This tip will teach value-added resellers (VARs), systems integrators and security consultants determine which security tests to perform, and which tools to use to ethically hack a customer's storage systems and uncover hidden vulnerabilities.
It used to be that storage systems existed on small, trusted networks with minimal access. Now, with the never-ending expansion of storage systems, multiple administrators, management software "feature bloat" and the co-mingling of non-sensitive and sensitive information on the same storage systems, storage systems have taken on complexities of their own and are proving to be more and more vulnerable to security breaches.
When it comes to testing for vulnerabilities in storage systems (DAS, NAS, and SANs), it's easy to overlook weaknesses that may be obvious to a malicious insider or other attacker. From perimeter security weaknesses to insider advantages, such as knowing just where sensitive storage devices are located, these kinds of hit-or-miss issues will get you every time.
Learn more best practices for storage penetration testing so that you can keep your customers' storage safe from attacks.
About the author
Kevin Beaver is an independent information security consultant, author and speaker with Atlanta-based Principle Logic LLC. He has more than 17 years of experience in IT and specializes in performing information security assessments. Beaver has written five books, including Hacking For Dummies (John Wiley & Sons, Inc.), the brand new Hacking Wireless Networks For Dummies and The Practical Guide to HIPAA Privacy and Security Compliance (Auerbach Publications). He can be reached at firstname.lastname@example.org.
This was first published in February 2007