Storage UPDATE--August 4, 2003
This Issue Sponsored By
Ontrack Data Recovery Services
http://s0b.bluestreak.com/ix.e?hy&s=200527&a=141743
HP & Microsoft Network Storage Solutions Road Show
http://www.winnetmag.com/roadshows/nas
===============
1. Commentary: SAN Security by Obscurity
2. News and Views
- StorageNetworks Lays Off Most Staff, Announces Liquidation
- EMC Upgrades High-End Storage
3. Instant Poll
- Results of Previous Poll: Which Office Suite?
- New Instant Poll: SAN Precautions
4. Announcements
- Learn More About the Security Risks in Exchange 2003
- Windows & .NET Magazine Connections Launches Exchange Event
5. Event
- New--Mobile & Wireless Road Show!
6. New and Improved
- Deploy as Much as 1TB of Solid State Storage
- Identify and Back Up Files
- Submit Top Product Ideas
7. Contact Us
- See this section for a list of ways to contact us.
==== Sponsor: Ontrack Data Recovery Services ====
*** FREE Monthly DATA RECOVERY e-Newsletter! ***
The Ontrack Data Recovery e-Newsletter, written by data recovery specialists, includes cutting edge technology, the latest news & information, software and service buzz, and PC tips. Whether you're responsible for your company's data or your own, you'll find value in this monthly newsletter. Get the news, stay informed and be prepared.
http://s0b.bluestreak.com/ix.e?hy&s=200527&a=141743
==========
Editor's Note: We'd like your opinion about Storage UPDATE! To improve the editorial quality of this email newsletter and determine the best delivery format, we need your feedback. Please take some time to answer our online survey. The survey gives you the opportunity to provide feedback in one online survey about all the Windows & .NET Magazine Network newsletters to which you subscribe. We appreciate your time, and we look forward to reading your comments. To answer the survey, go to
http://list.winnetmag.com/cgi-bin3/DM/y/eR110CJSl80CBr0BBYx0Ah
==== 1. Commentary: SAN Security by Obscurity ====
by Mark Smith, [email protected]
Many IT managers are unaware of the security risks associated with their Storage Area Networks (SANs). According to Himanshu Dwivedi, managing security architect of @stake, a digital-security consulting firm, "Fibre Channel networks lack authentication, encryption, and authorization normally found in IP networks."
@stake has been analyzing storage security problems for years and helps companies analyze and configure their IT security infrastructures. According to @stake, most companies feel secure with their SAN security; however, a growing number of SANs connected to the Internet are increasingly exposed to potential security breaches. Dwivedi said, "90 percent of all SANs have been set up with soft-zoning, a technique that relies on World Wide Name to determine LUN access. However, World Wide Names can be changed on the fly if you can gain access to the host bus adapter device driver."
An intruder might attempt to break SAN security by first gaining access to the networking level of a computer. At this level, the intruder could use a command-line utility to spoof the World Wide Name (WWN) that the computer's host bus adapter (HBA) uses. An intruder can determine the current WWN by issuing an Ipconfig command. Then, the intruder could guess the next sequential WWN, which generally is an 8-character name and a simple numbering sequence. Each LUN has an associated WWN. After the intruder determines the next WWN, the intruder could use the HBA driver command to change to the spoofed WWN and access all SAN data.
Microsoft and HP have been actively promoting the use of SANs in conjunction with Microsoft Exchange Server. In such a configuration, the Exchange Server has both an IP-based network adapter card and an HBA in the same box. The IP NIC lets you connect to the Internet for Microsoft Outlook Web Access (OWA) support and also lets you connect clients to Exchange Server. The HBA enables direct connectivity of the Exchange Server to the SAN. If Microsoft and HP are successful in selling Exchange on SANs, the number of potential SAN security breaches will increase. Although such an Exchange-on-SAN security breach is theoretically possible, there aren't any publicly documented cases of such an attack happening. Claude Lorenson, product manager for Microsoft's storage division, said, "An attack against SAN data is more difficult than an attack against Direct Attached Storage--DAS." In the case of Exchange-on-SAN configurations, an intruder would have to break the security of Windows, Microsoft IIS, or Exchange, then breach HBA driver security. Lorenson said, "While SAN security is outside the realm of the Windows Server OS, we have worked hard to ensure that someone cannot gain unauthorized access to the network level of a computer. Nonetheless, we would recommend that SAN users implement hard-zoning on their SANs."
