View Single Post
  #2  
Old February 16th 07, 04:49 PM posted to comp.arch.storage
Guy Dawson
external usenet poster
 
Posts: 24
Default IBM DS4000 security issue when manager is compromised?

IP21Haas wrote:
Is there a possibility when a Hacker takes control of the SAN manager,
that he reassigns LUN's of running systems, or that he disconnects
LUN's?


Why would they not be able to do this if they have access to
the SAN manager?

Any one who has management control of the SAN can manage the SAN

We want to install a DS4700 SAN system for some of our windows based
servers. Some servers will be on our normal LAN and some servers will
be on a secure (Process-control-Network) LAN. Managing the SAN will be
done from a console on our none-secure LAN. I was wondering how that
would jeopardize the data of our servers on the secure network.
Is it possible for a hacker (once he has taken over control of the
management console) to redirect the LUN's of our secure servers to
servers on our non-secure LAN, or is it possible to manipulate the SAN
in a way that data from the secure servers is also readable or
accessible for others?
Could he even break the LUN's link with running servers (for instance
just by shutting down the entire SAN)?


He's the SAN manager so could do all of the above...

Guy
-- --------------------------------------------------------------------
Guy Dawson I.T. Manager Crossflight Ltd