Cisco Cisco NSS030 Smart Storage External Power Adapter Livre blanc

Security Considerations White Paper for Cisco Smart Storage

White Paper

•

Deploy VPN instead of port forwarding

•

Enable WiFi security with WPA2/AES

•

Remove Local Group = everyone on USB/eSATA

•

Monitor the appropriate NSS logs for suspect behavior

•

Utilize ACL to limit physical access to storage resources

Details about security exploitation methodologies and best practices to prevent

them can be found in detail in the next section,

Hacker’s Tools and Exploitations for NAS

These are some of the tools available for the hacker to use to exploit and identify

security vulnerabilities for Network-attached storage. If the NAS is not properly

secured, the end result can lead to loss of sensitive information (confidential

company information, marketing strategies, etc.), correspondence (emails,

contacts), or financial details. However, these risks can be minimized and the

product can be secured by following the best security practices outlined in this

document.

•

Tools to identify web server vulnerabilities:

Nessus

—A vulnerabilities scanning tool. Hacker utilizes this tool to

determine potential vulnerabilities of the NAS. This tool lists all of the

potential vulnerabilities of the NAS. For example, the Apache server

patch is not up-to-date, the server uses weak SSL ciphers, etc.

Nikto

—A web vulnerabilities scanner. This tool lists all of the potential

security holes. For example, “OpenSSL/0.9.8e appears to be outdated

(current version should be at least 0.9.8g),” etc.

Metasploit Framework

—A vulnerability exploitation tool. It is an

advanced open-source platform for developing, testing, and using

exploit code.

•

Tools to identify open ports, services, and user accounts:

Nmap

—TCP/UDP ports scanning tool. Hacker utilizes this tool to

determine open TCP/UDP ports on the device. For example, if FTP

service is running on the NAS, the scan will indicate that TCP port 21 is

open.