Dwivedi said, "Hard-zoning based on ports is the best solution. You can assign specific ports to a WWN. All spoofing attacks would be rendered useless, because they \[intruders\] would be restricted to the physical ports."
A recent IDC market study states that second quarter 2003 was the first time that more storage capacity was sold on Network Attached Storage (NAS) and SAN devices than on DAS devices. As the number of networked storage devices increases, SAN vendors can no longer rely on the obscurity of their environments to ensure security. Fortunately, SAN fabric switch vendors are actively working on enhanced security features in their future SAN products. These products will offer flexible configurations, interoperability between SAN products, and authenticated access between SAN devices.
==========
==== Sponsor: HP & Microsoft Network Storage Solutions Road Show ====
Missed the Network Storage Solutions Road Show?
If you couldn't make the HP & Microsoft Network Storage Solutions Road Show, you missed Mark Smith talking about Windows-Powered NAS, file server consolidation, and more. The good news is that you can now view the Webcast event in its entirety at:
http://www.winnetmag.com/roadshows/nas
==========
==== 2. News and Views ====
by Keith Furman, [email protected]
StorageNetworks Lays Off Most Staff, Announces Liquidation
Struggling storage management software and service provider StorageNetworks has announced that it has failed to find a buyer and intends to liquidate the company. StorageNetworks has been going through rough times in the past year. Earlier this year, after several job cuts, the company reduced its work staff by 50 percent. In a statement, the company announced that its board of directors has approved a plan of liquidation and that almost all of the company's remaining 60 employees have been laid off. Several employees will stay on board to help the company wind down operations.
Under the liquidation plan, StorageNetworks expects to distribute $1.60 to $1.70 a share to its current stockholders over time. Recently, the company's stock has traded around $1.44, up from $0.78 earlier this year. The company received limited interest from other companies in acquiring its assets and determined that liquidation was the best option after failing to find a buyout offer that would be worth more than the company's estimated liquidation value.
http://www.storagenetworks.com
http://www.storageadmin.com/articles/index.cfm?articleid=38228
EMC Upgrades High-End Storage
A decline in the market for high-end storage sales hasn't stopped storage giant EMC from upgrading its Symmetrix high-end storage system. The upgrade to the Symmetrix DMX line features increased capacity. EMC's Symmetrix DMX3000 can hold up to 576 drives for a maximum raw capacity of more than 84TB (with usable capacities of as much as 73.5TB), which is double the space of the Symmetrix DMX2000, the company's current high-end system. The system also includes as much as twice the performance of the Symmetrix DMX2000.
EMC also introduced a new entry-level configuration for the Symmetrix DMX800, which includes all the features of a full Symmetrix DMX but with a price that begins 30 percent lower and includes capacity as much as 17TB. All the updated Symmetrix storage systems support Native Internet SCSI (iSCSI) connections. The products will be available in September 2003. The Symmetrix DMX800 will start at $284,000. The Symmetrix DMX3000 will start at $1.7 million.
http://www.emc.com
==== 3. Instant Poll ====
Results of Previous Poll: Which Office Suite?
