What's the best methodology to use when testing for storage security vulnerabilities?

It's like any other type of information security testing. First, perform your reconnaissance; see what others can see within the network or looking in from the Internet...

Storage security information
Why and how your storage environment will be attacked

Five must-have storage security testing tools

Protect your data from hidden threats
It's like any other type of information security testing. First, perform your reconnaissance; see what others can see within the network or looking in from the Internet. Next, scan your ports and enumerate your systems to see what services are loaded and available. Now, check for vulnerabilities using testing tools such as those in my article " Five must-have storage security testing tools, and look for missing patches, poor configurations and other loopholes. Finally, try exploiting those vulnerabilities.

I normally recommend that you try to exploit your vulnerabilities as long as there is no negative impact on the production environment or on the integrity of your storage. I feel that the exploitation process can add a lot of value and help get the attention of network administrators, developers and even upper management. A screenshot of a remote command prompt on a server or some other host in your storage environment can be a powerful vehicle for change.

Be sure to wrap your testing into a higher level ethical hacking methodology that includes planning things out so that everyone knows what is being tested. Next, perform the testing and analyze the results from your testing tools and manual assessments. Prioritize your findings and make recommendations before reporting the results. Finally, implement your changes to address any issues that you might have discovered.

Listen to the Storage Security FAQ audiocast here.

Go to the beginning of the Storage Security FAQ Guide.

This was first published in March 2007
This Content Component encountered an error

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchSolidStateStorage

SearchVirtualStorage

SearchCloudStorage

SearchDisasterRecovery

SearchStorage

SearchITChannel

Close