force Attack
Once the username and password have been guessed, the share is compromised
© Copyright Storage World Conference 2006. All rights Reserved. 24
CIFS Enumeration Tools
• Enum.exe• NBTEnum20.exe • SMBBF (brute force)• LC4 for LANMAN attacks• kerbsniff and kerbcrack for kerberos
attacks• And many, many more, all available
via a quick Internet search
© Copyright Storage World Conference 2006. All rights Reserved. 25
Management Interface Vulnerabilities
• True for backup, SAN & NAS• Usually connected to corporate LAN• Often do not change the password• Often managed using plain-text protocols• Black hat with LAN access to destroy all SAN attached
data in a few seconds• Also often offer http & SNMP access to information very
helpful in enumeration
© Copyright Storage World Conference 2006. All rights Reserved.
Closing the back door
© Copyright Storage World Conference 2006. All rights Reserved. 27
Protect Management Interfaces
• Encrypt plain text interfaces– Put management interfaces on separate LAN– Require access through VPN or SSH tunnel to
access management LAN• Use encrypted interfaces
– Upgrade to non-plain text interfaces (SSL, SSH, Secure Telnet)
– Stop using plain text plain text protocols – disable if possible
© Copyright Storage World Conference 2006. All rights Reserved. 28
Secure the SAN
• Use port-based zoning, or port-binding for authentication
• Use hardware-enforced zoning for authorization
• Investigate in-band increased authentication systems, such as FC-CHAP
• Investigate in-band encryption
© Copyright Storage World Conference 2006. All rights Reserved. 29
Secure NAS
• Acknowledge the insecure nature of NFS & CIFS
• Investigate recent advancements in authentication (Kerberos, NFSv4)
• Consider private network for NFS/CIFS• Consider in-band authentication
systems
© Copyright Storage World Conference 2006. All rights Reserved. 30
Secure the Backup Server
• Minimize the number of people with full access to backup server
• Remove all plain text access, separate mgmt port• If admin/root is required, use a Unix backup server
& sudo if possible• Use a honeypot to watch for rogue servers• Work with security department to ensure security• Investigate the role-based security options of your
backup product• Consider encryption of any tapes leaving the
campus
© Copyright Storage World Conference 2006. All rights Reserved. 31
Discarding Used Media
• Many modern media cannot be degaussed and re-used
• Therefore, any reselling service claiming to do so with these media is lying
• Secure media shredding services are available
• You can also encrypt it in the first place
© Copyright Storage World Conference 2006. All rights Reserved. 32
Finally
• Start thinking about Storage Security• Learn what you can about weaknesses and
work around them where you can• Make friends with the security team• Put pressure on vendors to make things more
secure (they are listening!)• GlassHouse can help with a storage security
assessment