The voting has closed in the Windows & .NET Magazine Network's Storage Admin Channel nonscientific Instant Poll for the question, "Which Office Suite does your company use?" Here are the results from the 53 votes:
94%--Microsoft Office
0%--WordPerfect Office
4%--OpenOffice
0%--Sun Microsystems StarOffice
2%--Other
New Instant Poll: SAN Precautions
The current Instant Poll question is, "Has your company taken any precautions when it comes to the security risks associated with SANs?" Go to the Storage Admin Channel home page and submit your vote for a) Yes, my company is aware of risks and is taking precautions, b) Yes, my company knows the risks but isn't taking any precautions, or c) My company wasn't aware of the risks and isn't taking any precautions.
http://www.storageadmin.com
==== 4. Announcements ====
(from Windows & .NET Magazine and its partners)
Learn More About the Security Risks in Exchange 2003
Videotaped live at Microsoft TechEd 2003, this free archived Web seminar delivers an introduction to the new security features and enhancements of Exchange Server 2003, including the new security APIs that can minimize virus risk and spam traffic. Plus, you'll discover more about the future of the messaging industry and what's on the horizon in assessing risk. Register today!
http://www.winnetmag.com/seminars/securityrisks
Windows & .NET Magazine Connections Launches Exchange Event
Windows & .NET Magazine Connections will colocate with Exchange Connections 2003. Stay competitive and invest your time to keep pace with technology. Learn the latest tips and tricks from gurus like Mark Minasi, Mark Russinovich, Tony Redmond, and Sue Mosher. Register now and get both conferences for the price of one--plus lock in your $300 early bird discount. Go online or call 203-268-3204 or 800-505-1201 for details.
http://www.winconnections.com
==== 5. Event ====
(brought to you by Windows & .NET Magazine)
New--Mobile & Wireless Road Show!
Learn more about the wireless and mobility solutions that are available today! Register now for this free event!
http://www.winnetmag.com/roadshows/wireless
==== 6. New and Improved ====
by Carolyn Mader, [email protected]
Deploy as Much as 1TB of Solid State Storage
Imperial Technology announced MegaRam-10000, a solid state accelerator that features as much as 1TB of zero latency solid state storage capacity. The MegaRam-10000's scalable architecture is targeted to grid computing, life science and biomedical research, large-scale engineering, and time-sensitive geophysical applications. For pricing, contact Imperial Technology at 310-536-0018 or 800-451-0666.
http://www.imperialtech.com
Identify and Back Up Files
AlmerSoft released AlmerBackup 3.0, backup software that lets you create regular backups of your crucial data. You identify your most important files and tell the built-in schedule how frequently you want to perform backups. The software also performs simple file copying and moving, deletes out-of-date files from the destination directory, and removes copied files from the source directory. AlmerBackup can back up to any network resource. The software runs on Windows XP/2000/NT/Me/9x systems and costs $29. Contact AlmerSoft at [email protected].
http://www.almersoft.com
Submit Top Product Ideas
Have you used a product that changed your IT experience by saving you time or easing your daily burden? Do you know of a terrific product that others should know about? Tell us! We want to write about the product in a future What's Hot column. Send your product suggestions to [email protected].
==== Sponsored Links ====
Ultrabac
FREE live trial-Backup & Disaster Recovery software w/ encryption http://ad.doubleclick.net/clk;5945485;8214395;x?
http://www.ultrabac.com/default.asp?src=WINTxtLAug03tgt=./
CrossTec
Free Download - NEW NetOp 7.6 - faster, more secure, remote support
http://ad.doubleclick.net/clk;5930423;8214395;j?
http://www.crossteccorp.com/w2kmag.htm
=========
==== 7. Contact Us ====
About the commentary –- [email protected]
About the newsletter -- [email protected]
About technical questions -- http://www.winnetmag.com/forums
About product news -- [email protected]
About your subscription -- [email protected]
About sponsoring UPDATE -- [email protected]
==========
Manage Your Account You are subscribed as #EmailAddr#.
To unsubscribe from this email newsletter, send an email message to mailto:#mailing.unsubemail#.
To make other changes to your email account such as change your email address, update your profile, and subscribe or unsubscribe to any of our email newsletters, simply log on to our Email Preference Center at http://www.winnetmag.com/email .
Copyright 2003, Penton Media, Inc.
