Lets pare this scenario down to practicality, to make things even clearer. I think that everyone will agree that we can eliminate:
IF somebody really wants to screw us up (assumed when doing security analysis)
IF they care to upgrade the firmware on our filer and (malicious intent is assumed)
IF they know how to do it and (it's on bugtraq.)
This leaves us with:
IF they can crack our firewall and IF they can crack the root password of our admin host and IF it breaks the filer beyond usablility
Which is a rather conservitive chain of events. In reality its closer to:
Compromise/circumvent border access controls Spoof the identity of admin host Gain admin privileges on filer.
This is the same chain of events that happens with any compromised trust relationship. Nothing new. The procedures to minimize exposure and the risk of this happening are decades old.
There is (in this scenario) no Netapp software at fault. Merely lazy administrators extending trust where its not neccesary or safe to do so.
As far as:
that's whay we have backups and that's why we buy hardware support.
goes; I don't know what kind of enviroment you work in, but in mine, backups and disaster recovery are important; but so is confidentiality. Your scenario makes no allowance for the release of proprietary information presumably on the filer.
matto
On Fri, 12 Feb 1999, Graham C. Knight wrote:
I find this all rather amusing.
IF somebody really wants to screw us up and IF they can crack our firewall and IF they can crack the root password of our admin host and IF they care to upgrade the firmware on our filer and IF they know how to do it and IF it breaks the filer beyond usablility
THEN
that's whay we have backups and that's why we buy hardware support.
--matt@snark.net---------------------------------------------<darwin>< Matt Ghali MG406/GM023JP tokyo refugee - system admin - pop-tart fan www.hello-kitty.net "WWW my testicles!" - Bob Allisat, net.kook