Hi,
I know a few xen users are relying on aoe as the protocol of choice to
connect to file servers, it is elegant and lightweight.
I''ve built a mini lab using 2 raid 10 file servers with drbd/HA, LVM
and
vblade mini servers for making domU available to xen servers (dom0).
It work like a charm and I wish I could deploy it but there is one
single issue which makes me quite uncomfortable to use as is: aoe security.
I''ve read this document:
http://www.security-assessment.com/files/whitepapers/Insecurities_in_AoE.pdf
I know we can limit somewhat access by specifying the mac address and I
was wondering if anyone made some testing in terms of security
Here is a paste from the conclusion from the above link, I wonder if
anyone would like to share some thoughts or their conclusion on that topic :
Mitigations
Coraid’s hardware AoE product, EtherDrive supports MAC filtering.
If MAC filtering is also enabled correctly on the switch infrastructure
this provides a certain level of security.
In this case however, it is possible that various attacks on the switch
(such as cam table
flooding), could be possible to bypass this security feature. These
attacks however, are
outside of the scope of this whitepaper. If MAC filtering is not enabled
on the switch layer,
then client MAC theft is possible. This is an active and invasive attack
which will result in
lack of client service. After successfully performing this attack, it is
subsequently possible
to utilize the “Malicious Server” technique described earlier as the
client will have to
reconnect to the server.
The EtherDrive disk restriction mechanism via “configuration string”
described earlier can
be easily bypassed with packet forgery. The packet containing the
configuration string can
be sniffed and replayed, or once the configuration string is captured,
it can be embedded
in a forged packet. It may also be possible to either guess or
brute-force the “configuration
string” used for authentication in order to gain unauthorized access to
the disk.
Securing the AoE infrastructure to ensure separation between clients in
different security
domains will alleviate the problems described herein. If both the server
and the switch
support 802.1q VLAN trunking then the following process will provide an
AoE infrastructure
which is resistant to the attacks described in this whitepaper:
Configure an AoE server with multiple physical interfaces and export one
logical array per
interface per client. Configure VLAN trunking on both the server and the
switch. Each
AoE connected client will be in a separate VLAN.
While these steps may provide adequate protection for the data on your SAN,
management overhead is increased and the inherent insecurity of the AoE
protocol
remains. The security lies with the infrastructure which itself needs to
be configured
correctly in order to be properly resistant to attack.
11 A patch to provide MAC filtering for the linux userland server was
published on the AoE mailing list by
Fran Firman. http://aoetools.sourceforge.net
++
--
Virtual Space International Inc.
Steven Dugway USA 206-734-HOST Canada 514-939-HOST (4678) ext 5
Skype:stevenvsi; savetimehosting.net 911hosting.net goodprivacy.net
Spam is not allowed: AUP http://www.virtualspaceintl.net/acceptable_use.html
--------------------------------------------------------------
Internet Is Here To Stay, Make Sure Your Business Is!
--------------------------------------------------------------
_______________________________________________
Xen-users mailing list
Xen-users@lists.xensource.com
http://lists.xensource.com/xen-users