Manualshelf

HP StorageWorks Command View XP Advanced Edition Device Manager Server Installation and Configuration Guide (December 2005)

ManualsBrandsHP ManualsStorageHP StorageWorks XP12000 Disk Array SSP
11121314151617181920
Command View XP AE Device Manager Network Configuration 19
2-2 Common Security Risks
System administrators frequently separate production LANs from management LANs. In such cases,
management LANs act as a separate network, which isolates management traffic from a production
network and reduces the risk of security-related threats. If a management controller such as the SVP
coexists on a production LAN, it is left open for any entity on the IP network to access. Whether the
access is intentional or not, the resulting security risks can lead to actual outages characterized as
Denial of Service (DoS). DoS attacks may lead to a management session being hijacked for
malignant purposes, such as unbinding a storage extent from a port during an I/O operation.
The following are guidelines for constructing management LANs:
Traffic from the production LAN should not flow through, or be routed to the management LAN.
If possible, all hosts with management interfaces or controllers on the management LAN should
be hardened to their maximum level to reduce the potential that software other than the
management interface will not lead to an exploit of the entire station or device. (In this case
hardening should include removal of unnecessary software, shutting down nonessential
services, and updating to the latest patches.)
The management LAN should only intersect a production LAN on those hosts acting as an
interface between the management LAN and the production LAN (e.g. Command View XP AE
Device Manager server).
If possible, those hosts intersecting both a private LAN and management LAN should be behind
a firewall of some kind, further inhibiting unintended access.
2-3 Server Network Configurations
2-3-1 Most Secure Configuration: Separate Management LAN plus
Firewall
In this case, the server hosting Device Manager must either be dual homed or have two NICs and
every other management application must be of similar configuration. The first NIC for each host is
attached to a LAN dedicated to management traffic between the management host and devices under
management, which for Device Manager includes any XP disk arrays. A second NIC is attached to a
LAN where access is governed by a firewall. As shown in
Figure 2-2, each server could also be
connected to a different LAN with a different firewall. The firewall contains strict access rules that
allow access to the management servers only to Device Manager or specified management
application clients.
This configuration is the most secure but least flexible implementation, as it requires overhead to
manage all of the various network components, the servers, and the devices under management.
Adding further security to this configuration requires that the underlying management application OS
be hardened to the maximum possible limit. This might include disabling services such as Telnet,
FTP, SMTP, or IIS. Additionally, if possible all unnecessary packages should be removed.
For an exhaustive study of what is required to harden a server, see
http://ist.uwaterloo.ca/security/howto/
Figure 2-2 illustrates a separate management LAN plus a firewall.