FAQ

What security tools should I be using to test the security of my storage environment?

There's a lot to this. You can use tools to look for unstructured files (alluded to in the previous question), but you often have to dig in deeper. When looking for vulnerabilities, go beyond the storage arena and consider any connected or related systems, including operating systems, Web applications, desktops, servers,

    Requires Free Membership to View

switches, routers, firewalls and wireless networks -- practically anything that has access into the storage environment.
Storage security information
Why and how your storage environment will be attacked

The problem with unstructured information

Protect your data from hidden threats
There are specialized tools for testing all of these. I encourage people to actually come to my Web site and check my resources page. I have a set of articles written mostly for a variety of TechTarget sites that I link to, and these articles discuss what tools are best to use with particular systems. I also wrote an article on this topic for SearchStorage.com titled Five must-have storage security testing tools that outlines several notable, free products and looks for several specific vulnerabilities within storage. Ultimately, it's important to look at the entire environment, not just the storage. Consider the application-level vulnerabilities, OS-level vulnerabilities and even your network-level vulnerabilities. If vulnerability is present in any of those areas, it can potentially allow an intruder into the storage environment. Think outside of the box. You have to have good tools and use an ethical hacking methodology to find vulnerabilities in the shortest amount of time, while spending the least amount of money. The vendor is also involved to some extent. You depend on the vendor to write secure code initially, then develop, sell and support applications that are resilient to attacks and have layered security controls. From a practical sense, the best you can do is ask your vendors some tough security questions up front and have them make their best case for security in your particular environment. Check the quality of each vendor's support to see that they are responsive to your security questions and needs -- expect the vendor to notify you of critical issues and provide timely updates. If you haven't received security updates in years, you might want to question their concern or focus on security issues. Ultimately, don't rely on your vendor totally -- look out for yourself first.

Listen to the Storage Security FAQ audiocast here.

Go to the beginning of the Storage Security FAQ Guide.


This was first published in March 2007

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: