Re: EMC Symmetrix SAN

[Joseph Spears <Joseph.Spears () EPIT COM>]

When I worked on an EMC (not for EMC, mind you... just on an implementation
at another company).... I remember thinking, "Why would you put the
management console on the net?"

Since nothing is secure, and with EMC, VSS, and XPseries stuff you put all
your eggs in one basket... And if it isn't secured (like the "Mainframe" in
Mission Impossible)... life could be very bad.

I would actually be more concerned about DOS if someone rooted it. Erasing
Terabytes of data.... how long would recovery take? I mean.... if they were
"searching" for something, it could take forever. You still take a chance of
them stealing your data or erasing it on a per-machine basis for everything
wired on the net.... but that is a risk we all have to deal with....

I think the solution is to keep the fibrechannel and scsi cables as the only
point in... and  use my operations staff through phone calls and training
while I am offsite and physically going to the machine otherwise. (I know a
lot of us telecommute, but sometimes sanity must dictate....)

Your friendly paranoid sysadmin,

Joe



-----Original Message-----
From: John Duksta [mailto:jduksta () GENUITY COM]
Sent: Thursday, December 21, 2000 1:07 PM
To: VULN-DEV () SECURITYFOCUS COM
Subject: EMC Symmetrix SAN


Does anyone have any experience securing an EMC Symmetrix Storage
Array? I'm looking for any idea of how easy/difficult it would
be for someone who has perhaps r00ted one box with it's storage
on the array to gain access to a virtual disk belonging to
another box attached to the array.

Thanks,

-john


--
John C.C. Duksta, CISSP                      <jduksta () genuity com>
PGP Fingerprint: 2037 FB34 8D4A 22D7 3EB3 EEF9 3ABA 997E F964 0EAF