Storage systems - a good target for hackers

Network-attached storage (or NAS) systems are a favorite target for hackers, who want to launch computer attacks or steal sensitive data. They also make a good entry point, due to their being so easy to hack."NAS is virtually indistinguishable to a file system from a hacker perspective; this is a well-developed and well-known means of attack," said Alan Lustiger of TD Ameritrade.

NAS systems are so favorable for hackers, because they rely on well-known protocols, which can be easily analyzed in order to find security flaws. According to Lustiger, the attacker could, for example, penetrate a NAS to discover and look into file systems available for mounting (adding a file system into an existing directory structure).

Another way is to build sniffing and password hashes, perform protocol downgrade attacks on Windows NT Lan Manager and its authentication and spy on clear text sent over Common Internet File System amd Network File System Protocols to sniff data.

Most NAS systems will allow the use of software clients to create fake permissions, so data can also be accessed that way.

The are no specific ways to protect NAS systems, other than the usuall "patch-like-hell" attitude. The problem is that storage administrators rarely take part in IT security planning. This situation leads to them using non-security storage devices as security storage devices and, thus getting hacked.

2-viruses authors Articles