[9565] in bugtraq
Re: Bugtraq item about Netapps.
daemon@ATHENA.MIT.EDU (just me.)
Sat Feb 13 18:16:24 1999
Date: Fri, 12 Feb 1999 10:51:53 -0800
Reply-To: matt@snark.net
From: "just me." <matt@CAMEL.ETHEREAL.NET>
X-To: toasters@mathworks.com
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <36C44B9B.7581839@ast.lmco.com>
Lets pare this scenario down to practicality, to make things even
clearer. I think that everyone will agree that we can eliminate:
IF somebody really wants to screw us up
(assumed when doing security analysis)
IF they care to upgrade the firmware on our filer and
(malicious intent is assumed)
IF they know how to do it and
(it's on bugtraq.)
This leaves us with:
IF they can crack our firewall and
IF they can crack the root password of our admin host and
IF it breaks the filer beyond usablility
Which is a rather conservitive chain of events. In reality its
closer to:
Compromise/circumvent border access controls
Spoof the identity of admin host
Gain admin privileges on filer.
This is the same chain of events that happens with any
compromised trust relationship. Nothing new. The procedures to
minimize exposure and the risk of this happening are decades old.
There is (in this scenario) no Netapp software at fault. Merely
lazy administrators extending trust where its not neccesary or
safe to do so.
As far as:
that's whay we have backups and
that's why we buy hardware support.
goes; I don't know what kind of enviroment you work in, but in
mine, backups and disaster recovery are important; but so is
confidentiality. Your scenario makes no allowance for the release
of proprietary information presumably on the filer.
matto
On Fri, 12 Feb 1999, Graham C. Knight wrote:
I find this all rather amusing.
IF somebody really wants to screw us up and
IF they can crack our firewall and
IF they can crack the root password of our admin host and
IF they care to upgrade the firmware on our filer and
IF they know how to do it and
IF it breaks the filer beyond usablility
THEN
that's whay we have backups and
that's why we buy hardware support.
--matt@snark.net---------------------------------------------<darwin><
Matt Ghali MG406/GM023JP tokyo refugee - system admin - pop-tart fan
www.hello-kitty.net "WWW my testicles!" - Bob Allisat, net.kook