What's the best methodology to use when testing for storage security vulnerabilities?

Requires Free Membership to View

Storage security information
Why and how your storage environment will be attacked

Five must-have storage security testing tools

Protect your data from hidden threats
It's like any other type of information security testing. First, perform your reconnaissance; see what others can see within the network or looking in from the Internet. Next, scan your ports and enumerate your systems to see what services are loaded and available. Now, check for vulnerabilities using testing tools such as those in my article "Five must-have storage security testing tools, and look for missing patches, poor configurations and other loopholes. Finally, try exploiting those vulnerabilities.

I normally recommend that you try to exploit your vulnerabilities as long as there is no negative impact on the production environment or on the integrity of your storage. I feel that the exploitation process can add a lot of value and help get the attention of network administrators, developers and even upper management. A screenshot of a remote command prompt on a server or some other host in your storage environment can be a powerful vehicle for change.

Be sure to wrap your testing into a higher level ethical hacking methodology that includes planning things out so that everyone knows what is being tested. Next, perform the testing and analyze the results from your testing tools and manual assessments. Prioritize your findings and make recommendations before reporting the results. Finally, implement your changes to address any issues that you might have discovered.

Listen to the Storage Security FAQ audiocast here.

Go to the beginning of the Storage Security FAQ Guide.

This was first published in March 2007

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: