How to Minimize Storage-Related Hacking Risks
Hackers are carrying out a growing number of storage-related hacks. Hackers use various attack vectors and tools to break into the storage environment. Therefore, you need to get to know the techniques and tools yourself and use them to test your own storage environment.
There are a lot of misconceptions and myths related to the security of such storage systems as Fibre Channel and iSCSI Storage Area Networks (SANs), CIFS and NFS-based Network Attached Storage (NAS) systems, and so on. Many network and storage administrators believe that Encryption or RAID equals storage security, An external attacker can’t reach our storage environment, or Security is handled elsewhere. These are all very dangerous beliefs.
Practically every business has some sort of network storage housing sensitive information that it can’t afford to lose. That’s why it’s very important to include both network storage (SAN and NAS systems) and traditional file shares in the scope of your ethical hacking.
Tools to test storage security
These are some tools for testing storage security:
LanGuard for finding open and unprotected shares
QualysGuard for performing in-depth vulnerability scans
nmap for port scanning to find live storage hosts
Storage systems on the network
To seek out storage-related vulnerabilities, you have to figure out what information is where. The best way to get rolling is to use a port scanner and, ideally, an all-in-one vulnerability scanner, such as QualysGuard or LanGuard.
Also, given that many storage servers have web servers built in, you can use such tools as Acunetix web Vulnerability Scanner and webInspect to uncover web-based flaws. You can use these vulnerability scanners to gain good insight into areas that need further inspection, such as weak authentication, DNS server name pollution, unpatched operating systems, unprotected web servers, and so on.
A commonly overlooked storage vulnerability is that many storage systems can be accessed from both the de-militarized zone (DMZ) segment and the internal network segment(s). This vulnerability poses risks to both sides of the network. Be sure to manually assess whether you can reach the DMZ from the internal network and vice versa.
You can also perform basic file permission and share scans in conjunction with a text search tool to uncover sensitive information that everyone on the network should not have access to.
Root out sensitive text in network files
An important authenticated test to run on your storage systems is to scan for sensitive information stored in readily accessible text files. It’s as simple as using a text search utility, such as FileLocator Pro or Effective File Search. Alternatively, you can use Windows Explorer to scan for sensitive information, but it’s slow.
You’ll be amazed at what you come across stored insecurely on users’ Windows desktops, server shares, and more, such as
Employee health records
Customer credit card numbers
Corporate financial reports
Such sensitive information should not only be protected by good business practices, but is also governed by state, federal, and international regulations.
Do your searches for sensitive text while you’re logged in to the local system or domain as a regular user — not as an administrator. This will give you a better view of regular users who have unauthorized access to sensitive files and shares that you thought were otherwise secure. When using a basic text search tool, such as FileLocator Pro, look for the following text strings:
DOB (for dates of birth)
SSN (for Social Security numbers)
License (for driver’s license information)
Credit or CCV (for credit card numbers)
The possibilities for information exposure are endless; just start with the basics and only peek into nonbinary files that you know will have text in them. Limiting your search to these text-based files will save you a ton of time!
.doc and .docx
.xls and .xlsx
Note the files found in different locations on the server.
To speed the process, you can use Identity Finder, a really neat tool designed for the very purpose of scanning storage devices for sensitive, personally identifiable information. It can also search inside binary files such as PDFs.
Identity Finder has an Enterprise edition that you can use to search network systems and even databases for sensitive information.
For a second round of testing, you could perform your searches logged in as an administrator. You’re likely to find a lot of sensitive information scattered about. It seems worthless at first; however, this can highlight sensitive information stored in places it shouldn’t be or that the network administrator shouldn’t have access to.
Testing is highly dependent on timing, searching for the right keywords, and looking at the right systems on the network. You likely won’t root out every single bit of sensitive information, but this effort will show you where certain problems are, which will help you to justify the need for stronger access controls and better IT and security management processes.
Best Practices for Minimizing Storage Security Risks
Like database security, storage security is not brain surgery. Keeping your storage systems secure is also simple if you do the following:
Check the underlying operating systems for security vulnerabilities.
Ensure that your network storage (SAN and NAS systems) falls within the scope of patching and system hardening.
Require strong passwords on every storage management interface.
Use appropriate file and share permissions to keep prying eyes away.
Educate your users on where to store sensitive information and the risks of mishandling it.
De-identify any sensitive production data before it’s used in development or QA. There are tools made for this specific purpose.