A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Search Irongeek.com:

Affiliates:
ISDPodcast Button
RootSecure Button
Social-engineer-training Button
Irongeek Button

Web Hosting:
Dreamhost Logo
Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


Opening the Treasure Chest-Attacking Network Attached Storage on a Pen Test - Russell Butturini from BSides Rhode Island 2013 (Hacking Illustrated Series InfoSec Tutorial Videos)

Opening the Treasure Chest-Attacking Network Attached Storage on a Pen Test - Russell Butturini
BSides Rhode Island 2013

Presenter: Russell Butturini, Senior Enterprise Security Architect, Healthways

Title: Opening the Treasure Chest-Attacking Network Attached Storage on a Pen Test

Abstract: Network attached, cheap, highly available storage is becoming more prevalent on networks today, especially with the increased use of virtualization and more energy efficient servers which do not rely on directly attached storage. However, these appliances are often designed with availability and ease of access first and security second, with many security features not enabled by default, making storage targets especially juicy during an assessment as often the real network ́treasuresî such as company data, virtual disk images, and other juicy targets can be obtained through storage compromise. Also, many storage devices leak vast amounts of sensitive information about the internal network through management protocols, giving an attacker or tester a way to quickly enumerate other targets and profile the network without making a lot of noise. This talk will focus on how to identify storage devices on the network and build a testing methodology for them.

Recorded at BSidesRI 2013.

Back to BSidesRI 2013 video list

Printable version of this article

15 most recent posts on Irongeek.com:


If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2014, IronGeek
Louisville / Kentuckiana Information Security Enthusiast