IBM warns Storwize arrays can DELETE ALL DATA IBM has issued a warning to owners of its Storwize arrays, SAN Volume Controller and Flex System V7000, because all are at risk of having their contents erased. Big Blue’s warning about the problem is blunt: “Administrative access to the system via the IP interface may be obtained without authentication.” That’s bad news …
Unfortunately, said webserver is not optional. IBM is so exceptionally proud of their "special" [1] XIV interface they now force it upon everything they have. Persistent rumor claims the TSM server will be the next lucky one.
Oh joy.
[1] personally, I´d say "special" as in "special school"
IBM are not alone in using web interfaces, and whilst I haven't read the V7000 manuals for a while I'm pretty sure they advise securing the admin port just like other vendors do for their admin ports. The problem is customers that ignore the advice (or don't read the manuals) and then act all surprised when it all goes tits up. I have worked for companies where not only did they put admin interfaces onto the main corporate LAN, but they also had pretty flakey security on the Internet-facing bits of the Wifi access to the same corporate LAN. Put all your eggs in one basket and you better get ready for a mess.
Hi Matt,
Of course they advise to secure the admin port. Which helps exactly zilch if: "Administrative access to the system via the IP interface may be obtained without authentication".
Apart from this, you seem to have the same customers as me, more often than not security is run over by convenience. It is all sad.
...more accurately the arrays can't "delete all data" but that someone could gain access to do so without authenticating.
It's not like there's a huge flaw in the array that results in data disappearing all of a sudden, this is no different than HP's slip up with the MSA storage arrays having a default account.
Proper segregation of management and production networks to isolate these management shells/GUIs should be best practice just about everywhere (although it's probably not, so maybe this actually will be a problem for a few customers).
Really what IBM (and others for that matter) should be able to do is to:
a) restrict access to the GUI from a certain IP address or range of IP addresses
b) have a CLI command which lets you turn the damn thing off.
Of course, a) is standard stuff in any data centre - block access at the network level. And put your important stuff on a separate network. You shouldn't really need to be able to switch it off if you can block access.
b) is only really of use for experienced admins, who probably don't use the GUI anyway. There are some things you can't easily do on the CLI though (some of maintenance procedures).
The bigger problem is the fact that customers nowadays demand that vendors use commodity hardware and software in their products. They fear custom hardware and vendor lock-in. They also want nice easy to use interfaces. This won't be the only product or the only vendor affected by this bug.
Oh, and while someone could in theory delete all of the configuration, that same configuration can be quite quickly rebuilt with not much loss of data. Most storage vendors store configuration in the form of metadata on the underlying disk drives, or externally, as a backup in case things go tits up, and storwize is no exception. You'd get some downtime though.
Of course, anyone worth their money in this industry knows that you should expect all products to go wrong, and the best you can do is architect your overall solution to minimise the impact that that has on the business.
"Most storage vendors store configuration in the form of metadata on the underlying disk drives"
Don't know about Storwize, but I'd say most storage boxes have a way to nuke metadata from the shell. And not particularly secret. Like any administrative access - plenty of ways to aim for the foot.
It's always a good idea to keep management network separated from the public ones.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