Storage UPDATE--August 4, 2003
==== This Issue Sponsored By ====
Ontrack Data Recovery Services
http://s0b.bluestreak.com/ix.e?hy&s=200527&a=141743
HP & Microsoft Network Storage Solutions Road Show
http://www.winnetmag.com/roadshows/nas
==========
1. Commentary: SAN Security by Obscurity
2. News and Views
- StorageNetworks Lays Off Most Staff, Announces Liquidation
- EMC Upgrades High-End Storage
3. Instant Poll
- Results of Previous Poll: Which Office Suite?
- New Instant Poll: SAN Precautions
4. Announcements
- Learn More About the Security Risks in Exchange 2003
- Windows & .NET Magazine Connections Launches Exchange Event
5. Event
- New--Mobile & Wireless Road Show!
6. New and Improved
- Deploy as Much as 1TB of Solid State Storage
- Identify and Back Up Files
- Submit Top Product Ideas
7. Contact Us
- See this section for a list of ways to contact us.
==== Sponsor: Ontrack Data Recovery Services ====
*** FREE Monthly DATA RECOVERY e-Newsletter! ***
The Ontrack Data Recovery e-Newsletter, written by data recovery specialists, includes cutting edge technology, the latest news & information, software and service buzz, and PC tips. Whether you're responsible for your company's data or your own, you'll find value in this monthly newsletter. Get the news, stay informed and be prepared.
http://s0b.bluestreak.com/ix.e?hy&s=200527&a=141743
==========
Editor's Note: We'd like your opinion about Storage UPDATE! To improve the editorial quality of this email newsletter and determine the best delivery format, we need your feedback. Please take some time to answer our online survey. The survey gives you the opportunity to provide feedback in one online survey about all the Windows & .NET Magazine Network newsletters to which you subscribe. We appreciate your time, and we look forward to reading your comments. To answer the survey, go to
http://list.winnetmag.com/cgi-bin3/DM/y/eR110CJSl80CBr0BBYx0Ah
==== 1. Commentary: SAN Security by Obscurity ====
by Mark Smith, [email protected]
Many IT managers are unaware of the security risks associated with their Storage Area Networks (SANs). According to Himanshu Dwivedi, managing security architect of @stake, a digital-security consulting firm, "Fibre Channel networks lack authentication, encryption, and authorization normally found in IP networks."
@stake has been analyzing storage security problems for years and helps companies analyze and configure their IT security infrastructures. According to @stake, most companies feel secure with their SAN security; however, a growing number of SANs connected to the Internet are increasingly exposed to potential security breaches. Dwivedi said, "90 percent of all SANs have been set up with soft-zoning, a technique that relies on World Wide Name to determine LUN access. However, World Wide Names can be changed on the fly if you can gain access to the host bus adapter device driver."
An intruder might attempt to break SAN security by first gaining access to the networking level of a computer. At this level, the intruder could use a command-line utility to spoof the World Wide Name (WWN) that the computer's host bus adapter (HBA) uses. An intruder can determine the current WWN by issuing an Ipconfig command. Then, the intruder could guess the next sequential WWN, which generally is an 8-character name and a simple numbering sequence. Each LUN has an associated WWN. After the intruder determines the next WWN, the intruder could use the HBA driver command to change to the spoofed WWN and access all SAN data.
Microsoft and HP have been actively promoting the use of SANs in conjunction with Microsoft Exchange Server. In such a configuration, the Exchange Server has both an IP-based network adapter card and an HBA in the same box. The IP NIC lets you connect to the Internet for Microsoft Outlook Web Access (OWA) support and also lets you connect clients to Exchange Server. The HBA enables direct connectivity of the Exchange Server to the SAN. If Microsoft and HP are successful in selling Exchange on SANs, the number of potential SAN security breaches will increase. Although such an Exchange-on-SAN security breach is theoretically possible, there aren't any publicly documented cases of such an attack happening. Claude Lorenson, product manager for Microsoft's storage division, said, "An attack against SAN data is more difficult than an attack against Direct Attached Storage--DAS." In the case of Exchange-on-SAN configurations, an intruder would have to break the security of Windows, Microsoft IIS, or Exchange, then breach HBA driver security. Lorenson said, "While SAN security is outside the realm of the Windows Server OS, we have worked hard to ensure that someone cannot gain unauthorized access to the network level of a computer. Nonetheless, we would recommend that SAN users implement hard-zoning on their SANs."
