| |||||
| |||||
Search Irongeek.com:
Help Irongeek.com pay for bandwidth and research equipment: |
Presenter: Russell Butturini, Senior Enterprise Security Architect, Healthways
Title: Opening the Treasure Chest-Attacking Network Attached Storage on a Pen Test
Abstract: Network attached, cheap, highly available storage is becoming more prevalent on networks today, especially with the increased use of virtualization and more energy efficient servers which do not rely on directly attached storage. However, these appliances are often designed with availability and ease of access first and security second, with many security features not enabled by default, making storage targets especially juicy during an assessment as often the real network ́treasuresî such as company data, virtual disk images, and other juicy targets can be obtained through storage compromise. Also, many storage devices leak vast amounts of sensitive information about the internal network through management protocols, giving an attacker or tester a way to quickly enumerate other targets and profile the network without making a lot of noise. This talk will focus on how to identify storage devices on the network and build a testing methodology for them.
Recorded at BSidesRI 2013.
15 most recent posts on Irongeek.com:
|
If you would like to republish one of the articles from this site on your
webpage or print journal please contact IronGeek.
Copyright 2020, IronGeek
Louisville / Kentuckiana Information Security Enthusiast