Im Going To Shoot The Next Person Who Says VLANs presented at BlackhatUSA 2006

by Himanshu Dwivedi,

Summary : Booksigning: Hackers Challenge 3 with Jeremiah Grossman and Himanshu Dwivedi at 12:30 on Thursday, August 3 at the BreakPoint Books booth.
Assessing and analyzing storage networks are key to protecting sensitive data at rest; however, the tools and procedures to protect such resources are absent. The presentation will attempt to bridge the gap between security professionals worried about storage security and the lack of tools/process to mitigate any exposures. The presentation will introduce the Storage Network Audit Program (SNAP), which is an assessment program for security professionals who wish to ensure their storage network is secure. The audit program requires no storage background. The program will clearly outline topics for storage security, list specific questions regarding the topic, and clearly state what outcomes would be satisfactory or unsatisfactory. Over 40 different topics are discussed in SNAP.
The presentation will also introduce a new tool to analyze the security configuration of a NetApp filer. SecureNetApp is a tool that will analyze over 90 settings on a NetApp filer and create an HTML report that shows all satisfactory and unsatisfactory settings. Based on the results, the tool will display the exact syntax that can be used to mitigate all unsatisfactory settings, which can be given directly to a storage administrator for remediation.
The presentation will conclude with a brief overview of the security gaps in new storage devices marketed to home users and small offices. While devices like NetGear Z-SANs meet the increasing demands of storage, they miss the mark it terms of data protection. A demo of a basic attack will be shown to highlight the lack of security in such home storage products.