Dwivedi said, "Hard-zoning based on ports is the best solution. You can assign specific ports to a WWN. All spoofing attacks would be rendered useless, because they \[intruders\] would be restricted to the physical ports."
A recent IDC market study states that second quarter 2003 was the first time that more storage capacity was sold on Network Attached Storage (NAS) and SAN devices than on DAS devices. As the number of networked storage devices increases, SAN vendors can no longer rely on the obscurity of their environments to ensure security. Fortunately, SAN fabric switch vendors are actively working on enhanced security features in their future SAN products. These products will offer flexible configurations, interoperability between SAN products, and authenticated access between SAN devices.
==========
==== Sponsor: HP & Microsoft Network Storage Solutions Road Show ====
Missed the Network Storage Solutions Road Show?
If you couldn't make the HP & Microsoft Network Storage Solutions Road Show, you missed Mark Smith talking about Windows-Powered NAS, file server consolidation, and more. The good news is that you can now view the Webcast event in its entirety at:
http://www.winnetmag.com/roadshows/nas
==========
==== 2. News and Views ====
by Keith Furman, [email protected]
StorageNetworks Lays Off Most Staff, Announces Liquidation
Struggling storage management software and service provider StorageNetworks has announced that it has failed to find a buyer and intends to liquidate the company. StorageNetworks has been going through rough times in the past year. Earlier this year, after several job cuts, the company reduced its work staff by 50 percent. In a statement, the company announced that its board of directors has approved a plan of liquidation and that almost all of the company's remaining 60 employees have been laid off. Several employees will stay on board to help the company wind down operations.
Under the liquidation plan, StorageNetworks expects to distribute $1.60 to $1.70 a share to its current stockholders over time. Recently, the company's stock has traded around $1.44, up from $0.78 earlier this year. The company received limited interest from other companies in acquiring its assets and determined that liquidation was the best option after failing to find a buyout offer that would be worth more than the company's estimated liquidation value.
http://www.storagenetworks.com
http://www.storageadmin.com/articles/index.cfm?articleid=38228
EMC Upgrades High-End Storage
A decline in the market for high-end storage sales hasn't stopped storage giant EMC from upgrading its Symmetrix high-end storage system. The upgrade to the Symmetrix DMX line features increased capacity. EMC's Symmetrix DMX3000 can hold up to 576 drives for a maximum raw capacity of more than 84TB (with usable capacities of as much as 73.5TB), which is double the space of the Symmetrix DMX2000, the company's current high-end system. The system also includes as much as twice the performance of the Symmetrix DMX2000.
EMC also introduced a new entry-level configuration for the Symmetrix DMX800, which includes all the features of a full Symmetrix DMX but with a price that begins 30 percent lower and includes capacity as much as 17TB. All the updated Symmetrix storage systems support Native Internet SCSI (iSCSI) connections. The products will be available in September 2003. The Symmetrix DMX800 will start at $284,000. The Symmetrix DMX3000 will start at $1.7 million.
http://www.emc.com
==== 3. Instant Poll ====
Results of Previous Poll: Which Office Suite?
