Vulnerability Development mailing list archives
Re: EMC Symmetrix SAN
From: Joseph Spears <Joseph.Spears () EPIT COM>
Date: Fri, 22 Dec 2000 09:46:43 -0800
When I worked on an EMC (not for EMC, mind you... just on an implementation at another company).... I remember thinking, "Why would you put the management console on the net?" Since nothing is secure, and with EMC, VSS, and XPseries stuff you put all your eggs in one basket... And if it isn't secured (like the "Mainframe" in Mission Impossible)... life could be very bad. I would actually be more concerned about DOS if someone rooted it. Erasing Terabytes of data.... how long would recovery take? I mean.... if they were "searching" for something, it could take forever. You still take a chance of them stealing your data or erasing it on a per-machine basis for everything wired on the net.... but that is a risk we all have to deal with.... I think the solution is to keep the fibrechannel and scsi cables as the only point in... and use my operations staff through phone calls and training while I am offsite and physically going to the machine otherwise. (I know a lot of us telecommute, but sometimes sanity must dictate....) Your friendly paranoid sysadmin, Joe -----Original Message----- From: John Duksta [mailto:jduksta () GENUITY COM] Sent: Thursday, December 21, 2000 1:07 PM To: VULN-DEV () SECURITYFOCUS COM Subject: EMC Symmetrix SAN Does anyone have any experience securing an EMC Symmetrix Storage Array? I'm looking for any idea of how easy/difficult it would be for someone who has perhaps r00ted one box with it's storage on the array to gain access to a virtual disk belonging to another box attached to the array. Thanks, -john -- John C.C. Duksta, CISSP <jduksta () genuity com> PGP Fingerprint: 2037 FB34 8D4A 22D7 3EB3 EEF9 3ABA 997E F964 0EAF
Current thread:
- EMC Symmetrix SAN John Duksta (Dec 21)
- Re: EMC Symmetrix SAN Mario Palafox (Dec 22)
- <Possible follow-ups>
- Re: EMC Symmetrix SAN Andre Monteiro (Dec 22)
- Re: EMC Symmetrix SAN Joseph Spears (Dec 22)
- Re: EMC Symmetrix SAN Paul Taylor (Dec 23)