Disk Array poisoning and Solutions

Many senior storage engineers may have never heard of virus attacks on disk arrays. The traditional disk array is only an external device in the system, and many users even directly call it a "large hard disk ". Although such devices also have Firmware, they are basically embedded systems such as VxWorks or even smaller, and few viruses can infect such systems. Naturally, no one has ever seen a disk array infected with viruses.
However, in recent years, with the increasing variety of disk array functions and processing requirements, more and more high-end disk arrays have begun to use larger operating systems as the firmware platform.
The NetApp storage device controller runs the customized FreeBSD;
The Engineo disk array (IBMDS4000 series) controller uses the intelceleon chip and runs Linux (DS4100 and DS4300 still follow the Mylex technology and adopt XscaleCPU and VxWorks systems );
EMCCLARiiON series array controllers use the IntelPentium chip. They used Windows2000 as the operating system and are now upgraded to WindowsXP;
Sun's new 6920 disk array center Processing Unit (DSP) is a iSCSI server that runs standard Solaris and VeritasVolumeManager;
The DS8000 array controller of IBM enterprise-level products is an RS6000 architecture that runs the AIX system.
The prevalence of traditional server operating systems in disk array controllers naturally powers the functions and processing capabilities of these products, but also provides opportunities for virus propagation and hacker attacks.
Needless to say, the Windows, Linux, Solaris, And AIX Open System Platforms naturally become the targets of viruses and hackers due to their large number of users. The warning system is installed in my notebook to report some sniffer scans and illegal requests. Although this early warning system cannot monitor all attacks and scans, even so, the weekly accumulation of hundreds of events is enough to show how many attacks and scans on the Internet are amazing. If these attacks only have a success rate of 1‰, it means that the system average is every 2 ~ An illegal intrusion occurs once every three months. For the vast majority of mid-and high-end systems, such security is completely intolerable. What's more, for "Bare systems" without any protection, the attack success rate will be much higher than 1. I tried to connect my laptop installed with Windows XP to the Internet all night long. The MSN password has been changed the next morning, and the desktop settings are totally different.
Viruses and attacks against Windows, Linux, and open Unix systems are updated every day. These systems are also protected by frequent patches and third-party security software. Therefore, the situation is tricky for systems installed in the array controller. Currently, no third-party security software vendor provides security protection software for the array controller. Users can upgrade the firmware of the array controller frequently, just as they frequently patch hosts. As a matter of fact, this is also the case for various disk array manufacturers, who claim to users that "upgrading to the latest version of firmware can ensure the most reliable system ", update the firmware version at an average rate once a week. However, upgrading the array firmware is very dangerous for online disk arrays. Frequent firmware upgrades will undoubtedly seriously affect data security. The vendor can ensure 100% secure firmware upgrades, and most mid-and high-end systems cannot tolerate such frequent on-screen Windows. 1-1 downtime per week ~ 2 hours, 50 ~ every year ~ 100 hours! Where is the high availability declared by the manufacturers as "four nine" and "five nine?
Vendors may be aware of this embarrassment. Some companies with a sense of responsibility have introduced a special feature to the new product to upgrade the firmware online. This problem seems to have been solved. I have heard from several well-known engineers for many times that they can achieve "uninterrupted system maintenance" on the cloud. Is that true? Unfortunately, the actual situation is not so perfect. When you open a user manual that supports "online firmware upgrade", you will find that the user manual in the operating procedures is similar: "Although this product supports online firmware upgrade, however, any external I/O operations must be stopped during the upgrade." What does this mean? The disk array can be stopped, but the Host read/write needs to be stopped. What is the difference between this and system downtime ?! The so-called "uninterrupted maintenance" cannot be a text game.
Step 4: Is the disk array safe if you update the firmware at the fastest speed according to the manufacturer's requirements? Can I upgrade the Windows XP patch to the latest version to protect against viruses and hacker threats? The same is true. Some may suspect that "I have not heard of many disk arrays infected with viruses and attacks ." In fact, the reason is also very simple. Think about the general application environment of high-end disk arrays. Which of the following layers of hardware and software firewall protection is the central data center of a telecommunications company? Even worse, the central data center of the Bank simply isolates the physical connection to the Internet. These objective factors reduce the chances of intruding a "fragile system" such as a disk array, but this does not mean reducing the "Vulnerability" of the disk array ".

It should be noted that the protection of the disk array is very limited in the IDC environment. Almost all mid-and high-end disk arrays support remote management and maintenance, and manufacturers or integrators are willing to perform regular inspection through remote management ports. If possible, vendors and integrators will advise users to provide a public network address for the disk array and place it in a location that can be accessed externally. Maybe most of the integrators and users did not notice that this convenience also exposes the "Vulnerability" of the disk array to a dangerous public network environment.
In addition, once the data center is infected with viruses or malicious users, the disk array is basically at risk. Although the disk array is easy to infect, once this happens, it is very difficult to scan for viruses and malicious code generation. Because of the special encapsulation mechanism, general security software cannot be installed on the array controller. In addition, such system changes to the administrator account and other aspects also prevent security software from cleaning the system through network. In a simple statement, the disk array is vulnerable to virus infection, but not easy to clear.
What about other storage devices except the disk array? We know that the core operating systems of some optical fiber switching devices and virtual storage devices are also based on Linux. But in general, these devices have much better security mechanisms than the disk array. This is partly because most of these vendors have more or less the technical foundation of Traditional Ethernet networks, and partly because these systems differ greatly from Linux versions such as RedHat and SuSe, which are widely used, it is less compatible with viruses and hackers.
Common Operating Systems for NAS and iSCSI devices are more popular. Microsoft also developed WindowsStorageServer as a professional system for such devices. The virus "compatibility" is naturally "good ". Fortunately, network security protection is attached to both NAS and iSCSI devices. Almost every NAS product is pre-installed or provides anti-virus software in an optional manner, with a sound authentication protection mechanism. The iSCSI Device simply uses the CHAP protection mechanism as one of its standard configurations to avoid exposing the system to insecure networks.
Therefore, NAS and iSCSI devices have obvious advantages over traditional FC disk arrays in terms of network security. Therefore, when both performance and scalability requirements can be met, the selection of NAS or iSCSI devices will make the storage devices more secure. If you must use an FC disk array, avoid using the Controller's network interface for management, and adopt a safer In-Band management mode.