The voting has closed in the Windows & .NET Magazine Network's Storage Admin Channel nonscientific Instant Poll for the question, "Which Office Suite does your company use?" Here are the results from the 53 votes:
94%--Microsoft Office
0%--WordPerfect Office
4%--OpenOffice
0%--Sun Microsystems StarOffice
2%--Other
New Instant Poll: SAN Precautions
The current Instant Poll question is, "Has your company taken any precautions when it comes to the security risks associated with SANs?" Go to the Storage Admin Channel home page and submit your vote for a) Yes, my company is aware of risks and is taking precautions, b) Yes, my company knows the risks but isn't taking any precautions, or c) My company wasn't aware of the risks and isn't taking any precautions.
http://www.storageadmin.com
==== 4. Announcements ====
(from Windows & .NET Magazine and its partners)
Learn More About the Security Risks in Exchange 2003
Videotaped live at Microsoft TechEd 2003, this free archived Web seminar delivers an introduction to the new security features and enhancements of Exchange Server 2003, including the new security APIs that can minimize virus risk and spam traffic. Plus, you'll discover more about the future of the messaging industry and what's on the horizon in assessing risk. Register today!
http://www.winnetmag.com/seminars/securityrisks
Windows & .NET Magazine Connections Launches Exchange Event
Windows & .NET Magazine Connections will colocate with Exchange Connections 2003. Stay competitive and invest your time to keep pace with technology. Learn the latest tips and tricks from gurus like Mark Minasi, Mark Russinovich, Tony Redmond, and Sue Mosher. Register now and get both conferences for the price of one--plus lock in your $300 early bird discount. Go online or call 203-268-3204 or 800-505-1201 for details.
http://www.winconnections.com
==== 5. Event ====
(brought to you by Windows & .NET Magazine)
New--Mobile & Wireless Road Show!
Learn more about the wireless and mobility solutions that are available today! Register now for this free event!
http://www.winnetmag.com/roadshows/wireless
==== 6. New and Improved ====
by Carolyn Mader, [email protected]
Deploy as Much as 1TB of Solid State Storage
Imperial Technology announced MegaRam-10000, a solid state accelerator that features as much as 1TB of zero latency solid state storage capacity. The MegaRam-10000's scalable architecture is targeted to grid computing, life science and biomedical research, large-scale engineering, and time-sensitive geophysical applications. For pricing, contact Imperial Technology at 310-536-0018 or 800-451-0666.
http://www.imperialtech.com
Identify and Back Up Files
AlmerSoft released AlmerBackup 3.0, backup software that lets you create regular backups of your crucial data. You identify your most important files and tell the built-in schedule how frequently you want to perform backups. The software also performs simple file copying and moving, deletes out-of-date files from the destination directory, and removes copied files from the source directory. AlmerBackup can back up to any network resource. The software runs on Windows XP/2000/NT/Me/9x systems and costs $29. Contact AlmerSoft at [email protected].
http://www.almersoft.com
Submit Top Product Ideas
Have you used a product that changed your IT experience by saving you time or easing your daily burden? Do you know of a terrific product that others should know about? Tell us! We want to write about the product in a future What's Hot column. Send your product suggestions to [email protected].
==== Sponsored Links ====
Ultrabac
FREE live trial-Backup & Disaster Recovery software w/ encryption http://ad.doubleclick.net/clk;5945485;8214395;x?
http://www.ultrabac.com/default.asp?src=WINTxtLAug03tgt=./
CrossTec
Free Download - NEW NetOp 7.6 - faster, more secure, remote support
http://ad.doubleclick.net/clk;5930423;8214395;j?
http://www.crossteccorp.com/w2kmag.htm
=========
==== 7. Contact Us ====
About the commentary –- [email protected]
About the newsletter -- [email protected]
About technical questions -- http://www.winnetmag.com/forums
About product news -- [email protected]
About your subscription -- [email protected]
About sponsoring UPDATE -- [email protected]
=============== Manage Your Account
You are subscribed as #EmailAddr#.
To unsubscribe from this email newsletter, send an email message to mailto:#mailing.unsubemail#.
To make other changes to your email account such as change your email address, update your profile, and subscribe or unsubscribe to any of our email newsletters, simply log on to our Email Preference Center at http://www.winnetmag.com/email .
Copyright 2003, Penton Media, Inc.
