Cisco Cisco NSS030 Smart Storage External Power Adapter Livre blanc
Security Considerations White Paper for Cisco Smart Storage
5
White Paper
•
Deploy VPN instead of port forwarding
•
Enable WiFi security with WPA2/AES
•
Remove Local Group = everyone on USB/eSATA
•
Monitor the appropriate NSS logs for suspect behavior
•
Utilize ACL to limit physical access to storage resources
Details about security exploitation methodologies and best practices to prevent
them can be found in detail in the next section,
.
Hacker’s Tools and Exploitations for NAS
These are some of the tools available for the hacker to use to exploit and identify
security vulnerabilities for Network-attached storage. If the NAS is not properly
secured, the end result can lead to loss of sensitive information (confidential
company information, marketing strategies, etc.), correspondence (emails,
contacts), or financial details. However, these risks can be minimized and the
product can be secured by following the best security practices outlined in this
document.
•
Tools to identify web server vulnerabilities:
-
Nessus
—A vulnerabilities scanning tool. Hacker utilizes this tool to
determine potential vulnerabilities of the NAS. This tool lists all of the
potential vulnerabilities of the NAS. For example, the Apache server
patch is not up-to-date, the server uses weak SSL ciphers, etc.
-
Nikto
—A web vulnerabilities scanner. This tool lists all of the potential
security holes. For example, “OpenSSL/0.9.8e appears to be outdated
(current version should be at least 0.9.8g),” etc.
-
Metasploit Framework
—A vulnerability exploitation tool. It is an
advanced open-source platform for developing, testing, and using
exploit code.
•
Tools to identify open ports, services, and user accounts:
-
Nmap
—TCP/UDP ports scanning tool. Hacker utilizes this tool to
determine open TCP/UDP ports on the device. For example, if FTP
service is running on the NAS, the scan will indicate that TCP port 21 is
open.